Female Security Pioneers Who Are Inspiring Other Women In The Industry
Reading Time: 5 minutes

Cybersecurity has long been considered a man’s domain. According to Cybersecurity Ventures, there will be up to 3.5 million job openings by 2021. Meanwhile, women make up only 20% of the cybersecurity workforce. 

The reason for the gender imbalance in the security realm is multifold. Starting from a young age, girls are not encouraged to pursue STEM degrees or hobbies. Additionally, there exists an “unconscious gender bias” when hiring women in the field, and an even more difficult time retaining women due to wage disparity and lack of female colleagues and mentors. Women in security are often “the only woman in the room” – but there are a few professionals who have dedicated their time to changing this. 

While there are a number of reasons that women are underrepresented in the industry, we have chosen to focus on a few women who are pioneers in their field by breaking barriers and smashing stereotypes in the field. Whether for their innovation, leadership, or integrity, these women are inspiring and empowering other women to pursue a career in cybersecurity.  

One of the best ways to bring more women into cybersecurity (and to keep them there) is to lead by example, create spaces and opportunities for women to enter and grow within the industry. Networking with women in the field, lifting and supporting others, joining groups and communities for women by women – these are some of the ways that female professionals can inspire and encourage women to join this line of work and grow within the security industry. 

Read about the women that are breaking the gender stereotype in security and encouraging others to do so as well: 

Chani Simms

Her accomplishments:

When talking about inspirational women in security, it’s impossible not to mention Chani Simms. An award-winning cybersecurity leader and TEDx Speaker, Chani has been in the IT industry for nearly 20 years. Originally from Sri Lanka, Chani co-founded Meta Defence Labs UK in 2014, a Cybersecurity and IT Infrastructure service provider. Under her leadership, Meta Defence Labs UK has garnered international recognition and accolades and she expanded its operations into Sri Lanka to offer cybersecurity expertise and skills to south Asian communities. 

How she’s helping women in security:

Chani’s passion for cybersecurity combined with her enthusiasm for women’s empowerment led her to found SHe CISO Exec., an initiative aimed at empowering a new generation of talent in the world of information security. SHe CISO Exec. provides a bootcamp and mentoring platform for women (open to men as well) in cybersecurity and focuses on bridging the skills and diversity gap in the industry. 

Watch her TedX Talk:

 

Tanya Janca

Her accomplishments:

If Wonder Woman was an ethical hacker with a stylish fringe, her name would be Tanya Janca. Tanya is a computer scientist and the founder, security trainer and coach of SheHacksPurple, a learning platform dedicated to teaching Application Security, DevSecOps, and Cloud Security. In addition to running her own Open Web Application Security Project (a nonprofit foundation that works to improve the security of software) chapter in Ottawa for 4 years, she co-founded a new OWASP chapter in Victoria and co-founded the OWASP DevSlop open-source and education project.

How she’s helping women in security:

Tanya is also an advocate for diversity and inclusion, and co-founded the international women’s organization WoSEC (Women of Security) a free community for women to meet in person in cities around the globe to network, vent frustrations, find peers, and make new friends. She started the online #MentoringMonday initiative, and personally mentors, advocates for and enables other women in her field. She actively writes on her blog, Twitter, LinkedIn, and promotes videos on YouTube, spreading her security research for free in order to contribute to the security community.

Follow Tanya on Twitter @shehackspurple

 

Jane Frankland

Her accomplishments:

While Jane Frankland is an award-winning entrepreneur, best-selling author and international speaker, she states that her three children are her greatest achievement. She has been working in cybersecurity for over 20 years and has held senior executive roles at several large PLCs, as well as founded Cyber Security Capital, a training and consulting company. Her diverse and impressive resume includes being nominated as a Young British Designer, LinkedIn Top Voices, a Top 20 cybersecurity global influencer and Top 100 in UK tech. She built her own global hacking firm and has been actively involved in OWASP, CREST and Cyber Essentials. 

How she’s helping women in security:

Before she turned 30, Jane built a 7-figure global business (as a single parent) and claims, from experience, this is not the hardest thing in business to do (rather, to turn around a failing company.) She has also authored the Amazon Best Seller IN Security: Why a Failure to Attract and Retain Women in Cybersecurity is Making Us All Less Safe. She specializes in business strategy and high performance and is a world authority on attracting and retaining women in cybersecurity. 

Check out her YouTube channel

 

Bonnie Butlin

Her accomplishments:

If you haven’t heard of “Canada’s First Lady of Security” Bonnie Butlin, it’s time to get familiar with this impressive entrepreneur. Bonnie is an award-winning expert in security and intelligence and co-founder and Executive Director of the Security Partners’ Forum (SPF), the first-of-its-kind agile international network of security professionals within NATO. Over the past decade, Bonnie has received 20 international and national-level awards and honors related to security and resilience including the “Women of the Decade” Award presented at the Women Economic Forum in 2018.

How she’s helping women in security:

Bonnie created Women in Security and Resilience Alliance (WISECRA) which engages a growing network of women in security around the world. Organizations and businesses around the world look to Bonnie to help increase the number of women in security. Bonnie is considered an inspiration to young women entering the profession and has actively been mentoring and involved in public speaking engagements for women and young professionals in both physical and cybersecurity. 

Listen to a podcast interview with Bonnie Butlin at #AISACON17 by MySecurity Media

 

Sivan Tehila

Her accomplishments:

This list of women would not be complete without mentioning our very own Director of Solution Architecture, Sivan Tehila. Sivan is a modern-day Superwoman and we just don’t know how she does it all. Her impressive resume includes serving for 10 years in the Israel Defense Forces in roles such as Information and Cyber Security Officer, CISO of the Research and Analysis Division, and Head of Information Security Unit of the Intelligence Corps. Sivan also devotes her time to educating the future generation of cybersecurity leaders as an Adjunct Professor at Yeshiva University.

How she’s helping women in security:

Sivan is dedicated to increasing female representation in cybersecurity. In 2019, Sivan founded  Cyber Ladies NYC in order to create a safe and empowering environment for women to share knowledge, mentor others, and become role models for young women at the beginning of their careers. She often engages in speaking engagements around the world and contributes articles and thought leadership pieces to renowned security publications. 

Learn more about Leading Cyber Ladies NYC: 

The women in this article are just a small representation of those working towards a more inclusive and diverse cybersecurity workforce. We hope you were inspired by the stories and accomplishments of the women above, whether to pursue a career in cybersecurity, encourage other women to pursue one, or to hire more women in your organization. If you would like to nominate additional female security professionals for future blog posts, please email us at [email protected] 

Read More
ZTNA
ZTNA: A World Where You Won’t Be Afraid to Grant Permissions Access
Reading Time: 3 minutes

The word trust is a common theme in cybersecurity when it comes to network breaches, yet the idea of lack of trust is what’s highlighted in these breaches. A company’s feeling of safety and security can disappear in a nanosecond once their network has been infiltrated, and all control of networks and applications is lost. For all tech-forward organizations, the feeling of lost control becomes more universal with every new breach to hit the headlines.

While in some industries this scary feeling may be up and coming, in the network security landscape it is not a new phenomenon. Whether from malware, ransomware, or your classic unauthorized access network breach like we saw with Capital One, zero optimism is entertained concerning the safety of companies and individuals from hackers. Awareness of one’s level of a vulnerability is a prerequisite to safety and enables one to take pragmatic steps to secure their data. 

Rethink the Approach for Network Security 

Until recently, the organization’s IT and security teams primarily focused all their security efforts on fighting off different attacks on the perimeter. While this was the right approach when everyone worked in the same office, times have changed. Due to COVID-19 accelerating the “work from anywhere” approach, we need to rethink network security strategies and pivot them around the user instead of where the network is based. 

With more employees working outside the physical office, there is a quickly growing number of endpoints for hackers to attack. In most organizations, the typical employee uses multiple devices to do their daily job. Is each device secure? The answer is probably yes – but you can’t be certain. With each unsecured every device, organizations’ networks are taking an unnecessary risk. When networks are breached, the process of understanding where and how access was gained is not instant and by the time you have your answers, it is too late.

IT and security teams need to change their approach, and instead of solely emphasizing perimeter security, transform their employees’ permissions and access policies. One of the most common mistakes organizations make is trusting their users when it comes to authorized access. When you provide unrestricted access to any user or device in your network, you simply open the gates for your organization’s network to be breached. 

Once a user or organization is compromised, their credentials can easily be used to infiltrate the network, especially with different attacks. This presents the idea that organizations need to have better visibility when it comes to authorized user access to their network. So how can organizations trust their employees once again?

Zero Trust Helping Us Trust Again 

Can we trust our employees once again, and reduce their responsibility and impact as guards of the organization’s network against hackers? I believe we can, as humans are meant to be trusted even though in many instances human error puts that trust in doubt. People aren’t perfect, we all make mistakes, but we must account for them proactively.

A common approach that has gained popularity over the past decade for secure network access is by implementing the Zero Trust model. Zero Trust was originally proposed by Forrester in 2010, with the motto “never trust, always verify”. This is the idea that until the user can verify him or herself via authentication, they will not receive access to the network. Adopting Zero Trust is not a specific product or architecture, instead, it’s taking a more modern approach of setting up organization-wide guidelines inside the company’s resources. 

By implementing the ZTNA model for secure network access, IT teams will have full control over who is granted access, enters and leaves the network at all times. For each network, resource or application, there should be a set of rules and policies in place enforced by the key elements of the Zero Trust model: multi-factor authentication, proper device management, limited privileged access and network segmentation using software-defined architecture.

ZTNA The Approach Not the Model 

Organizations that take the right approach with ZTNA can erase the concept of trusting in their employees and won’t fear to grant access. To achieve secure network access inside your organization you will need to have the proper principles implemented and distributed throughout the company. Treat Zero Trust Network Access as a manual for how organizations should strategize and “trust” their employees with the keys to the kingdom. 

Read More
Can SASE Reinforce Remote Voting?
Reading Time: 4 minutes

The risks behind remote voting

Election interference is the new normal, or perhaps it quietly has been for some time now. Until recently, though, it has escaped the limelight because the process of voting in most places has barely changed since the dawn of democracy. People show up their designated voting booth, wait in line, verify their identities and cast their ballots – but in the era of COVID-19 this idea is more complicated than it once was – and also more compromised. 

Obviously, the ideals of democracy must be upheld even during a pandemic in which the pathogen at large is airborne, and people must be empowered to vote even if they aren’t able to stand in line. Especially as an important US Presidential election approaches at the end of the year, the idea of remote voting has emerged as a potential solution to the obstacles put in its place by coronavirus – but solutions must also be found for securing the remote vote itself.

A Rocky Start to Remote Voting

Rather than mail-in ballots, which require immense administrative efforts to corral, count, and authenticate, remote voting would entail using technology to mimic the same processes but in a streamlined digital manner. In the midst of COVID-19, governments have already embraced digital alternatives for physical processes steeped in tradition and respect – just look at the testimony of Dr. Anthony Fauci, who recently appeared in front of the Senate via Zoom.

Thanks to H.R. 965, which was passed in mid-May during the throes of the pandemic, members of the House have been alpha testing remote voting at a very small scale. While Senators must still show up and have their Yeas and Nays tallied on paper, House members are able to send in their votes via encrypted email and have them counted. This is still an early and rudimentary solution, and there’s no doubt that rolling out digital voting to the greater USA or even individual States would require something much more complex.

So far, some States are experimenting with digital voting, but they are doing so against the advice of Homeland Security’s recent report, which highlights remote voting as extremely high risk. This is no doubt a remnant of 2016, when hackers successfully breached online voter registration systems in an attempt to sway results of the election – or simply to test the water in advance of the “real” interference attempts which are soon to come. The wagons haven’t circled yet, and any efforts to advance remote voting efforts now are as undefended as they were then.

Remote is a (Necessary) Risk

Evidence points to the fact that the varied and disparate digital systems that already exist can’t be capably secured, meaning any attempts to institute remote voting will be built on a flimsy foundation and cause even more trouble. This would create an untenable situation in which both election results and faith in the system can be challenged, so any efforts to help US citizens vote from afar must also come with accompanying security technology.

Attempts to secure local and state voter registration systems so far have focused on the lowest-hanging fruit: patching software and hardware, and “backing up” incoming digital votes by writing them down on paper. This approach is smart, because it’s often the most basic exploits that hackers use to disrupt the voting process. The remote voting apparatus, in the States where it currently exists such as Delaware and West Virginia, is extremely flimsy and reliant on a stack of tools that are each capable of being compromised in different ways.

Hackers don’t necessarily need to infiltrate systems and change votes themselves, they can simply disrupt the process by deleting or multiplying votes, adding false data, compromising signature-verification software, or overloading them via DDoS. This can occur for the ballots, voting machines, Secretary of States or registration websites, and other weak links in the chain. Accordingly, the entire voting flow must be secured from the moment a citizen logs on, through the verification process and until the final vote is tallied.

SASE a Secure Voting Solution

Remote voting is coming whether we’re prepared for it or not, because if you ask election officials, it’s more important to re-enfranchise those who are disenfranchised than it is to secure the systems we use to accomplish it. Though problems are bound to arise, given that in classic federal government style it’s up to individual States and the agencies within them to choose relevant security vendors and solutions, a new type of unified product is emerging that will kill many of these issues with one stone.

Coined by research firm Gartner, SASE is a cloud-based security product that by nature is capable of being integrated directly into all resources in use across government offices, regardless of where they are physically. It essentially weaves an impressive array of different networking and security solutions into each resource deployed in the digital voting process, ensuring that participatory voters and officials across the country are protected, given custom access privileges, and closely monitored for suspicious activity.

If a SASE product is deployed then the State of Florida, for example, could mandate that voters logging into whichever voting application Florida chooses will first need to authenticate with 2FA. During the vote, a SASE product would encrypt the voter’s connection to State applications with IPSec tunnelling, and even automatically disconnect them from the internet if the application should fail. Because SASE is both ubiquitously integrated and built on software-defined architecture, officials tallying votes and doing other administrative election work could be assigned role, location, and even device-specific least-privilege access policies which would limit the attack surface for hackers.

Elections to Evolve in the Near Future

If government IT teams match the variety of remote voting hardware and software with a similarly disparate selection of security tools, then their efforts will be further distracted from ensuring an accurate vote and go instead towards managing their teetering software stack. What’s necessary is one security solution encompassing all tools that States need to protect their voters, and one that fits natively into the systems they’ve already begun implementing and is therefore easily onboarded as other States come “online”. 

SASE looks to be a promising contender, though the security industry has some catching up to do before it’s ready for elections. That’s alright, because poorly deployed security would do more harm than good, and it’s important to be airtight: The point of elections isn’t to pick the winner but to remove any doubt in the mind of the loser that results can be argued. For this reason a robust and proven security solution is necessary if remote voting is to be the status quo.

Read More
Podcast Ep.1
Beyond The Perimeter Podcast: Episode 01 – Turning a Hobby Into a Career
Reading Time: 4 minutes

Listen to this podcast on Spotify, Soundcloud or wherever you find your favorite audio content.

We’re excited to have launched the Beyond The Perimeter Podcast: the podcast where we discuss everything security. 

Each week, we will discuss the latest and biggest breaches to hit the news and talk to different security experts to learn about their experiences in the security industry. In this edition of the Beyond the Perimeter Podcast, we tackle the EasyJet Breach and learn from independent security researcher Ryan Nolette how he made a hobby into his career.  

Breach of The Month: EasyJet 

On May 19th, British low-cost airline group EasyJet announced that they had suffered a data breach. They declared that the highly sophisticated cyber-attack affected over nine million customers. Details from the breach included full names, email addresses and travel data such as departure, arrival and booking dates. While the breach itself occurred in January 2020, EasyJet notified the UK’s Information Commissioner’s Office at that time, but waited four months to notify its customers. EasyJet did not immediately give details on how the breach occurred, but said it had “closed off this unauthorized access”. It’s most probable that a phishing attack was the culprit of the breach.  Our advice for all EasyJet customers is to change their passwords and check for any unusual activity in their bank accounts or suspicious phone calls and emails asking them for further personal information.

For more security tips and insights, I interviewed independent security researcher Ryan Nolette who explained his experience with information security at a young age and how it formed his career today. Ryan has held roles in the InfoSec field and consulted on threat research, incident response, and every level of security operations. He is an active speaker and writer on threat hunting, cloud security, and endpoint security.

Attracted To Information Security From an Early Age

If you ask security enthusiasts, many of them will tell you that their interest in security started at a young age. In Nolette’s case, movies and books about hackers, as well as early discussions with his school IT worker, sparked his interest in Information Security. “Infosec has always kind of been an interest to me. The movies that I was starting to watch, the Hackers trilogy and The Art of Deception by Kevin Mitnick came out and a colleague of my dad at the time told me to go check out that book and it was very interesting actually reading about the experience, the stuff that he went through and then how that related to the movies there.”

Initial introduction sparked into more of personal interest to Nolette. “From there it just kind of really – the interest grew and grew as I started researching the topic more and more. We started off with people doing pranks to each other in class and whatnot. You know, pop out the CD-ROM of your neighbor’s computer, things along those lines and it kind of escalated to well, you take those concepts and now we expand them out into these overarching, more in-depth topics that are enterprise-level and now instead of your adversary being your classmate, now your adversary is whoever the attacker is in the world and it’s just a change in scope and severity. I had a pretty interesting IT or a general worker for our school system that I went to had an open conversation about technology in general and we’ve learned an awful lot about my school’s network and the town network worked through that.”

Learning From Security Experts over the Years

In the late 1980s and early 1990s, the number of places to learn about networks and security was limited. Nolette described how he learned on the go and through experiences. “It was more of a silo for me. I didn’t know those forums existed at the time. How I learned things was from some of my schoolmates who were interested in computers and operating systems. It was definitely an interesting experience and unfortunately, at that time, it was very hard to get the information, to gather if you didn’t know where to go look.

The times have changed and now it’s much easier to learn security practices from experts around the world. “Now it’s significantly easier since I started in the industry and I’m really, really a big fan of that and that kind of leads into – if you want to get started in the industry, just go to a conference. There are free and cheap ones all over the world. I’m on the East Coast of the United States and there’s a BSides conference in pretty much every state and that’s a wonderful, affordable conference to go to and they handle a very large group of attendees, whether they’re the presenters or the attendees on their own. They really foster a collaborative environment. So you can go in and ask questions. You can attend one day of a conference and learn about 10 or 20 different vectors of security and that kind of lets you figure out what you’re actually interested in.”

Endless amount of Security Content While Remote  

With the majority of the world working remotely, the face to face events have been canceled. Nolette highlights the different virtual opportunities for security minds like himself to learn remotely. “One of the best things that came about from this is I’m a big Reddit fan. So there’s a couple of different security subReddits and they have curated lists of virtual conferences, free online training and discounted tools and training. They’ve kept them pretty up-to-date and it’s just spreadsheets of these different resources that are available to you. So definitely check that out as a starting point and get a bunch of things online.”

With the current remote situation, the security community has gotten a bit creative to spread their knowledge. “While I know there are a few new conferences that even launched because of the work from home and the virtual conference idea. A new conference is basically going to put all the attendees on a Zoom call without any of the security restrictions on it and just kind of see what happens. So there should be some fun stuff like that.”

You can follow Ryan on Twitter and read his latest content on his Github page.  

If you enjoyed listening, don’t forget to subscribe so you never miss a new episode. Please also consider rating the podcast or leaving your feedback on Soundcloud or wherever you listen.

Read More
VPN_SASE
VPNs Are Out and Scalable Remote Access Solutions Are In
Reading Time: 4 minutes

COVID-19 has accelerated the world’s digital transformation and lately this has headed in an inevitable direction: the adoption of remote work. We can no longer assume that employees are working from the office and the “new normal” that the world is experiencing will likely bring about permanent changes to how and where we work. Tech giants such as Facebook, Twitter and Google have announced they plan to keep their employees working remotely until at least the end of 2020, and possibly beyond. While this approach is gaining popularity by the day, it’s far from a new concept. 

Remote work has been a popular method for companies for the past two decades due to benefits like flexibility, productivity and cost-savings. In late 2019, Gartner predicted that by 2020, half of the US workforce would be working remotely. Here we are six months into 2020, and no one could have predicted that 62% of the U.S. workforce would go home to work remotely due to the COVID-19 outbreak. 

Are Traditional VPNs Still Relevant? 

Over the past 20 years, organizations adopted different tools in order to support and secure their remote workforces. The most popular solution that organizations relied on was an enterprise VPN technologies for remote network access. The value that VPNs once provided is diminishing by the day due to organizations’ transition to the cloud, however, and remote employees no longer need to connect to their corporate headquarters’ network. 

Due to COVID-19, the majority of global organizations are requiring that their workforces connect to business resources on the cloud or to the corporate network remotely, creating an overload of traffic on the VPN’s they previously implemented. Originally, the idea of installing a remote access VPN was the right approach, however it’s now providing more cons than pros. 

VPNs can expose organizations’ data and resources, making them more vulnerable to different attacks on the remote workforce. The traditional VPN provides remote workers with unlimited access to organizational resources, creating an attractive, ripe environment for hackers to get inside the company’s network. With legacy VPNs, organizations are unable to restrict access to specific network resources, making VPNs one of the weakest points of failure with respect to identity access and credential management as there is no segmentation, audit or control.

VPN has other limitations, such as a lack of network visibility and network segmentation, which limits unauthorized user access and overall network security. The tech was not designed to deal with dynamic networks that organizations are creating today. This is due to VPNs requiring constant hardware updates, the need to be properly managed and the absence of network or server flexibility. All of the above make it more complicated to scale and rapidly adjust for new users and network locations, and increasingly difficult to effectively manage hybrid and cloud-based computing architectures.

Scalability: The Key Factor of Today’s Workforce 

The idea that one day an organization may need to increase the number of users to thousands or more is possibly one of the most important factors when deciding which solution to implement, especially with remote access needs. VPNs’ scalability hasn’t been their strongest characteristic; actually their lack of scaling capability to hundreds or thousands of users has been more of an Achilles heel.

VPNs were initially designed to only handle a small percentage of the global workforce. In today’s day and age, with thousands of organizations looking to scale their entire workforce remotely, the need for remote access solutions is more demanding than ever. With a massive increase in users, organizations are seeing congestion and latency in network access and a lack of quality of service.  

In the past, when there were just a few remote workers in an organization, IT teams were required to designate a small amount of network access for them alone. When companies transform to a more remote workforce, organizations will need to adopt solutions that will have the capacity to support their networks and applications for everyone remotely. In the case of VPNs, network over-usage and older architecture results in slower user experience and creates headaches for IT and remote workers simultaneously. 

Additionally, the implementation of new users and networks with a VPN can take up to weeks to fully onboard, creating a major hole in the company’s network. So which kind of solutions should organizations look for when trying to scale access to remote employees?

SASE: The Scalable Model For Remote Access

Instead of thinking about how we can make the VPN more secure, flexible and scalable, we should look for a different secure remote access solution. The answer lies in SASE: Secure Access Service Edge. Unlike VPNs, SASE is a solution for the increasing demand for scalable network access. So what is SASE and why is it the answer?

SASE, which was coined by Gartner in August 2019, is the cloud architecture model that combines the different functions of network and security solutions into a unified cloud security platform. This delivered “as a service” offers scalable secure access to the organization’s resources and networks. The new model will allow organizations to simply connect and secure their networks and remote workers with a cost-effective and instantly integrated approach.

Unlike the traditional networking solutions or modern VPNs, the SASE model recommends that organizations should instead connect their employees and networks on a more user-centric level to a cloud-based service. While in the past, the majority of networks for organizations were concentrated at the central data center for user access, this didn’t provide a suitable model for remote workers. Gartner suggests that this site-centric approach is outdated and not effective as organizations are turning to edge platforms, SaaS solutions and cloud services. While the concept of organizations providing a data center for user access won’t disappear overnight, it will become less relevant as the majority of services are moving to the cloud. 

By adopting the SASE model, organizations will have a more flexible and scalable opportunity to connect remote employees to applications, cloud services, and APIs no matter their location. 

Scaling for the Future 

The SASE model for secure zero trust network access and additional vital security features provides organizations with scalability, flexibility, ROI and most important of all, secure access for their remote workforces.

When seeking the right remote access solution, look past the legacy VPN and change your approach with a more flexible and user-friendly SASE platform to secure your network, resources, and employees. 

Read More
Tightening Security on Microsoft Teams
Reading Time: 4 minutes

Remember driving down to your local computer store and picking up a shiny new copy of the latest Microsoft Word? Sleek in its box, the neatly wrapped Microsoft product had both disc and license inside, but it also came with something you didn’t bargain for: responsibility for its successful, safe operation. 

As a physical offline copy, security issues in operating this relic of the past could be placed squarely on you. But now that Microsoft Word has gone through multiple cycles of product consolidation and emerged as a vital business pillar, security considerations surrounding the whole Office suite, and now Teams, deserve another look.

Microsoft Teams allows collaboration and communication across the various services that are included in Office 365. Make no mistake, Teams users can be confident in the safety of their data, but when more weight lands on the solution as a productivity cornerstone, it’s smart for organizations to supplement Microsoft’s built-in safety mechanisms

From discs to on-demand software, the now fully-integrated nature of Teams makes it a powerful tool, but one that sits at the epicenter of a bustling cloud encapsulating both good and bad actors. 

Consolidation of Products, and of Problems

Exemplified primarily by Microsoft, products that were once sold separately eventually congeal into a single platform that offers them all as functions conveniently packaged together. This is what happened to Word, Excel, PowerPoint and other Microsoft software that turned into the Microsoft Office 365 “as a service” solution. 

With Teams, increasing sophistication and connectivity in the name of a good user experience has also created new ideas in the world of security, as most innovations do. Teams represents a single window into the virtual Office, where employees can discuss projects happening in real time, talk over chat, voice or video call, and work on shared documents together. This shiny front end doesn’t bely any backend complication, but it’s there. 

For each “team” you create, the backend gets a new SharePoint site, Office 365 group and other assets in places like OneNote and more. This doesn’t include other integrations that your organization might choose, such as ZenDesk, Salesforce, Mailchimp and other popular platforms. With an impressive level of integration comes an intricately complicated environment for security professionals, especially as companies expand and lean on Teams even more. 

Licenses are online, so much of the functionality that Teams offers is largely available when an organization is connected to the web. Moreover, since November 2019 Microsoft has allowed Enterprise customers to grant guest access to contractors and other non-licensed individuals who work with them. Suddenly, file sharing of sensitive documents and resources is happening outside the network and unfamiliar entrants are streaming in, so managing the chaos becomes necessary.

Integrated Solutions Beg Integrated Security

Both in how Teams is secured and used, and in the tools that IT security teams must enforce for users, care should be taken so that data inside Teams doesn’t sprawl outside of its boundaries, or alternatively, become concentrated and offer hackers a single ripe target. Much like Slack, Teams users can create different channels where they communicate about specific subjects or tasks related to this department or the other. 

While users should be encouraged to create new and different channels for their conversations, it’s crucial to maintain control and ensure that loose ends (dead, repeat, underused channels) don’t occur, and that sensitive information isn’t overly shared or replicated in multiple different places or with people who don’t need to see it.

Integrations are crucial to any organization relying on Teams, and when implemented correctly they are amazing productivity boosters. However, one of the most underestimated issues that occurs in a highly integrated environment is configuration: Sometimes the integration may work well but the most minor settings might create a security gap that leaves the network exposed. 

When many third parties are a part of your Teams installation, whether they’re services or service providers, it’s recommended to layer an extra security blanket over the whole thing. Teams has built-in two-factor authentication, and IT should require it before users are able to log in. Don’t stop there, though, extra effort to track devices and endpoints should be taken as it will also help IT prevent downloads from Teams to unmanaged devices, or those that haven’t passed through the gates of “Zero Trust”. 

Because Teams is a nucleus of business activity and by definition holds assets that might spell trouble in the wrong hands, a strict least-privilege access model should be instituted. Another integrated solution is suitable, but one that simplifies the security functions that can plug into Teams, and with a purpose to remove trust from the equation, full stop.

Teams Turns Zero Trust

In few organizations does each employee need access to the full list of functions and capabilities that Teams provides. Microsoft understands that not every employee will need access to SharePoint, for example, and supports Teams separately as a cloud app for Azure Active Directory and the conditional access policies it offers. To take advantage, however, administrators must ensure that the correct policies exist on all applications inside the Teams installation such as Exchange. 

This can take some maintenance and oversight, so it’s easier to find a more unified, seamless Zero Trust solution where all this is done from a single admin panel. Security providers pursuing the Network as a Service model are already being used for this purpose, and when integrated with Teams are able to better streamline the orchestration of necessary security tools. Network as a Service solutions reside on the network layer and therefore allow organizations to easily define custom access policies for segments of their local and cloud resources (like Teams, or parts of it). 

This way, IT controls which roles, devices, and locations are allowed into specific parts of Teams and other network areas with greater ease. Additional security tools can’t hurt, and add a safety net to Teams in a couple different ways. Though Microsoft has 2FA, Single Sign-On and the encryption of files, a wider array of options is helpful. 

Support for other MFA and SSO providers is nice, as is the option between SSL, IPSec, and WireGuard in terms of encryption, for instance. One idea which should surely not be forgotten is better network activity monitoring. This is one of the most important points for complex Teams installations: logging and monitoring is a lynchpin to proactive threat detection and compliance alike. 

Integrating these functions directly into Teams doesn’t complicate it. Why? Simply because they’re all offered under the umbrella of a single security provider which integrates directly into Teams and saves IT from fiddling around with different settings between Exchange, SharePoint, Word, Azure, and others. Teams is an amalgamation of multiple useful software tools, but there’s no question that productivity is the primary reason for its existence, and that third-party security services improve it is neither a surprise nor takes from its impressive reputation.

Read More
SASE_Gov
SASE: Evolving Government’s Cloud and Network Security Strategy
Reading Time: 4 minutes

Even though cloud technology has become the new normal for the private sector, it has a less than tenuous grasp on government. In 2018, cloud neglect in the public sector prompted the White House to launch its “Cloud Smart” policy, designed to promote the idea that government agencies should begin adopting this useful breed of computing technology. 

At the time, relevant agencies didn’t jump quickly on the opportunity due to security concerns such as data storage and the sharing of information. However, the time is now ripe. With cloud computing over a decade old and long proven as a pragmatic solution to many administrative problems, it’s time for lagging governments to bring themselves up to speed. 

Despite some public offices embracing a cloud-first approach or cloud-only policy, the majority of the United States government is woefully behind, and still in the dark about the risks and benefits that come with moving network resources to the cloud. Most concerns circle the notion of privacy or security, but these days they’re addressed more easily than they once were.

Cloud Security a #1 Priority  

In the United States, there are more than 90,000 government offices that comprise a patchwork of different approaches for cloud computing and cloud security. In most cases, local and state governments are more open to adopting cloud solutions and services as opposed to the federal government.

These government offices are finally clueing into the tangible benefits that the cloud provides: low costs, ease-of-use and higher productivity. With these advantages within reach, ensuring that preferred cloud solutions are secured has become the top priority for governments. Any and all benefits can be ignored if the implemented cloud services or solutions aren’t totally secure, and this is why analog processes have reigned supreme for so long.

As government offices begin to push their networks onto cloud infrastructure and connect them with remote workers and IoT devices, the number of endpoints that hackers can attack has climbed significantly. As we saw in March 2018, the City of Atlanta was attacked by hackers with ransomware that shut down government services for six days. Likely a victim of the SamSam exploit on Java-based servers, this is an example of how ditching self-managed hardware for a provider’s cloud would likely add a barrier between hackers and government property.

Gov_breaches

It is also just one of many examples for how governments have become a more popular target. In response to the growing sophistication of attacks, cloud security must now go beyond malware defense, and so government IT teams are forced to look at the big picture. Instead of focusing on specific types of attacks, they need to promote efforts to gain omniscience within the network. In the past, governments tended to only pay attention to the data leaving their network perimeter, but today they need to be just as cognizant of permissioned users and data being accessed by government employees. The rise of the remote workforce has pushed visibility even further into government IT teams’ awareness.  

Taking Control of the Network 

As more governments adopt network security solutions for their work environment, an increasing number of security events and alerts have overwhelmed governments’ security teams, which actually distracts from the idea of better network visibility. IT teams need to have complete knowledge of what is occurring on their network at any given time, across public and private clouds, applications running on the network, and more. Where numerous unqualified alerts create a swarm blocking proper visibility, hackers can use the hubbub to muffle their steps and make a quiet entrance into government agencies’ networks. 

To fight visibility and network control concerns, governments should adopt Security Information and Event Management (SIEM) systems. These systems accumulate the data from different sources and recognize which are outside normal parameters, and also provide an appropriate response. SIEM systems play a huge part in helping IT and security teams to detect and prevent security risks across governments’ infrastructures in an intelligent manner. 

More Solutions, More Headaches 

For any modern government cloud security strategy, it’s often recommended to implement a range of products that deal individually with a wider range of common network attacks. Until recently, this strategy worked well, but now we are seeing that it creates a bigger problem. Adding a large number of products to IT’s stack causes misconfiguration and exposed deployments of various software solutions. This, together with ensuing hybrid IT complexity, is creating a tangle of security challenges for IT teams.

This challenge has a label; “tool sprawl”. It is the idea of investing in a range of security products that work together, yet make it harder for IT teams to manage and orchestrate them in the network. In order to achieve a more flexible and productive network and cloud security strategy, governments have to move away from the multi-vendor tool sprawl approach and look to adopt a unified platform model. It’s especially true for governments that are looking to ensure the privacy and security of their data against outside threats. This is where SASE comes into play.  

Perfect Cloud Security Model for Governments 

By adopting edge data security, government agencies can enhance their security hygiene with the help of quicker, integrated, and more elastic solutions that simultaneously keep government employees connected from afar. This approach has become more relevant with the introduction of Secure Access Service Edge (SASE).

Secure Access Service Edge (SASE) was introduced by Gartner in August 2019. SASE is a new cloud-based network security model that combines multiple network technologies delivered as a service, including SWG, CASB, FWaaS and ZTNA with WAN capabilities (i.e., SD-WAN) to support dynamic secure access to organizational assets. The SASE model allows government IT and security teams to easily connect and secure all of their networks and users in an agile, cost-effective and scalable way through the cloud.

By adopting a SASE platform, government offices can enable the delivery of integrated secure network security services that support digital cloud transformation, edge computing, workforce mobility, identity and access management. This new model will help governments get over the hump of doubt that has built up around the cloud. It will allow governments to manage all of their security and network solutions from one platform, fight off new threats and secure employees’ data no matter their location. On the near horizon is a cloud security strategy for the future and one that has no more relevant home than government.

Read More
The Digital Transformation Finally Comes to Security
Reading Time: 4 minutes

There are few phrases more buzzword-y than “the digital transformation”, but its broad scope means that the term has never meant a static, single thing. Digital technology is always changing, so the organizations that use it are changing as well. Going through a transformation from analog business flows to digital ones is something that started happening decades ago and we haven’t yet found the limit of this idea’s benefits, so it makes sense that there are multiple phases of digitization that have occurred over the decades.

Technology constantly gets smaller, faster, and more powerful, spilling like water into new industries and applicable ideas over time. These include infrastructure assets and machines, operations and business processes such as online payments, eCommerce, and supply chain management, and most of all organizations’ workforces by creating new roles and platforms they use to do their jobs. Much of digitization has been less about technology and more about self-reference, by cleaning up the digitization process itself and simplifying the array of vital tools and processes that pile up.

This is the theme of what is perhaps the most notable trend in the last year: and it comes from an unexpected sector.

Security a Silent Cornerstone of Digitization

In addition to incorporating the cloud into a business strategy or growing your data intelligence department, there’s a background of digitization that makes these processes easier and safer – because the risks inherent in going digital are many. The security sector exists to recognize how this new world is threatened and from where, and is important for ensuring that organizations’ digitization efforts don’t needlessly expose their data or put customers at harm’s way.

Since the 1970s, cybersecurity has been there to respond with pragmatic solutions, when a growing array of technology gets ahead of itself. From the early ARPANET “creeper” which led to the first antivirus program, and through years like 1989 which were devastated by both the first DDoS and malware attacks, it has nearly always taken some digital travesty to shed light on the security industry’s importance. 

Moving storage and services into the cloud is the latest and greatest example. These days, the cloud is a cornerstone of digitization, with migration tools abound and services like AWS and Salesforce, which come with an arsenal of useful onboarding functions, single-click business processes, storage solutions, and more.

With mobile devices and applications getting more capable, however, it has meant that data moves farther than ever and exchanges more hands. That has given a larger opportunity for hackers to steal this data, and so the security sector has had to identify where the gaps appear and how to close them to enterprising bad actors. This is hardly a surprise to those who are familiar with the idea of cybersecurity, but even IT professionals “in the know” aren’t aware of how far along this simple idea has taken digitization in 2020.

Putting Security Ahead of the Curve

Unfortunately, the limits of cloud computing have been tested recently as remote work gets infinitely more popular. In terms of both security and speed, we’ve seen online platforms overclocked and put to the test in greater numbers, and not always with stellar results for IT. The use of many business-critical services together may work, but a greater number of endpoints and carelessly strung together solutions puts even the most diligent IT teams in a bind.

Many organizations realize this, and to lighten the burden they’ve enforced the use of basic security tools like a VPN. While a VPN will raise the lowest hanging fruit for a lazy hacker, they’re not perfect, and don’t make the digital transformation much easier. They just add another tool for IT to be responsible for configuring and managing, on top of storage, CRM, ERP, and other platforms. The required hardware for a VPN puts a price tag on security in terms of labor and more, and they don’t perform well under the conditions that networks are currently in. IT teams are then learning more about ideas such as Zero Trust security, which lets them segment their networks into custom-sized pieces, and implement unique access policies on top of the capabilities of a traditional VPN.

SASE Reminiscent of Past Tech Consolidation

This has solved some problems but not others. Zero Trust is indeed much better for security and easily scalable, but it’s still another tool stacked on top of the network. The old problem – that knowledge workers only spend 39% of their days actually working, thanks to platform overload – isn’t solved. Teams implementing Zero Trust are indeed considered cutting edge, but the last year has brought a relevant idea into the spotlight: SASE. Billed by research firm Gartner – the acronym’s creator – as a unified network security platform, SASE merges many of the network access and security tools that IT relies on.

With CASB, FWaaS, Wi-Fi security, IPSec tunneling and encryption, multi-factor authentication and SWG all easily consumed in one place, SASE turns ideas that used to be full-fledged and separately consumed platforms into features of a single platform. This is reminiscent of what Microsoft Office 365 did in 2011 – combining multiple pieces of software into a single, cloud-based “as a Service” solution. Now that it’s happening in security, as companies go through implementation in greater numbers the turbulence of the last decade, rife with consecutive record-breaking data breaches, may finally be recognized as a speed bump instead of the status quo.

Read More
SDWAN
The 5 Most Common Mistakes That Organizations Make with SD-WAN Security
Reading Time: 5 minutes

The traditional brick and mortar, 9-5 office was previously seen as the central database for all employees trying to connect to the company’s network and resources. While this model worked in the past, currently it’s extremely outdated due to slow network connection time to data centers. Instead of placing the networks where the company is based, organizations must rethink how their network architecture needs to be designed. 

While many organizations still make the branch sites the center of networking, they should make their employees’ location the key factor of how their company’s networking should be implemented. Due to the ongoing digital and cloud transformation, employees are seeking quick access to data and company resources in their work environments, no matter their location. 

As a result of the modern employee needs, the once traditional static MPLS connections are not the answer for today’s modern networking between the user and the office branch. Due to the evolving network technology, organizations started to adopt SD-WAN solutions for quicker, flexible, effective, and more affordable networking. 

What is SD-WAN and What are its Benefits?  

An SD-WAN, also known as a software-defined wide-area network, is a virtualized network that is abstracted from data center or branch office hardware to create an easily configurable and scalable overlay wide area network distributed across local and global sites. It’s also an application of Software Defined Network (SDN) technology that is more reliable and scalable than VPN-based WAN solutions because it takes a software-based approach to build and extend enterprise networks beyond the core SDN.

Organizations today can use SD-WAN solutions to connect branch offices to their corporate networks instead of using traditional and expensive multiprotocol label switching (MPLS) connections, firewalls or proprietary hardware.

SD-WANs offer many benefits for organizations looking to leverage the cloud ranging from network topology simplification, internet traffic prioritization, and cost reduction to scalability and integrated security. SD-WAN management solutions allow IT managers to automate deployment and configuration processes of their network which reduces the complexity of managing a WAN network. Additionally, applications can also be integrated and managed from an SD-WAN portal, further simplifying SD-WAN management.

Despite the numerous benefits and the advancement of SD-WAN solutions, most organizations leave security at the door when implementing SD-WAN solutions. 

Security is Essential for SD-WAN Success

When organizations are adopting new technologies, security is top priority when choosing a service of solution. This is the same with SD-WAN. According to a Gartner survey, 72% of executives see security as their biggest SD-WAN concern.

As each organization implements new networking infrastructures, they need to think and prepare for the different security risks and challenges. Many of the outdated security solutions cannot address these modern security challenges. 

Adding to that problem, SD-WAN falls under most networking teams, which creates an even bigger issue where security isn’t even brought to their attention. Some might say it’s a mix of employees’ neglect or misguided advice but it’s just simply leaving an easy target for hackers to attack your organization’s network. 

SD-WAN Security Mistakes Happen

Some might think that SD-WAN security is simple: you install the solution, it encrypts the data, and then sends it to the user from one location to the next. However, like every other cybersecurity solution, you need to strategize and instead of separating security and networking, you need to think of it as one solution where networking and security go hand in hand. Other security mistakes can and will occur.  Here are our 5 security mistakes that organizations tend to make with SD-WAN and how to fix them:

Not Including SD-WAN Security in Your Organization’s Security Strategy

One of the biggest SD-WAN security mistakes that organizations commonly make is thinking that SD-WAN security is not part of the organization’s overall security strategy. SD-WAN should not be perceived as a standalone solution and just another connectivity tool that provides a level of data encryption. SD-WAN needs to implement the advanced security policies that other networking infrastructures are implementing.  

To avoid further security risks, organizations must implement a more advanced security approach that looks past WAN capabilities that integrate policy-based control rules into their company security strategy. This new approach will allow security teams to monitor the data with a more holistic SDN managed detection response model. By prioritizing SD-WAN security and integrating it into your cloud security strategy, your organization will have an extra layer of defense when fighting off malicious actors’ attacks on your organization’s network. 

Treating SD-WAN With a ‘Set It and Forget It’ Mentality

A continuous mistake we are seeing is when organizations implement a new technology in place and then they move on from it. This is the same issue with SD-WAN. To stay clear of this common mistake, organizations should have an ongoing monitoring and updating strategy in place to make sure everything is going smoothly. 

By adopting this always monitoring approach with SD-WAN, it will allow organizations to expand network visibility and properly manage their network on a daily basis. As the security landscape is continuously changing so is your SD-WAN solution, so it’s best to always stay up to date and monitor your network instead of setting it up and forgetting about it.

Encrypting SD-WAN Traffic is a Must 

A major networking challenge that organizations are experiencing is switching from an MPLS connection to a more public broadband connection. Unfortunately, this doesn’t bode well with their cloud environments and services. Due to this, more organizations are implementing SD-WAN solutions to create more private broadband connections that link the cloud resources to the organization’s main network. Adding more and new connections causes a domino effect which results in adding more holes in your network, opening the door to attacks. 

To solve this issue, organizations need to encrypt their SD-WAN traffic to protect their critical information that is being accessed by the organization.  It is recommended to adopt a SASE platform that encrypts all network traffic that transforms into a fundamental security layer in your SD-WAN solution. By having that extra layer of security it’s essential for organizations to provide a high performance secure networking connection to its employees.  

Implementing the Wrong Solution For Your Needs 

When seeking the right SD-WAN solution for your organization, you need to consider if this is the right fit for your networking needs. Another common mistake made by organizations is that they deploy another stand alone solution or the wrong solution. By looking for a tool that helps with network visibility or device policy management, organizations need to understand if this tool will secure our network and not complex the tough challenge of securing the network. 

Therefore, the first thing organizations need to check when considering an SD-WAN solution is whether it will easily integrate into its network and security strategy. By adopting the correct SD-WAN solution for its organization it will help increase security posture for the entire network security strategy.  

Forgetting about Security Entirely

Ignoring security might be the simplest mistake that an organization can make when adopting SD-WAN solutions. While SD-WAN tends to fall under the networking teams at organizations, the idea of a cost-saving solution usually forgets to include the importance of security.  

Instead of just thinking SD-WAN as another networking tool, organizations need to include their security teams when managing SD-WAN to ensure there is the proper security in place after adopting the solution. While this common mistake is a simple one it comes with major consequences. By implementing an unsecured solution can open the door to hackers and can create major security issues for the organization’s network and critical resources. 

Improving SD-WAN Security

In just over a few years, SD-WAN has shown its great value by providing a quicker and more flexible option for network transformation. Despite the continuous advancement of SD-WAN, they don’t entirely provide protection against more sophisticated attacks that we are seeing with today’s network environments. 

Moving forward, Organizations need to think about which advanced security functionalities need to be easily integrated into their SD-WAN solution instead of thinking security afterward. By adopting a more secure SD-WAN solution with the correct security functions integrated it will help organizations to detect and intercept attacks on its network moving forward.  

Read More
remote_workers
When Hackers Attack: 5 Essential Security Tips For Working Remotely
Reading Time: 4 minutes

Whether working from home or remotely, social distancing has grabbed headlines as one of the most popular buzzwords on the internet due to COVID-19.

Once the World Health Organization declared COVID-19 a global pandemic, the shift to working remotely became a reality. Governments forced all nonessential places of work to close up shop and recommended that all companies who can work remotely shift their employees to work from home model.

While remote work and social distancing have been essential in flattening the curve and the spread of the coronavirus, they open a Pandora’s Box of cybersecurity risks. By having employees work from home, organizations are forced to face the fact that employees’ devices are now the main way that they connect to their work resources. While this might not sound worrisome, it comes with many security risks, especially when coping with hackers and malicious actors. 

More Remote Workers = More Attacks

With each passing day, we are seeing more and more hackers trying to take advantage of the COVID-19 situation to target remote workers with different attacks such as phishing, VPN vulnerabilities, and malware. According to CNBC, the rise of cyber attacks is occurring due to the fact that the majority of companies have implemented an entirely remote workforce.

Due to the increase of attacks, IT and security teams are forced to make quick changes to their security policies and best practices for their remote employees. The in-office, company-wide security policies and training are not accommodated for the new reality that hackers are trying to exploit. Now, organizations must depend on their employees to be on the front lines against hackers, making it essential that organizations strategize and plan out employee-friendly security policies.

To Work Securely You Need to Think Like a Hacker

To help global organizations’ remote workforces to learn more about the different security risks we co-hosted a webinar with SOSA, Leading Cyber Ladies, the Israeli Economic Mission to North America, and the Global Cyber Center of NY on April 1st. The panel of security experts included Sivan Tehila, Director of Solution Architecture at Perimeter 81 and Founder of Cyber Ladies NYC, Nicole Becher, Director of Information Security & Risk Management at S&P Global Platts and Guy Franklin, MD, SOSA NYC – Global Cyber Center of NYC. In this webinar, the panel of experts provided their insights on the number of cyber threats facing everyone while working remotely and how organizations should protect their data, resources and remote employees. Watch the entire webinar on-demand below.

5 Essential Tips for Securing Remote Workers

Throughout the webinar, the panel of experts provides great insights into the different kinds of attacks remote workers can face on a daily basis. However, we would like to highlight the great security tips they provided throughout the webinar. You can find them below:

Update Your Business Continuity Plan

One of the most important tips that we can provide to organizations is to update their business continuity plans so that they can adapt to the always-changing landscape of uncertainties. When thinking about the rise of remote workers, organizations need to strategize and plan out how to keep their business afloat while staying secure. 

Take a closer look and assess risks and response technology to decide if you are prepared enough for the new changes in cybersecurity planning. This is an important tip as this division of a business must provide a quick and immediate assessment period. 

Create Strong Passwords and Enable 2FA

One of the most common mistakes that employees can make is using weak passwords. When passwords are not set using the correct best practices, they can be easily stolen by hackers. The use of weak passwords can easily be resolved by educating employees about what makes a strong password and the role they play in keeping hackers away.

Additionally, organizations should enforce the usage of a 2FA solution. Two-factor authentication (2FA) ensures that, in addition to usernames and passwords, the second layer of verification such as an SMS code is required. By adopting stronger passwords and 2FA, employees will be one step closer to working more securely.

Beware of Phishing Emails

When experts think of the most common attack on organizations, phishing is the first thing that comes to mind. Phishing is the easiest way to attack an organization’s employees due to its low cost and familiar presentation as an email. The process is simple; hackers begin by emailing employees an official-looking email that requests that they send them critical information from their work device. Despite it being one of the oldest ways to hack an organization or a user, most phishing emails can easily fool employees. 

To avoid such phishing attacks, they suggested educating employees to always double-check the email address, the tone of the email and the request itself. 

Implement Training and Awareness Programs

Educating employees on the importance of remote security will help them understand the impact they have on their organization. Implementing a security awareness program is a crucial step for organizations’ remote security planning efforts.

The program should cover why security is a joint responsibility for everyone from management to employees by providing clear examples of their roles in the organization and how security may be affected. The mistake of employees often thinking that the responsibility of the organization security solely falls on the security team is dangerous, but with the right education and real-life examples, employees will understand the importance of working remotely the right way.

Ditch the Legacy VPN

As most companies have become fully remote during this time, the need for secure remote access has become a must. While you might turn to traditional VPNs in order to access company resources, they are not the right solution to attain policy-based secure remote access today. Traditional VPN services are not scalable for organizations moving their entire workforces remotely and they lack network visibility, which opens the door for hackers to breach an organization’s network and critical resources, without any warning.

Instead of adopting a traditional VPN for remote access, you should look towards a solution that is based on the SDP architecture and the Zero Trust model. By Implementing a Software-Defined Perimeter solution, IT managers can customize permissions for those employees who need access to specific parts of the organization’s network. Additionally, by adopting the Zero Trust need-to-know model, each remote employee will receive tailored secure access to only the resources necessary for their roles.

Looking into the Future of Remote Workers

 As we see remote work becoming the norm for organizations moving forward, it’s important to think about the different risks that employees are facing on a daily basis. While some might believe hackers are thinking outside of the box with remote workers, they are actually targeting remote employees with the simplest and most effective of attacks. 

Looking into the future of business, security teams should adopt a mix of user-friendly security solutions and engaging employee security awareness programs. These are the first basic steps in the direction for total security for remote employees. 

Read More
April Product Updates: New SIEM Integrations, Amazon S3 and Azure Sentinel
Reading Time: 3 minutes

It’s not only the excellent feedback and requests from our customers that push us at Perimeter 81 to seek constant improvement. Our drive towards a complete SASE (Secure Access Service Edge) platform is a goal we’ve always got our eyes on, and we just got even closer. In that light, we’re excited to introduce some important new functionality to our solution this month: integration with Microsoft’s Azure SIEM and Amazon S3.

Smart Networks Lean on SIEM

No comprehensive network security platform should be without the ability to monitor and log the traffic or user activity that takes place. For ensuring total compliance and obtaining awareness of potential network exposure, SIEM (Security Information and Event Management) tools allow Perimeter 81 users to receive security alerts and analysis of events generated by applications and other parts of their networks in real-time.

Starting now, users with an Enterprise plan will be able to integrate their Perimeter 81 platforms with two more popular tools for free alongside our previous Splunk integration: Azure Sentinel and Amazon S3.

Azure Sentinel

A perfect fit for Perimeter 81, Azure Sentinel is a cloud-native SIEM and SOAR (Security Orchestration Automated Response) solution that is known for its scalability and ease of use. Now that it can be integrated directly with Perimeter 81, customers will be able to enjoy smart security analytics capabilities and live threat intelligence across their networks and applications.

Perimeter 81 customers will find it simple to set up a Log Analytics Workspace within our platform and link it to their Azure Sentinel solution, providing them with a unified platform that includes our rich array of network and security functions, and now also alert detection, threat visibility, proactive hunting, and threat response.

Perimeter 81 Azure Sentinel Integration

For a guide on how to integrate Azure into your Perimeter 81 platform, see our complete integration guide.

Amazon S3

The popular Amazon Simple Storage Service (abbreviated Amazon S3) helps organizations store their network objects and scale easily as they expand. Offering superior data availability, security, and performance than other leading solutions, organizations around the world rely on S3 to store, manage access to, and protect the enormous amount of data generated by their operations. Perimeter 81 now integrates with Amazon S3, enabling our users to forward data captured on their networks to their Amazon S3 bucket and improve their access controls in pursuit of specific business and compliance goals.

Perimeter 81 Amazon S3 Integration

For users relying on Amazon S3 to capture and who want to gain greater visibility over their Perimeter 81 network data, our handy integration guide makes it simple.

Stay Tuned for More

We’re hard at work adding features that complement our already robust Secure Zero Trust Network as a Service solution. Get in touch with us if there are features, functions, or integrations you’d like to see in the future – and keep an eye out for them!

Read More
SASE_ZT
SASE and Zero Trust Are a Perfect Match
Reading Time: 5 minutes

As more and more organizations are shifting their resources and applications to the cloud, we are seeing how edge computing is changing networks. These organizations must enforce policies on their employees for access to the networks and resources which are now in the cloud or on-premises. Additionally, employees are working remotely more than ever and their employers are seeing more applications and cloud services being consumed outside the traditional workplace. 

With the move to a remote workforce, the outdated hardware we once depended on is creating more issues by the day. The traditional network security architectures and solutions that pinned data to the headquarters of most organizations are a thing of the past. The challenge is that these organizations now need to provide their data and services no matter where their employees are located. 

Today, companies are adopting a more user-centric approach, which will provide a flexible network model for the remote workforce and cloud resources and services which must be accessible for employees around the world. This new model is forcing organizations to implement edge networks, connecting users to networks closer to their location and thus providing a more agile and secure access model to their organizations’ networks.   

To protect these networks, organizations typically shop around in the cybersecurity and network security solutions space, which is highly segmented offering an endless amount of different solutions from many vendors. Instead of simplifying the consumption of cybersecurity, these services are complicating what should be a smooth transition for integrating solutions in an organization’s network environment. The entire security space needs to join forces and offer a holistic approach to cybersecurity, and this is where the idea of Secure Access Service Edge or SASE comes in.

New Kid on the Block

Secure Access Service Edge (SASE), pronounced “sassy,” is a new cloud-based network security model that was coined by research firm Gartner. It combines the different functions of network and security solutions into a unified cloud platform to be delivered as a service without any or very little hardware and appliances required. The key solutions in a SASE platform are ZTNA, SDWAN, CASB, FWaaS and others. This unified platform will help organizations by simplifying secure access to critical resources and networks. The more streamlined model allows IT security teams to easily connect and secure all of their organization’s networks and users in an agile, cost-effective and scalable way.

Gartner also suggests that SASE offerings will offer policy-based “software-defined” secure access with a more agile and flexible networking where security and IT professionals of organizations will be able to customize the level of security, performance, reliability, and cost of every network session based on the identity of each user and prioritization of access needed. 

SASE enables the consumption of integrated secure network security services which promotes the adoption of digital transformation, edge computing, mobile workforces and identity and access management. Further to more advanced security and networking, key benefits include IT productivity, cost reduction, efficiency and flexibility to adopt new business services. Additionally, SASE enable organizations to update their security solutions against new threats and establish policies more quickly for the agile adoption of new security capabilities. For organizations looking to adopt the SASE model for their network security, it’s important to implement a solution that hinges on the Zero Trust approach. 

Zero Trust is a Process, Not a Product

Zero Trust (ZT) is a decade-old security approach that is based on the idea that organizations can’t automatically trust anything inside or outside their perimeters, but instead should verify anything and everything before granting access. They must also keep an eye on users within their borders at all times, and be able to get a warning when (and where) exposure is imminent. This Zero Trust model to secure network access services allows for the delivery of high-security, enterprise-wide network services virtually, and on a subscription basis for small and mid-market to large enterprises.

“Companies cannot afford to trust internal network traffic as legitimate, nor can they trust employees and partners to always be well-meaning and careful with systems and data. To manage the complexities of their environment without constraining their digital transformation ambitions, many companies are moving toward a Zero Trust (ZT) security model — a more identity- and data-centric approach based on network segmentation, data obfuscation, security analytics, and automation that never assumes trust,” states analyst firm Forrester Research. 

When implementing a Zero Trust security architecture, IT managers must isolate resources within their IT infrastructure using micro-segmentation. By dividing network resources at a granular level, organizations tune security settings to different types of traffic and create policies that limit network and application flows to only those that are explicitly permitted. This network micro-segmentation approach allows security teams the flexibility to apply the right level of protection to a given workload based on sensitivity and value to the business.

Today’s digital businesses need security technology partners that offer a range of capabilities that are easy to use and integrate, improve their network visibility and support the ZT model. The modern enterprise places a high value on partner solutions which can apply security controls across environments uniformly and quickly, with features that allow them to modify security policies and access as business needs change. This is where the SASE comes into play with a Zero Trust mindset. 

Zero Trust in a SASE World

Given that the Zero Trust network access model is geared around data access controls and visibility to organizations’ corporate resources, it’s easy to understand why Zero Trust and the SASE model are a perfect match. The two core elements of every SASE platform are its CASB (Cloud Access Security Broker) and the ZTNA (Zero Trust Network Access) solutions. 

By implementing both CASB and Zero Trust organizations can control their users’ activity and access based on preassigned rules created by the IT team. 

This will allow them to fully monitor their employee’s access to the different resources inside their network. But restricting user access to specific cloud resources based on each user or team of users isn’t the only feature that makes Zero Trust so attractive for organizations looking to implement the SASE model. The importance of complete network visibility is also a deciding factor.

As organizations implement SASE platforms with a Zero Trust model that has CASB, ZTNA and Layer7 (the application layer) integrated, IT managers have full control and visibility of user’s access throughout their organization’s networks and applications. Additionally,  any organization’s Zero Trust solution should be easily able to easily integrate with their current IAM – for example Azure AD, Okta and MFA. 

The number of agents required on a device will be reduced with SASE compliant solutions such as Zero Trust Network Access to a single agent or device with streamlined access policies that do not require user interaction while at the same time providing a consistent access experience regardless of the location or resource requested. y providing Zero Trust protection of user sessions seamlessly and consistently on and off the enterprise network, SASE solutions will offer end-to-end encryption as well as web application and API protection (WAAP) services. Using Zero Trust Network Access, SASE platforms will also extend protection to endpoint devices for public Wi-Fi network protection to protect remote workers. This dual-sided approach is crucial as endpoints pile up and expand their reach into organizational networks from afar.

There is No SASE Without Zero Trust 

As we are seeing a massive shift for organizations of all sizes moving to a more modern user-centric model, where the cloud and mobile are the center of attention, we need to adopt an approach that helps them enable better and more flexible security. The model we’ve been waiting for is here and it now has a name; SASE.  

This new approach will allow organizations to easily control their security and connectivity all under one platform. However, we must not forget that the Zero Trust model is a cornerstone of SASE and in a way, is a reason it can be defined as “unified”. Implementing Zero Trust alone is a strategy that gets companies most of the way there, in terms of security, but as this approach is delivered as a service alongside other functions, SASE begins to materialize. In the future, instead of thinking that Zero Trust and SASE are each a stand-alone offer, they will both reinforce each other to provide a revolutionary offering.  

Read More