In our first blog (Hello World) we introduced Naoris Protocol, setting out our vision to restore cybersecurity to every sector of the digital world through a contrarian P2P design pattern leveraging blockchain and AI. In our second blog (The Hard Truth), we highlighted problems facing traditional cybersecurity that have created a nightmare of cyber threats and attacks, which have been further exacerbated by the global pandemic as we shift behaviors and migrate our lives online.

In this blog, we take a look at the traditional view and approach to cybersecurity, how cyber threats have been tackled in the past, and the current industry analysis and proposed solutions to the ballooning device complexity and a post-pandemic world.

In addition, and more recently, the conflict between Russia and Ukraine, along with some eye-watering high profile hacks in Web3 has brought the threat of cyber attacks on nation-states entities, businesses, and individuals ever closer to home and in sharp focus for the world to see.

The numbers are astounding and growing exponentially:

• Global cybersecurity spending will be $1.75 trillion cumulatively for 2021 to 2025
• The current detection time for a reported breach is 280 days on average
• By 2025 we face a $10 trillion cybercrime problem
• The average cost of a data breach $4.25 million
• 50% of the US population hacked in the 2017 Equifax hack
• The Solar Winds hack will cost $100 Billion to clean up
• The total number of connected devices is set to exceed 50 billion by 2022
• Axie Infinity’s Ronin suffers a $625 Million hack
• Username and password attacks increased 450% up from 2019

The Traditional ‘Trust but Verify’ Approach

There are a number of factors at play that’s led us to these eye-popping statistics. Traditional cybersecurity relies on a static 40-year-old centralized ‘single point of failure’ model, where device endpoints exist within the network security perimeter; critical assets–servers, applications, users, and devices all safeguarded from within the enterprise boundary with firewalls and anti-virus software being the most common forms of perimeter defense.

But as the traditional “trust but verify” approach automatically trusted internal users and devices operating within the enterprise boundary, it also left a significant vulnerability that allowed internal malicious actors to gain unauthorized access to legitimate credentials and accounts, enabling unfettered access once inside.

Over the last decade, this model has gradually become obsolete with the rise in mobile devices and the integration of BYOD, that have moved device endpoints outside the security perimeter and falling beyond the traditional enterprise security umbrella.

In addition, the migration to hybrid/multi-cloud operations, cloud-based SaaS applications, remote and distributed global workforces, the explosion of connected devices, and the demand for frictionless and integrated user experiences have meant that traditionally location-centric businesses have had to rapidly evolve to accommodate the new normal of distributed enterprise and remote working environments.

The Chief Information Security Officer (CISO) role is now more important than ever, having to ensure best practices and high standards are met to cover these emerging challenges and leading the organization to follow every measure and precaution to not become victims.

The Zero Trust “Never Trust, Always Verify” Approach

With boundaries redrawn and behaviors changed, along with digital transformation to cloud-based operations, how to trust and identify who and what should be allowed access to a network within a sea of device complexity and ever-moving perimeters is crucial for any business or organization.

Again, malicious threat actors have been agile and relentless to exploit the new online shift, targeting identity and access management (IAM) weaknesses which leave many organizations large and small, high and dry having not yet considered or adopted a comprehensive IAM strategy to address the rising threat.

In answer to mitigating emergent risks, technologies that embrace a Zero Trust “never trust always verify” approach which uniquely addresses remote work, hybrid cloud environments, and ransomware threats are now becoming mainstream.

Zero trust requires all users and devices to be authenticated, authorized, and continuously validated before being granted access to applications and data. Organizations using zero trust assume that the network has already been compromised, enforcing all users or devices to continually prove they’re not malicious. The framework also assumes that there is no traditional network perimeter, so networks can be local, in the cloud, or a combination with resources and workforce located anywhere.

Adopting a zero-trust framework that encompasses IAM protection, endpoint security and segmentation, will help mitigate against extended risks through continuous monitoring and validation of users and devices who are already authorized to access applications and resources, regardless of geographical location.

But for Zero Trust to be successful, its core principles need to be strictly adhered to, with flexibility around understanding behavioral data, limiting the attack surface, automating security that’s tied to context and policy, as well as ensuring the user experience has the least amount of friction.

CyberSecurity Mesh

​​

In response to this seismic shift in locations and behavior, Gartner has appropriately identified a zero-trust network philosophy called CyberSecurity Mesh, including it as one of their Top Technology Trends for 2022.

Gartner defines a CyberSecurity Mesh as:

“Cybersecurity mesh is a flexible, composable architecture that integrates widely distributed and disparate security services. Cybersecurity mesh enables best-of-breed, stand-alone security solutions to work together to improve overall security while moving control points closer to the assets they’re designed to protect. It can quickly and reliably verify identity, context, and policy adherence across cloud and noncloud environments.

Digital business assets are distributed across cloud and data centers. Traditional, fragmented security approaches focused on enterprise perimeters leave organizations open to breaches. A cybersecurity mesh architecture provides a composable approach to security based on identity to create a scalable and interoperable service. The common integrated structure secures all assets, regardless of location, to enable a security approach that extends across the foundation of IT services.

By 2024, organizations adopting a cybersecurity mesh architecture to integrate security tools to work as a cooperative ecosystem will reduce the financial impact of individual security incidents by an average of 90%. “

The CyberSecurity Mesh that Gartner references, provides the ability to orchestrate widely distributed and diverse stand-alone security services to work together, quickly and reliably verifying user and device identity and authentication that meet zero trust principles.

Because it’s flexible and composable, it can be arranged to shift cybersecurity to any network edge, outside of the traditional perimeter, enabling siloed security solutions to work in harmony, improving overall security for data, assets, or devices regardless of where they are located, realizing the goal of the distributed enterprise and the demands of the digital new world order.

Gartner analyst Felix Gaehtgens said the CyberSecurity mesh approach is a strategy rather than a structure. However, the idea improves the alignment of organizations and the threats they face: “Attackers don’t think in isolation. They think in silos,” he noted.

The Naoris Protocol View

While zero trust and CyberSecurity Mesh strategies offer the flexibility and composability to accommodate moving boundaries, IAM weaknesses, enterprise cloud operations, and limiting attack surfaces, the underlying device architecture is centralized.

If the CyberSecurity Mesh that Gartner refers to, is operated by a centralized entity that controls, owns, and governs the network, how can the framework and solution be considered zero trust?

This argument is at the heart of the Naoris Protocol.

The risk of systemic CyberSecurity failure cannot be solved by a traditionally framed and centralized company, as the company itself would be a single point of failure for the integrity of the CyberSecurity Mesh.

The Naoris Protocol solution is a Decentralized CyberSecurity Mesh that addresses the core issue of centralized ownership, control, and governance. As such Naoris Protocol has adopted the HyperStructure ethos to ensure its solution is truly decentralized, censor resistant, and unstoppable.

The vision for a HyperStructure, one that’s a mission-critical piece of digital planetary infrastructure that’s built to run forever, requires seven bold design principles:

1. Unstoppable: It runs indefinitely; devices and networks can adopt it or abandon it, but it cannot be stopped.

2. Permissionless: Users and builders cannot be de-platformed — it’s censorship-resistant and accessible by anyone.

3. Minimally Extractive: Near base cost fees disincentivize forking while powering a treasury for ecosystem development managed by the DAO.

4. Valuable: Conceived to be a for-public endeavor, and yet, extremely valuable to own and govern — which sparks an ecosystem around it.

5. Expansive: It has built-in incentives for users to behave fairly, and for builders to build on top of it.

6. Positive Sum: Wide adoption and usage of the protocol result in a win-win environment for all network participants.

7. Credibly Neutral: To be adopted by a wide range of DAO-based governance structures, companies, and individuals, HyperStructures need to be credibly neutral.

Because traditional Web2-based cybersecurity configures devices to operate independently of each other and not in harmony, each device by default is a single point of failure. This means there is no unifying governance between network devices. In addition, there is no ability to monitor device behavior and trust status, moment to moment.

Therefore the traditional Web2 ‘single point of failure’ model cannot be trusted.

Naoris Protocol takes a novel and unique approach. Its solution is groundbreaking in that it is completely complimentary to traditional centralized cybersecurity solutions.

It runs a novel decentralized Cyber layer that adds to the ‘defense in depth stack’ leaving already deployed and centralized standing services free to operate without being in competition with them.

Naoris Protocol secures the device baseline, providing a unified governance layer across all devices in the network, creating a supercomputer of trust that makes networks stronger as they grow, not weaker.

In our next blog, we offer a special report about the Ukraine and Russia conflict from the cybersecurity perspective — we will be highlighting how critical civic infrastructure, military, and nation-state data and assets are sitting targets under current cybersecurity practices, we also call attention as to why there is a glaring need for a completely new and different way to view and think about cybersecurity, so we can create a new world free from cyber threat, cyber attack, cyber warfare, and cyber-terrorism.

About Naoris Protocol

Naoris Protocol is a Decentralized CyberSecurity Mesh for the hyper-connected world. Our disruptive design pattern makes networks safer as they grow, not weaker, by turning each connected device into a cyber-trusted validator node. A powerful Blockchain protocol that every company can use to protect against the escalating levels of cyber threats.

Devices are rewarded for trusted behavior fostering an environment that is secure. Participants earn $CYBER staking rewards for securing the network. The more users, businesses, enterprises, and governance structures that come together to establish networks or networks and use the stronger and more secure Decentralized Cyberecure Mesh becomes.

Want to learn more about it?

Visit our Website or check out our Whitepaper

‍