Tripwire and Zero Trust is my latest topic/post on the Tripwire blog: https://www.tripwire.com/state-of-security/tripwire-enterprise-zero-trust

Zero Trust can be built on a number of key fundamentals, but perhaps the most important are the three items outlined in Microsoft’s Zero Trust Maturity Model:

1. Verify explicitly. Always authenticate and authorize based on all available data points, including user identity, location, device health, service or workload, data classification, and anomalies.

2. Use least privileged access. Limit user access with Just-In-Time and Just-Enough Access (JIT/JEA), risk-based adaptive policies, and data protection to protect both data and productivity.

3. Assume breach. Minimize blast radius for breaches and prevent lateral movement by segmenting access by network, user, devices, and application awareness. Verify all sessions are encrypted end-to-end. Use analytics to get visibility, drive threat detection, and improve defenses.

Whilst it might not be immediately obvious, FIM and SCM can be very useful tools for these objectives.

Whilst Zero Trust feels a bit "buzz" wordy, I think this might be one that stands the test of time due to it being a pretty solid foundation for "thinking securely"