July 29, 2022
A VPN provides access to a private network. BastionZero provides access to infrastructure targets (servers, containers, k8s, dbs) with authentication, authorization and audit logging built in. So you can improve security while avoiding the need to build an infrastructure access system behind your VPN.
July 21, 2022
We're honored to place Second in the 2022 RSAC Innovation Sandbox Contest!
July 12, 2022
Sharon spent part of her morning revising the submission of an academic paper on the cryptographic protocol behind BastionZero. The team wrote an extremely short abstract about the MRZAP protocol and figured this description of the cryptographic protocol would be worth sharing! Voila!
June 29, 2022
I read CISA’s Cloud Security Technical Reference Architecture. Here's what you need to know.
June 16, 2022
Organizations frequently struggle to find the best way to provide their engineers with access their backend infrastructure.
June 14, 2022
A few weeks ago, our CEO, Sharon Goldberg, had the pleasure of speaking with Melinda Marks on ESG’s Women in Cybersecurity Podcast. They talked about getting into cybersecurity, struggles and challenges of breaking into cybersecurity, and advice and resources for those entering the space.
June 13, 2022
A few weeks ago, our CTO, Ethan Heilman, had the pleasure of speaking with Steve Stonebraker on the Ephemeral Security Podcast. They talked about getting into information security, how BastionZero works, and BastionZero’s potential features.
May 3, 2022
We're honored to announce that we are a top ten finalist for the RSA Conference Innovation Sandbox Contest, as one of the most innovative early-stage cybersecurity startups of the year. Thank you to our tenacious team for getting us to this milestone. BastionZero Recognized for Innovative Cryptographic Approach to Zero-Trust Infrastructure Access.
April 4, 2022
We had the pleasure of joining Timothy Peacock and Anton Chuvakin on The Cloud Security Podcast from Google, a weekly news and interview show with insights from the cloud security community. We covered our favorite definitions of zero trust, Sharon's analysis of the federal government's zero trust memo, deprecating VPNs, and the future of cloud security! | Google Cloud Security Podcast: EP59 Zero Trust: So Easy Even a Government Can Do It?
March 29, 2022
This is a post I’ve been waiting almost two years to write, and it tells the story about how BastionZero was born. BastionZero is a pandemic baby. We started out as a blockchain company and then pivoted into infrastructure cybersecurity right after COVID hit.
March 22, 2022
SSO is fantastic and super convenient. But breaches happen. But we can mitigate these risks so that a breach of your SSO provider does not lead to a compromise of your targets.
March 3, 2022
We were honored to be a part of Enterprise Security Weekly #263!
March 2, 2022
We’re thrilled to announce that we raised $6m in seed funding led by Dell Technologies Capital. Here we share how we started and where we’re heading next.
February 8, 2022
When I first read the federal government’s memo on it’s “transition zero trust”, I was jumping out of my skin with excitement. There’s lots of great stuff in that memo (see my earlier blog post) but what excited me most was the memo’s stance on VPNs.
January 27, 2022
Yesterday, the Office and Management and Budget (OMB) released a memo:“Moving the U.S. Government Towards Zero Trust Cybersecurity Principles”. The memo advises the Federal Government on what steps each agency must take to improve its cybersecurity. It looks like the government is planning to position itself as a cybersecurity leader, while also pushing the private sector into a more robust cybersecurity posture. Also, if you get into it, this memo is actually about a lot more than zero trust.
January 26, 2022
PwnKit is a new vulnerability that breaks the security model around privileged access management (PAM) to Linux machines. It allows someone with access to a Linux machine to escalate their privileges to root, and then execute commands that exceed their privilege. This bug was likely present in the Linux kernel for 12 years. This has resulted in a few screamy headlines, but I’m fairly unsurprised.
December 7, 2021
As the new kid in the infrastructure and remote access space, we wanted to take a moment to introduce ourselves. We are a group of cryptography PhDs, engineering leaders, and infrastructure experts and enthusiasts who think the remote access industry needs some shaking up. In fact, we believe everything about infrastructure and remote access needs to be made simpler and more secure.