DAVE WATERSON, CTO & Founder, SentryBay
In the ever-expanding landscape of cyber threats, the traditional moats and castle walls of cybersecurity’s past have proven inadequate. The rise of remote work, the ubiquity of unmanaged and mobile devices, and the advancement of threats, rendered the once-sufficient security perimeters porous. In response, the concept of zero trust emerged, and a form of it has been widely adopted. The underlying core of zero trust, is to base security measures on the principle of “never trust, always verify”. In some circumstances zero trust is referred to as perimeter-less security, because the concept of the organisational perimeter is not relevant. The philosophy recognizes that threats can emerge both externally and internally, necessitating a continuous and adaptive security posture. Users and devices are not to be trusted by default, and access is to be provided on least privileged basis.
SentryBay have pushed the boundaries of zero trust, redefining the concept. The company has worked in the realm of zero trust for more than a decade, even before zero trust became a recognised concept. SentryBay have extended the boundaries of what is possible with zero trust, taking zero trust principles to levels far beyond what has previously been achieved.
SentryBay’s Armored Client – extending the cutting-edge of Zero Trust
The Armored Client implements zero trust in areas beyond the reaches of other solutions, ensuring the highest levels of security to protect the most sensitive digital assets. Three examples are the extent to which zero trust is implemented at process level, at the keystroke level, and at the screen display level.
Zero Trust at Process Level
Micro-segmentation is a concept that arose in network security for situations where security architects construct network security zone boundaries for each device in data centres and cloud deployments in order to segregate workloads independently. The concept protects against lateral movement of threats.
SentryBay’s Armored Client takes micro-segmentation to a new level, beyond device level, where a temporary confined environment is created on the endpoint device in order to isolate the corporate application and data from threats which may be present on the endpoint device. The concept embodies zero trust in the default security posture of the endpoint device. “Never trust the device” is the default position. The method SentryBay use in creating the micro-segmentation is light in terms of resource usage, ensuring that the micro-segment has no discernible impact on performance, unlike alternative solutions such as virtualisation or traditional segmentation.
Extending the zero trust concept further down to process level, the Armored Client ensures that only processes which are specifically trusted are given permission to execute in the secure endpoint micro-environment. “Never trust the process” is the default position unless the process has been explicitly allowed by the enterprise. Some security solutions take zero trust down to file level, SentryBay extends zero trust beyond that to the process level, providing the most granular security posture.
Zero Trust for each keystroke
Keyloggers pose a significant threat to sensitive information entered by the user at the endpoint. SentryBay’s Armored Client extends zero trust down to every single user keystroke. Keystrokes are replaced in the system with random false keys and actual keystrokes are encrypted in system memory. “Never trust a single keystroke” is the default zero trust position. With SentryBay’s software installed, not one keystroke is trusted to fend for itself and left vulnerable to keystroke loggers.
Zero Trust for screen displays
All information displayed on the screen is protected against screen capture at all times, preventing unauthorised code from accessing sensitive data by taking screen shots. Malicious code attempting to copy a screen receives only a blank screen with no data. “Never trust a single screen display” is the default zero trust position taken by SentryBay.
SentryBay’s commitment to zero trust is not a fleeting trend but a foundational pillar. The company has extended the meaning of zero trust, implementing the concept to granular level ensuring the most sensitive data is kept secure. This approach future-proofs the solutions without needing frequent updates. In this age of digital insecurity and rapidly emerging threats, reputation is not automatically gained, it is earned with each keystroke, with each screen display, and with each process that executes on the endpoint, and SentryBay’s Armored Client leads the way due to its unique implementation of the zero trust concept.