KnectIQ applied the principles of Zero Trust when building the SelectiveTRUST™ platform at a time when “Zero Trust” was barely a buzz word in cybersecurity circles.
Today, Zero Trust based security products are everywhere with more coming on the market every day. In part, this is due to widespread buy-in for the concept. Heavy mandates to get Zero Trust into government and the private sector fast are also fueling the Zero Trust push in order to gain better security and protect against cyber-attacks.
Zero Trust – regardless of its promising approach – is implemented today using currently accepted best practices and typical security capability stacks. Although that sounds logically like a good thing, the problem with this approach is it does not address weaknesses in foundational practices such as PKI and TLS, and unnecessarily complicated layers of defense that ultimately do not prevent intrusion. Applying Zero Trust based security tools are difficult to implement quickly without a high cost of ripping out and replacing or rebuilding current architectures, and are intra-network focused which leaves edge devices unprotected.
The SelectiveTRUST™ Operational Difference
KnectIQ believes that in order for a Zero Trust framework to be truly effective, it must be operationalized out to the tactical edge and beyond. If it cannot be operationalized in this way, then building a bigger moat around the internal aspects of a network just isn’t going enough of a gain in capability to justify the cost.
SelectiveTRUST™ operationalizes Zero Trust principles in a technology solution that truly prevents intrusions at the device level and protects data in motion and at rest.
SelectiveTRUST™ is software based – no hardware – which is a real advantage for government that has no appetite to tear everything up writ large and make large architecture investments when implementing something new. KnectIQ built the technology to overlay and work within the framework of what already exists in order to make it operationally feasible. With SelectiveTRUST, there is no change to data transport paths, no change to data communication pathways, etc. SelectiveTRUST is both “data type” and “data pathway” agnostic.
SelectiveTRUST™ provides endpoint-to-endpoint Zero Trust based “identity-first” security.
The SelectiveTRUST™ magic happens at the physical endpoint. Endpoints are identified, validated, and enabled into a trust environment. Then, trusted endpoints operate in controlled, real-time, secure trust relationships that allow for secure transactions and communications. The physical endpoint is the device itself. The device can be anything with compute power such as a cell phone, satellite, or a sensor, for example. Securing at the physical endpoint makes remote, unchecked access by a bad actor with stolen credentials not possible since a user must be at the physical device that is in a SelectiveTRUST™ environment in order to engage in the trusted network, communicate or distribute data and information, etc.
PKI and TLS have known risks and are a quantum attack surface. SelectiveTRUST™ can make existing PKI systems stronger and more resilient, but when integrated correctly SelectiveTRUST™ can remove reliance on PKI and catapult security capability into future-forward posture that is beyond what is available today. Ultimately, freeing an organization from PKI reliance is an important step in reducing the quantum attack surface of stored secrets.