Niels Hoekman’s Post

Great post. “Virtualizing” a firewall may remove the hardware but does not change the architecture. Zscaler zero trust architecture proves to be superior in reducing the attack surface, from initial compromise to lateral movement to data exfiltration.

CISA's Emergency Directive 26-03, requiring federal agencies to patch and inventory Cisco Catalyst SD-WAN systems affected by CVE-2026-20127 (a CVSS 10.0 authentication bypass), deserves attention beyond the federal space. The vulnerability has reportedly been exploited since at least 2023, which means the window of potential compromise is measured in years, not days. SD-WAN is interesting from an offensive security standpoint because it sits at the intersection of network segmentation, branch connectivity, and cloud access. Organizations that adopted SD-WAN as part of a SASE or zero-trust transformation may have inadvertently centralized their attack surface - a single compromised SD-WAN controller can provide an attacker with functionally unlimited access to distributed enterprise environments, and that access follows the same trusted pathways that legitimate traffic uses. The practical takeaway goes beyond patching this specific vulnerability. If your organization deployed SD-WAN, it's worth asking whether the management plane is adequately segmented, whether access to configuration interfaces is restricted to known administrative endpoints, and whether you have visibility into who has been authenticating to those systems. Network infrastructure management interfaces are consistently undermonitored relative to their strategic value, and we see this pattern across many of the environments we assess. #cybersecurity #offensivesecurity #networking #zerotrust #pentesting #BXAR

As I sit here in my office wondering why organizations still get hacked even though they have so many security tools in place. Firewalls. EDR. SIEM. Identity platforms. Cloud security tools. And yet breaches continue to happen. The more I work in cloud security, the more I realize the problem often isn't a lack of tools. It's architecture. Many environments were never designed with security as a foundational principle. Instead, security controls get layered on top of systems that were built for speed, convenience, or legacy requirements. Over time this creates environments with: • Overly permissive IAM roles • Excessive trust relationships between systems • Long-lived credentials and service accounts • Weak separation between environments Attackers don't need to break sophisticated defenses when the architecture already gives them a path. In modern cloud environments, strong security starts with design decisions such as: • Identity as the primary control plane • Least-privilege access models • Clear trust boundaries between systems • Secure-by-default infrastructure foundations Security tools are important. But architecture determines whether those tools actually reduce risk or simply create a false sense of protection. I'm curious — what architectural decisions have made the biggest impact on security in your environment? #CloudSecurity #IAM #SecurityArchitecture #ZeroTrust #CyberSecurity

“𝐙𝐞𝐫𝐨 𝐓𝐫𝐮𝐬𝐭 𝐈𝐬𝐧’𝐭 𝐚 𝐏𝐫𝐨𝐣𝐞𝐜𝐭 — 𝐈𝐭’𝐬 𝐚 𝐁𝐞𝐡𝐚𝐯𝐢𝐨𝐫 𝐌𝐨𝐝𝐞𝐥” Most organizations claim they’ve implemented Zero Trust. What they really mean is: • They activated MFA   • They segmented a few networks   • They purchased a ZTNA tool  That’s not Zero Trust. Zero Trust is not just about deploying a product.   It’s a model for how access is granted.  Real Zero Trust means: Identity is validated continuously.  Access is aware of context.  Privileges are temporary.  Assumptions are questioned.  The biggest mistake I see?  Treating Zero Trust like it’s a migration.  It’s not a migration.  It’s a philosophy that should impact: ● IAM design   ● Cloud architecture   ● Endpoint security   ● Third-party access   ● Executive governance  If your organization still depends on static trust relationships,  You don’t have Zero Trust.  You have Zero Marketing.  #ZeroTrust #CyberSecurity #IAM #SecurityArchitecture #CISO

The definition of “IT support” is changing quickly. For many organizations, support used to mean troubleshooting endpoints, resetting passwords, and responding to tickets when something broke. Today the scope is much broader. Modern managed service providers are increasingly responsible for helping businesses manage an entire technology and security ecosystem. That includes things like: • Endpoint Detection and Response (EDR/XDR) monitoring • Identity protection and Conditional Access policies • Microsoft 365 security configuration • Vulnerability management and patch governance • Security Operations Center (SOC) visibility and response • Device management through platforms like Intune • Network and cloud infrastructure architecture In other words, the role has expanded from reactive support to continuous security and infrastructure management. As environments become more distributed and identity-driven, the MSP model is evolving to support Zero Trust principles, stronger identity controls, and better operational visibility across the stack. We explored how this shift is changing expectations around IT support and what organizations should look for in a modern MSP. 👉 You can read the full article from All In Technology here: https://lnkd.in/gngyBy4Y #CyberSecurity #MSP #Microsoft365Security #ZeroTrust #ITInfrastructure #AllInTechnology

The latest update for #LevelBlue includes "The Resilience Retainer: Incident Response Retainers, Reimagined" and "LevelBlue Security Colony Vendor Assessment: Know Your Vulnerabilities Before Others Do". #SIEM #threatdetection https://lnkd.in/eSJ7Hsbd

What if your cyber resilience strategy didn’t depend on hardware at all? With ongoing supply chain challenges, long lead times, and rising infrastructure costs, many organisations are rethinking how they approach backup and recovery. This blog from Druva explores a powerful shift: https://lnkd.in/eGAqxKSh To learn more and explore how to partner with Exclusive Networks and Druva, feel free to reach out #CyberResilience #SaaS #DataProtection #Druva #ExclusiveNetworks

"One lesson from the field: the best firewall is the one your team fully understands and can operate at 2 AM during an incident. Fortinet's documentation, CLI consistency, and FortiOS logic make it approachable for both senior engineers and those growing into the role." This. 100x this. I don't want to need a guy who touched a random Cisco ASA 10 years ago or knows the random nuance of troubleshooting IPSEC VPNs on an FTD. I want to have every member on my team able to jump at an issue and understand, and at minimum know where to look for the fix. A great example is the below documentation. The number of times I've seen people upgrade things and then not know what the issue is, to just link them to this article and immediately fix the issue is very large. It's also the FIRST thing to come up on Google when you type "Fortigate SAML fails after upgrade". https://lnkd.in/ePNgnhUz

Every security vendor will sell you Zero Trust. A firewall vendor. An identity vendor. A network vendor. An endpoint vendor. They're all telling the truth and all missing the point. Zero Trust is not something you buy. It's something you build into how your environment works. The core principle is simple: never assume trust based on location or identity alone. Verify everything. Limit access to the minimum required. Assume breach is possible and design to contain it. Here's what Zero Trust looks like when it's real: •Identity: Every user and workload authenticates explicitly, no implicit trust based on being "inside the network" •Network: Segmented by function, not just by perimeter, lateral movement is blocked by design •Devices: Posture is checked before access is granted, unmanaged devices get limited or no access •Data: Access is scoped to what's needed for the task, not the folder, the file •Monitoring: All traffic and behavior is logged, baselined, and anomaly detected Here's what Zero Trust looks like when it's just a marketing badge: One vendor's product installed on top of a flat network MFA on the front door nothing else changed A compliance checkbox, no architectural change underneath At ITSecOps.Cloud, we don't sell Zero Trust. We architect it across your identity layer, network design, cloud configuration, and operations model. Built in from the start. Not bolted on after the fact. Learn how we design security first environments at itsecops.cloud #ZeroTrust #SecurityArchitecture #CloudSecurity #IdentitySecurity #CISO 

🔐 How would you secure your Azure environment? Here's my framework. After years of managing security operations across large-scale Azure environments — spanning hundreds of subscriptions and multiple tenants — I've distilled cloud security into 5 interconnected pillars. 𝗣𝗶𝗹𝗹𝗮𝗿 𝟭: 𝗜𝗱𝗲𝗻𝘁𝗶𝘁𝘆 & 𝗔𝗰𝗰𝗲𝘀𝘀 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 Identity is the new perimeter. Entra ID, RBAC, PIM for just-in-time access, Conditional Access policies, MFA, and Managed Identities for workloads. If you're still running standing admin privileges — that's your first fix. 𝗣𝗶𝗹𝗹𝗮𝗿 𝟮: 𝗡𝗲𝘁𝘄𝗼𝗿𝗸 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 VNets, NSGs, Azure Firewall with IDPS, WAF, Private Endpoints, and DDoS Protection. But the real shift? Adopting Zero Trust as a network philosophy — not just a buzzword. Never trust, always verify, even for internal traffic. 𝗣𝗶𝗹𝗹𝗮𝗿 𝟯: 𝗗𝗮𝘁𝗮 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 Encryption at rest and in transit is table stakes. The real maturity comes from data classification with Purview, Customer-Managed Keys, DLP policies, and immutable backup vaults. You can't protect what you haven't classified. 𝗣𝗶𝗹𝗹𝗮𝗿 𝟰: 𝗠𝗼𝗻𝗶𝘁𝗼𝗿𝗶𝗻𝗴 & 𝗧𝗵𝗿𝗲𝗮𝘁 𝗗𝗲𝘁𝗲𝗰𝘁𝗶𝗼𝗻 This is where security becomes operational. Microsoft Sentinel as your SIEM/SOAR, Defender for Cloud for posture management, UEBA for behavioral analytics, Threat Intelligence feeds, and automated playbooks for incident response. Detection without response is just expensive logging. 𝗣𝗶𝗹𝗹𝗮𝗿 𝟱: 𝗚𝗼𝘃𝗲𝗿𝗻𝗮𝗻𝗰𝗲 & 𝗖𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝗰𝗲 Security without governance doesn't scale. Azure Policy, Management Groups, compliance dashboards mapped to ISO 27001/NIST/CIS, resource locks, and Landing Zones ensure every new workload inherits your security baseline from day one. — Here's what I've learned managing these at scale: These aren't 5 separate checklists. They're interconnected layers. A misconfigured identity can bypass your entire network strategy. A gap in monitoring makes your data security blind. Governance ties it all together. Security isn't a destination — it's a continuous cycle of assessment, improvement, and adaptation. What pillar does your organization struggle with the most? I'd love to hear your perspective. 👇 — #Azure #CloudSecurity #Cybersecurity #MicrosoftSentinel #ZeroTrust #InfoSec #DefenderForCloud #IAM #CloudArchitecture #SecurityOperations #SIEM #ThreatDetection #AzureSecurity