Why Enterprises Prize SASE
Reading Time: 3 minutes

It’s called SASE, or Secure Access Service Edge – but perhaps only for now. When the next analyst firm puts a label on it, the acronym will have competition, but the letters describing the newest concept in security could spell anything: it’s the solution behind them that matters. SASE was named first by Gartner to describe a new type of SaaS product that combines both security functions (such as the ability to deploy 2FA, firewalls, or traffic monitoring) with networking tools (micro-segmentation, access rules, VPNs) so that companies can streamline their consumption of these two crucial ideas.

Easier deployment of security across disparate cloud and local networks, and easier setup and management of said networks are just the icing on the cake. The revolutionary benefits of SASE go deeper, and entail tangible advantages that are inspiring enterprises in extraordinary numbers to adopt the solution – or at least to initiate a transformation in SASE’s general direction. In just a handful of years, SASE will have transformed the security landscape to be nearly unrecognizable.

You’re Why Your Firm is Considering SASE

Users like yourself might not intend to do damage or expose the network, but now that we connect to countless apps spanning the cloud, and with many more devices, we each present a unique risk. The skyrocketing prevalence of insider breaches, and not those occurring from the outside, are one primary reason why SASE is a future-focused tool. Since 2018, data breaches caused by insiders have risen by a whopping 47%, and 68% of firms cite this as their chief security concern. Consider also that it’s common for companies to conceal breaches caused by an insider and to not report them, so their consequences and frequency are worse than reported. 

SASE is inherently user-centric, meaning that the security and networking functions typically included in a SASE setup help IT teams to follow and restrict users through their network journey. This is better than giving them approval for unlimited access at the door, as we used to do. It might sound like a lot of work, but the tools provided by a SASE solution allow it to happen in a very scalable way.

Security That Gets Close Up to Users

We all know that network resources have varying sensitivities: The local server containing a proprietary algorithm is more sensitive and therefore should be restricted to more people than, say, a cloud-based Salesforce app. Perhaps only a few trusted developers and the CEO need access to the former, while several departments use the latter every day. Selective access to certain parts of the network used to require hardware and software together, plus lots of manual work from the IT team. SASE makes it easy from a single spot in the cloud.

The two features that underpin user-focused security, also known as Zero Trust security, are micro-segmentation and access management based on Identity Providers (IDP). IT can enforce user logins via a centralized IDP like Okta or Google, and then based on the user or their device, automatically apply relevant security to them. This might include a specific encryption protocol, a custom access profile for resources, 2FA, and much more. When a new part-time worker abroad is onboarded, IT can enter their administration panel, quickly assign the employee an IDP, and drag and drop it into a profile built to consider all the various data sensitivities relevant to remote contractors, limiting access accordingly.

SASE: Giving Small IT Squads Big Power

The benefits of SASE are highlighted when thinking about how much effort IT teams go through to close gaps in the network. Unification of two ideas close to the heart of any IT manager – networking and security – can bring the resources they are tasked with protecting under one roof and their job much easier. The cost savings are also mouth-watering for enterprise IT managers, who are able to trim their towering stacks, and get leaner and meaner than ever before. 

 

Read More
Thanksgiving-Blog-Image
5 Network Security Technologies to Be Thankful for This Thanksgiving
Reading Time: 4 minutes

Thanksgiving is the time to reflect on all we are thankful for. While 2020 may have not been an ideal year, we have decided to focus on the aspects of network security that we are thankful for in any case.

2020 was a major year for the network security industry. While organizations made the shift to working from home overnight, the inevitable move to remote work was accelerated and securing the network became top priority for IT teams.

This past year we saw improvements in network security throughout the space and here at Perimeter 81, we are grateful for all the different ways that relevant technologies and solutions have evolved in the last year.

From faster and more effective authentication technologies to remote work networking infrastructure, 2020 has proved that network security is headed in the right direction.

As we take a look at the past year and move forward, here are the 5 network security technologies we are most thankful for.

Secure Remote Access 

Before COVID-19, most employees did not have the option to work outside the office. Although remote work and the “digital nomad” lifestyle has been steadily on the rise over the past few years, it was far from the norm. 

Suddenly, in March, all of that changed, and employees were required to work from home for the foreseeable future. Now organizations have implemented secure remote access solutions that provide their employees with a fast and secure remote network connection that don’t lag. 

Most remote users are connecting to their work environments that reside on the cloud and need to be granted full network access to reach their environments. Over the past year, more organization’s are dissolving their VPNs and providing teams with a more scalable and secure remote access solution. 

Encouraging a more user-centric model, organizations are providing their remote workers with a quicker and more secure network connection to their corporate resources and applications.

Multi-Factor Authentication

It’s 2020 and MFA is everywhere. Multi-factor authentication (MFA) is one of the key technologies in use today for verifying the identities of users. With its roots in the RSA tokens and then Google’s Beyond Corp, MFA requires that a user requesting access has not only something that they know (ie. their credentials) but also something that they have. 

This kind of verification might be carried out with a device or by an application on the user’s device like Google Authenticator, push notification to their mobile, or in the worst of cases an SMS. The hope is that if an attacker has stolen the credentials from a breach, data dump, etc, then they will be denied access when challenged with MFA.  

A large amount of today’s massive data breaches are due to the result of the lack of password hygiene that fails to provide enough protection. In the past, a single authentication login may have been enough, but as hackers have become more sophisticated it has forced multi-factor authentication (MFA) to become a must when authenticating a user. 

By requiring users to login using their account password and then go through a second step, you can reduce your company’s potential risk exposure.

Micro-Segmentation

When mitigating risks inside an organization, it’s best not to put all your eggs in one basket. Micro-segmentation in network security refers to breaking up the different data or other resources into smaller and segmented sections, decreasing the chances of an attacker gaining access to all the critical resources and applications. 

Even if hackers breach a part of a network they won’t be able to gain access to all the data on the network just a small amount. Forrester Research recommends dividing network resources at a granular level, allowing organizations to tune security settings to different types of traffic and create policies that limit network and application flows to only those that are explicitly permitted. 

Adopting the network micro-segmentation approach provides IT and security teams with the flexibility to apply the right level of protection to a given workload based on sensitivity and value to the business.

Limited Privilege Access

With everyone working remotely, providing access is key but not every employee needs access to everything. This is the idea of limited privilege access: the model that users should only have access to resources they absolutely need in order to do their job well while also respecting security. 

Insider threats or the possibility that a user’s account has been compromised are common concerns that can be mitigated if we are able to limit what users are supposed to have access to in the first place. So even while we still require verification for every user, we need to provide everyone with the minimal level of privileges that they need for their job, hopefully making it harder for adversaries to access more valuable bits of information or controls. 

By the same token, we should be monitoring user behavior throughout all of their interactions to ensure that they are behaving like they are expected to. Chances are that Steve from accounting probably does not need to have access to your users’ passwords or other sensitive data that is unrelated to his job.

Secure Device Management

Nowadays, everyone is connecting from everywhere and different devices. This has created a challenge for IT and security teams to ensure their connection is secure at all times. By providing all your employees access to every resource in your organization, they are potentially creating more points and levels of risks. 

To keep it simple, only give network access to employees that have provided and passed the authorization process for each device. By limiting access, you will be safeguarded from potential leaking of your organization’s sensitive information (personal information, financial information) of the organization that shouldn’t be seen by your entire staff.  

With machines calling in for access from around the world, verifying that each device has proper authorization is essential. These may be mobile devices belonging to employees or an AWS server, verification becomes necessary before granting them access.

As you are checking the timer while cooking your Thanksgiving Turkey, catching up with family in person or virtually and jumping for joy while watching the big game, don’t forget to be thankful for the different technologies that keep us safe this thanksgiving. We certainly are.

Read More
Law Firms: A Lucrative Hacker Target
Reading Time: 4 minutes

Compared to banks or tech companies, many might think that lawyers and law firms don’t rank highly on the list of top hacker targets. But experienced hackers know that successfully breaching a corporate law firm with high-profile clients would be a jackpot. Attorney client privilege means that lawyers can know things sensitive to their clients without being legally compelled to reveal them: Things that hackers can ransom or steal, like trade secrets, family matters, financial dealings and more. The bigger the client, the bigger the data trove.

Other legal concepts like chain of custody – that no third parties can even access digital evidence if it’s to be admissible – make it crucial to consider cybersecurity and access management for law firms. Data and client information must be kept safely out of reach yet still in the law’s possession for the legal process to work, after all. Cybersecurity is therefore becoming a hot new department in firms across the country, and top IT hires deploy a mix of technologies to protect clients and the law itself.

Reinforcing the Letter of the Law

The problem with attorney client privilege is that information told to one’s lawyer no longer stays in his or her head. The modern lawyer files it into the digital system used by the law firm to help organize cases, collaborate with associates, store documents and more. This means it’s hackable, and neglecting to secure systems like these means the risk of ending up like Grubman Shire Meiselas & Sacks – the high profile firm of stars like Madonna, Lady Gaga, and Robert DeNiro. Grubman was successfully targeted by hackers who ransomed 756 gigabytes of email addresses, phone numbers, contracts, and personal information of the firm’s A-list clientele earlier this year.

To avoid a reputation-crushing event such as this, law firms should secure their internal data storage and case management platforms with an array of technology that stops unauthorized access both from outside and inside. IT professionals tasked with protecting their firm will need to consider the following ideas if they want to minimize risk:

Segmentation of Client Data 

Sensitive client and case data must be segregated from other types of data, like information about lawyer salaries or office administration. Though it’s true this should also be kept away from hackers, it’s more important to identify which critical client data the firm keeps and where it’s kept. Whether it’s on local drives or a third party cloud, this type of data should never be stored in the same place as the less sensitive stuff, or else the result could be ruinous.

To be able to easily visualize pieces of the network, including places where data is stored and how these sources connect to the firm’s SaaS resources, the firm’s IT team should prioritize software-defined networking tools that more easily integrate into the variety of solutions in place at the average firm. This will enable them to micro-segment the network, and then with an accompanying access solution, create automatically-enforced rules that control exposure to client data.

Control Access with an Iron Fist

Not all employees of the law firm should have the same degree of access to data. Secretaries and associates, for example, shouldn’t enjoy the type of accessibility that the managing partner does. This concept can be enforced after the firm’s network is segmented into pieces based on sensitivity, but also relevancy. Few need access to whatever financial applications help streamline complicated billing processes, for example, so this would be one segment of the firm’s network that only relevant roles would have access to.

By implementing an Identity Provider and Single Sign-On solution to the firm’s IT bundle, network access rules have granular qualifiers such as role, device, and location to use when a new logon or access request occurs. If a hacker was to breach the network through a paralegal, for instance, then it’s unlikely they’d get very deep into the good stuff because the network would have already restricted this role’s access privileges. Another key idea is that this reduces the prevalence of insider attacks as much as those from outside.

Always-On Protection

All firm data should be encrypted while at rest and while in motion. Top encryption measures like SHA256, in whichever protocol most suits the network infrastructure, should be enforced by bottlenecking network access through a VPN client. This extends to using standard email communication as well, especially as this is the medium by which most sensitive information is sent from one place to another. A stronger and more secure method of communication is necessary, and that means encryption plus a host of other solutions like 2-factor authentication.

Lawyers and law firms also require a method of tracking down breaches or attacks after they’ve occurred, which will help lead to some restitution or at least recovery. Monitoring software that watches and records traffic moving across the network helps retrace your steps, and more easily reveals where weaknesses are – even if they need to be exploited to discover them. With proper network and security precautions in place, monitoring is almost never used in this way, but that’s how it should be.

Lawyers must also recognize that the host of digital and mobile tools and devices that help them do their jobs are also a threat if not handled correctly. Education of lawyers is crucial and so IT teams need to make it their job to motivate security hygiene from on high – if the board and managing partners want it so, then it will be so. This is how security must be handled for law firms to navigate the modern era confidently.

Read More
red_herring
Perimeter 81 Named as a Finalist For The 2020 Red Herring Top 100 North America
Reading Time: 2 minutes

Tel Aviv, Israel – November 16th, 2020 – Perimeter 81 has been selected as a finalist for Red Herring’s Top 100 North America award, one of the technology industry’s most prestigious prizes.

Finalists for the awards are among the continent’s brightest and most innovative private ventures. Red Herring’s editorial team has chosen their place among North America’s tech elite, during a months-long process that takes into account criteria including disruptive impact, proof of concept, financial performance, market footprint and quality of management.

“We are honored to be a finalist for Red Herring’s Top 100 North America award,”  said Amit Bareket, CEO and Co-Founder of Perimeter 81. “This recognition not only serves as a validation of our success but it also demonstrates our approach in delivering enterprise-level network security solutions to our customers. 

For over two decades Red Herring’s team has seen through the tech sector’s hype to select brands that have become industry benchmarks. Previous Top 100 finalists have included Alibaba, Facebook, Google, Skype, SuperCell, Spotify, Twitter, and YouTube. 

The Top 100 North America has become not only a springboard for some of tech’s biggest names, but a valued and trusted tool for venture capitalists, experts and analysts predicting trends at the industry’s sharpest edge.

“Selecting finalists for this year’s Top 100 has proved more difficult than ever,” said Alex Vieux, publisher and chairman of Red Herring. “North America has been tech’s beating heart for years–but never have I seen such an exciting, disruptive and innovative generation as we have in 2020. “

“Perimeter 81 fully deserves its place among our finalists, and I’ve every confidence it will make a significant impact in the tech world,” added Vieux.

Finalists are invited to present their winning strategies at the Red Herring Top 100 North America conference on Nov 17-18, 2020. The Top 100 winners will be announced after all the presentations at the Top 100 Forum.

About Perimeter 81

Perimeter 81 is a Zero Trust Secure Network as a Service that is simplifying network security for the modern and distributed workforce. Based in Tel Aviv, the heart of the startup nation and a global hub for innovative technology development, Perimeter 81 was founded by two IDF elite intelligence unit alumni, CEO Amit Bareket and CPO Sagi Gidali. Perimeter 81’s clients range from small businesses to Fortune 500 corporations across a variety of sectors, and its partners are among the world’s foremost integrators, managed service providers and channel resellers. Earlier last year, Gartner selected Perimeter 81 as a Cool Vendor in Network and Cyber-Physical Systems Security.

Read More
networking_mistakes
5 Top Networking Mistakes and How to Avoid Them
Reading Time: 4 minutes

“To err is human” and as we know, everyone makes mistakes. Some can be harmless or slightly embarrassing, but there are mistakes that can topple an entire organization. Oftentimes, we assume the bigger the mistake, the faster we will respond in order to fix it but it is important to understand that even the slightest error can have immense consequences. 

IT teams have the all-important responsibility of ensuring that the corporate network is working smoothly and securely according to the organization’s policies. It’s their job to configure and update the network to the latest best practices for networking. Whether fixing security patches or adopting the latest technology on the network and its infrastructures they have to be aware of the possible mistakes that can occur in their position.

If your IT team is inattentive or doesn’t sufficiently prepare and strategize for possible changes in the network, it can result in massive mistakes that can put the network and even the organization at risk. 

The first step to solving mistakes in IT is understanding and acknowledging that errors and mishaps can and will occur. The next step IT managers need to take is understanding what action they need to implement to fix the mistake that occurred under their watch. Instead of overthinking how these networking errors happened and what could have been done ahead of time to avoid these mistakes, it’s best to do some research on best practices that will help avoid future networking mistakes to occur. 

To help avoid possible networking mistakes, here is our list of popular mistakes that IT teams tend to make with networking and how to fix them:

Forgetting To Set Access Controls 

Most organizations are storing sensitive data and resources inside their system whether in the cloud or on-premises. To gain access to these critical resources, users need to connect to the network where the resources are located. If access controls policies and regulations are not set properly then it will allow unauthorized users to easily gain access to the critical resources. 

To prevent any unauthorized access to your network environment and resources, IT teams need to implement the right amount of access control regulations. By implementing the proper access regulations it will prevent unauthorized users from gaining access to your organization’s network and resources. By enforcing access controls inside your organization, users will be only able to access the network and resources that they need to do their job. 

Ignoring Communication 

Communication is key, especially when it comes to working in networking. Despite IT managers working in a field where data is being communicated between devices and networks, many networking professionals are lacking proper communication in their day-to-day job.   

Neglecting proper communication occurs across all the different management levels of networking. When new features need to be applied to network infrastructure, or if a network security solution is being integrated, there must be open communication between the IT team and the rest of the organization. Without any communication, it could create massive mistakes which can increase security risks or internal setbacks. 

Overlooking Network Device Logs 

When possible, it’s best to have complete visibility of the network. Luckily, networking device logs can provide IT managers with better visibility into their users’ network activity. Network professionals at all organizations should be continuously checking their user’s network device logs. Each user device generates different logs that provide network visibility information that can help IT managers gain a better picture of the network. 

If the network team overlooks logging and ignores to collect the information in the logs of the network devices, then they are making the mistake of gaining valuable network insights in their organization’s network. To fight off these mistakes, it’s best to use networking solutions that come with an event logging feature (SIEM) integrated within the solution. IT managers will have a better understanding of the user’s history, network event logs, security events, and a more complete network visibility.

Not Expecting Any Updates to a Network

Organizations are more agile than ever before. Launching new features, applications and updates weekly. With every new launch, another situation is created where the organization is relying on the network to operate normally. This creates the situation for IT managers to be ready for any changes that are thrown their way. The IT team needs to anticipate every kind of change or integration to be added to the network before it occurs.

By strategizing ahead of time for different changes on the network, IT managers can account for network scalability and network space needed for future changes inside the network.  By planning ahead, IT managers will be ready for any kind of update on the network no matter the situation. 

Neglecting to Update Network Device Passwords

Passwords are seen as one of the most common forms of security, and they can be highly effective when used properly to protect the privacy of data stored on networks. When installing a new device on a network, the first thing that IT managers need to do is to update the password on the device from the default password that came with it. While this task might seem negligible, too often security teams forget to update the password, putting the organization’s network security at risk. 

No matter the level of the device, each password should be unique and be updated every few weeks. Implementing a stronger password-protection company-wide policy with periodic expiration of the password and multi-factor authentication can provide an additional layer of security against hackers.

While these five networking mistakes happen more often than any IT manager would like to suggest, with proper strategy and understanding of possible networking mistakes will allow IT teams to work more productively without worrying if they are in the wrong.

Read More
Get Granular with a New Feature: User Configuration Profiles
Reading Time: 3 minutes

The ABCs of proper network security start with A, of course. A is for Access, and it’s the basic idea that lies at the heart of any secure organization. Employees connecting to essential corporate resources shouldn’t have the same access policies, or else they all represent an equal threat to the organization’s data, and present a wide attack surface to hackers.

Just as you wouldn’t give every employee the same access privileges, configuring their security software the same way is also something to avoid. No two employees connect in the exact same way, and designing security as if they do is a mistake. That’s why we’ve recently released the newest of many layers in our multi-layer network security platform: User Configuration Profiles.

Scalable Security Starts with Configuration

Some of the most dangerous security blunders involve mismanaged software configurations, and according to a recent Threat Stack survey, over 73% of companies were able to identify at least one serious misconfiguration happening in their own networks. One wrongly-toggled setting can create wide gaps in security that aren’t easily identified, because they may not happen to every user, and because misconfiguration is a problem that doesn’t call a lot of attention to itself – unlike breaches like DDoS attacks which occur overtly.

To combat configuration mishaps, it’s important to configure each employee’s security software in a way that complements their unique situation. Legacy solutions don’t provide this capability, forcing companies to use the same configuration for all users, or they force IT teams to work manually and configure each employee on a case-by-case basis.

When creating a User Configuration Profile, you can define how the Perimeter 81 agent or web platform is configured – down to the granular details – and then assign it to a relevant user or group of users in your network. Profiles allow you to differentiate configurations for users with different roles, devices, locations, operating systems, and more, and save and reprioritize them so they can quickly be assigned to new users.

How Does It Work?

Account managers and admins can find the User Configuration Profiles tool under Settings, after logging in to the Perimeter 81 web platform. After clicking on User Configuration Profiles under Settings, you’ll see the menu where your previously-created profiles live. There will already be one Default Profile here, which includes all your users.

Clicking on the Add Profile button brings up the screen where you’ll name the profile and assign it to a predefined group of users: these are the only two fields required for your profile to be listed on the previous screen.

Below the fold, you’ll be able to tweak this profile’s configuration options for both the Perimeter 81 web platform and the agent. Specifically, configuration options include General Settings, Network Settings, and OS-Level Settings.

General Settings: Available for both the web platform and the agent. General settings include the ability to automatically log users out after a certain period of time, to connect users to a specific public gateway, to connect on launch, to enforce automatic upgrades and other basic options.

Network Settings: Only available for the agent, network settings let admins determine how and when traffic through these users’ devices is encrypted. Options like our patented Automatic Wi-Fi protection automatically activate a VPN connection on unsecured networks, while Always-On VPN cuts the internet if encryption falters, even momentarily. Other options include a VPN kill switch and the ability to specify Trusted Wi-Fi networks.

OS-Specific Settings: Another agent-only configuration option, OS-specific settings determine how users on different operating systems can connect. The central utility here is that the profile’s users are protected with a VPN encryption protocol chosen specifically for their OS, for example you can enable IPSec encryption for Mac users and WireGuard for Windows users, or any combination in-between.

Configurations Galore

Perimeter 81 customers will notice that multiple users can be assigned to one configuration profile, but also that a single user might be a part of multiple configuration profiles. With the additional ability to swap the priority of active configuration profiles, customers will enjoy newfound customization and granular control over an often underestimated element of network security.

We look forward to adding new security and networking features that further strengthen our customers against data theft. For now, we recommend you get acquainted with User Configuration Profiles, and the best place to get started is our helpful knowledge base article.

Read More
IT Report Banner
What Do Successful IT Leaders Identify as Their Top Remote Work Challenges?
Reading Time: 5 minutes

Network security is our expertise at Perimeter 81. With this in mind, we are excited to announce that we have released our State of Network Security report for 2020. The purpose of the report was to get a better understanding of the different secure network access challenges, facing IT managers from companies of all sizes and industries. We sought to determine the key IT and security insights they encountered since the shift to remote work, and the result provides insights into the IT landscape and how its leaders think during these transformative times.

The COVID-19 Pandemic Accelerated Remote Work

2020 has proven how important network security truly is. Due to COVID-19 health concerns, businesses were required to enforce company-wide work-from-home policies overnight. For many organizations, this new reality found entire teams working remotely for the first time ever. It was common for employers to focus the first two months of quarantine on ensuring that employees were healthy, devices were connected and projects continued to move forward, all while adjusting to the home becoming the new office. Now, with no real end in sight, businesses are facing the possibility that they will be managing their remote teams permanently, at least for some portion of the traditional workweek.

More than ever remote work is now considered a key element of effective business operation due to results including greater agility, employee satisfaction and productivity, and reduced costs. This incoming shift has created an unprecedented set of challenges for IT managers, however, who may not have experience leading their businesses’ networking and security remotely. 

With more employee devices and endpoints, IT teams are experiencing the challenge of lower visibility and potential network exposure, as their legacy security infrastructures can’t cover an increasingly dispersed and cloud-reliant workforce. With each passing month, IT and security teams are implementing more cloud-based SaaS vendor solutions on top of their network. While this may help businesses gain agility and boost productivity, it comes with security and networking challenges that must be addressed sooner rather than later.

Key Takeaways From The Report 

IT-report-

Majority of Organizations Poised to Adopt Cloud-Based Security Solutions

As technology advances by the day so do business networks. Thanks to the cloud, networks are now faster and more accessible than ever. However, as more devices connect and transfer large amounts of data between off-premises resources, it puts a massive obstacle in front of IT and security teams.

IT-report-2

These obstacles exist because until now, IT secured remote workforces with legacy technology, which creates bottlenecks and limits network visibility in situations where workers exclusively connect from home. Legacy solutions like VPNs – currently in use by 66% of IT managers – and firewalls make security difficult, because they are unable to scale to many different connections, each with various characteristics and risks.

To ensure that their growing number of remote employees are connecting securely to their hybrid-cloud network, no matter where they work from, IT and security teams are overwhelmingly looking to adopt secure information access solutions to replace or complement their legacy tools. This has meant an embrace of cloud-friendly security for a multitude of reasons.

IT-report-3

According to IT managers, their organizations are now more likely to invest in modern, secure information access solutions to support the remote workforce. With it they can complement their existing cloud infrastructure and replace old solutions that limit agility, security, and cost-effectiveness.

Increased Remote Worker Productivity But Network Performance Presents Obstacles

With remote work further ramping up investment in the cloud, companies are now concerned with making their hybrid-cloud networks as efficient as possible. The cloud is already beneficial in terms of reducing infrastructure costs and boosting accessibility for remote workers, but to maximize ROI, organizations want to help employees using the cloud perform as best as they can. For many, this has meant achieving the same low latency conditions that workers used to experience when they accessed resources that were hosted nearby.

In a network that’s accessible to remote workers, a wide array of different connections occur simultaneously across multiple resources. Unsurprisingly, for the majority (43%) of respondents, latency is sometimes experienced across these networks. This comes in the form of lag time when users connect and input data or commands into applications.

IT-report-4

Scalability, Budget Top Challenges for IT Leaders as Remote Work Becomes Permanent

A corporate network that is optimized for remote workers is crucial for satisfying operational goals and ensuring business continuity in the “new normal”, but these aren’t the only concerns for a growing company. The survey results reflect this idea well. Because new resources (such as SaaS applications) and users are added to the network as the organization matures, the scalability and visibility of user access enters the picture.

IT-report-5

With time, it’s possible for IT to make any remote access solution work well for a static number of apps or users. If they don’t do it in a scalable manner, however, the team must invest similar effort every time the network changes slightly. Accordingly, when asked about obstacles in the way of a secure remote workforce, most companies agreed that difficulty finding a scalable technical solution will likely loom the largest.

IT-report_5

Another interesting takeaway is that scalability and budget availability are neck-and-neck regarding secure remote work challenges, at 39% and 38%, respectively. In many ways, this makes sense: What’s the point in finding a scalable remote access solution if there’s no room in the budget for it, or alternatively, what’s the use in a non-scalable yet affordable solution?

Ultimately, workforces everywhere are already embracing the remote work status quo, and organizations have added tools that help them do their jobs from anywhere. The issue has then become how to increase the efficiency of the remote work security apparatus now that it’s in place.

Final Thoughts 

Remote work is here to stay, during and after COVID-19. The change it’s had on the business world, or more specifically the information technology supporting the business world, has IT managers thinking differently than they once did. Data gathered on various topics posed to these managers, surrounding remote work and networking trends, gives us a glimpse into how decision-makers in the industry see things moving forward.

Read additional valuable takeaways from this research and access the full report 

Read More
cybersecurity awareness month
5 Security Tips in Honor of Cybersecurity Awareness Month
Reading Time: 3 minutes

Each October, security professionals kick off Cybersecurity Awareness Month. First launched by the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security in October 2004, Cybersecurity Awareness Month is helping internet users all over the world stay safe and secure through awareness and training.

In 2020, cybersecurity awareness has taken on a new meaning. While in the past, IT and security teams have carried the main burden of securing their organization’s network, data, and resources, the last six months have proven that this is not enough. Now that home is the new office and entire organizations have shifted to remote work, each employee shares equal responsibility for the safety and security of their company’s network.

Before the transition to working from home, it may have been enough to require employees to lock their computers when leaving their desks, or enforce frequent password updates. Now, each employee has become the CISO of their home office, and most of them lack the proper training, opening the door to security hacks and breaches with simple mistakes.

Cybersecurity awareness and training for employees has always been important, but with the work from home model here to stay, CISOs and IT managers have been adjusting their business continuity plans and cybersecurity strategies accordingly. Whether working from home, from the office, a combination of both, or on the go, employee awareness should always be at the top of the security team’s mind.

In honor of Cybersecurity Awareness Month, we’ve compiled our top 5 tips for protecting your organization’s network and employee data, whether your workforce is remote or back in the office.

1. Increase employee awareness

“Only amateurs attack machines; professionals target people.” This quote by famous cryptographer Bruce Schneier in 2000 is still true 20 years later. Hackers seek out vulnerabilities in human beings – phishing attacks, social engineering, weak passwords, etc. Making employees aware of the different types of attacks and explaining their significance will put employees on alert to questionable links and downloads. Instilling the idea of shared responsibility among all workers is paramount to protecting everyone’s sensitive information.

2. Train employees on an ongoing basis  

The Aberdeen Group found that security awareness training for employees can reduce the risk of socially engineered cyberthreats by up to 70%. However, they emphasized the importance of ongoing training to counter the different methods of cyberattacks that are constantly evolving. It is important to not only make your employees aware of the various risks, but to have ongoing training that is both engaging and interactive.

3. Implement a Zero Trust solution

Even the most security-aware employees might occasionally drop the ball. The Zero Trust model means that no one is trusted by default from inside or outside the network, and verification is required from everyone trying to gain access to resources on the network. While we want to believe that everyone in our organization is trustworthy, we can’t make this assumption. Limiting access to resources to only those who are authorized can significantly lower the risk of attacks and data breaches.

4. Audit and monitor your network

Log management plays a key role in your digital security strategy. Collecting logs and monitoring your network is important in order to respond to a security incident in real-time. Complete network visibility is pertinent in order to focus on network events of interest and react accordingly to potential threats. Additionally, collecting logs and monitoring your network will help you to learn employees’ behavior and to adjust your training and awareness plan accordingly.

5. Ensure that your security strategy is user-friendly 

End-users should not be preoccupied with security issues yet must be able to adhere to the guidelines laid out by the security team. Adopting user-friendly solutions presented clearly and effectively (and not highly-technical documentation that will be lost on the average layperson) is paramount in having employees cooperate with the security strategy.

While your organization may rely on the security and IT teams to create and implement a strategy, employees share responsibility to adhere to the guidelines set out by security professionals. Above all, educating employees and increasing awareness will help your team manage cybersecurity risks and vulnerabilities. If everyone does their part, we decrease the risk of data hacks and breaches, creating a safer world for everyone.

Read More
A Day in the Life of a Security Incident Response Expert
Reading Time: 6 minutes

Listen to this podcast on iTunes, Spotify or wherever you find your favorite audio content.

In this edition of the Beyond the Perimeter Podcast, we discussed the NorthShore data breach and interviewed Reut Menashe of Tetrisponse about security incident responding. 

Breach of the Month: NorthShore Foundation

On July 22nd, NorthShore University HealthSystem announced they were part of a data security breach which potentially had affected over 348,000 people. They were informed about the breach from a company named Blackbaud, a software services provider to thousands of nonprofit fundraising entities worldwide, including NorthShore Foundation. According to Blackbaud, the breach occurred due to a ransomware attack on its systems between February 7 and May 20, during which time unauthorized individuals accessed and extracted some of Blackbaud’s client files.

NorthShore determined that patients’ full name, date of birth, contact information, admission and discharge dates and more information were accessible by the attackers. This incident was not a breach of NorthShore’s internal applications or systems; that means no patient medical records were accessed. 

In this episode, I talked to Reut Menashe to learn more about her experience as an incident response expert and how she helps companies when they experience a cyberattack.

Interest In Computers Cemented Her Career 

Like many security experts, Reut’s interest in computers started when she was young. “I loved computers when I was little. I remember playing with a computer that my parents bought me and because I was the only one who understood computers really at the time, I taught myself how to use them. This was the start and from year to year I quickly understood that I’m a self-learner. I learned a lot online over the internet with friends and when I joined the Israeli Army of course, it gave me a lot of knowledge and this is where I learned my roots/”

Despite being an early adopter for computers, she isn’t a fan of programming. “I never liked really programming, but I did learn it when I was in high school. My first computer was 386. This was the model of the processor, the CPU. We are talking about the middle of the ‘90s, maybe a little bit before the start of the ‘90s when the internet was beeping and making weird noises before you connected to the world wide web. In school, we learned assembly. This is a very hard language. It’s like a very low level. Basically, I remember I developed the calculator in this language. It’s a very basic program but it was very challenging at that time.” 

Like many security experts in Israel, Reut gained interest in cybersecurity due to her time in the Israel Defense Forces. “My service was actually the start of the era of understanding that information security is also not physical. It’s very much related to computers. So the defense methodology started to heat up in the army and I think I was one of the first to be part of information security in the defense of the Israeli Forces Army.” 

Many security experts take their knowledge from their army service and use it in their professional careers. In Reut’s case, it built her career. “I finished my service and just started to work in the industry here in Israel. I worked as an information security consultant in one of the local companies. It was a very global company named GRC and because of my skill of exploration and curiosity, I think this is something that helped me a lot to develop and to make a new skill set during these years. I love to learn. So everything that I don’t understand or I feel a little bit uncomfortable with, I have the need to go and research and to understand it. So this is one of the most important skillsets for hackers I think, curiosity. So you can’t be a good one without it.”

Life As a Security Incident Responder 

One of the more interesting jobs in the security field is being an incident responder. For Reut, her expanded skill set has helped her thrive in her job. “To work in incident response you need to collect a lot of skill sets in the tech world. You need to understand how networks work and what kind of infrastructure organizations are using and how the technology of the infrastructure is being deployed and you need to understand the operating system. Your familiarity with specific databases needs to be specific with specific technological SOC  and how developers are working. So you need to have vast experience in a lot of technological topics in order to be good incident responders. Over the years I have collected a lot of information. I gain a lot of knowledge within the technological world from the security perspective of course.”

Unlike many jobs in the tech world where you are more or less doing the same task every day, Reut’s day looks completely different every day. “Basically we will get a phone call from a company that has an issue and they don’t know how to solve it because most of the companies are not familiar with information security. They don’t know how to approach it and possibly they have like maybe a ransomware attack or maybe someone who tries to manipulate them or one of their assets is being leaked or such. There are a lot of scenarios.

When I meet with a company that I have no familiarity with, I don’t know how they’re working. I don’t know what kind of technology they have. I have to learn this very fast and to understand how I’m going to contain the incident and to make the attacker go away and mitigate and minimize the reason that the attacker put into this company’s life. You need to be very experienced in order to tackle and to handle an attacker that knows exactly what they are doing most of the time.”

To understand the attacker’s mindset, Reut uses her love for security and expertise to understand how a company was attacked. “I bring my expertise and my passion together in order to help those companies to go back to their day-to-day job and this is the main goal.”

No One is Truly Secure

When asked what steps businesses should take to be more prepared for attacks, Reut recommends that businesses need to know they are never completely secure. “You need to understand that you need to do something before the attack is happening. There isn’t a company that is always safe, there is no such thing. Everyone is hackable, if you understand this, this is a good approach. You can say to yourself, “Oh, I don’t have anything interesting. Why are the hackers going to come to me? It’s not true. Hackers have a lot of scenarios that they can exploit in order to make them grow and make them prosper. So it doesn’t matter if you are dealing with highly classified information or with money or with the information that it’s not classified at all. Hackers are going to come everywhere where they can make benefit from. So this is the first thing to understand.”

Reut highlights the importance of security posture can be another layer of defense versus attackers. “Second thing to understand and when you know that you need to be prepared, you need to understand what your security posture is. What are the threats that your company is going to deal with? Not every company has the same threat, of course. You need to analyze the threats and think about what I am protecting from. What I’m protecting inside the company. What do I want to gain in order to protect the company? When you start thinking like this, this is already a step forward into more mature information security because you engage within a company, internally and externally. You start initiating the process and you start making things happen.”

Importance of Security Communities 

Security experts love to share their expertise for the better good, according to the Reut security communities is a great place to learn more. “I’m part of two communities, BSides TLV and Leading Cyber Ladies. I think communities especially in the COVID-19 era are something that we should very much try to be part of our life. If you join a community, it doesn’t matter which community. We’re talking about information security and cyber communities of course. It’s a place where you can gain knowledge. It’s a place where you can meet new people and you can listen to new approaches to understand what’s going on in other people’s industries and cyber worlds. So this is a good place where you can start in order to gain more knowledge and to be more familiar with the – what’s going on in the cyber world community.” 

Other than being part of a security community, Reut has co-founded different communities. “Maybe you can run your own communities if you find something that you feel very passionate about, and this is what happened to me with BSidesTLV, which is the biggest hackers community in Israel and Leading Cyber Ladies, which is a community that started in 2015 and that established the community here in Tel Aviv and I joined two years later and we start to be global. Sivan Tehila opened a New York chapter of Leading Cyber Ladies. We’re willing to open more communities, more in other locations in the world. 

So this is something I’m very passionate about, to bring more women into the industry and help them to be – to stay in the community, right? It’s not only to start in the community. You need to keep yourself in the community as well. So this is something I’m really passionate about and I learn a lot because I meet a lot of new people that teach me all the time.”

To hear the entire interview with Reut please listen to the full podcast here. You can follow Reut on [email protected]Reutooo. If you’re in need of incident response, you can reach out to Reut by email at [email protected]

If you enjoyed listening, don’t forget to subscribe so you never miss a new episode. Please also consider rating the podcast or leaving your feedback on iTunes or wherever you listen.

Read More
Edge Security and Our Strengthening Data Center Backbone
Reading Time: 3 minutes

The cloud is synonymous with data centers, making the term much more grounded than its airy nickname lets on. Behind the buzzword, it’s common knowledge that most companies in the world rely on a number of infrastructure, hosting, and computing providers that can be counted on one hand.

Providers of the public cloud have been hard at work centralizing their enormous collections of servers, and eating away at the empty space in the industry until the competition has mostly been gobbled up. Most opportunities for new providers are now on the “edge”, away from giant server warehouses and closer to cloud consumers.

The edge is simply where users are, it’s that simple. It’s where applications are being accessed, rather than where the servers sit. Computing, storage, and other ideas have moved to the edge to better serve users, and it stands to reason that security should be on the edge as well. Otherwise, processes like authentication and encryption occur over much longer distances and place limits on productivity – largely due to high latency.

Perimeter 81 Serves Security from the Edge

As both resources and network infrastructure management make transition to the cloud, it no longer makes sense to conduct security through legacy solutions, which were designed to protect the classically defined network perimeter. The perimeter has dissipated, and is now where users are – and especially in the era of remote work, it makes sense to apply security practices at network nodes that are outside the traditional core. 

The edge must be secured with the same ideas required by the core, including:

  • Visibility of all resources, not just those that are on-premises
  • Monitoring that encompasses users and endpoints on the edge
  • Data and traffic privacy at all times and states
  • Resource access policies that incorporate the cloud

A quickly growing number of remote workers with access to the cloud means that countless endpoints have direct access to company data, so the same security processes that used to happen between office PCs and office servers now must happen between a mobile phone and a local data center. To help our customers achieve this feat, we’ve been building a backbone of global data centers that better supports edge networking and security.

Perimeter 81 Customers: Deploy a Custom Cloud Edge

With five new self-managed gateways being added to our already strong backbone of global data centers, Perimeter 81 customers are able to orchestrate access more safely and efficiently from the edge of their networks. These five gateways also offer customers a greater degree of control over their local hardware.

New Data Centers:

  • New York
  • London
  • Silicon Valley
  • Dallas
  • Israel

Now in production, customers are able to set up new network gateways in New York City, Dallas, London, Silicon Valley, and Israel. A crucial part of this infrastructure is that it’s proprietary and not set up by a third party, allowing Perimeter 81 (and our customers by extension) granular knowledge and control over specifications and configurations, downtime, and more.

Exercise Greater Gateway Control:

  • Proprietary managed and set-up hardware
  • Tailored configuration, downtime and other details
  • Redundant internet connectivity
  • Connections routed through our IPs, not public
  • Priority bandwidth

We offer priority bandwidth in these locations, and do not route customer connections to our gateways through the internet or cloud providers: All connections are direct on our own IPs, which prevents customers from being blocked due to public or ISP origins, and also allow the fastest speeds and lowest latency possible. 

In addition, all gateways come with redundant internet connections that keep your users productive even on the rare occasion that an ISP drops. This is a new and beneficial precedent that we’re setting for our customers, who we want in the future to be able to customize their networks and receive the most secure, low-latency, and streamlined experience possible.

Read More
work_from_anywhere
Can You Prove ‘Work From Anywhere’ Employees Are Secure?
Reading Time: 5 minutes

Before 2020, the idea of working from anywhere wasn’t the way most companies operated. A small number of open-minded organizations were the early adopters of a more flexible way of working but not many. Despite further adoption of remote workers, popular tech giants, corporate companies, and even startups weren’t as open to the idea.

While working remotely isn’t a new idea it has gained more traction in recent years due to an expanding array of benefits for organizations and their employees. Some of the benefits include increased work productivity, better retention of employees and cost savings. One of the key benefits that people tend to forget is work-life balance. As organizations allow their employees to work from anywhere they choose, whether it’s from home, a cafe, or even a different country, the flexibility of where and when you want to work can provide employees a mindfulness that adds to productivity and job satisfaction.  

buffer_report

More disparate branch offices and employees isn’t the only factor that is encouraging more organizations to go remote; we can’t forget about the technology. The idea is like the chicken and the egg: technology has advanced remote workforces and remote workforces demand more powerful technology. With the help of tech advancements made on behalf of remote workforces and the modern shift in our collective work culture, the future of work from anywhere is brighter than ever.

From a Benefit to a Necessity

Before COVID-19, most organizations saw remote work as a benefit to dole out to trusted employees, and less as a necessity. This has been thrown out the window in our current pandemic driven lifestyle. Over the past year, we have all experienced this idea – that in some way part of our professional responsibilities have gone mobile, and that is may likely become the new norm.

Close to 70% of businesses are in favor of shifting to work from anywhere permanently. Ironically, some of the major tech giants who were originally against working from anywhere have become its biggest supporters, largely due to their success during the pandemic. By 2030, Facebook said it expects that at least half of its 50,000 employees will be working from home permanently.

While the idea of everyone working from anywhere sounds ideal, it’s not without challenges. One of the most pressing is that it creates many security and networking obstacles for IT teams. IT managers need to protect hundreds or thousands of users, devices and faraway cloud applications even when they have no idea where users are connecting from – and even worse – who they are or what they’re doing in the network.  

This ongoing challenge has frustrated every security professional in every organization since early March. When their users suddenly were forced to work from home, IT teams scrambled to make sure these users could easily and securely connect to their network and resources overnight. They also discovered that the task was harder than initially anticipated.

Working from Anywhere Comes With Network Challenges

While the idea of working from anywhere comes with many benefits, organizations need to implement the right technology that will offer users a fast and secure network connection that isn’t lagging. Most remote users are connecting to their work environments that reside on the cloud, so security teams need to make sure that their security model can provide connections that are both secure and fast, no matter the location of the user. This means doing away with outdated security models.

By offering a more user-centric approach for secure network access it will allow for quick and secure connections to corporate resources and applications. Organizations that continue with the site-centric approach will be stuck with slower connection speeds which will result in decreased productivity for their workforce – and no stronger security to show for it. 

Organizations that will continue to depend on outdated network security technology will experience ongoing difficulties to the endless number of perimeters and endpoints that come with the transition to remote work. By not offering more modern and cloud-friendly network security policies, organizations’ attack surfaces are wider, and leave more doors to critical resources open for hackers. 

Even if it’s an easy social engineering attack or a spear-phishing attack, when not adopting the most up-to-date network security technology, organizations are not equipped to adequately protect a growing pool of remote employees, roles and identities, devices, and sources of data. This has forced many organizations to ask themselves how they can secure connections to the cloud when employees are working from outside the office.

Organizations Need to Be Security Ready for the Unthinkable

Organizations need to rethink how they will offer their remote workers secure access to work applications and resources. Until recently, the average organization forced employees to work with a VPN to gain remote access to corporate resources on the cloud. While this was a good idea at the time, this approach creates challenges such as latency issues when users are exclusively remote. A domino effect occurred which also reduced visibility over the organization and therefore risked compliance as well.

Instead of neglecting the proper up-to-date network security technology, organizations need to get with the times and adopt cloud-edge-based, secure remote access solutions that can integrate with the resources in use within the organization and help segment them for custom access policy. Automated policies, monitoring, and edge-networking deconstruct the barriers that previously bottlenecked IT and standard workflows. Companies can also be sure that their remote employees will stay productive no matter what unforeseen situations arise. 

The Hunt for the Right Security Solution for Remote

Organizations can adopt what they think is the right solution for secure remote access, but there will always be a risk of data exposure to attackers. It’s essential that organizations understand which network and security features are best suited to their ‘work from anywhere’ workforces. 

Here are three key features that every secure remote access solution should provide for better secure access.

Complete Network and Data Visibility

Full visibility of corporate resources, data and network are critical when working with unmanaged devices. When organizations don’t have the capability to clearly see and manage user network activity to all company endpoints, it reduces agility in threat response, which can result in hackers gaining data access within the network to exploit it. 

It is vital that the organization’s IT teams are provided complete visibility and control over data across all resources on the network. By adopting a software-defined solution that promotes interoperability within cloud and local resources, organizations can ensure that unauthorized access from malicious actors is harder to obtain and more visible should it ever occur. 

Identity and Access Management

Identity and access management should be a requirement for all secure remote access solutions. By implementing identity and access management solutions like multi-factor authentication (MFA) IT teams can put an extra verification barrier in front of would-be attackers. What’s great about MFA for organizations is that it requires their employees to provide a second form of identity verification that authenticates identities to ensure the user is who they say they are.

Organizations should also require that employees implement a single sign-on (SSO) feature as it securely authenticates users across all their cloud applications with one (strong) password. By simplifying the authentication process for remote workers, security and efficiency are a result. 

Agentless Security

Organizations should implement agentless security when protecting corporate resources and data for their remote workers. IT teams that are continuously using agent-based tools or solutions will require ongoing software update installments on remote devices which will decrease productivity and the privacy of each device. Organizations that adopt agentless tools will help IT and security teams to offer their remote users better compliance and security without needing any updates on the user side. When network teams take advantage of agentless security, they provide a more agile and seamless work environment for remote workers.

Future of Remote Workers

As working from anywhere is here to stay, IT and security teams need to look at the current status of their network solutions and understand the different roadblocks they put in front of remote workforces – and their security. It’s important to clearly understand what’s working and what isn’t and to quickly acclimate to the new network shape that we all experience. By enabling less obtrusive security that suits remote workforces, companies are safer and more agile, bringing operational goals in line with IT.

Read More
Can Companies Afford IoT Inclusivity?
Reading Time: 4 minutes

The Internet of Things grows more massive with each passing year, as devices gain internet connectivity and impart new convenience on our lives – and in many cases new novelty. No matter if the “thing” in question is a manufacturing robot or a Brita that automatically reorders filters upon expiration, if it can receive instruction from and send data to the greater internet, then there’s an IT guy somewhere worrying about how it may expose his or her network.

This goes double for IT personnel in companies that make good use of IoT for work purposes, but bad use of IoT security by neglecting to factor in the network’s exposure. Addressing this idea is now part of IT’s list of responsibilities, and when creating a plan for how to walk the line between trusting IoT and being wary of it, multiple factors come into play. Thankfully, this part of the job is getting easier.

IoT’s Slow Security Onboarding

IoT is useful for countless industries, and its benefits far outweigh security risks in any circumstance. In healthcare, for example, IoT data is used to more deeply understand what conditions patients are in, and how practitioners should respond. Internet-connected devices that record patient outputs such as heartbeat, blood pressure, blood sugar levels and other biological metrics feed their data to centralized IT systems, telling hospital admins where frontline staff are most urgently needed, and how.

But IoTs vital role in cases like these is also its weakness. IoT boosts mobility in many business environments, so much so that security is something that it has always grappled with as an afterthought. For businesses, the advantages of IoT have meant securing these devices is a second step, and the world is slow to wake up to the careful security deliberation that IoT requires. Ransomware, for instance, used to be hardly considered a credible threat to networks.

Ransomware attacks on IoT devices were long thought of as low-value for hackers and therefore not a pertinent worry for IT, given that these devices had little to no information on them (mostly in the cloud). There are also so many types of IoT devices that the economics of hacking them doesn’t work in the hacker’s favor – it’s too expensive and not worthwhile. Besides, even those hacked would likely never pay the ransom, because IoT devices aren’t known for having screens that relay information (like a ransom note).

Increasing IoT Popularity Opens Paths for Attack

However low-value IoT devices used to be, they’re now ubiquitous and hold a lot of importance for critical business functions. Security implications have changed as well, as hackers have changed their strategy, and no longer seek to crack the devices for their data but to interrupt these functions and create urgency and the risk of lasting damage. Take for example the IoT controller that adjusts how much of certain ingredients are added to drugs, an IoT-connected pacemaker, or a hacked power grid controller that determines electricity consumption for a small town. The ability to power these down or alter with their settings is dangerous enough to justify a ransom.

Traditionally weak entry points on IoT devices need to be shored up if we want IoT benefits to continue to outweigh its risks. However, most of the time patching is on the manufacturer, and low prevalence of hacks thus far has prevented manufacturers from acting with urgency, so companies using IoT devices are often unprotected from within and without. The internal awareness isn’t there yet, with many IoT connections unencrypted when connecting to the network, offering hackers a way inside when the device relays to or receives info from the internet. 

In the split second it takes for the device to grab data, hackers can slide in undetected and set up shop in an undefended company’s network. Hijacked or rogue IoT devices were present in over 46% of companies this year, according to a report on “shadow IoT” devices found on their corporate networks, demonstrating just how prevalent this dangerous exploit is. 

IoT Security Solutions Must Provide Visibility

Fortunately, most of the issues stemming from IoT come from how invisible they are on the network, and how unrestricted their permissions tend to be. IoT devices are easily discoverable by hackers, even using public resources like Shodan, so they must be at least this visible to internal IT teams as well. The key to allowing IoT freedom to participate in the network but also to respect its boundaries resides in some of the components of a single solution – Secure Access Service Edge – which was introduced just last year and seems nearly purpose built for IoT.

SASE is a cloud-based networking and security product, unified in its functionality and present on the edge of an organization’s network. A foundation of SASE is software-defined networking ideas, which are more inclusive to a variety of devices connecting to the network because there is no hardware setup required, and cloud nativity to easily match the infrastructure of any ecosystem. When an IoT device connects to the network, it will be easily visible in the cloud admin panel, but more importantly this identification also empowers IT to set identity-based access policies, which limit the extent to which specific parts of the network are exposed to these endpoints.

Enforcement is also about security and not just about how much attack surface is laid bare to IoT devices. Pushing all networking through a centralized, software-defined system also enables IT to demand all network connections happen through encrypted tunnels exclusively, so any IoT device (or company laptop, or mobile phone) that isn’t encrypted cannot connect to the network in the first place. It also helps IT layer even more security on top of IoT devices, even solutions like SSO, so that password management across thousands of devices will finally be feasible (and safe).

Why SASE Brings IoT Home

The combination of visibility, network access restriction, and security enforcement for IoT devices gives SASE a winning use case, and it’s already making headway. Internets, whether world wide webs or “of Things”, are deep and murky. Companies pushing for maximum interoperability can be free to brave the IoT waters confidently with SASE to help them stay on course, and avoid the icebergs lurking out there for us all.

Read More