New CISA Guide Helps Agencies Adopt SASE For Zero Trust
New CISA guidance shows federal agencies how to use SASE to move from legacy TIC 2.0 to zero trust
Zero Trust verifies each access request and limits privileges, reducing lateral movement after compromise through segmentation and continuous authentication.
Search across headline titles and summaries.
Background for this topic.
Zero trust is a security architecture that grants no implicit access based on network location. Each request is evaluated using the user or workload identity, device state, requested resource, and relevant context. Its purpose is to limit the damage from stolen credentials, compromised endpoints, or malicious insiders by enforcing least privilege and restricting lateral movement. Zero trust is a design approach, not a single product or a claim that trust can be eliminated.
Effective controls include phishing-resistant multifactor authentication, strong identity and access lifecycle management, device and workload authorization, application-level segmentation, short-lived credentials, and auditable policy decisions. Policies should limit access to specific resources and actions rather than broad network zones. Poorly maintained identities, service accounts, segmentation rules, or policy exceptions can leave exploitable paths while creating false assurance; the identity and policy infrastructure itself also requires hardening, monitoring, and recovery planning.
Weekly headline count for the current query.
New CISA guidance shows federal agencies how to use SASE to move from legacy TIC 2.0 to zero trust
CISOs Discussed Governance, Security Operations and Cyber RiskFrom boardroom persuasion to AI-powered SOCs, ISMG's Cyber Resilience Summit Dallas gave senior security and risk leaders a playbook for the age of inevitable disruption, with sessions spanning zero trust, human risk reduction, threat preemption and governance as a foundation of resilience.
Zscaler CEO Jay Chaudhry Says New AI Frontier Models Have Yet to Boost RevenueZscaler reported strong renewal growth and rising demand for zero trust security amid AI-driven threats, but slowing new customer acquisition, sales leadership turnover and cautious expectations for Red Canary integration weighed on investor confidence.
Startup Symmetry Systems Maps Relationships Across AI, SaaS and Cloud AssetsZscaler plans to acquire San Francisco-based Symmetry Systems to unify visibility across AI models, identities, applications and datasets, helping enterprises track AI lineage, govern agentic identities and enforce granular zero trust controls across cloud and SaaS environments.
Identity checks alone can't stop attackers using stolen session tokens and compromised devices. Specops Software outlines why Zero Trust strategies increasingly depend on continuous device verification. [...]
Akamai Says Startup LayerX's Browser Telemetry Will Strengthen Access DecisionsAkamai said its proposed $205 million acquisition of LayerX will add enterprise browser security and AI usage controls to its zero trust portfolio as enterprises grapple with generative AI data exposure, autonomous AI agents and growing demand for browser-level visibility.
Guidance Warns Autonomous Systems Expand Enterprise ExposureFederal and Five Eyes cyber agencies warn that agentic AI systems - capable of autonomous action across enterprise environments - are introducing identity, visibility and control risks that could outpace existing defenses without continuous monitoring, zero trust enforcement and human oversight.
Zero Trust Is 'Essential' - But Who Pays for It?New guidance from the U.S. Cybersecurity and Infrastructure Security Agency on adapting zero trust security principles for operational technology is fine as far as it goes, but is pretty high-level and ignores or fudges a couple of key questions, say executives and experts.
A new CISA‑led guide explains how zero‑trust security can be applied to operational technology, balancing cyber defence with safety and system availability
Every security program is betting on the same assumption: once a system is connected, the problem is solved. Open a ticket, stand up a gateway, push the data through. Done
Stolen credentials remain a top breach vector, often leading to unchecked privilege escalation. Specops explains how identity-first Zero Trust limits access, enforces device trust, and blocks lateral movement. [...]
Victims don't need to match the cyber espionage group's technical sophistication, experts say. But patching and some form of zero trust are now non-negotiable.
Also: RSAC Speakers Warn AI Is Outpacing Security, DoD's Zero Trust Reality CheckIn this week's panel, four ISMG editors discussed growing cyber risks in healthcare following recent vendor breaches, key takeaways from RSAC Conference and whether the Pentagon's zero trust push is delivering real security benefits or just checking off boxes.
Analysts Warn Compliance Goals May Outpace Real Security OutcomesThe Pentagon's zero trust overhaul aims to unify cyber defenses, but with a small percentage of target activities reportedly complete, persistent gaps in identity, data and governance are raising doubts about whether the 2027 deadline will deliver real security gains.
Analysts Warn Compliance Goals May Outpace Real Security OutcomesThe Pentagon's zero trust overhaul aims to unify cyber defenses, but with a small percentage of target activities reportedly complete, persistent gaps in identity, data and governance are raising doubts about whether the 2027 deadline will deliver real security gains.
Passing MFA doesn't mean a session is safe, attackers can hijack tokens and bypass identity checks. Specops Software explains why Zero Trust must verify both user identity and device health. [...]
Zscaler's Jay Chaudhry on Infrastructure, Agents and OversightZscaler CEO Jay Chaudhry explains why distributed infrastructure and zero trust models will shape AI security, the agent risks mirroring human threats and why strong oversight and identity validation remain essential for mission-critical applications.
As AI increases the speed of cyber attacks, governments and businesses must weigh the tradeoffs that come with deploying semi-autonomous AI agents to stop them. The post Can Zero Trust survive the AI era? appeared first on CyberScoop.