{"id":13125,"date":"2025-02-10T21:42:18","date_gmt":"2025-02-10T21:42:18","guid":{"rendered":"http:\/\/127.0.0.1\/?p=13125"},"modified":"2025-02-10T21:42:20","modified_gmt":"2025-02-10T21:42:20","slug":"the-five-pillars-of-zero-trust-and-great-wing","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/2025\/02\/10\/the-five-pillars-of-zero-trust-and-great-wing\/","title":{"rendered":"The Five Pillars of Zero Trust and Great Wing"},"content":{"rendered":"\n<p id=\"ember529\"><strong>Dr. Jonathan Ben-Benjamin, AJ Comerford, Moshe Ben-Benjamin<\/strong><\/p>\n\n\n\n<p id=\"ember530\"><strong>The Challenge<\/strong><\/p>\n\n\n\n<p id=\"ember531\">&#8220;<em>Only the paranoid survive.&#8221; <\/em>\u2013 Andy Grove, former CEO, Intel<\/p>\n\n\n\n<p id=\"ember532\">The paradigm of traditional corporate firewalls and endpoint security is obsolete. The modern workforce has embraced more interconnected systems, such as remote access or third-party integrations, which continue to blur the lines between intranet, internet, IT, and IoT. Every organization now fights the battle against de-perimeterization \u2013 the process of removing the boundaries between an organization and the outside world while trying to keep their company secure. The zero trust security model is emerging as the architectural solution to address the challenges posed by de-perimeterization.<\/p>\n\n\n\n<p id=\"ember533\"><strong>No more business as usual: What is zero trust security?<\/strong><\/p>\n\n\n\n<p id=\"ember534\"><em>&#8220;Recent cyber incidents&#8230; demonstrate that \u201cbusiness as usual\u201d approaches are no longer sufficient to defend the nation from cyber threats.&#8221;<\/em> [1] \u2013 CISA<\/p>\n\n\n\n<p id=\"ember535\">Traditional security models work by authenticating users at a network\u2019s border. All actions and queries within the network are trusted to be safe and legitimate.<\/p>\n\n\n\n<p id=\"ember536\">The zero trust model treats every transmission as though the network has been compromised. It responds to queries only if they can be verified \u2013 regardless of where the request originates or what resource it attempts to access.<\/p>\n\n\n\n<p id=\"ember537\"><strong>Make bold changes with Great Wing<\/strong><\/p>\n\n\n\n<p id=\"ember538\"><em>&#8220;Incremental improvements will not give us the security we need; instead, the Federal Government needs to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life.&#8221;<\/em> [2] \u2013 White House Briefing on Zero Trust<\/p>\n\n\n\n<p id=\"ember539\">In a radical departure from the traditional trust-by-default paradigm, Great Wing takes a trust-by-exception approach. We provide an integrated zero-trust system that automatically detects, responds, and reports threats, preventing undesired events across your organization.<\/p>\n\n\n\n<p id=\"ember540\"><strong>Great Wing: Zero trust by design<\/strong><\/p>\n\n\n\n<p id=\"ember541\"><em>&#8220;After gaining access to an organization\u2019s network, one of the most common techniques malicious cyber actors use is lateral movement through the network, gaining access to more sensitive data and critical systems. The Zero Trust network and environment pillar curtails adversarial lateral movement by employing controls and capabilities to logically and physically segment, isolate, and control access (on-premises and off-premises) through granular policy restrictions.&#8221;<\/em> [3] \u2013 NSA<\/p>\n\n\n\n<p id=\"ember542\">At the core of Great Wing products is a revolutionary secure internet protocol called Wormhole\u2122, where all IP\/TCP\/UDP communications between parties are verified per packet. With this fine-grained approach, intruders don\u2019t get an opportunity to exploit the network. They are immediately detected, blocked, and reported. To implement this system, our protocol uses large symmetric key encryption and message obfuscation techniques. They ensure only the proper recipient can reconstruct and decrypt packets. Combining these techniques render traditional network reconnaissance and exploits useless.<\/p>\n\n\n\n<p id=\"ember543\"><strong>Great Wing satisfies CISA Zero Trust<\/strong><\/p>\n\n\n\n<p id=\"ember544\">What is the CISA Zero Trust Maturity Model?<\/p>\n\n\n\n<p id=\"ember545\">How does the Great Wing architecture help your organization satisfy the Cybersecurity and Infrastructure Security Agency (CISA) Zero Trust Maturity Model?<\/p>\n\n\n\n<p id=\"ember546\">The Cybersecurity and Infrastructure Security Agency (CISA) Zero Trust Maturity Model outlines five pillars that organizations should focus on during a zero trust implementation:<\/p>\n\n\n\n<p id=\"ember547\"><em>1.&nbsp; Identity<\/em><\/p>\n\n\n\n<p id=\"ember548\"><em>2.&nbsp; Devices<\/em><\/p>\n\n\n\n<p id=\"ember549\"><em>3.&nbsp; Networks<\/em><\/p>\n\n\n\n<p id=\"ember550\"><em>4.&nbsp; Applications and workloads<\/em><\/p>\n\n\n\n<p id=\"ember551\"><em>5.&nbsp; Data<\/em><\/p>\n\n\n\n<p id=\"ember552\">Great Wing\u2019s products are designed to fully satisfy CISA\u2019s five pillars to the highest and most reliable and secure standards. Here is how:<\/p>\n\n\n\n<p id=\"ember553\"><strong>Pillar 1: Identity<\/strong><\/p>\n\n\n\n<p id=\"ember554\">&#8220;<em>Agencies should ensure and enforce user and entity access to the right resources at the right time for the right purpose without granting excessive access. Agencies should integrate identity, credential, and access management solutions where possible throughout their enterprise to enforce strong authentication, grant tailored context-based authorization, and assess identity risk for agency users and entities. Agencies should integrate their identity stores and management systems, where appropriate, to enhance awareness of enterprise identities and their associated responsibilities and authorities.&#8221; <\/em>[1] \u2013 CISA<\/p>\n\n\n\n<p id=\"ember555\"><em>&#8220;Authenticating user identities and granting those users access only to approved enterprise resources is a fundamental capability of zero trust security.&#8221;<\/em> [4] \u2013 IBM<\/p>\n\n\n\n<p id=\"ember556\">Great Wing\u2019s Wormhole\u2122 protocol embeds an identity architecture based on a unique patented authentication and authorization scheme. Each account and device is assigned a unique identity-key that seeds a dynamic mixing protocol applied to all packets related to an \u2018identity.\u2019 How packets are sent, received, ordered, and mixed is uniquely identifiable to each account and device. Any deviation from this pattern is immediately detected and reported. Once detected, our policy engine is triggered to perform follow-up actions such as credential revocation, intrusion alerts, or other countermeasures.<\/p>\n\n\n\n<p id=\"ember557\"><strong>Pillar 2: Devices<\/strong><\/p>\n\n\n\n<p id=\"ember558\">&#8220;<em>Agencies should secure all agency devices, manage the risks of authorized devices that are not agency-controlled, and prevent unauthorized devices from accessing resources. Device management includes maintaining a dynamic inventory of all assets including their hardware, software, firmware, etc., along with their configurations and associated vulnerabilities as they become known.&#8221;<\/em> [1] \u2013 CISA<\/p>\n\n\n\n<p id=\"ember559\">&#8220;<em>Every device that connects to a network resource should be fully compliant with the zero trust policies and security controls of the organization. This includes workstations, mobile phones, servers, laptops, IoT devices, printers and others. Zero trust organizations maintain complete and current inventories of all authorized endpoint devices. Unauthorized devices are denied network access.&#8221;<\/em> [4] \u2013 IBM<\/p>\n\n\n\n<p id=\"ember560\">Great Wing software is built to be universal and compatible with many types of devices: PCs, phones, laptops, tablets, and so on. Once devices are on a Great Wing network, they are assigned an identity-key and can \u201cspeak\u201d only in the Wormhole\u2122 protocol. Devices are immediately identified, registered, and traced. Since an identity key is generated per device, the Wormhole with an identity key generated for one device will not run on a different device.<\/p>\n\n\n\n<p id=\"ember561\">Great Wing software\u2019s device-authentication mode:<\/p>\n\n\n\n<p id=\"ember562\">\u00b7&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Includes access controls for physical devices across the company\u2019s network<\/p>\n\n\n\n<p id=\"ember563\">\u00b7&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Uses hardware \u2013 in addition to software \u2013 for zero-trust authentication<\/p>\n\n\n\n<p id=\"ember564\"><strong>Pillar 3: Networks<\/strong><\/p>\n\n\n\n<p id=\"ember565\">&#8220;<em>ZTAs (Zero Trust Architectures) permit agencies to manage internal and external traffic flows, isolate hosts, enforce encryption, segment activity, and enhance enterprise-wide network visibility. ZTAs permit security controls to be implemented closer to the applications, data, and other resources and augment traditional network-based protections and improve defense-in-depth. Each application can be treated uniquely by the network for its demands on access, priority, reachability, connections to dependency services, and connection pathways.&#8221;<\/em> [1] \u2013 CISA<\/p>\n\n\n\n<p id=\"ember566\"><em>&#8220;Organizations move from traditional network segmentation to microsegmentation in a zero trust environment. Resources and workloads are separated into smaller, more secure zones, which help organizations better contain breaches and prevent lateral movement. Threat actors cannot even see resources they are not authorized to use. Organizations might also deploy other network threat prevention methods, such as encrypting network traffic and monitoring user and entity behaviors.&#8221;<\/em> [4] \u2013 IBM<\/p>\n\n\n\n<p id=\"ember567\">Network segmentation and micro-segmentation are built into Great Wing\u2019s Zero Trust Protocol. The protocol\u2019s mixing capabilities ensure that packets from accounts and devices with appropriate permissions are correctly reassembled on receiving devices within the same segmented network. By default, all accounts and devices are given the minimum permissions necessary, which must be explicitly added by administrators.<\/p>\n\n\n\n<p id=\"ember568\"><strong>Pillar 4: Applications and workloads<\/strong><\/p>\n\n\n\n<p id=\"ember569\">&#8220;<em>Agencies should manage and secure their deployed applications and should ensure secure application delivery. Granular access controls and integrated threat protections can offer enhanced situational awareness and mitigate application-specific threats.&#8221;<\/em> [1] \u2013 CISA<\/p>\n\n\n\n<p id=\"ember570\"><em>&#8220;The Zero Trust model helps organizations ensure that apps, and the data they contain, are protected by: applying controls and technologies to discover Shadow IT, ensuring appropriate in-app permissions, limiting access based on real-time analytics, monitoring for abnormal behavior, controlling user actions, and validating secure configuration options.&#8221;<\/em> [5] \u2013 Microsoft<\/p>\n\n\n\n<p id=\"ember571\">By design, Great Wing\u2019s Zero Trust Protocol provides applications with features of dynamic and continuous authentication and validation, which is the most secure and reliable form of authentication. We apply key-rotation on a time basis (e.g., minute by minute, daily, etc.), as defined by the administrator. &nbsp;And we verify identity on every packet with identity keys combined with our policy engine, IT departments have all the tools they need to ensure applications implement Zero Trust.<\/p>\n\n\n\n<p id=\"ember572\"><strong>Pillar 5: Data<\/strong><\/p>\n\n\n\n<p id=\"ember573\">&#8220;<em>Agency data should be protected on devices, in applications, and on networks in accordance with federal requirements. Agencies should inventory, categorize, and label data; protect data at rest and in transit; and deploy mechanisms to detect and stop data exfiltration<\/em>.&#8221; [1] \u2013 CISA<\/p>\n\n\n\n<p id=\"ember574\"><em>&#8220;Under a zero trust model, organizations categorize their data so they can apply targeted access control and data security policies to safeguard information. Data in transit, in use and at rest is protected by encryption and dynamic authorization. Organizations continuously monitor data processing for unusual activity that might indicate data breaches or exfiltration of sensitive data.&#8221;<\/em> [4] \u2013 IBM<\/p>\n\n\n\n<p id=\"ember575\">In Great Wing\u2019s Wormhole protocol, data in transit is always encrypted, authorization is always enforced, and network activity is always monitored. With these systems in place, servers speaking the protocol are protected from attacks such as eavesdropping, packet manipulation, data exfiltration, and more.<\/p>\n\n\n\n<p id=\"ember576\">Great Wing\u2019s Wormhole secure internet protocol satisfies all five pillars of zero trust. Installation is easy and requires no change to your infrastructure or network methodology. Learn more at <a href=\"http:\/\/greatwing.com\/\">greatwing.com<\/a>.<\/p>\n\n\n\n<p id=\"ember577\"><strong>References<\/strong>:<\/p>\n\n\n\n<p id=\"ember578\">[1] Cybersecurity and Infrastructure Security Agency<\/p>\n\n\n\n<p><a href=\"https:\/\/www.cisa.gov\/sites\/default\/files\/2023-04\/CISA_Zero_Trust_Maturity_Model_Version_2_508c.pdf\">https:\/\/www.cisa.gov\/sites\/default\/files\/2023-04\/CISA_Zero_Trust_Maturity_Model_Version_2_508c.pdf<\/a><\/p>\n\n\n\n<p id=\"ember580\">[2] The White House on implementing Zero Trust<\/p>\n\n\n\n<p><a href=\"https:\/\/www.whitehouse.gov\/briefing-room\/presidential-actions\/2021\/05\/12\/executive-order-on-improving-the-nations-cybersecurity\">https:\/\/www.whitehouse.gov\/briefing-room\/presidential-actions\/2021\/05\/12\/executive-order-on-improving-the-nations-cybersecurity<\/a><\/p>\n\n\n\n<p id=\"ember582\">[3] NSA on Zero Trust<\/p>\n\n\n\n<p><a href=\"https:\/\/media.defense.gov\/2024\/Mar\/05\/2003405462\/-1\/-1\/0\/CSI-ZERO-TRUST-NETWORK-ENVIRONMENT-PILLAR.PDF\">https:\/\/media.defense.gov\/2024\/Mar\/05\/2003405462\/-1\/-1\/0\/CSI-ZERO-TRUST-NETWORK-ENVIRONMENT-PILLAR.PDF<\/a><\/p>\n\n\n\n<p id=\"ember584\">[4] IBM on Zero Trust<\/p>\n\n\n\n<p><a href=\"https:\/\/www.ibm.com\/think\/topics\/zero-trust\">https:\/\/www.ibm.com\/think\/topics\/zero-trust<\/a><\/p>\n\n\n\n<p id=\"ember586\">[5] Microsoft on Zero Trust in applications<\/p>\n\n\n\n<p><a href=\"https:\/\/learn.microsoft.com\/en-us\/security\/zero-trust\/deploy\/applications\">https:\/\/learn.microsoft.com\/en-us\/security\/zero-trust\/deploy\/applications<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Dr. Jonathan Ben-Benjamin, AJ Comerford, Moshe Ben-Benjamin The Challenge &#8220;Only the paranoid survive.&#8221; \u2013 Andy Grove, former CEO, Intel The paradigm of traditional corporate firewalls and endpoint security is obsolete. The modern workforce has embraced more interconnected systems, such as remote access or third-party integrations, which continue to blur the lines between intranet, internet, IT, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":13126,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-13125","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/13125","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=13125"}],"version-history":[{"count":1,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/13125\/revisions"}],"predecessor-version":[{"id":13127,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/13125\/revisions\/13127"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media\/13126"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=13125"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=13125"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=13125"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}