Understanding Zero Trust Connectivity

You've got antivirus on every computer. Your IT person set up a firewall. You're paying for security software. So why do businesses like yours still get hit by ransomware?

The answer isn't that you bought the wrong product. It's that traditional security tools are designed to catch threats they already know about. Ransomware attackers know this, so they create new threats faster than security companies can identify them.

There's a different approach that flips this model completely. Instead of trying to spot bad connections, it blocks everything by default and only allows what's verified as safe.

It's called Zero Trust Connectivity, and it's the technology behind our SME Edge security package. Here's how it works and why it succeeds where traditional security falls short.

The Problem With "Block the Bad Guys"

Traditional security works like a bouncer with a list of known troublemakers. If someone's on the list, they're blocked. Everyone else walks in.

The problem? New threats aren't on any list yet. By the time security companies identify a new ransomware variant and update their databases, it's already spread to thousands of businesses.

This is why antivirus and firewalls can't catch everything:

• Antivirus scans files for known malware signatures. A new variant with a different signature slips through.
• Firewalls block known dangerous ports and addresses. Attackers use legitimate-looking connections.
• Email filters catch obvious phishing. Sophisticated attacks mimic real business emails.

Even if you update everything religiously, there's always a window between when a threat appears and when your security tools learn to recognise it. Attackers live in that window.

Zero Trust Connectivity: A Different Starting Point

Zero Trust Connectivity takes the opposite approach. Instead of allowing everything and blocking known threats, it blocks everything and only allows verified connections.

Think of it this way: traditional security asks "Is this connection dangerous?" Zero Trust Connectivity asks "Is this connection necessary and verified?"

The core principle is simple: never trust, always verify. This approach aligns with the NIST Zero Trust Architecture framework, which defines Zero Trust as assuming no implicit trust based on network location. Every connection request must prove it's legitimate before it's allowed through. No exceptions for devices inside your network. No assumptions that internal traffic is safe.

This isn't a fringe idea. According to CIO research on Zero Trust adoption, 81% of organisations plan to implement Zero Trust within the next 12 months. Gartner predicts that 70% of new remote access deployments will use Zero Trust instead of traditional VPNs. It's becoming the standard approach for businesses serious about security.

Traditional security vs Zero Trust Connectivity comparison: Traditional security allows all connections and blocks known threats, while Zero Trust Connectivity blocks all connections by default and only allows verified traffic

How "Don't Talk to Strangers" Stops Attacks

The SME Edge uses a patented technology called DTTS, which stands for "Don't Talk to Strangers." It's a simple concept that solves a fundamental weakness in how the internet works.

Here's the problem: by default, any device on your network can connect to any address on the internet. Your computers, printers, security cameras, and point-of-sale systems can all reach out to billions of internet addresses without restriction.

Attackers exploit this. Malware on an infected computer connects directly to attacker-controlled servers using IP addresses, bypassing your DNS filters entirely.

DTTS fixes this by requiring every outbound connection to be verified through DNS first. If a connection wasn't requested through an approved DNS lookup, it's blocked. No exceptions.

The result? To attackers, your devices appear completely unplugged from the internet. They can't reach them, and infected devices can't reach out.

This stops:

• Ransomware callbacks. Malware can't phone home to download attack payloads.
• Data theft. Stolen data can't be sent to external servers.
• Command and control. Attackers can't remotely control infected devices.
• Circumvention tools. VPNs and anonymising networks can't bypass your security.

The technology holds US and European patents and has won the SC Awards for Best SASE Solution in both 2024 and 2025.

What Happens During an Attack

Let's walk through a real scenario to see how this works in practice.

An employee receives an email that looks like it's from a supplier. There's an Excel spreadsheet attached, an invoice that needs approval. The employee opens it, and Excel asks whether to enable macros. They click yes, because they've done this before with legitimate files.

What they don't see: the macro contains malicious code. It immediately tries to connect to a server controlled by attackers to download ransomware.

With traditional security: The connection goes through. The antivirus hasn't seen this particular malware before, so it doesn't flag it. The ransomware downloads, encrypts your files, and demands payment.

With Zero Trust (SME Edge): The macro tries to connect to the attacker's server using a direct IP address. DTTS blocks the connection because it wasn't verified through DNS. The malware is stuck. It can't download its payload, can't encrypt anything, can't phone home. The attack fails silently.

The employee might not even know anything happened. Your business keeps running.

This is why we've protected over 3 million devices globally with zero widespread breaches. Even when malware gets onto a device, it can't do damage because it can't communicate with attackers.

How Zero Trust Connectivity blocks attacks: Phishing email arrives, malicious macro executes, malware tries to phone home, but DTTS blocks the connection and the attack fails

What Your Business Actually Needs to Connect To

Here's something that surprised us when we started protecting businesses with Zero Trust Connectivity: of the billions of addresses on the internet, the average business only needs access to around 35,000 to operate without disruption.

That's your email provider, your accounting software, your suppliers' websites, your bank, and the other services you actually use. Everything else? Your business has no reason to connect to it.

Traditional security leaves all those billions of addresses accessible by default, hoping to catch the dangerous ones. Zero Trust Connectivity blocks them all by default and only opens connections to the addresses your business actually needs.

This is why even zero-day vulnerabilities (security flaws that haven't been publicly discovered yet) don't affect protected devices. When a new vulnerability is announced and attackers rush to exploit it, businesses protected by Zero Trust Connectivity are already safe. Their devices simply can't connect to attacker infrastructure.

Zero Trust Connectivity vs VPN: What About Remote Workers?

Many businesses use VPNs to let employees work from home or connect from client sites. VPNs create an encrypted tunnel between the remote device and your office network.

The problem is what happens once someone connects through a VPN. Traditional VPNs give all-or-nothing access. Once you're in, you can reach everything on the network. If an attacker compromises a remote worker's laptop and they connect via VPN, the attacker now has access to your entire network too.

VPNs also don't protect what happens on the remote device itself. If an employee's home computer has malware, the VPN doesn't stop that malware from reaching the internet.

Zero Trust Connectivity handles remote access differently:

• Verified connections only. Remote devices must authenticate before accessing anything.
• Least privilege access. Users only reach the specific resources they need, not the whole network.
• Protection travels with the device. The same Zero Trust Connectivity policies apply whether someone's in the office or at home.
• No lateral movement. Even if one device is compromised, attackers can't use it to reach other systems.

The SME Edge includes secure remote access that applies your Zero Trust Connectivity policies to workers wherever they are.

Will This Slow Us Down?

This is the obvious question. If you're blocking the entire internet by default, won't everything grind to a halt?

In practice, no. Here's why:

The system learns what your business needs. When you access a legitimate service, it gets allowlisted. The AI-powered adaptive allowlisting means the system gets smarter about your business over time, not more restrictive.

Legitimate traffic flows normally. Only the first connection to a new service requires verification. After that, it works without interruption. Your team won't notice any difference when using approved applications.

Streaming and downloads stay fast. A feature called Blocklist Turbo optimises how the system handles high-bandwidth services. Video calls, file downloads, and streaming services work without lag.

The 35,000 addresses your business actually needs? Those work instantly. The billions of addresses you'll never need? Those are blocked, but you'd never try to access them anyway.

The SME Edge: Zero Trust Connectivity Made Practical

SME Edge complete package: Hardware package with security gateway and UPS, Software package with DTTS and AI allowlisting, Deployment package with 100-point checklist and training

Zero Trust Connectivity sounds good in theory, but many businesses assume it's complicated to set up or disruptive to use. The SME Edge is designed to make Zero Trust Connectivity practical for businesses without dedicated IT security teams.

Hardware Package

Every SME Edge includes business-grade networking hardware configured for security:

• Security Gateway. The brain of your network protection.
• Wall-Mount Security Cabinet. Professional installation, out of the way.
• UPS Battery. Protection continues during load shedding.
• Managed Switch. Proper network segmentation so IoT devices can't reach sensitive systems.
• Dual Internet Support. Keeps working if one connection fails.
• Managed WiFi. Secure wireless for your whole premises.
• Cellular Failover. Stay connected when lines go down.
• VPN Tunneling. Secure access for remote workers.

The hardware comes with a 3-year replacement warranty and 99.9% uptime SLA backed by 24/7 support.

Software Package

The adam:ONE software runs on your SME Edge hardware and handles the Zero Trust Connectivity filtering:

• DTTS (Don't Talk to Strangers). Patented egress control that blocks unauthorised connections.
• Adaptive Allowlisting. AI-powered verification that learns what your business needs.
• DNS Filtering. Block harmful content, ads, tracking, and cryptojacking.
• Per-Device Policies. Different rules for different devices and users.
• Time-Based Schedules. Control when devices can access what.
• Manual Allow and Block Lists. Override the AI when you need specific control.
• Safe Search Enforcement. Clean search results across your network.
• YouTube Safety Mode. Control video content on shared or public devices.
• Blocklist Turbo. Optimised performance for streaming and downloads.

The system works without installing software on individual devices. This means it protects everything on your network, including IoT devices, security cameras, and older equipment that can't run modern security software.

Deployment Package

Security tools only work if they're set up correctly. Our 100-point deployment checklist ensures your business is properly protected from day one.

Security Awareness Training. Your team learns to recognise threats:

• Password hygiene and management
• Phishing and SMS scam identification
• Safe remote access practices
• Public WiFi risks
• Ransomware prevention

Security Implementation. We configure your entire environment:

• Hardware security keys for critical accounts
• Dark web scanning to check if your credentials are compromised
• Password manager setup and training
• Multi-factor authentication (now required for most cyber insurance)
• Browser and device security hardening
• Mobile device security configuration
• Backup configuration and verification

Why This Matters for South African Businesses

The Protection of Personal Information Act (POPIA) requires businesses to take reasonable measures to protect personal information. If you suffer a data breach, you need to demonstrate you had appropriate security in place.

Zero Trust Connectivity provides documented, verifiable protection. Every connection is logged. Every blocked threat is recorded. If you ever need to show an auditor or insurer what security measures you had in place, it's all there.

The SME Edge also handles the practical realities of South African infrastructure. UPS backup keeps your security running during load shedding. Cellular failover maintains protection when your primary internet connection drops. Network segmentation means your IoT devices and security cameras are isolated from your main business systems.

Is Zero Trust Connectivity Right for Your Business?

Zero Trust Connectivity makes sense for most businesses, but it's particularly valuable if:

• You handle sensitive data. Client information, financial records, medical data.
• You have compliance requirements. POPIA, industry regulations, cyber insurance conditions.
• You've been hit before. Previous incidents show your current security has gaps.
• You have IoT devices. Security cameras, access control, point-of-sale systems that can't run antivirus.
• Your team works remotely. Devices connecting from outside your office need protection.
• You want to actually sleep at night. Knowing that even unknown threats are blocked by default.

If you're unsure whether your current security is adequate, we can assess your setup and explain what we find in plain terms. No obligation, no pressure.

Need Help Securing Your Business?

The SME Edge combines Zero Trust connectivity, business-grade hardware, and thorough deployment into a complete security package. It's how we protect businesses from ransomware, data theft, and the threats that traditional security misses. Learn more about our comprehensive cybersecurity services.

Book a free IT security assessment or call 0800-696-373. We'll review your current setup and show you where the gaps are.