Through this expanded partnership, the two companies are delivering coordinated cyber recovery and incident response services to help joint customers improve readiness, respond faster, and achieve cleaner recoveries. With ransomware attacks happening every 14 seconds and average recovery times spanning 24 days, IT and security teams, as well as system integrators, are looking for vendors who are collaborating and combining best-in-class services and solutions. These efforts not only address what happens before and during an attack but also support recovery when it becomes a critical lifeline for organisations.

“Today’s threat landscape demands more than just security – it requires resilience,” said Alan Atkinson, Chief Partner Officer at Commvault. “Our expanded partnership with CrowdStrike brings together exceptional incident response capabilities from CrowdStrike and leading data recovery and resilience solutions from Commvault to help joint customers identify and quickly address cyber incidents and recover swiftly and effectively.”

“Cyber resilience isn’t just about recovery, it’s about being ready at every stage of an attack,” said Daniel Bernard, Chief Business Officer at CrowdStrike. “Our expanded partnership with Commvault brings together industry-leading threat intelligence, incident response expertise, and robust recovery capabilities to help organisations identify risks faster, recover smarter, and strengthen their overall security posture. In an AI-accelerated world of relentless and sophisticated threats, security and IT teams need to operate as one, and this collaboration helps make that possible.”

This expanded partnership delivers a unified suite of services, including CrowdStrike’s elite incident response services and Commvault’s Guardian retainer-based services offerings, which provide readiness assessments, recovery validation, recovery testing, and incident response recovery assistance. For customers, this means:

• Faster incident response and recovery: In the event of a cyber incident, CrowdStrike’s real-time threat visibility pinpoints the scope of the attack, while Commvault’s recovery solutions enable rapid restoration. This integrated approach streamlines the incident response process and helps minimise disruption.
• Enhanced risk mitigation: Jointly conducted cyber resilience maturity assessments and advanced scenario-based readiness exercises — including continuous recovery testing with Cleanroom Recovery — strengthen cyber resilience.
• Unified incident management: Integrated response workflows between Commvault and CrowdStrike enable faster collaboration during crises, accelerating time to resolution for joint customers.
• Tailored support and scalability: Commvault’s incident response recovery services provide scalable, subscription-based support tailored to each customer’s specific resilience needs.
• Access to industry expertise: Customers benefit from the combined expertise of Commvault and CrowdStrike, with tailored guidance and hands-on support from trusted cybersecurity and recovery professionals.

Together, Veeam and CrowdStrike enhance data security by combining Veeam’s industry-leading data resilience capabilities with the AI-native CrowdStrike Falcon cybersecurity platform. The result is end-to-end visibility into security threats—minimizing and even preventing the business impact of cyber incidents. The partnership launches with two new fully supported integrations:

1. Veeam App for CrowdStrike Falcon LogScale
2. Veeam Data Connector for CrowdStrike Falcon Next-Gen SIEM

These integrations allow organizations to view Veeam Data Platform events directly within the CrowdStrike Falcon platform, creating a unified solution that improves insights into system activity and security events. This empowers IT and security teams to detect, prevent, and respond to cyber incidents more effectively.

“We know that 89% of threat actors specifically target an organization’s backups, putting critical data recovery at risk,” said John Jester, chief revenue officer at Veeam. “Delivering comprehensive protection against these attacks requires strategic partnerships. That’s why we’re building strong integrations with industry leaders like CrowdStrike to ensure customers take a connected approach to cybersecurity and data resilience. We continue to enhance Veeam Data Platform security capabilities and integrations to ensure that an organization’s backups are clean and secure to recover from a ransomware attack. By combining Veeam Data Platform’s industry-leading malware detection, indicators of compromise (IoC) detection and proactive threat assessments with CrowdStrike’s AI-powered capabilities, we help customers ensure their backups are secure and their data resilient.”

“The surge in cyber threats and ransomware attacks continues to put enterprise data at risk,” said Daniel Bernard, chief business officer at CrowdStrike. “Our partnership with Veeam brings together best-in-class cybersecurity with industry-leading data resilience, giving joint customers a unified defense to reduce risk and ensure rapid recovery. By bringing Veeam Data Platform events into Falcon Next-Gen SIEM, we’re delivering centralized visibility that empowers security and IT teams to respond faster and more effectively across the entire attack surface.”

The integration brings Veeam Data Platform event data into Falcon LogScale and Falcon Next-Gen SIEM, delivering deeper visibility and accelerated threat analysis. By combining Veeam’s backup insights with CrowdStrike’s industry-leading threat intelligence and real-time visibility across the enterprise, organizations can eliminate blind spots and reduce risk across their data and backup environments.
The Veeam App for Falcon LogScale includes pre-built dashboards, automated data parsing and proactive alerting to improve detection and response across the enterprise. It also adds support for Veeam Backup for Microsoft Entra ID, enhancing visibility into identity-based threats and data infrastructure activity.

Security teams can leverage predefined searches and scheduled alerts to quickly surface relevant security events, enhancing threat-hunting and response efforts. Real-time, low-impact scans during backups—powered by advanced AI and machine learning—detect even the most subtle anomalies and malware. These proactive alerts equip Security Operations Center (SOC) analysts with the intelligence needed to accelerate incident response and stay ahead of evolving threats.

Veeam Data Platform delivers comprehensive end-to-end cyber resilience, supporting organizations before, during and after a cyber incident. It features proactive threat detection with the patent-pending Recon Scanner, which identifies potential ransomware threats before backups are created. During the backup process, inline entropy analysis, signature-based malware scanning and IoC detection tools provide a defense-in-depth approach to identifying malicious activity.

The platform also supports incident response by assessing the scope of an attack and quickly identifying the last known good restore point through Veeam Threat Hunter. Additionally, Veeam Cyber Secure offers expert support from Coveware by Veeam to assist with ransomware assessment, negotiation and recovery. This proactive and comprehensive approach helps reduce cyber risks, minimize business disruption and is now available for CrowdStrike users—providing complete protection across cloud, virtual, physical, enterprise applications and unstructured data. Available to Advanced and Premium Veeam Data Platform users, these integrations are now accessible to CrowdStrike customers via the CrowdStrike Marketplace.

The single-agent architecture of the CrowdStrike Falcon cybersecurity platform empowers organisations to replace legacy vulnerability management tools with a single click, consolidating security operations on the Falcon platform and modernising static, CVSS-based risk models with an adversary-driven approach. Falcon Exposure Management customers receive free scanning for up to 10% of assets to immediately experience the benefits of AI-powered, platform-driven exposure management.

“Network scanning is a staple in virtually every security stack, and bringing it to the Falcon platform—and replacing legacy solutions—is one of our top customer demands,” said Elia Zaitsev, chief technology officer, CrowdStrike. “For too long, organisations have had to rely on hardware-dependent, difficult-to-deploy solutions with outdated risk models and static CVSS scores, requiring external threat feeds to even attempt prioritisation. With the Falcon platform, everything is built in natively—the industry’s richest adversary intelligence, patented AI, and a lightweight agent adapted as a network scanner—allowing teams to extend adversary-based risk mitigation to network devices with a single click, meeting the demand for even greater consolidation on CrowdStrike.”

As adversaries evolve, traditional vulnerability management tools fail to address modern risk, missing how adversaries chain vulnerabilities together in real-world attacks. The 2025 CrowdStrike Global Threat Report reveals that attackers increasingly exploit multiple low/medium vulnerabilities in sequence to escalate privileges and execute remote code, bypassing traditional risk prioritisation models. Legacy scanning solutions lack the native threat intelligence and advanced AI capabilities to correlate vulnerabilities with real-world attack techniques. They also require dedicated agents and hardware, creating operational complexity without delivering true risk reduction. As a result, security teams are overwhelmed with static CVSS scores that fail to reflect how an adversary targets their attack surface, leaving critical gaps in exposure management.

Falcon Exposure Management prioritises vulnerabilities based on adversary activity and real-world attack paths, allowing security teams to identify and mitigate risks before they lead to a breach. By understanding how attackers exploit multiple vulnerabilities in sequence, teams can reduce critical vulnerabilities by up to 98%. With Network Vulnerability Assessment, CrowdStrike extends these capabilities to assets discovered over the network, providing comprehensive risk visibility, prioritisation and automated remediation across the entire attack surface, without requiring additional scanners, agents or hardware. This brings another crucial aspect of modern security to the Falcon platform, helping organisations accelerate consolidation and eliminate the costs and complexity of managing numerous disjointed tools.

Key features and benefits include:

• Real-Time, Continuous Network Assessments: Eliminates reliance on outdated network scanning tools that create security blind spots. The Falcon platform leverages its existing lightweight agent as a network scanner, enabling instant, continuous assessments with no additional setup—providing real-time visibility into both managed and unmanaged network devices without causing congestion or disruptions.
• AI-Driven Risk Prioritisation: Falcon Exposure Management’s patented ExPRT.AI pinpoints the 5% of vulnerabilities driving 95% of risk.2 By analysing adversary behavior, active exploits, and real-world threat intelligence, organisations can focus on the risks that matter most.
• Cross-Domain Exposure Management: Provides a single, consolidated view of exposures and attack paths across endpoints, cloud workloads, IT/IoT and network assets leading to business-critical assets and data, enabling teams to predict likely adversary behavior based on real-world activity to harden high-risk areas of exposure.
• Automated Remediation with Falcon Fusion SOAR: Traditional scanning tools leave teams burdened with manual remediation. Falcon Exposure Management, combined with Falcon Fusion SOAR, delivers automated, real-time remediation—eliminating risks before they can be exploited.
• Unified Platform Protection: The combination of Falcon Exposure Management’s proactive security with the Falcon platform’s industry-leading threat prevention, detection and response across endpoints, cloud, identity and data, along with Falcon® Next-Gen SIEM and Falcon Complete Next-Gen MDR, provides organisations with the technology and services they need for full cycle threat protection across every area of enterprise risk.

At the same time, adversaries worldwide are weaponizing AI-generated deception, exploiting stolen credentials and increasingly executing cross-domain attacks—exploiting gaps across endpoint, cloud and identity—to bypass security controls and operate undetected in the shadows. The shift to malware-free intrusions that exploit trusted access, combined with record-shattering breakout times, leaves defenders little room for error. To stop modern attacks, security teams need to eliminate visibility gaps, detect adversary movement in real-time and stop attacks before they escalate—because once they’re inside, it’s already too late.

Tracking more than 250 named adversaries and 140 emerging activity clusters, CrowdStrike’s latest research reveals:

• China’s Cyber Espionage Grows More Aggressive: CrowdStrike identified seven new China-nexus adversaries in 2024, fueling a 150% surge in espionage attacks, with critical industries seeing up to a 300% spike in targeted attacks.
• GenAI Supercharges Social Engineering: AI-driven phishing and impersonation tactics fueled a 442% increase in voice phishing (vishing) between H1 and H2 2024. Sophisticated eCrime groups like CURLY SPIDER, CHATTY SPIDER and PLUMP SPIDER leveraged social engineering to steal credentials, establish remote sessions and evade detection.
• Iran Utilizes GenAI for Vulnerability Research and Exploitation: In 2024, Iran-nexus actors increasingly explored GenAI for vulnerability research, exploit development and patching domestic networks, aligning with government-led AI initiatives.
• From Breaking In to Logging In – Surge in Malware-Free Attacks: 79% of attacks to gain initial access are now malware-free while access broker advertisements surged 50% YoY. Adversaries exploited compromised credentials to infiltrate systems as legitimate users, moving laterally undetected with hands-on keyboard activities.
• Insider Threats Continue to Rise: DPRK-nexus adversary FAMOUS CHOLLIMA was behind 304 incidents uncovered in 2024. 40% involved insider threat operations, with adversaries operating under the guise of legitimate employment to gain system access and carry out malicious activity.
• Breakout Time Hits Record Speed: The average eCrime breakout time dropped to 48 minutes, with the fastest recorded at 51 seconds—leaving defenders little time to react.
• Cloud Environments Under Siege: New and unattributed cloud intrusions increased by 26% YoY. Valid account abuse is the primary initial access tactic, accounting for 35% of cloud incidents in H1 2024.
• Unpatched Vulnerabilities Remain a Key Target: 52% of vulnerabilities observed were related to initial access, reinforcing the critical need to secure entry points before adversaries establish persistence.

“China’s increasingly aggressive cyber espionage, combined with the rapid weaponization of AI-powered deception, is forcing organizations to rethink their approach to security,” said Adam Meyers, head of counter adversary operations at CrowdStrike. “Adversaries exploit identity gaps, leverage social engineering and move across domains undetected—rendering legacy defenses ineffective. Stopping breaches requires a unified platform powered by real-time intelligence and threat hunting, correlating identity, cloud and endpoint activity to eliminate the blind spots where adversaries hide.”

“CrowdStrike was built to tackle the toughest cybersecurity challenges, and we drive relentless innovation based on what our customers need to stay ahead of modern threats,” said George Kurtz, CEO and founder, CrowdStrike. “As SaaS and AI adoption grows, every new application brings additional complexity and the risk of misconfigurations across human and non-human accounts that create openings for sophisticated attacks. With the acquisition of Adaptive Shield, CrowdStrike will continue to set the standard for identity-based protection in the cloud, delivering best-in-class SaaS protection from the Falcon platform.”

Cloud exploitation cases grew by 110% last year, while identity-based attacks continue to rise – 75% of attacks to gain initial access are now malware-free. ‘Cross-domain’ adversaries, targeting identity and cloud, have numerous attack paths, from on-premises Active Directory to cloud-based identity providers and the growing landscape of SaaS applications. The complexity of modern hybrid cloud environments and disconnected security tools create protection gaps, making it difficult to prevent identity-based threats.

SaaS is projected to be the largest category of cloud computing in 2024, capturing more than 40% of all public cloud spending. Under the SaaS shared responsibility model, SaaS vendors provide security controls, while organizations manage configurations. In today’s complex environments, where hundreds of SaaS applications each come with unique access controls and identity configurations, security teams face significant challenges in maintaining visibility into who has access, what sensitive data is exposed, and active threats – even with purpose-built SaaS protection.

Adaptive Shield delivers the industry’s most complete security posture management and threat protection across SaaS identities, misconfigurations and data, stopping SaaS breaches. As an integrated component of the CrowdStrike Falcon cybersecurity platform, Adaptive Shield will equip CrowdStrike with the most advanced capabilities to stop identity-based attacks across all aspects of modern hybrid cloud environments. Customer benefits will include:

1. Comprehensive SaaS Security Posture Management (SSPM): Organizations gain full visibility and governance over misconfigurations, the entitlements and activity levels of both human and non-human identities, and exposed data across 150+ SaaS applications. This new end-to-end visibility of identities across hybrid cloud environments gives operators a unique context for rapid cloud detection and response (CDR).
2. GenAI Application Security Control: By continuously monitoring GenAI SaaS applications, Adaptive Shield empowers organizations to enforce consistent security standards by detecting configuration shifts, controlling AI settings to prevent data leakage, and identifying shadow AI applications to revoke access based on their risk profile. This approach ensures that AI-integrated applications remain aligned with security policies to protect sensitive data.
3. Unified Hybrid Identity and Cloud Security: The powerful combination of Adaptive Shield and CrowdStrike Falcon Identity Protection will provide customers with comprehensive identity protection across SaaS, on-premises Active Directory and cloud-based environments (Okta and Microsoft Entra ID). CrowdStrike Falcon Cloud Security customers will also gain unified visibility and protection across the entire modern cloud estate – infrastructure, custom applications, data, AI models and SaaS applications – all from the same unified console and workflow.
4. Existing Integration Accelerates Detection and Response: Adaptive Shield’s existing integration with CrowdStrike Falcon Next-Gen SIEM provides rapid first-party detection and response across multiple security domains – endpoints, identities, workloads and applications – automatically correlating detections inline with the latest threat intelligence and Falcon Fusion SOAR delivering near real-time response.

“Widespread adoption of SaaS applications has rapidly expanded the enterprise attack surface, as shared responsibility models and fragmented security controls make SaaS environments a prime target,” said Maor Bin, CEO and co-founder, Adaptive Shield. “Our mission perfectly complements CrowdStrike, stopping SaaS breaches while further accelerating consolidation on cybersecurity’s most comprehensive platform. I’m incredibly proud of our team for building the most advanced SaaS security solution, defining the market.”

Cloud intrusions have surged by 75% over the past year, increasing the pressure on SecOps teams that are already grappling with a shortage of skilled personnel and the inefficiency of numerous disjointed tools. With the native integration of ASPM into Falcon Cloud Security, CrowdStrike is driving consolidation across SecOps with a unified platform that enhances risk visibility and protection across the entire cloud estate, from infrastructure to applications and the services running inside of them, enforcing comprehensive, code-to-runtime security. With this release, CrowdStrike is advancing the market and setting a new standard for what customers can expect from a comprehensive CNAPP.

“The complexity of cloud environments and rapid pace of changes creates misconfigurations and vulnerabilities that adversaries increasingly exploit. Disjointed point products and fragmented platforms create gaps in security defenses that can lead to a breach,” said Karan Gupta, head of engineering, CrowdStrike. “With the integration of Falcon ASPM with Falcon Cloud Security, we’re providing one platform that provides comprehensive risk visibility and workload protection across the entire cloud estate. This revolutionizes CNAPP with integrated ASPM and provides organizations with a blueprint that bridges the gap between their security and development teams.”

CrowdStrike unifies the critical CNAPP capabilities that define modern cloud security in a single, cloud-native platform, delivering the deep visibility, integration into DevOps workflows and rapid incident response capabilities teams need to manage and respond to incidents and secure complex cloud infrastructure and applications with priority and context.

Key findings in the 2024 report include:

1. Dramatic Increase in Attack Velocity: The speed of cyberattacks continues to accelerate at an alarming rate. The report indicates that the average breakout time is down to only 62 minutes from 84 in the previous year (with the fastest recorded attack coming in at 2 minutes and 7 seconds). Once initial access was obtained, it took only 31 seconds for an adversary to drop initial discovery tools in an attempt to compromise victims.
2. Stealthy Attacks Spike as Adversaries Compromise Credentials: The report notes a sharp increase in interactive intrusions and hands-on-keyboard activity (60%) as adversaries increasingly exploit stolen credentials to gain initial access at targeted organizations.
3. Adversaries Follow as Business Moves to the Cloud: Adversaries turned their sights to the cloud through valid credentials – creating a challenge for defenders looking to differentiate between normal and malicious user behaviour. The report shows cloud intrusions increased by 75% overall with cloud-conscious cases amplifying by 110% Year-over-Year.
4. The Exploitation of Generative AI on the Horizon: In 2023, CrowdStrike observed nation-state actors and hacktivists experimenting with and seeking to abuse generative AI to democratize attacks and lower the barrier of entry for more sophisticated operations. The report highlights how generative AI will likely be used for cyber activities in 2024 as the technology continues to gain popularity.
5. Disrupting Democracy by Targeting Global Elections: With more than 40 democratic elections scheduled in 2024, nation-state and eCrime adversaries will have numerous opportunities to disrupt the electoral process or sway voter opinion. Nation-state actors are highly likely to conduct mis-or disinformation operations to sow disruption against the backdrop of geo-conflicts and global elections.

“Throughout 2023, CrowdStrike observed unprecedented stealthy operations from brazen eCrime groups, sophisticated nation-state actors and hacktivists targeting businesses in every sector spanning the globe. Rapidly evolving adversary tradecraft honed in on both cloud and identity with unheard-of speed, while threat groups continued to experiment with new technologies, like GenAI, to increase the success and tempo of their malicious operations,” said Adam Meyers, head of Counter Adversary Operations, CrowdStrike. “To defeat relentless adversaries, organizations must embrace a platform approach, fueled by threat intelligence and hunting, to protect identity, prioritize cloud protection, and give comprehensive visibility into areas of enterprise risk.”

CrowdStrike’s new Accelerate program unites cybersecurity partners of all types – consisting of VARs, MSPs, MSSPs, GSIs, SIs, cloud marketplaces, distributors, telcos, OEMs, insurers, incident responders, ISVs and more – around the joint mission of our mission of stopping breaches The modern threat landscape necessitates an open, collaborative approach to XDR, providing organizations flexibility and choice in their ever-evolving technology and services needs.

Similarly, today’s software supply chains necessitate new programs and systems to capitalize on modern SaaS consumption. Through solution-specific go-to-market tracks, new-age “edutainment,” gamified rewards, as well as a host of sales, marketing, and partner support tools, CrowdStrike partners can now accelerate their success like never before – helping customers reduce total cost of ownership (TCO), consolidate point products and stay protected.

“Cybersecurity is at an inflexion point, and the partner ecosystem is no different,” said Daniel Bernard, chief business officer at CrowdStrike. “Our new Accelerate program turns the page for partners of all types to supercharge their CrowdStrike practices – horizontally across the Falcon platform – and vertically into the depth of our solution capabilities. New education formats, new sales tools and new rewards are just a few of the investments we’re making to set the cybersecurity ecosystem standard. Our focus is unwavering: putting partners at the centre of the fight to defeat adversaries – and together – stop breaches.”

The new program delivers:

1. Education that entertains to accelerate action. Knowledge is power. The new Accelerate program introduces partners to CrowdClass, a disruptive educational series featuring CrowdStrike experts in bite-sized video formats. Available on-the-go and on-demand, sub-10-minute videos share CrowdStrike expertise, prove differentiation and show partners how to sell, demonstrate value and win.
2. Demand generation and sales tools to accelerate deal closure. Winning in cybersecurity is all about speed; business origination, collaboration, and closure is no different. New infrastructure and operational enhancements make it easier and faster for partners to create demand, register opportunities, run value-based sales campaigns and close deals. Accelerate also introduces The Grid, the CrowdStrike’ self-service marketing campaign platform providing landing pages, emails and social posts that help partners win with the CrowdStrike Falcon platform.
3. Rewards that accelerate and grow partner profitability. Partner results are opportunities to reward. Accelerate unveils CrowdCard, a first in cybersecurity, where individual sales and solution engineering professionals earn cashback rewards on a branded CrowdStrike debit card. Rewards incentivize new customer transactions as well as platform expansion across strategic solution areas. CrowdCard delivers reward payments within days, positively reinforcing behaviors and results. In addition, Accelerate rewards partners with attractive margins, discount tiers and back-end rebates to support building focused, profitable CrowdStrike practices.

According to CrowdStrike 2023 Threat Hunting Report adversary breakout time hit an average all-time low of 79 minutes (falling from 84 minutes in 2022), with the fastest breakout of the year coming in at a record of 7 minutes. According to Gartner, “by 2025, 60% of organizations will be actively using remote threat disruption and containment capabilities delivered by MDR providers, up from 30% today.”

Within this growing market, CrowdStrike Falcon Complete is consistently recognized by customers, analysts and third-party awards programs as the industry’s leading MDR offering, and with this program, CrowdStrike is enabling service providers to deliver the exact same level of comprehensive and specialized protection to stop breaches. Falcon Complete continues to differentiate services with end-to-end managed response and remediation, achieving the highest detection coverage in the 2022 MITRE Engenuity ATT&CK Evaluations for Security Service Providers.

With Falcon Complete for Service Providers, partners can now tap into Falcon Complete’s existing team and offerings to create co-branded or white-labelled managed security services or even offer customized services built on top of Falcon Complete. “Falcon Complete for Service Providers makes it easier for customers to consume the industry’s #1 MDR services with added capabilities from their chosen service provider for seamless security and peace of mind,” said Daniel Bernard, chief business officer at CrowdStrike. “Customers have the full benefit of not only choosing their preferred provider but also realising  the highest levels of protection against advanced threats.”

How has the Zero Trust Network Architecture evolved since it was first coined in 2010?
Like many things in our industry, Zero Trust is a concept that can be distorted. For years, vendors have tried to redefine Zero Trust to align with their current product capabilities. But Zero Trust is not a point solution.

It’s about building a defense-in-depth strategy to ensure all assets have identity-based perimeters that are continuously monitored for user behaviors and device attributes to ensure that least-privileged access to enterprise resources is continually enforced. This must happen no matter where users, applications, or devices are located. Zero Trust is fundamentally dynamic and requires a modern approach to security to be effective.

Do you believe that technologies that support Zero Trust are moving into the mainstream?
Yes, and good solutions should make it easy for companies to implement Zero Trust. CrowdStrike, for example, do all of the heavy liftings for enterprise security teams to enforce frictionless Zero Trust with its industry-leading CrowdStrike Security Cloud — the world’s largest unified, threat-centric data fabric to stop breaches. The CrowdStrike Security Cloud processes trillions of events, enabling hyper-accurate attack correlation and real-time threat analytics and response that can scale any deployment model, whether they are multi-cloud or hybrid enterprises that may also run legacy and proprietary applications.

Do you believe that enterprise IT departments today require a new way of thinking because the castle itself no longer exists in isolation as it once did?
Yes, with digital transformation and remote work, IT organizations need to adjust to today’s new way of working. It is vital for IT departments to move away from traditional network security which follows the “trust but verify” method. In the traditional model, users and endpoints within the organization’s network perimeter were assumed to be trustworthy. This put the organization at risk from malicious internal actors and rogue credentials; it also inadvertently granted wide-reaching access to unauthorized users once inside the network.

Zero Trust is often used as an alternative to the virtual private network (VPN) model, which grants total network access to verified users. Given the shift to remote work, the use of VPN is increasingly seen as a cybersecurity risk, as organizations find it more difficult to monitor and analyze network traffic and application use across a wide variety of locations and devices.

How can companies get started with zero trust?
Zero Trust can be challenging to implement due to the complexity of the technology stack, cross-departmental organizational challenges, and mapping out a process for budgeting and execution. Although each organization’s needs are unique, I recommend the following three steps to move to Zero Trust:

1. Visualize: In this stage, the intent is to understand all of the resources, their access points, and the risks involved. Discover endpoints, identities, and applications, visualize attack paths, and discover and assess multi-cloud workloads.
2. Mitigate: In this stage, an organization should be ready to detect and stop threats or mitigate the impact of the breach in case a threat cannot be immediately stopped. At this point, endpoints should be protected, as well as identities, and workloads in real-time with behavioral and real-time analytics. Identities should be automatically segmented and telemetry enriched with threat context and intel.
3. Optimize: At this stage, the goal is to extend protection to every aspect of the IT infrastructure and all resources regardless of location without creating a poor user experience (which can lead to non-compliance and lower productivity). The key goal is to deploy conditional access for continuous verification without compromising a positive user experience. Best practices to avoid this include eliminating multi-factor authentication fatigue with risk-based, conditional access even for privileged users, extending multi-factor authentication protection to legacy systems to ensure no-gap coverage, and detecting and responding to threats for public clouds and SSO credentials even if a sensor/agent is not possible to deploy.

To ensure a frictionless Zero Trust journey, organizations should consider using a cloud-native security platform approach to achieve superior protection and performance without the overhead of managing terabytes of data, threat feed, and hardware investment.

What according to you are the limitations of zero trust?
Zero Trust Network Access (ZTNA) functions as a next-gen VPN replacement in that it ensures that only approved, authenticated users are granted access to an IT environment or resource. At the same time, it does not actively monitor or mitigate threats once a user has been granted access to a trusted zone.

Further, while secure access via ZTNA is a critical component of a comprehensive cybersecurity strategy, it is not effective at stopping modern cyberattacks such as ransomware or supply chain attacks. ZTNA must be combined with a secure access service edge (SASE) solution and other security tools and solutions to ensure complete protection.

In addition, ZTNA does not provide underlying identity protection capabilities, such as gathering activity data or endpoint details. In this way, the ZTNA solution cannot determine a baseline of standard user behavior, making it impossible to detect anomalies or deviations. Finally, most ZTNA solutions require a gateway, similar to what is used by a VPN. This requires careful planning to ensure the strongest possible protection without introducing significant friction within the user experience that could prevent valid users from accessing the tools and resources they need to perform their jobs.