[Weekly Security News] Biden’s latest security message is based on ‘Zero Trust’
February 11, 2022
1. Biden’s latest security message is based on ‘Zero Trust’
The Biden administration issued its latest memorandum relating to cybersecurity in January 2022. Paul Martini, CEO of Zero trust cloud security firm iboss looked into NIST(National Insititute of Standards and Technology) Special Publication 800-207 which shows the core components of Zero Trust principles and how the cyber-risk can be reduced by distributing workforces and data. The key message of NIST 800-207 is government agencies have important data and information which need to be protected from hackers. For this reason, they need to develop a plan to implement Zero Trust Architecture. Zero Trust, as the name implies, it restricts access controls to networks, applications and environments and trusts no one.
2. Microsoft: DDoS Attacks Reach ‘Unprecedented’ Levels in 2021’s Second Half
DDoS attack hit another new record last year. Microsoft Azure’s DDoS protection team said a DDoS attack with a throughput of 3.47 Tbps and a packet rate of 340 million pps targeting an Azure customers in Asia was detected in November 2021. It infers the volume of DDoS attacks will be growing over time and they are aiming at more victims. Azure team said the main reason of increasing DDoS attack is it is extremely easy and cheap for anyone to conduct targeted DDoS attacks.
3. Open Source Cybersecurity Has Become a Hot Topic
Even though the transparency of the open-source software model is a double-edged sword, it has been widely used all over the world because the advantage of open source outweighed the disadvantages in the past. However, There were some flaws and bugs such as Apache Struts and the recent critical vulnerabilities discovered in Log4J, a popular open-source logging framework. It leads to creating a software bill of materials(SBOM standards) to let customers comprehend the risk of deploying software and services.
Check out Cloudbric’s product lines:
No.1 in the Asia Pacific – WAF with A.I & Logic-based detection engine: Cloudbric WAF+
Cloud-based DDoS attack defense service with edge computing: Cloudbric ADDoS
Zero Trust Network Access-based Remote Access Solution: Cloudbric RAS
Blockchain: Blockchain Security Solution