Endpoint-to-Cloud Security Provider to Help Close Zero Trust Gaps
Lookout Inc., an integrated endpoint-to-cloud security company, announced that it is collaborating with National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) in its “Implementing a Zero Trust Architecture” project.
Zero Trust is a design approach to architecting an information technology environment that can reduce an organization’s risk exposure in a “perimeter-less” world. An organization must assume that no user or endpoint is trustworthy and assess their risk posture prior to providing access to applications and data. In addition, risk posture must be continuously reassessed to prevent data leaks and breaches.
Recommendedย ITechย News: ย Stonebranch Online 2021 To Connect Attendees with Top Automation and Orchestration Thought Leaders
The U.S. government’s exposure to cyberattacks has increased with its shift to telework, where endpoints, users and data are no longer inside the perimeter-based security of an agency. In May, President Biden signed anย Executive Order 14028ย requiring federal agencies to advance toward Zero Trust architecture. The Administration also issued aย draft strategyย directing agencies to secure software applications, limit access to network resources and keep network traffic hidden from unauthorized users.
The goal of theย NCCoE initiativeย is to demonstrate several approaches to a Zero Trust architecture that align with the principles documented inย NIST SP 800-207, Zero Trust Architecture. It will also contribute to the NIST Cybersecurity Practice Guide, a detailed guide describing the steps to implement the Zero Trust architecture reference designs.ย Lookoutย is joined by 19 collaborators including Amazon Web Services, Cisco, F5 Networks, FireEye, IBM, McAfee, Microsoft, Okta, Palo Alto Networks, SailPoint Technologies, Symantec (Broadcom), Tenable and Zscaler.
Lookoutย delivers a Zero Trust solutionย that dynamically enforces security policies based on both the continuous risk assessment of endpoints and users, and the sensitivity of the data they are accessing.ย Lookoutย will enable federal agencies to align with Zero Trust pillars from theย Cybersecurity and Infrastructure Security Agency (CISA):
Recommendedย ITechย News: ย Sophos Accelerates Growth of MSP Connect
- Continuous assessment of device risk posture:ย Lookoutย continuously monitors the fluctuating risk posture of both agency issued and personal mobile endpoints, protecting agency data from device, application, network and phishing threats.
- User behavior visibility:ย Lookoutย monitors user interactions with applications and data to detect anomalous behavior so agencies can stop account takeover-based attacks or insider threat.
- Secure application workloads:ย Lookoutย dynamically enforces security policies based on data sensitivity as well as the continuous assessment of endpoint and user risk levels.
- Understand and secure data at rest and in transit:ย Lookout dynamically classifies the sensitivity level of data across an entire agency’s infrastructure and ensures it isn’t shared with unauthorized users online or offline.
- Secure network configurations:ย Lookoutย verifies the security posture of Software-as-a-Service (SaaS) applications, such as Box or Microsoft 365, and Infrastructure-as-a-Service (IaaS) environments such as AWS, Azure or GCP, to minimize risk of cyber attackers.
“With most of us continuing to work from anywhere, Zero Trust has become an imperative,” saysย Jim Dolce, CEO,ย Lookout. “Perimeter-based security cannot protect employees using devices and networks that federal agencies do not control. Our expertise in building an integrated Zero Trust solution will be invaluable in the development of the NIST NCCoE Zero Trust architectures and guidelines.”
For additional information on the goals of this Zero Trust collaboration betweenย Lookoutย and NCCoE, read thisย blogย by Lookout CEOย Jim Dolce.
Recommendedย ITechย News: ย Owl Data Diodes Become a Critical Component of the Industry-Leading Cyber Recovery Data Vault Solution
