Trends

There Is No Zero Trust Without Visibility

Table of Contents

The Need for a Zero Tust Framework

When I created the Zero Trust eXtended (ZTX) Ecosystem Framework at Forrester Research (yes it was me), the market for cybersecurity was pretty much an unfocused mix of technologies; all focused on “stopping breaches.” Well, that wasn’t really working. If anything, the market was really pushing for expense in depth, rather than actual defense in depth and there was no real grand strategic framework for overall cyber planning. So we worked to create a framework that would build off of the tenets of the model John Kindervag had preached about for years.  

That framework finally seemed to be the catalyst that the market needed to vector in on as an effective strategic approach to the reality of problems in cybersecurity.  Great, we got one right. But—as markets do—the idea and concept were quickly adopted but the implementation has languished for many organizations. But why? If the strategic value is so well understood and there is a volume of material to validate the need for Zero Trust, why were organizations still hesitant to work to deploy that strategy into their infrastructure?

Challenges in Implementing Zero Trust

Well, the question from nearly all of the organizations I talked to was “Where do we start?”  As a matter of fact, there are books and entire consulting companies now that focus on answering that question. But that’s actually an easy question to answer. You start with knowing what is already compromised in your enterprise which allows you to find and fix threat activity that is currently in operation.  Then you follow that by keeping a constantly updating inventory of assets and establishing a baseline of activity, then if anything changes you remediate those issues. The more you can automate and activate that process, the better you are doing. Yes, there are other things that should also be done as part of the ZT strategy, but triage comes first and this is cyber triage 101. Many folks would call that process gaining visibility, which is correct. 

The Forrester Wave: Network Analysis and Visibility

When I saw The Forrester Wave™: Network Analysis and Visibility Q2 2023 come out this year I was very excited. It’s a first-of-its-kind report that finally put the concept of Zero Trust into an independent third-party research methodology that would help companies understand not just the “why” anymore but the “how,” for Zero Trust. Having been a Forrester Analyst I know the process and methodology that goes into those Wave reports and to see an organization like Lumu  emerge as a leader indicates a few things to me:

  1. Technological Merit: Lumu’s technology has met all the merits of a LONG list of requirements and the solution’s efficacy has been recognized by not only the analyst but a list of end users.
  2. Customer Satisfaction: Lumu’s customers are gaining real wins with the solution specific to the problems that are inherent to the NAV category. In other words, Lumu’s customers are able to directly cite benefits and value gained from using Lumu in their organization’s infrastructure, and those clients are willing to stand on the record and be referenced for those benefits.
  3. Consistent Delivery: The Lumu team demonstrated over a period of months that they could consistently deliver technical outcomes and business value from their solution during a series of demanding demonstrations and reviews by a third party who had no vested interest in seeing them succeed.

This Wave for NAV and Zero Trust is a watershed moment in the cybersecurity market. Seeing a somewhat “underdog” like Lumu come out swinging and punch well above their weight class is a very good thing. This market needs innovators and vendors that can solve critical problems like visibility, control, and remediation of threats for their customers in real systems. This is a competitive market and there is real value in knowing that some companies are both technically capable and strategically aligned on a market initiative like Zero Trust.

I believe Lumu’s marks in this Wave validate their position as a leader. Zero Trust and the use of the ZTX framework are continuing to make waves in the global cybersecurity market; Lumu is well positioned to aid organizations ride that tsunami and it is my opinion that the Forrester Wave™: Network Analysis and Visibility proves that.

Recent Posts

  • Trends

CISA Reveals How 12 Ransomware Gangs are Bypassing EDRs

Reading Time: 7 minsEndpoint Detection and Response (EDR) has a critical role in most companies’…

3 weeks ago
  • Trends

Does Infostealer Malware Have US Organizations Under Siege?

Reading Time: 5 minsLumu’s Compromise Report for 2024 uncovers surprising information about how infostealer malware…

4 weeks ago
  • Trends

Lumu Compromise Report 2024: 2 Essential Tips for MSPs to Protect Clients

Reading Time: 4 minsFor MSPs to proactively protect their clients they need good intelligence, such…

1 month ago
  • Technical

The Hidden Pitfalls of Deep Packet Inspection

Reading Time: 6 minsExplore DPI's limitations in network security and discover how Lumu’s cloud-native, metadata-driven…

1 month ago
  • Trends

3 Cybersecurity Trends From the Lumu Compromise Report 2024

Reading Time: 3 minsLumu’s new Compromise Report 2024 reveals the greatest current cybersecurity trends and…

2 months ago
  • Technical

Lumu’s Journey to Log Retention: Reducing Costs and Enabling Compliance

Reading Time: 6 minsDiscover how Lumu's Playback feature improves visibility and efficiency while addressing the…

2 months ago