Three Questions for TrustFour

Jim Curtin, TrustFour

1. What is the problem being addressed?

Enterprise computing has been making a relentless shift into the cloud for a decade or more, but the majority start off or remain containerized “lift and shift” re-hosted applications with a growing number of new apps based on micro services and containers.

These traditional apps previously enjoyed the security provided by a strong perimeter, where anything inside is safe. Now these exist in the cloud, often with static credentials and long-lived tokens (aka Non-Human Identities) used to connect application components (aka workloads) at the application layer (Layer 7). Applications are inter-connecting on an increasing basis between other applications leading to a proliferation of non-human identities (NHI).

In additional to proper NHI hygiene including vaulting and credential rotation, its vital that NHI credentials are constrained to only the authorized connection path using the industry standard mutual TLS (mTLS), also with automatic credential rotation which acts as an additional authentication factor.

In general organizations have not had good NHI hygiene, nor have they constrained the use of the NHI credentials to only authorized counter parties has lead increased cyber incidents that exploited NHI credentials during lateral movement based attacks with often catastrophic consequences.

TrustFour is solving this problem by ensuring NHI and connectivity hygiene along with seamlessly enforcing mTLS between workloads.

2. Why is it a problem now?

Misuse of Non-Human Identities and service accounts and the increase in lateral movement attacks are a bigger problem now because of the sheer volume of systems in place — applications and infrastructure — that assumed a strong perimeter but are now living in a post-perimeter hybrid and cloud environment, with increasingly, multi-cloud interactions. The rapid rise of AI and RAG-based systems only add to the number of applications with potential security gaps.

There is a need to ensure that security organizations can acquire high quality telemetry that provides insights into the connectivity between workloads for use by audit, SecOps and SOCs. The telemetry required includes certificates, ciphers, quantum-readiness, NHIs, including inter/intra workload authorization maps.

3. How does TrustFour address the pain/problem?

TrustFour both shifts left and shifts up in terms of workload connectivity controls.

Our patented TLS control plane provides a detection and core protection control capability into the workload interactions and provides an additional control factor for application level NHIs. We shift left by enabling our technology to be controlled by the App’s CI/CD processes and we shift up by moving controls from the network layer to the application making it easy to sustain at the required fine level of controls granularity.

TrustFour provides visibility into the TLS infrastructure for compliance to NIST 800-52 - certs, ciphers, handshake and versions. We also detect the authorization maps for each protected workload and application and the type of NHI credential used and if the NHI credential is static over a given time period.

The Control Plane becomes a layer 4 zero trust security service mesh that provides workload level micro-segmenting and locking down unauthorized lateral movement. The service fabric creates authorization maps and alerts to unauthorized behavior.