We’re leading a paradigm shift in security, but it’s going to take a village to bring it to life. This paradigm is Zero Trust, and we’re helping pull together the village through a robust partner ecosystem.

Zero Trust is a cybersecurity framework that automates an organization’s security architecture and orchestrates a response as soon as systems are attacked. The challenge, however, lies in implementing a complete solution guided by the seven pillars of Zero Trust. No company can do this alone.

To help private and public sector organizations simplify adoption, Dell is building a Zero Trust ecosystem. It brings together more than 30 leading technology and security companies to create a unified solution across infrastructure platforms, applications, clouds and services.

Through this ecosystem, Dell and its partners are paving the way to adoption. Together with the Maryland Innovation Security Institute (MISI), we’re providing best-in-class technology at the Zero Trust Center of Excellence and constructing an advanced private cloud solution focused on integrating and orchestrating security for customers. This approach will help organizations implement the technology and tap the expertise needed to build and configure the architecture.

Leading the integration of the Zero Trust ecosystem, Dell brings together technology and capabilities from partners including Corsha, Gigamon, Intel, Juniper Networks, MISI, Nomad GCS, NVIDIA, Palo Alto Networks, VMware and others. By replicating the Department of Defense-approved architecture with technology from leading providers, we’re enabling organizations to defeat cyber criminals while meeting the U.S. government’s Zero Trust mandate.

The ecosystem will help execute the Department of Defense Zero Trust requirements, including capabilities such as:

• • Continuous authentication: Continuously authenticates user access using multifactor authentication.
  • Comply to connect, device detection and compliance: Any device attempting to connect to a network or access a resource is detected and assessed for compliance status.
  • Continuous monitoring and ongoing authorization: Automated tools and processes continuously monitor applications and assess their authorization to determine security control effectiveness.
  • Data encryption and rights management: Data rights management tooling encrypts data at rest and in transit to reduce the risk of unauthorized data access.
  • Software defined networking: Enables the control of packets to a centralized server, provides additional visibility into the network and enables integration requirements.
  • Policy decision point and policy orchestration: Collects and documents all rule-based policies to orchestrate across the security stack for effective automation.
  • Threat intelligence: Integration of threat intelligence data with other security information and event management (SIEM) data provides a consolidated view of threat activity.

Zero Trust is a journey, and the destination is a well-defined set of integrated and automated security activities validated by the U.S. government and recognized around the world. The partner ecosystem is a critical component of Dell’s project to scale an end-to-end validated Zero Trust solution for organizations worldwide.

We look forward to sharing more on our Zero Trust strategy at Dell Technologies World 2023 in Las Vegas, May 22-25, 2023.

According to IDC, it is predicted that by 2025 there will be more than 41.6 billion connected IoT devices, more than double the number of connected devices in 2020. Cyber Signals presents new data on these risks with practical recommendations for businesses.

Over the past year, Microsoft identified unpatched, high-severity vulnerabilities in 75 percent of the most common industrial controllers in customer OT networks, illustrating how challenging it is for even well-resourced organizations to patch control systems in demanding environments sensitive to downtime. Also, there was a 78% increase in high-severity vulnerability disclosures from 2020 to 2022 in industrial control equipment produced by popular vendors.

While connected OT and IoT-enabled devices offer significant value to organizations looking to modernize workspaces, become more data-driven, and ease demands on staff through shifts like remote management and automation in critical infrastructure networks, if not properly secured, they increase the risk of unauthorized access to operational assets and networks. In this context, devices such as cameras, smart speakers, or commercial locks and appliances, could also become entry points for attackers. For businesses and infrastructure operators across industries, the defensive imperatives are gaining total visibility over connected systems and weighing evolving risks and dependencies.

Unlike the IT landscape of common operating systems, business applications, and platforms, OT and IoT landscapes are more fragmented, featuring proprietary protocols and devices that may not have cybersecurity standards. Other realities affecting things like patching and vulnerability management are also factors.

David Atch, Microsoft Threat Intelligence, Head IoT and OT Security Research, highlights in this edition’s profile that to address IT and OT threats to critical infrastructure, organizations must have full visibility into the number of IT, OT, and IoT devices in their enterprise, where or how they converge, and the vital data, resources, and utilities accessible across these devices. Without this, organizations face both mass information disclosure (such as leaked production data of a factory) and the potential elevation of privilege for command and control of cyber-physical systems (such as stopping a factory production line). He shares additional insights in the Cyber Signals digital briefing where we take a deeper dive into wider risks that converging IT, IoT, and OT systems pose.

Securing IoT solutions with a Zero Trust security model starts with non-IoT specific requirements—specifically ensuring you have implemented the basics to securing identities and their devices and limiting their access. These requirements include explicitly verifying users, having visibility into the devices on the network, and real-time risk detections.

With a comprehensive view of the threat picture – informed by the 43 trillion threat signals Microsoft analyzes daily and the human intelligence of its more than 8,500 experts – Microsoft supports IoT/OT users in becoming cybersecurity advocates with the goal of visualizing local cyber threats, in applying Zero Trust and in identifying the cyber impact and risks resulting from increased connectivity, malware and espionage.