First and foremost, zero trust is a security model that eliminates implicit trust and uses a “verify first, then allow” stance. Most organizations apply this in cybersecurity to identity and authentication, but stop before their applications because the existing solutions claim "Zero trust" yet don't follow the "verify first, then allow" model for application workloads.
Agencies like the Department of Defense and the Cybersecurity and Infrastructure Security Agency (CISA) have expanded their definition of zero trust to encompass more than identity, authentication, and network traffic.
Deny access by default. Every device, user, application/workload, and data flow are authenticated and explicitly authorized using least privilege, multiple attributes, and dynamic cybersecurity policies.”
DoD Zero Trust Reference Architecture - V2 July 2022
Applications and workloads include agency systems, computer programs, and services that execute on premise, as well as in a cloud environment. Agencies should secure and manage the application layer as well as containers and provide secure application delivery.
CISA Zero Trust Maturity Model - Pre-decisional Draft June 2021
Continuous protection of application and host workloads stops cyber criminals and nation-state cyber threats.
Virsec’s unique approach creates a trust-benchmark — mapping known-good application workload behavior, memory processes, files, etc., and creates a trust policy to ensure that any unexpected processes or workflow activity is stopped in milliseconds. This prevents any modified code, remote code injection or execution, or memory corruption from occurring — effectively eliminating the chance of any zero-day exploits, even in unpatched or legacy environments.
Most solutions attempt to stop known bad code and unknown code that looks suspicious, but very few stop everything except what's trusted. Legacy approaches ignore the first principle of zero trust — verify then allow — and open the door to novel malware or zero-days. Virsec, by default, blocks any known OR unknown threat in milliseconds.