In the World of Cyber, You Need to be Fast

In the ever-evolving landscape of cybersecurity, attackers are not only becoming more sophisticated but also significantly faster. Recent report published by Reliaquest Threat Research Labs indicated a 22% increase in attack speed in 2024 compared to the previous year, with the quickest breaches achieving lateral movement within just 27 minutes. The threat research team attributed the acceleration to the following items -

• Increased Activity by IABs: Initial access brokers (IABs) are capitalizing on the surge in information-stealing malware (infostealers), offering adversaries a quick and easy way to launch attacks.

• Streamlined RaaS Operations: The ransomware-as-a-service (RaaS) ecosystem has become more efficient, with affiliates adopting new, more specialized strategies like help-desk scams to accelerate and refine their attacks.

• AI-Enhanced Pentesting Tools: Threat actors are using AI to boost the capabilities of penetration testing (pentesting) tools, allowing them to identify flaws in victim systems faster.

In offering advice for the defenders, the researchers stated “For defenders, breakout time is the most critical window in an attack. Successful threat containment at this stage prevents severe consequences, such as data exfiltration, ransomware deployment, data loss, reputational damage, and financial loss. So, if attackers are moving faster, defenders must match their pace to stand a chance of stopping them.” In other words, defenses need to focus on making it hard for the bad cyber-actor to get a foothold on the beach.

While there are a plethora of tools being offered by mature vendors and feisty startups, the best advice I can provide is consider the critical need for robust security frameworks like Zero Trust Network Access (ZTNA) to prevent breaches effectively. The days when organizations had the luxury of responding at their own pace are gone—now, defenses must be as fast, if not faster, than the threats they face.

What does this look like? Imagine your organization's network as an exclusive club. In the past, once someone passed the bouncer at the door, they had free rein to access any room. However, with the surge in swift and stealthy cyberattacks, this open-access approach is no longer viable. ZTNA transforms your security posture by acting as a vigilant gatekeeper, continuously verifying the identity and intent of every user and device attempting to access your network resources. It's akin to having security personnel at every door within your club, ensuring that only authorized individuals can enter specific areas, and even then, only for as long as necessary. And just as high-profile nightclubs have different levels of access for VIPs, performers, and staff, ZTNA ensures that even authorized users can only go where they absolutely need to be.

Unfortunately, the transition to ZTNA is not happening fast enough. Traditional approaches of firewalls and remote access VPNs which put the company at risk are still in the majority. Worse yet, many of these devices are vulnerable to attack. Here are a few examples.

Ivanti disclosed two significant vulnerabilities in January 2025 affecting their Connect Secure, Policy Secure, and ZTA gateway products. CVE-2025-0282 is a stack-based buffer overflow that allows unauthenticated remote code execution, while CVE-2025-0283 permits local privilege escalation by authenticated users. These vulnerabilities have been actively exploited in the wild, underscoring the need for continuous verification and strict access controls that ZTNA provides. Without Zero Trust policies, attackers leveraging these vulnerabilities could move laterally across networks, installing ransomware or stealing sensitive data with ease.

Additionally, Palo Alto Networks addressed critical vulnerabilities in their PAN-OS software in April 2024. CVE-2024-3384 and CVE-2024-3382 allowed remote attackers to perform denial-of-service attacks against PAN-OS firewalls. These vulnerabilities highlight the necessity of implementing security measures that do not rely solely on perimeter defenses but instead continuously monitor and verify all network activities.

Lastly, Fortinet’s FortiGuard Labs has observed numerous attack attempts targeting various vulnerabilities, including those in Palo Alto Networks’ Expedition tool (CVE-2024-5910). These incidents demonstrate the persistent threats organizations face and the importance of adopting a Zero Trust model to mitigate potential breaches. In each of these cases, the attackers sought to exploit weak points in traditional security single purpose appliance-based structures, reinforcing why continuous authentication and stringent access controls are vital in today’s threat landscape.

Adopting ZTNA involves several key steps. Continuous verification ensures that every access request is authenticated and authorized in real-time, allowing only legitimate users and devices access to network resources. The principle of least privilege access ensures users are granted the minimum level of access necessary to perform their tasks, reducing the potential impact of compromised accounts. Micro-segmentation divides the network into smaller, isolated segments, preventing attackers from moving laterally within the network if they gain initial access. Comprehensive monitoring continuously observes all network activities for anomalies, enabling rapid detection and response to potential threats. Additionally, ZTNA reduces reliance on outdated security models like VPNs, which grant broad access to networks, creating significant attack surfaces. By shifting to an identity-driven, context-aware security model, organizations can greatly diminish the chances of unauthorized access.

Another key advantage of ZTNA is its ability to seamlessly integrate with existing security frameworks, improving adaptability and resilience. Unlike traditional security models that rely on a hardened perimeter, Zero Trust acknowledges that attackers can breach defenses and ensures they cannot spread. Organizations that implement ZTNA benefit from a more dynamic, responsive security posture, where security policies adapt to real-time risks, stopping threats before they escalate into full-blown breaches.

In a digital environment where cyber threats are accelerating, traditional security models are insufficient. Implementing Zero Trust Network Access provides a robust framework to prevent breaches by ensuring that trust is never assumed and always verified. Organizations must recognize that security is no longer just about keeping threats out but about limiting their potential impact once inside. By staying vigilant, investing in proactive security measures, and implementing a Zero Trust approach, businesses can protect themselves against the evolving tactics of cyber adversaries. The world of cybersecurity is no longer about building walls; it’s about ensuring every door is locked, every visitor is watched, and no one gets a free pass.