Monday, 2 May 2011 12:04 1109No Commentshttp%3A%2F%2Fblog.q1labs.com%2F2011%2F05%2F02%2Fzero-trust-in-the-post-perimeter-world%2FZero+Trust+in+the+Post-Perimeter+World2011-05-02+17%3A04%3A07John+Burnhamhttp%3A%2F%2Fblog.q1labs.com%2F%3Fp%3D1109

Posted by John Burnham in Threat Management

Forrester  (John Kindervag, Stephanie Balaouras and Lindsey Coit) recently published another report in their Zero Trust series titled, “Pull Your Head Out Of The Sand And Put It On A Swivel: Introducing Network Analysis And Visibility; Essential Functionality For The Zero Trust Model Of Information Security.”

We find this report very timely, given the steady stream of breaches reported; not to mention those not discovered, reported or discovered but yet to be reported. The expanding list of Stuxnet, Stars, Wikileaks, RSA, Epsilon, etc., may soon be extended as a result of the latest scare, smart phone tracking:

http://www.huffingtonpost.com/2011/04/21/al-franken-ed-markey-iphone-tracking_n_852196.html

Here is the Exec Summary of the Forrester report, and while we acquired rights, I doubt they extend to displaying the entire document here:

“In today’s threat environment, the network perimeter has disappeared. Insiders are as insidious a threat as outsiders. In the past, the “trust but verify” model did not facilitate insight into internal and nontraditional threats. Forrester’s new Zero Trust Model of information security demands that organizations know what types of activities take place on their internal network as well as their external network. To provide this type of deep insight into internal and external networks, Forrester has defined a new functional space called network analysis and visibility (NAV). NAV is comprised of a diverse tool set designed to provide situational awareness for networking and information security professionals.”

Yes, the underlined excerpt is a blatant shout out on my part for QRadar. But, just to make the point a bit stronger, Forrester also predicts:

• “NAV And SIM Tools Will Be Tightly Integrated To Provide Maximum Visibility And Reporting”

 Four years ago we developed a highly Intelligent, Integrated and Automated Security Intelligence Platform, QRadar, and it is available at Q1 Labs right now.