[Part 2 of 2 – Based on an interview with Zscaler CSO Deepen Desai]

By Holger Schulze, Cybersecurity Insiders

“Zero Trust isn’t a feature,” Deepen Desai told me during our RSA Conference interview. “It’s an architectural decision to stop trusting the network. You’re either enforcing that by design—or you’re pretending.”

In Part 1 of this series, we explored the failure of VPNs—how attackers exploit them, how they collapse under patching pressure, and how they expand risk instead of containing it. But our conversation in San Francisco didn’t stop at diagnosis. It turned toward what comes next.

The answer is Zero Trust. But not the watered-down, checkbox version.

“If your users connect and get placed on the network—even in the cloud—you’re not doing Zero Trust,” Desai said. “You’ve just moved your VPN to a new address.”

This isn’t about branding. It’s about architecture. And at Zscaler, that architecture is built on one foundational idea: attack surface reduction in the first place.

The Invisible Attack Surface

If the core flaw of VPNs is that they make applications reachable, then Zero Trust flips that completely. Desai described it as eliminating network presence altogether.

With Zscaler Private Access (ZPA), users never access the network. There is no IP assignment. No shared subnet. No inbound access to anything.

Instead, both users and applications establish outbound-only connections to the Zscaler Zero Trust Exchange. If identity, policy, and posture align, Zscaler stitches the user and app connections together.

“If you can scan the network, you’re on the network,” Desai said. “And if you’re on the network, the attacker can be too.”

This approach removes the need for VPN concentrators, inbound firewall rules, or exposed IPs. Applications go dark. And attackers can’t target what they can’t see.

The Philosophy That Replaces the Perimeter

At its core, Zero Trust is a framework built on three non-negotiable principles, defined by NIST and echoed in Zscaler’s architecture:

1. Never trust, always verify
   Every user, device, and workload must be authenticated and validated continuously—not just at login. Trust is not a location or a certificate. It’s earned, and it expires.
2. Enforce least-privilege access
   Users don’t need broad network access—they need specific access to specific applications, at specific times. Permissions should be as narrow as possible, always.
3. Assume breach
   Compromise is inevitable. The architecture must contain and isolate it. Lateral movement should not just be blocked—it should be impossible by design.

“Every one of those ideas breaks the legacy model,” Desai told me. “That’s why you can’t just rebrand your VPN and call it Zero Trust. It either enforces these tenets—or it doesn’t.”

At Zscaler, these principles are enforced not by firewalls, not by segmentation rules, but by the architecture itself. With ZPA, applications aren’t directly reachable, users aren’t on the network, and policies are enforced every time a connection is made.

From this foundation, the rollout begins.

The Four-Stage Shift to Zero Trust

Zscaler doesn’t advocate a forklift replacement of legacy systems. Instead, Desai laid out a four-stage adoption path—one that starts where the risk is highest and compounds benefit over time.

1. Secure Internet Egress with ZIA

Before private apps, start with outbound traffic. Zscaler Internet Access (ZIA) enforces consistent policy and TLS inspection across all users—without backhauling traffic to a central datacenter.

This removes the need for on-prem proxies and applies protection close to the user. It’s the foundation that makes the rest of Zero Trust scalable.

2. Replace Inbound VPN with ZPA

The next move is to eliminate VPN tunnels altogether. ZPA makes private applications invisible to the internet—no public IPs, no exposed services, no inbound firewall rules.

“It’s not just blocking access,” Desai said. “It’s removing the ability to even knock on the door.”

Access is determined by who the user is, what device they’re using, and what policy allows. Not where they’re connecting from or what network they’re on.

3. Segment User to Application Access 

This is where most organizations truly begin to understand the power of Zero Trust.

Instead of segmenting by subnet, VLAN, or NAC, Zscaler segments by user-to-app relationships. Policies are built around identity, not infrastructure. And Zscaler’s machine learning engine can detect real access patterns to suggest adaptive policies over time.

Desai shared one example where a customer believed they had 300 internal applications. Zscaler discovered over 10,000.

“You can’t segment what you don’t know exists,” he said. “But you also don’t have to do it all at once. Start with your crown jewels. Then isolate your riskiest users.”

That might include employees who routinely fail phishing simulations, users on unmanaged devices, or accounts showing anomalous behavior.

4. Trap the Attacker Before the Damage Spreads

Even with segmentation in place, breaches happen. But Zero Trust doesn’t stop at prevention—it extends into containment.

Zscaler integrates deception directly into the access layer: decoy applications, seeded with breadcrumbs, are presented to users just like real apps. If touched, access to the real environment is immediately revoked—and the attacker is isolated.

“They don’t even know they’ve been shut out,” Desai said. “But they’ve already lost.”

This eliminates the lateral movement that VPNs so often enable—and turns the attacker’s playbook against them. 

This is what makes Zero Trust more than prevention. It’s containment by design.

What Doesn’t Work: NAC and Cloud VPNs

Desai was unequivocal about what Zero Trust is not.

“Putting a VPN in the cloud doesn’t change what it does,” he told me. “If users still get placed on the network, you’ve changed the address, not the architecture.”

Network Access Control (NAC) solutions are equally limited. They may inspect device posture at the edge, but they can’t prevent what happens inside a session—especially if the attacker has valid credentials. They can’t block data exfiltration from within an approved connection. And they certainly can’t make applications invisible.

The Real Benefit: Simplicity That Scales

While the security benefits are clear, Desai pointed out that Zero Trust is also an operations win—especially for organizations struggling with VPN overhead.

According to the VPN Risk Report:

• 54% of security teams say VPNs cause recurring incidents
• 41% say they drain resources from higher-value projects
• ManpowerGroup cut 97% of remote access support tickets after moving to ZPA

“It’s not just your security team that benefits,” Desai said. “It’s your IT team. It’s your users. It’s your CFO who doesn’t want to keep buying concentrators or renewing patching contracts.”

When infrastructure goes away, complexity and resulting cost follows it out the door.

Making the Case to the Board

Desai wrapped our conversation with advice for CISOs working to bring Zero Trust to the boardroom. His recommendation: don’t talk about controls. Talk about containment.

“The question isn’t whether you’ll be breached,” he said. “It’s what happens next. VPNs let that breach spread. Zero Trust stops it where it starts.”

With VPNs, the breach spreads. With Zero Trust, the breach is contained—access is limited by default, and even successful compromise can’t move laterally.

Desai advises CISOs to lead with these three points:

1. Zero Trust shrinks breach impact
2. It scales with distributed users and cloud adoption
3. It replaces assumptions with proof—every time a connection is made

In a security climate where prevention is imperfect, containment is king.

A Shift That’s Already Happening

According to the 2025 VPN Risk Report, the transition is already happening. 65% of organizations are moving away from VPNs. 81% are investing in Zero Trust architecture.

This isn’t about buzzwords. It’s about control.

“VPNs make you reachable,” Desai said as we stood to leave. “Zero Trust makes your network and applications invisible to attackers. That’s the future.”

The post The End of VPNs — Part 2: Beyond the Buzz of Zero Trust first appeared on Cybersecurity Insiders.

The post The End of VPNs — Part 2: Beyond the Buzz of Zero Trust appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/pDOtJMx
via IFTTT

High-pressure incidents can be defining moments for organizations, demanding immediate, coordinated, and often high-stakes responses. In the realm of cybersecurity, where threats evolve rapidly and stakes include sensitive data, reputational damage, and financial loss, the pressure to act quickly is intense. While technical tools and expertise often take center stage in incident response, an equally critical and sometimes underestimated component is effective communication. As leadership expert Simon Sinek famously said, “Leadership is not about being in charge. It is about taking care of those in your charge.” In the heat of a cyber crisis, that care manifests through structured, empathetic, and timely communication that aligns teams, reduces confusion, and drives action.

This article explores practical communication strategies drawn from real-world incident response experiences to help security teams navigate the complexities of an active cyber crisis with clarity, calm, and confidence.

The Role of Communication in Cybersecurity Incidents

In cybersecurity, high-pressure incidents frequently involve fast-moving and complex threats such as ransomware outbreaks, data breaches, supply chain compromises, or insider threats. Each minute during an incident counts, delays in containment can amplify damage exponentially. The ability to communicate clearly both within technical teams and with non-technical stakeholders is crucial to mitigating impact and accelerating recovery.

Consider the handling of the 2020 SolarWinds supply chain compromise, often cited as a textbook example of effective crisis communication in cybersecurity. The victim organization faced a highly sophisticated attack that silently compromised thousands of customers. Rather than resorting to silence or obfuscation, the company published transparent, technically detailed blog posts outlining what was known about the attack, how it was being investigated, and practical mitigations customers could apply. Alongside public communications, internal teams maintained continuous updates and alignment across engineering, security, and leadership functions. This dual internal-external communication approach helped build customer trust and enabled rapid adoption of defensive measures, containing the damage faster than might otherwise have been possible.

Done right, communication transforms incident response from a frantic scramble into a coordinated, focused effort where everyone understands their role, priorities, and next steps. It establishes a rhythm and clarity that reduces panic, eliminates duplicative work, and enable swift decision-making.

Key Elements of Effective Communication During an Incident

Effective communication can make or break an organization’s response to a cybersecurity incident. The following core practices have proven vital in maintaining clarity, control, and confidence during high-pressure moments:

a. Structured Communication Cadence

One of the first lessons is to establish a predictable rhythm for communications. When uncertainty and chaos abound, a set cadence of updates brings much-needed stability. For example, during a ransomware outbreak at a global manufacturing company, the response team instituted two-hourly technical syncs where engineers shared progress on containment and forensics. Meanwhile, a separate briefing for executives occurred every four hours, providing strategic context and business impact summaries. This predictable cadence ensured tactical teams and decision-makers were aligned, and no critical information fell through the cracks.

Choosing appropriate communication channels and intervals is essential. For example, chat platforms work well for rapid-fire technical updates, while email or video calls suit broader leadership briefings. The key is consistency; team members should know when and where to expect updates.

b. Audience-Centric Messaging

Another fundamental principle is tailoring communication to the audience’s needs. Not all stakeholders require or want the same level of technical detail. For instance, during a cloud misconfiguration incident that exposed customer data, the security engineers needed detailed packet captures and logs to identify root causes and patch vulnerabilities. Meanwhile, the executive board required a concise summary outlining the incident’s impact, legal obligations, and remediation timelines.

In a real-world scenario, a financial services company experienced a similar breach where technical teams worked around the clock analyzing system logs and firewall rules. Simultaneously, the C-suite received simplified updates focusing on risk exposure, regulatory reporting deadlines, and customer notification plans. This bifurcated communication approach prevented information overload for executives and ensured engineers had the detailed data they needed to act decisively.

Crafting messages with clarity and purpose for each audience helps avoid confusion, reduces unnecessary alarm, and builds trust. Technical teams value accuracy and completeness, while leadership prioritizes business risk and next steps. Separating these messages and customizing tone and depth helps keep everyone informed and aligned without overwhelming anyone.

c. Cross-Functional Coordination

Cyber incidents ripple beyond the technical realm. They affect legal compliance, public relations, human resources, and customer experience teams. In a recent phishing attack targeting a multinational’s workforce, the incident response team ensured early involvement of HR to notify affected employees and assist with password resets. Legal counsel was looped in promptly to assess breach notification requirements under GDPR. Meanwhile, communications teams prepared customer-facing statements to manage external reputation.

Such cross-functional integration avoids conflicting messages, ensures regulatory compliance, and fosters a unified organizational response. Predefined roles and communication pathways, documented well before incidents occur, enable this coordination to happen smoothly under pressure.

d. Clear Escalation Paths

Time is the most precious resource during a cyber crisis, and ambiguity about decision-making authority can cost valuable minutes or hours. In one incident involving suspected data exfiltration, lack of a clear escalation matrix caused a six-hour delay before containment approvals were obtained. This delay extended the exposure window and increased damage.

Following that event, the company implemented a role-based decision tree that clearly defines who can authorize containment actions, legal escalations, or public disclosures at each incident severity level. This clarity reduced response latency in subsequent drills and real incidents alike, emphasizing the importance of predefined escalation paths in the communication plan.

e. Calm, Concise Communication Style

How information is communicated during a crisis influences team morale and effectiveness as much as what is communicated. During a distributed denial-of-service (DDoS) attack on a major retail platform, the incident commander kept all updates short, factual, and evenly toned, avoiding panic-inducing language. This steady tone helped the engineering teams remain focused on mitigation efforts without distraction, while leadership maintained a clear understanding of progress.

Training teams to communicate calmly and assertively rather than reactively or emotionally can significantly improve performance under pressure. Consistent messaging with a measured tone reduces misunderstandings and builds confidence in the response process.

Recap Putting Communication into Practice

To illustrate these principles, consider a mid-sized financial services company responding to a ransomware infection:

Structured Cadence: The incident manager set up hourly updates via group chat for technical responders, while business leaders received consolidated briefings every four hours via video conference.

Audience-Centric Messaging: Technical teams received detailed logs and mitigation steps, while executives got high-level summaries focusing on customer impact and regulatory notifications.

Cross-Functional Coordination: Legal and compliance teams joined briefings to advise on breach reporting timelines; customer support prepared scripts for incoming inquiries; HR alerted and supported affected employees.

Clear Escalation Paths: Predefined roles ensured that authorization for network isolation and public communications moved quickly from technical leads to CISO and then CEO without delay.

Calm, Concise Style: Incident communications remained steady and factual, avoiding speculation or alarmist language, which helped maintain team focus and stakeholder confidence.

This integrated communication approach allowed the company to contain the attack within 24 hours, minimize business disruption, and meet all regulatory obligations on time.

Conclusion

Senior engineering leaders must recognize that communication is as vital as the technical response during incidents. Clear, timely, and targeted communication helps contain threats, reduces confusion, and enhances decision-making. Structured updates, predefined escalation paths, and cross-functional alignment transform chaos into coordinated action. The tone and clarity set by leaders directly influence team performance under pressure. Communication is infrastructure, not just support, and must be woven into incident response plans to safeguard systems and maintain organizational trust.

 

 

The post Engineering Calm in Crisis: Lessons from the Frontlines of Security first appeared on Cybersecurity Insiders.

The post Engineering Calm in Crisis: Lessons from the Frontlines of Security appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/SeHnrcN
via IFTTT

In 2024, browser security faced some of the most advanced cyber threats to-date. As enterprises continue to transition to and from remote work environments, relying on SaaS platforms, cloud-based applications, hybrid work setups, and BYOD policies, attackers have become hyperfocused on the browser as the connective tissue linking and supporting almost all work and personal activities.  

The rise of AI-powered attacks, abusive cloud hosting services, phishing-as-a-service (PhaaS), and zero-day vulnerabilities that focus on enterprise browsers have underscored the need for a new approach to browser security. Traditional network and endpoint security tools alone are no longer enough. Menlo Security’s annual “State of Browser Security Report” reveals a significant surge in browser-based attacks, particularly those utilizing artificial intelligence (AI) and sophisticated impersonation methods. 

Key Research Findings 

The modern browser transcends its traditional role as a web access tool; it’s now a primary entry vector for advanced cyberattacks. Attackers are increasingly leveraging browser vulnerabilities to pilfer sensitive data and circumvent conventional security measures. Menlo researchers identified a dramatic 140% surge in browser-based phishing attacks year-over-year, coupled with a 130% increase in zero-hour phishing incidents specifically. 

Credential phishing continued to run rampant in 2024, largely because traditional security measures like firewalls, secure web gateways, and antivirus tools remain ineffective against these, and other sophisticated techniques used by cybercriminals. In fact, six days is the average window of exposure before legacy security tools can detect threats from zero-hour phishing attacks. While many enterprises have endeavored to improve browser security, they tend to focus on security at the network or endpoint level, which are not equipped to combat evasive threats like obfuscating malicious code, fileless malware and memory-only payloads. These techniques hide malicious activity within seemingly legitimate web traffic, making detection more difficult.  

Cloud-network services have attempted to mitigate the growing problem of browser-based attacks, but they often introduce added complexity and significant management costs without delivering robust protection against advanced phishing tactics. Compounding these challenges is the escalating trend of attackers exploiting cloud services themselves to host malicious content, including phishing sites and ransomware. Notably, AWS and CloudFlare accounted for nearly 50% of all instances of abused cloud hosting in 2024. This concentration underscores the allure of major cloud providers as targets for malicious actors who seek to leverage their extensive infrastructure for illicit activities, highlighting a critical security gap that existing solutions are failing to adequately address. 

Continuing Trends 

The data in the Menlo State of Browser Security Report is a clear indication of the current threat landscape, and what enterprises can expect in 2025 and beyond. Here are our research-based predictions for the months to come: 

1.Ransomware will continue to reign supreme. Ransomware will remain a highly prolific attack type, with cybercriminals targeting critical infrastructure to extract financial gains. We expect threat actors to increasingly use browser-based attacks to deploy ransomware, targeting sectors like healthcare, energy and transportation, and using the advanced techniques described above to bypass traditional defenses. The significant impact of ransomware attacks, such as the phishing campaign against Change Healthcare in 2024, highlights the need for organizations to prioritize browser security, adopt strong security measures and stay updated with the latest threat intelligence and business continuity protocols.  

2.AI-driven deepfakes will aid in bypassing traditional security tools. The volume of AI-driven cyber fraud has not yet reached its peak – we will see this attack type continue to rise in 2025 and beyond. Scam activities such as fake AI tools posing as legitimate platforms offering premium AI services will be used to steal login credentials and personal data, or direct users to phishing forms. Exploitation of user trust through sophisticated social engineering techniques will be key to targeting social media platforms and search engines.  

3.The cyber gap between small and large businesses will continue, leaving smaller businesses more vulnerable to attack. Larger enterprises are among the first to begin incorporating browser security strategies and security tooling that incorporates AI, helping with defenses that leave too much room for human error. On the other hand, we will see a larger proportion of small businesses continue to be affected by ransomware and other browser-based threats due to fewer resources, lack of dynamic security controls in the browser, and their inability to effectively monitor user behavior. Organizations will also start to leverage AI to level out their Security Operations Centers (SOCs), so that they don’t need as many resources to run it. Regardless of size, browser security is no longer optional but a fundamental survival strategy requiring proactive protection and preventative security.  

4.Threats to edge and IoT devices will rise. Edge and Internet of Things (IoT) devices are becoming prime targets for cybercriminals, particularly due to their often-limited security measures and widespread use in both personal and corporate settings. From smart cameras and wearables to home assistants, there will be more zero-day vulnerabilities exploited in the wild, with threat actors identifying and exploiting these weaknesses to gain control of these devices, use them for DDoS attacks and other malicious activities. 

5.Left unsecured, remote and hybrid environments will exacerbate insider threats. In the months to come, insider threats will increasingly originate from well-intentioned users who fall victim to sophisticated targeted attacks, exacerbated by remote and hybrid work environments. New tools and technologies will emerge to assist users in avoiding these risks, removing the burden of identifying and mitigating potential risks on their own. These tools will be able to detect malicious activity and perform far above the capacity of manual human analysis.  

Browser security will remain a critical area of focus for both security teams and end users, affecting both equally. The cyber threat landscape is shifting quickly, driven by advancements in technology such as AI and also changes in how and where people work. Cybercriminals are constantly refining their attack tactics – organizations must be doing the same on the defensive side, looking to implement robust security measures, prioritizing browser safety, and leveraging innovative tools to detect and thwart threats.  

The post Recent Evolution of Browser-based Cyber Threats, and What to Expect Next first appeared on Cybersecurity Insiders.

The post Recent Evolution of Browser-based Cyber Threats, and What to Expect Next appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/59gpdTR
via IFTTT

As a website owner, one of my top priorities is to ensure that my website is protected from cyber threats. After trying various web application firewalls (WAFs), I recently discovered SafeLine WAF, and I’m thoroughly impressed. If you’re looking for an affordable, yet powerful WAF solution, SafeLine is the perfect choice.

What is SafeLine WAF?

SafeLine WAF is a web application firewall designed to protect websites from a variety of attacks, including SQL injections, cross-site scripting (XSS), and zero-day attacks. It acts as a shield between your website and malicious traffic, ensuring that your website remains secure while still allowing legitimate users to interact with your site.

How SafeLine Works

 

What sets SafeLine apart from other WAF solutions is its semantic analysis engine, which goes beyond traditional signature-based detection. Instead of just identifying known attack patterns, SafeLine analyzes the behavior and context of incoming traffic to detect even sophisticated, zero-day attacks. This makes it not only effective but also highly adaptable to evolving threats.

Key Features of SafeLine WAF

1.Semantic Analysis for Advanced Threat Detection

SafeLine’s semantic analysis engine sets it apart from other WAFs. Unlike traditional signature-based firewalls that can only detect known threats, SafeLine looks at the behavior and context of traffic, enabling it to detect sophisticated attacks that are not yet widely recognized. This means your website is protected from both known and unknown threats.

2.Bot Protection

SafeLine provides multi-layered defense against bot attacks like malicious crawlers through CAPTCHA verification, dynamic protection, and anti-replay protection.

3.HTTP Flood DDoS Protection

The most common way to defend against HTTP flood DDoS attacks is to limit the rate of visits from source IPs. But it’s not enough. Skilled attackers will find ways to bypass detection. Therefore, in addition to rate limiting, SafeLine also supports Waiting Room, to limit user traffic.

4.Identity and Access Management

SafeLine provides unified identity management for both on-premise and cloud applications through standard protocols.

5.Customizable Security Rules

SafeLine provides the ability to customize security rules based on your specific needs. Whether it’s blocking certain types of traffic or monitoring suspicious activity, you can fine-tune the firewall to provide the exact level of protection your website needs. 

6.User-Friendly Setup and Management

Not only is SafeLine one of the most affordable WAF solutions, but it is also incredibly easy to use. The setup process is fast and straightforward, making it perfect for those who don’t have extensive technical knowledge. 

Once installed, the intuitive dashboard (See SafeLine Demo here) makes managing and monitoring your website’s security effortless. You can easily access attack logs, view real-time alerts, and make custom adjustments without a steep learning curve.

Why SafeLine is the Best Choice for Small Businesses

When it comes to WAFs, price can often be a limiting factor, especially for small businesses or personal websites. Many high-quality WAFs can cost hundreds of dollars per month, making them inaccessible to those with limited budgets. 

However, SafeLine is a game-changer in this regard. It provides a Free edition for personal use. The Lite edition costs $10 per month. For users needing more advanced features, the Pro edition is also available at a competitive price of $100 per month, giving you full flexibility and powerful protection.

The key takeaway here is that SafeLine offers the best value for the features it provides. Whether we’re a small business, an individual site owner, or an enterprise, SafeLine is here to keep our websites safe from cyber threats. 

 

 

 

 

 

 

The post SafeLine WAF: Best Security Choice for Small Businesses first appeared on Cybersecurity Insiders.

The post SafeLine WAF: Best Security Choice for Small Businesses appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/z5lp08b
via IFTTT