New Agent Banner
Introducing Our New Platform Agent 7.0
Reading Time: 2 minutes

Seamless network connection, online security and support in one

Today we’ve reached another major milestone at Perimeter 81. After months of planning, development and design, we’ve officially launched our new platform agent. From a smoother login to new support options, Perimeter 81 Agent 7.0 is designed with our customers and end-users in mind. 

Our new and easy-to-use agent UI ensures that your employees can quickly and securely connect to your cloud and on-premise environments. The features of the new agent include:

Improved Performance and Smoother Login

Perimeter 81 Agent 7.0 includes a range of stability and performance improvements for a better user experience.  Agent 7.0 also handles more of the login process within the default browser, so that SSO users do not need to log in again on subsequent visits, making using the agent that much simpler and more seamless.

New Interface with More Options and Information

Agent 7.0 provides users with more options and information, such as time connected, gateway location, and public and internal IP addresses, right on the home screen. 

The new Agent interface includes:

  • More information for easier tracking and troubleshooting 
  • Easy network switching from the home screen and clear navigation to the Networks interface from the sidebar 
  • New support menu easily accessible from the home screen

Enhanced Support Options

Each user has their preferred method to get support. That’s why we give them numerous support options in the new Agent support screen.

support screen devices mockup-01From the support screen, users can:

  • Look up walkthroughs in our online User Guides
  • Start a live chat with a Perimeter 81 expert
  • Run our diagnosis tool to send a complete diagnosis and log to our support team for more streamlined troubleshooting

Ready to Use

Perimeter 81 Agent 7.0 is available for download now from our Download Center and from the “Downloads” tab in your Web Console. Experience it today!

Have any product questions or suggestions? Don’t hesitate to contact us at [email protected].

If you don’t currently have an account and would like to experience a full tour of our platform, be sure to request a free demo.

Read More
Mitigating Cyber Risks and Managing Compliance in Financial Services
Reading Time: 4 minutes

Financial services organizations have a lot to contend with now that business offices have shifted to home offices – from regulatory compliance to cybersecurity to adopting the cloud. 

Cyber risk in a new business model

Broker-dealer firms, investment advisory firms and insurance companies typically have a centrally located corporate headquarters and a network of branch offices staffed by independently registered representatives. The corporate entity is responsible for protecting the company by enforcing applicable compliance policies and data security practices across branches and for each registered employee.

The pandemic changed that traditional corporate configuration. Independent branches and corporate offices have moved to a distributed environment. This has required significant changes in technology and process. Because of the sensitive nature of their business, financial organizations were previously closed environments, restricting data management to on-premises environments and sometimes not even allowing remote internet access. When the world changed, they needed to allocate remote system access and secure networks overnight. 

To allow business continuity in the short-term, some firms made local changes to the way they secure their networks. Without considering the broader implications, this opened these organizations up to regulatory and cyber risks. An increase in cyber attacks has made this interim approach unsustainable. Organizations are having to rethink their entire technology infrastructures.

Resistance to cloud technology 

Legacy technology systems persist in financial services – tools developed many years ago when business was conducted inside offices and less online. There are a couple reasons for this: outdated ideas about data security and management, and rightful concerns about regulatory compliance. 

Outdated ideas about data security and management: Legacy business technology was not designed for today’s connected world. When these tools were developed, there wasn’t a need to configure security for internet exposure because all systems and networks were managed on-premises. Plus, migrating to the cloud can be a resource-intensive endeavor, and security could be compromised in the process. 

But the reality is that today, client data and business resources need to be accessible remotely. It requires significant technical upgrades, but also a change of mind – giving up the idea that you must have on-premises possession of your data and information. Resources are moving to the cloud, employees are working from home and the internet is the new corporate network. Security services need to adjust to fit the new normal.

Regulatory concerns: Financial firms have also been reluctant to adopt cloud technology because of traditional corporate governance practices. It’s one thing when systems are secured behind a perimeter and you have full control. It’s another thing when you’re relying on third-party hosting providers or cloud vendors to manage sensitive communications data for you. 

The regulatory bodies understand the need for a shift to the cloud and have made it themselves. FINRA – an organization that regulates wealth management firms – has moved its data to the public cloud. The shift should be an indicator to regulated firms that this is the way of the future in financial services

Shift to remote work accelerating cloud adoption

The work-from-home paradigm has been a force multiplier for cloud adoption. The primary business case for a move to the cloud prior to the pandemic was about convenience, cost and the ability to scale. Now, the corporate perimeter has been decimated and cloud services are business critical. People are using their own devices, from their own homes, across time zones and geographies. They need the flexibility to access work and communication applications at any time. 

It’s been clear for a few years that mobility and cloud are here to stay. Financial organizations had started to prepare for this, but the pandemic accelerated that transition by five or even ten years. As employees or registered reps work from distributed locations, they need to use more and more cloud-based collaboration and conferencing applications to conduct business. These applications are easy to use, manage, and update from anywhere. 

Tips for network security and achieving compliance with the cloud

The cloud and mobility are here to stay. Look for technology solutions with robust architecture designed for a cloud-first and mobile-first reality. Moving from legacy technology isn’t always simple, but it will help financial firms future-proof compliance and security procedures.

Moving to cloud-hosting services has many organizational benefits. Business continuity has been enabled by cloud-based applications like Zoom and Microsoft Teams. Processes are more efficient, and productivity has increased. The cloud has unified security as well. Companies have been able to move from site-centric security protocols – which could be very different from New York to Tel Aviv – to user-centric security. Everyone can have the same user experience and follow the same security policy, regardless of location. 

You don’t have to make the transition to the cloud at once. Many cloud and mobile-first solutions can also support or complement legacy environments through the migration process. Try starting with a specific use case rather than your full range of services. See how that implementation process works and move to other issues once you’re satisfied with the result. 

Think holistically about cybersecurity and risk. Cyber risk and compliance risk mitigation is a layered problem. You must address network security, user security, device security, information governance, data privacy, and all the other facets of new, cloud-based technology to address all potential vulnerabilities. Start by considering these factors:  

  • The size and makeup of your organization
  • Regulatory requirements
  • Data security and data privacy requirements
  • What tools you use to collaborate and communicate
  • How technology is accessed from various networks or devices

Start inward and work your way out. As you’re optimizing your processes and technology to holistically manage risk, start by looking at your individual users and the devices they’re using. Then consider the applications through which they’re doing business and the networks they’re accessing, all the way up to your corporate infrastructure, to develop a thorough plan.

The post-pandemic transformation – though abrupt and challenging – was an inflection point in the way financial services organizations do business. The IT landscape, cloud services, and mobility have helped companies stay connected and productive. Financial firms must rethink and upgrade their infrastructure to accommodate new security and compliance challenges.

This was the topic of a recent webinar discussion hosted by Perimeter 81, “From Cloud to Compliance: Mitigating Cyber Risks for Financial Services,” and was written by Sid Yenamandra, CEO and founder of Entreda, a Smarsh company. Watch the full webinar on-demand.

Read More
press release image
Perimeter 81 Announces Bob Kilbride as Vice President of Channels
Reading Time: 2 minutes

Former Channels Executive at CloudHealth by VMware brings channel sales experience and expertise 

Tel Aviv, Israel — February 22, 2021Perimeter 81, a leading Secure Access Service Edge (SASE) and Network as a Service provider, announced today that industry channels sales veteran Bob Kilbride has joined the company as Vice President of Channels. In this role, Kilbride will lead the Perimeter 81’s Channel strategy and programs. 

Prior to joining Perimeter 81, Kilbride was responsible for leading global channel sales strategy and execution for CloudHealth by VMware. In this role, he and his team were focused on building a market-leading managed service provider community that leveraged the CloudHealth platform to offer leading cloud management services.

Kilbride brings to Perimeter 81 more than 25 years of experience as a successful software and solutions sales professional, extensive partner management experience in the IT industry and a strong record of building and driving business through and with partners. In 2019, he was named one of CRN’s 50 Most Influential Channel Chiefs.

“Bob is a prominent addition to the Perimeter 81’s executive team, bringing years of channel and sales experience in network security,” says Amit Bareket, CEO and Co-founder of Perimeter 81. “In 2021, we plan to invest considerable resources into rapidly expanding our channel sales arm and significantly growing business among existing and new channel partners. We are delighted to have Bob, a proven channel leader, coming on board to spearhead these efforts.”

Kilbride looks forward to joining Perimeter 81 given the accelerated growth and demand among businesses to securely connect their distributed workforces to their company’s networks. The company plans to launch a best-in-class partner program and exponentially expand its global channel footprint in 2021.

Perimeter 81’s industry-leading platform is solving this challenge and provides organizations of all sizes the right networking and security requirements within a unified cloud-based platform,” says Kilbride. “A robust, services-focused partner ecosystem will be crucial to our success and I am looking forward to building on Perimeter 81’s current channel program to drive deeper partner engagement and successful collaboration in our go-to-market efforts.”

About Perimeter 81

Perimeter 81 is a leading Secure Access Service Edge (SASE) provider that has taken the outdated, complex and hardware-based network security technologies, and transformed them into one unified, scalable and easy-to-use software solution — simplifying secure access for the modern and distributed workforce. Founded by two IDF elite intelligence unit alumni and serial entrepreneurs, CEO Amit Bareket and CPO Sagi Gidali, Perimeter 81 is headquartered in Tel Aviv, the heart of the startup nation, and has offices in New York and California. Perimeter 81’s clients range from small businesses to Fortune 500 corporations across a variety of sectors, and our partners are among the world’s foremost integrators, managed service providers and channel resellers. To learn more visit www.perimeter81.com or follow us on LinkedIn.

Read More
Welcome Bob Kilbride
We’re Pleased to Announce a New Member: Bob Kilbride, Vice President of Channels Sales
Reading Time: 2 minutes

At Perimeter 81 we like to welcome new employees with open arms, and what better way than to speak about their vast accomplishments? As our new VP of Channels Sales, Bob is no exception. He has an impressive professional history and brings a ton of crucial channel experience to the table. Before joining Perimeter 81, Bob was the head of global channel sales at CloudHealth by VMware and prior to that he spent 6 years managing partners and partner programs at Microsoft.   

At CloudHealth, Bob was the Batman of channel marketing and built a market-leading managed service provider program and community that leveraged the CloudHealth platform to offer differentiated cloud management services. In 2019, he even earned a spot among CRN’s 50 Most Influential Channel Chiefs for his work at CloudHealth, and more specifically for his stellar 2019 performance: boosting revenue from partnerships by over 125% and establishing a channels team that doubled in size the previous two consecutive years.

Bob’s long and successful career in software solutions sales will bring a go-getter spirit that Perimeter 81 looks for in its employees and takes care to encourage, and we have little doubt that he is up to the challenge of leading our channels sales efforts. We also hope that when he isn’t crushing it for us, that he is having fun with his main hobbies – running, antiquing and catching live music.  

“I am truly thrilled to be joining Perimeter 81,” said Mr. Kilbride. “Given the accelerated growth and demand for businesses to securely connect their distributed workforces to their company’s networks, Perimeter 81’s industry-leading platform is uniquely positioned to meet this business challenge.  Our partners will play a crucial role in driving positive outcomes at our joint customers, and I’m excited about building a world-class program that will enable them to do so.”

Read More
Podcast Ep.8
Educating the Next Generation of Cybersecurity Professionals
Reading Time: 1 minute

Listen to this podcast on iTunes, Spotify or wherever you find your favorite audio content.

It’s 2021 and there is still a massive shortage of security professionals with the correct skills and proper education to help organizations protect against security threats from cybercriminals. While there are several security jobs available, unfortunately there remains a critical shortage of security experts to fill those positions.  

In this edition of the Beyond the Perimeter Podcast, Aleksandr Zhuk, Information Security Architect at Axoni joins our host Zev Brodsky to discuss his experience in information technology and information security management and how he is currently a cybersecurity professor who is teaching the future experts of cybersecurity.

Listen to the Podcast:

About Aleksandr Zhuk

Professor Aleksandr Zhuk has more than 25+ years of experience in information technology and information security management. Currently, he is the Information Security Architect at Axoni, an amazing young fintech organization that is quietly revolutionizing global capital markets using blockchain and smart contracts technologies. Additionally, Aleksandr is a Professor of Cybersecurity at Yeshiva University in New York City.

If you enjoyed listening, don’t forget to subscribe so you never miss a new episode. Please also consider rating the podcast or leaving your feedback on iTunes or wherever you listen.

Contact Us 

Want to be a guest on the show or have a security subject you want to be covered on Beyond The Perimeter Podcast?

Email Zev at [email protected]

Read More
Ransomware Attacks
How Zero Trust Can Help Defend Against Ransomware Attacks
Reading Time: 4 minutes

The plague that is ransomware is not new, but over the past year, there has been an increasing number of successful ransomware attacks, pushing them more prominently into the public psyche. According to Cybersecurity Ventures, ransomware attack damage is predicted to reach over $20 billion by the end of 2021.

Source: SpinBackup

From attacks on healthcare providers to technology organizations, no industry is safe from ransomware attacks lately, and organizations need to implement the proper security measures to avoid their security teams experiencing attack fatigue. While the number of successful ransomware attacks has helped organizations gain an increased awareness of this idea, ransomware continues to plague more and more organizations’ networks.

The Ransomware Puzzle

Ransomware attacks have shown that the result of becoming a victim is that you cannot avoid a negative outcome. You either pay up or suffer an enormous productivity decline, as resources are tied up and unavailable. Recently the security community is also seeing bigger implications on organizations from ransomware.  

With every new successful attack on a different organization, it is becoming more clear that attackers are also looking to exploit intellectual property, sensitive data and resources which are not encrypted. This means every organization that has experienced ransomware has an important decision to make: Do they pay the ransom fee or do they try to fix it on their own? Sadly it’s a much more difficult task to address exploitation yourself, so most organizations end up paying the ransom. 

You would think once a ransom is paid everything would go back to normal, but actually it’s not so simple. IT teams need to spend days or weeks to recover the resources and data that was exploited and in some cases make sure attackers can’t continue to abuse the security gap in the future. The increasing number of organizations impacted has forced many to take the initiative and get proactive before they’re targeted as a potential victim. 

Defending Against Ransomware Attacks

No matter the kind of attack, organizations’ security strategies and goals should always be to prevent, assess irks and educate employees on how their security hygiene presents a risk. The latter idea to educate employees is perhaps the most crucial. In most cases, employees are the easy entry point for attackers when exploiting an organization, due to the past difficulty with balancing the access required for productive work and the security limits required to truly trust that users can’t accidentally cause damage.

Organizations need to invest in the security hygiene of their employees because the ROI of education (the prevention of potential insider breaches) is priceless. The importance of security hygiene is crucial when fighting against ransomware attacks particularly, as they often come from phishing emails. Once the employees are equipped with the knowledge to recognize threats, social engineering tactics and email attacks your network is already more secure – even if nothing’s changed on paper.

To supplement and balance this crucial idea, it’s also good to limit users’ access to resources, and define specific network segments where individual roles, devices, or locations, for example are permissioned. This mindset fits in perfectly with the Zero trust Network Access model, which is easy to achieve with a couple of pieces of common technology.

Implementing Zero Trust 

The ideal security strategy against ransomware must start with a Zero Trust model. Organizations that adopt the Zero Trust model can experience the right mix of authentication and micro-segmentation to create a much more challenging barrier for an attackers to deal with when targeting any organization.

By utilizing Zero Trust and its core foundations of micro-segmentation and enforced authentication via Identity Providers, IT managers can not only fully visualize networks and resources to ensure relevant least-privilege and secure access to corporate resources, but also control all aspects of network security across cloud and on-premise applications and services. Zero Trust provides the visibility, control and threat inspection capabilities necessary to protect networks from ransomware, targeted attacks and the unauthorized exfiltration of sensitive data.

Every organization looking to establish secure “trust boundaries” according to the Zero Trust security model can improve their IT security posture through:

  • Network Segmentation: This allows organizations to define internal trust boundaries to granularly control traffic flow, enable secure network access and implement network monitoring. It reduces the attack surface and provides a distributed security solution that operates as a holistic threat protection framework.  
  • Trust Zones: Trust Zones establish distinct areas of IT infrastructure where resources operate at the same trust and similar functionality such as protocols and types of transactions. This minimizes the number of allowed pathways and limits the potential for malicious threats to access sensitive resources.
  • Infrastructure Management: Zero Trust segmentation relies on the ability to efficiently monitor networks through centralized management. This allows data to be processed by analysis tools and technologies that may enhance network visibility, detect unknown threats, or support compliance reporting.

Looking Ahead

As we see more organizations adopt IoT and mobile edge devices it will increase the attack surface, which will lead to an escalation of ransomware attacks. Organizations that implement the full Zero Trust model can achieve a wide safety net.

While no organization will ever be entirely safe, the transition to Zero Trust will help raise the lowest hanging fruit with relative ease, and significantly boost the chances that you will be out of reach when hackers come knocking. 

Read More
Make Sure the Next SolarWinds Isn’t In Your Supply Chain
Reading Time: 3 minutes

Not long ago, the traditional enterprise would have its own servers on-site, and would buy physical licenses so that it could offer software to its employees. Security in this environment meant legacy solutions like hardware firewalls and antivirus services, and it was the responsibility of the organization to protect itself.

Modern enterprises no longer centralize their most critical and defining business flows within a brick and mortar headquarters, but rather spread them out between cloud resources, hosted on servers owned by third party vendors and stitched together with APIs to create a working digital supply chain.

Using this model often means that vendors have or exchange sensitive information about their customers and even their customers’ customers, so even though more companies share responsibility for their collective data privacy, hackers can pick from a variety of targets to hit and make off with the same amount of loot.

The exploitation or hacking of a third party vendor to get at its customers is called a supply chain attack. When the vendor is popular and successful enough to have equally enormous customers – such as governments and other industry multinational companies – the damage that can stem from a single supply chain attack is astounding. But if you’re a modern enterprise using a multi-cloud strategy, how can you reduce your exposure to your suppliers?

The Great Domino Effect

The world saw the impact of a big supply chain attack when SolarWinds was breached in mid-December of 2020. SolarWinds’ Orion software, which includes on its list of customers Fortune 500 companies, the US military, US Treasury Department and Department of Homeland Security.

Undetected for months, hackers used a backdoor in Orion to spy on SolarWinds’ more than 33,000 customers, and the damage is literally impossible to tally. It’s true that the revelation of government and military data is worrisome, but less spotlight is cast on the smaller firms which relied on Orion to help with their IT management.

The Shared Responsibility Model for data security is important to think of in light of events like these, as it acts like a Terms and Conditions for assessing post-breach accountability. Orion’s breach led to a domino effect in which even trusted security firms like FireEye were exposed with no recourse, but that’s the rub when network perimeters no longer exist. If this is what companies are up against, is there any solution?

Trust: The Tensile Strength in Supply Chains

The ability for an internal IT team to protect against supply chain attacks is actually greater than one might think, but it doesn’t involve the integration of new tools or implementation of new models, all it requires is transparency. Most of the responsibility for ensuring supply chain strength will fall on the upper ranks of security management, like the CTO or CISO, who will need to do an audit of the company’s software vendors.

A good first step is to only trust vendors who will have access to your data if they are compliant with some of the strictest measures of data security, like SOC 2 or ISO 27001/2. Experts agree that a company can reduce the majority of its exposure to supply chain attacks just by ensuring the correct compliance among vendors, but this doesn’t mean they’re immune.

It seems banal, but always patching on time is crucial, and is a way to reduce exposure to known vulnerabilities while also watching out for unknown supply chain cracks by requiring visibility in core components. Vendors will in the best cases have a “bills of materials” that they use in their work, which should include details on where hardware and other core components were sourced from.

Sidestepping Supply Chain Audits

Due to supply chain attacks gaining prominence – and multiplying in occurrence by over 78% in 2019 – more vendors offer information that can prove their security, and it’s easy to imagine that soon there will be an international standard for producing supply chain data that vendors must follow. Until then, there’s another way to reinforce your supply chain without pestering vendors about their own transparency. 

Some vendors are busy building their own custom, self-managed cloud solutions, and are therefore easily able to produce the degree of supply chain transparency that smart customers require. Others are helping boost supply chain confidence by hiring outside penetration testing services, and making the reports available to potential customers.

At the end of the day, it’s possible to be almost sure of the integrity of your vendors with enough effort, but SolarWinds proved that getting to 100% certainty isn’t in the cards. Thankfully, things are changing quickly, and security professionals today are far from helpless in the battle for supply chain security.

Read More
Freelancers Access
Contractors and Freelancers vs. Access Privileges
Reading Time: 5 minutes

If your organization is running like most other organizations today, you probably are working with freelancers and third-party vendors. On a daily basis, these non-employees are granted access to your organization’s internal networks, applications and resources. While most organizations rely on certain third-party vendors to support their development, IT infrastructures and networks, they tend to overlook the security risks that come with hiring these contractors. 

This has created a significant challenge for IT and security teams when it comes to network visibility and access management. Most security teams will have little to no information on how contractors or third-party vendors are working within the organization’s environment. Unlike an employee of the company, non-employees might be working with loose security policies or at worst no security hygiene. For this simple reason, privileged third-party access accounts are now becoming one of the biggest risks to organization’s security.

breaches                                                                                                                                                                                             Source: Soha Third-Party Advisory Group

 Over the past few years, we have seen major data breaches grab the headlines that were caused by third-party vendors. Some of the more famous breaches include Target, the U.S. Office of Personnel Management and Home Depot. All three breaches did not result from direct insider attacks but were exploited from a breach of a third-party vendor they were using. These examples of different attacks show that exploiting a contractor or third-party vendor can hurt an organization financially and even worse put your organization’s security at risk.  

thirdpartybreaches                                                                                                                                                                                             Source: CyberArk

To fight off different third-party security risks, many organizations have adopted different solutions to defend against them which has created a bigger issue as organizations are forced to provide non-employees too much access to resources and their network. To protect an organization’s data and resources against security risks that come with using third-party vendors you need to think about implementing a stronger access privilege strategy within your company.  

Managing Privileged Access 

Properly managing access is a much tougher task. In every organization, different users need different levels of access to do their daily work within their environment. Not every employee needs the same access to do their job, this is especially true for third-party contractors. For example, if an organization is using a vendor to run IT maintenance, they will need access to the IT infrastructure and networks and should not receive unlimited access like gaining permissions to the customer data. Security and IT teams should provide the correct access based on the user. By providing the incorrect level of privileges access to a user it can result in increased security risks within an organization.

Take Control of Contractors’ Access

Despite all the risks involved when working with third-party vendors, the IT community has designed a different but new identity and authentication process for organizations to manage privileged access with non-employees. Here are our top three methods that can help any organization achieve a more concrete strategy when providing access to third-party contractors.  

Implement Least Privilege Access

The idea of least privilege access is that your organization should limit each user’s access to only the privileges they need to do their job. By limiting each user’s access, you prevent an attacker from gaining access to large amounts of data through a single compromised account.

When an organization is creating an access management program it should start with the least privileged access model. The best way to achieve the least privileged access with an organization is through role-based access, which offers access and permissions based on the employee’s role. The role-based access model is the easiest for organizations to adopt when managing the access of contractors or third party vendors. 

Run an Audit of Vendor’s Privileged Accounts

If an organization is providing unlimited access to different vendors they are creating an “always-available entry point” for cybercriminals to exploit. So it’s best for IT and security teams to get a better understanding of who the vendors or contractors are and what access they have in the organization’s networks and applications. An easier way to solve is this by running a vendor’s privileged access audit. This will allow you to get a clear understanding of who has access to what and which users shouldn’t be having access to.

Enforce Strong Authentication Methods

To implement a well-tuned privilege access strategy it needs to include up-to-date authentication best practices. Your typical contractor or third-party vendor will be working remotely and will need a certain level of access to do the job that you hired for them to do. After providing the correct level of access, it’s crucial to implement a stronger authentication technique. 

To easily secure your vendor’s privileged identity from hackers looking in to steal credentials,  it’s highly recommended to enforce Multi-factor authentication. By forcing a second factor for identity verification, it eliminates the risk by ensuring that stolen credentials alone won’t be enough to ensure access. When you implement MFA capabilities with strong passwords, SSH keys, and strong internet hygiene, you can further reduce the chances of a breach. By requiring significant step-ups in authentication, as well as strong cloud policies, your organization can adopt more vendors without worrying about if the identity of their users will be exploited. and apply it to identity management.

Prioritizing Vendor Privileged Access Management Today

As organizations start to be more on top of who is gaining access and where they are coming from, the last thing an IT and security team needs is an external employee being the reason for a hacker comprising the network. Now that more organizations are partnering with other parties, it can create more security challenges. So best to address your third-party vendors to ensure they are only provided the right amount of access. 

By understanding who has access to what and who is connecting to the network, it will allow your organization to have a more meaningful privileged access management in place. This will evolve your contactors and third-party vendors from being the biggest risks to your security to them becoming the most secure users. 

Read More
The greatest hits of 2020
The Best of Perimeter 81 2020: Top 5 Content From Our Readers
Reading Time: 3 minutes

2021 is just a few weeks old, but we can’t forget the trend-setting year that was 2020. Here at Perimeter 81, 2020 was a fruitful year of growth and opportunity which included the launching of new features and integrations, the attainment of 650 new customers, a 40 million dollar Series B raise, three new offices, and a workforce that ended the year twice the size as when it began.

For the entire network security space, 2020 was impactful. Organizations moved entirely remote thanks to the rise of SASE and to different network security breakthroughs, and in response to several eye-grabbing breaches that caught the limelight.

As we look back at the year 2020, we wanted to get a bit nostalgic and look at the different kinds of content that reflected the past year best. Let’s take a moment to remember some of our best reads, including the popular blog posts, most-watched webinar, most listened-to podcast episode, our seminal industry report and headlining bylines.

Perimeter 81’s Top Content Hits of 2020

Employers See Rising Number of Remote Workers

To no one’s surprise, the most popular blog post for our readers was about the increasing number of remote workers due to COVID-19. We highlighted the different health concerns with the pandemic and how COVID-19 accelerated the sudden increase of remote work. We ended the post by providing our remote access security tips, and education organizations and employees on security hygiene and how to fight cyber-attacks from hackers looking to take advantage of the new situation. 

The 2020 State of Network Security Report

Network security is our expertise at Perimeter 81. With this in mind, in late 2020 we released our first annual State of Network Security report. This industry report’s purpose was to learn and get a better understanding of the different network access challenges that were facing IT managers from companies of all sizes and industries in 2020. We surveyed over 250 IT and security managers to gain their insights into what they have experienced since the major shift to remote work, and the results offered us a glimpse into the landscape and how its leaders think during these transformative times.

Importance of White Hat Hackers

In 2020 we launched the Beyond The Perimeter Podcast, our very own security podcast. In each episode, we discuss the latest and biggest breaches to hit the news and talk to different security experts to learn about their experiences in the security industry. Our most popular and listened-to podcast episode was when we interviewed Len Noe, who is a white hat hacker and cybersecurity specialist. Len talked about his role as a hacker early on and his experience transitioning from black hat to a white hat hacker (an ethical hacker). Len also explained how organizations can’t just depend on best practices and that they need to actually run internal tests on their system and networks for security risks.

The Year of Webinars

In 2020, events around the world turned into digital conferences and webinars. We saw more companies and conferences go virtual, and in our own company we hosted monthly webinars with security experts and security vendors where different subjects about security and actionable items for attendees were presented. Our most popular webinar was Criminal Evolution in the Age of COVID-19 & How Orgs. Adapt to the New Normal

In this webinar, we talked to Keren Elazari and Sivan Tehila about the evolution of security threats and cybercrime in our new remote work era. They shed light on emerging security risks and provided the audience with practical ideas on how to build a more secure future for your organization.

SASE is the Future of Network Security 

Despite being coined in 2019, Gartner’s SASE transformed the security industry in 2020. So this comes as no surprise that the most popular thought leadership post by our executive team was The Space Race For Secure Access Service Edge (SASE). This piece was published in Forbes and our Co-Founder and CEO shared his insights on the future of network and cloud security and how SASE will be a deciding factor.

2021 and Moving Forward 

From all of us at Perimeter 81, we hope you enjoyed reading, watching and listening to our different content offerings in 2020. We are eagerly looking forward to what the network security space has in store for us in 2021, so stay tuned to our weekly blog posts – found on our blog home page

Read More
Podcast Ep.7
Effectively Securing Thousands of Devices, One Day at a Time
Reading Time: 1 minute

Listen to this podcast on iTunes, Spotify or wherever you find your favorite audio content.

With more employees working remotely, more enterprises are recognizing the need for a concrete cloud security strategy when securing employee devices from various threats. But with enterprises having more devices to secure than the average organization, what security challenges do enterprise cloud security architects experience?

In this edition of the Beyond the Perimeter Podcast, Yoav Nathaniel, Cloud Security Architect at Goldman Sachs joins our host Zev Brodsky to discuss what it’s like being on a team of cloud security architects at an enterprise, and what some of the major cloud security challenges are that he experiences on a daily basis.

Listen to the Podcast:

About Yoav Nathaniel:

Specializing in cloud security before the cloud was even considered a viable option for the enterprise, Yoav partners with users and developers to create a seamless, secure experience of SaaS and cloud-based infrastructure. He has broad experience with regulations, incident response, malware, phishing, data leaks, misconfigurations, IAM and networks.

Yoav currently works as a Cloud Security Architect for Goldman Sachs where he focuses on the firm-wide public cloud security standards and innovating resilient solutions at scale.

If you enjoyed listening, don’t forget to subscribe so you never miss a new episode. Please also consider rating the podcast or leaving your feedback on iTunes or wherever you listen.

Contact Us 

Want to be a guest on the show or have a security subject you want to be covered on Beyond The Perimeter Podcast?

Email Zev at [email protected]

Read More
Why Cloud Configs Are IT’s Most Urgent Audit in 2021
Reading Time: 4 minutes

July of 2019 must have been a stressful month for Capital One’s IT team. During this fateful month an employee of the respected bank uncovered the massive ongoing theft of customer data, and though the exploit was a simple fix, damage to Capital One had been extensive. A misconfigured setting in its cloud was quietly exploited from 2005 to 2019 by one sneaky hacker, and the firm overnight found itself dealing with leaked financial data of over 100 million American and Canadian customers, up for sale to dark web buyers.

From a security perspective, the Capital One breach is a telling example of the power that companies have over our data, and their responsibility to remain compliant. It’s also reminiscent of 2019, when cloud misconfiguration breaches rose by 80%. A single configuration mishap – most likely no more than an employee forgetting to toggle an option in their cloud app or tweak an easy-to-miss setting – compromised millions of people across the continent for well over a decade. 

Another serious thought about Capital One’s breach is how relevant the tale still is for companies. In a press release about the incident, the bank shed light on how simple, common, and generally unremarkable attacks of this nature could be. Though this was likely to play down the idea that Capital One was unique in its weakness (and it isn’t), it also inadvertently sent up one of the first flares to an industry that is only now beginning to understand the devastation capable by cloud misconfiguration mistakes.

Misconfiguration: When the Vulnerability is You

After a year rampant with enterprise data breaches due to unsecured clouds, the industry’s bellwether – the Cloud Security Alliance – finally named Misconfiguration and Inadequate Change Control as 2021’s most dangerous IT threat. Misconfiguration happens when resources and computing assets are set up wrong or not at all, which sometimes creates gaps where hackers can get in and steal or inject data. In other words, the biggest authority on cloud security just admitted that human error is our biggest enemy.

Error in cloud resource management is quickly becoming a top priority for IT decision makers, with recent data showing that 62% of them see misconfiguration as their firm’s biggest compliance risk. This is hardly surprising, because many of these IT professionals likely don’t know if their configurations are airtight. A parallel survey of the industry illustrated that a worrisome majority of enterprise IT managers are unable to identify if misconfiguration or excessive access to cloud resources is occurring in their networks. This hits at the heart of the issue: The business world’s recent move to the cloud, and to remote work, has obstructed network visibility to the point of opacity.

Credit: Verizon, 2020

The acceleration of remote work thanks to COVID-19 puts a strain on computing resources and networks worldwide, and IT teams are still trying to catch up. An overwhelmed IT department, concentrating on spinning up new resources, providing access to onboarded users, and orchestrating a stack of security tools has little time to spare for configuration. But they must, and thankfully, doing so is easier than it once was.

A Quick Win for Configuration

One of the most common misconfiguration mistakes is simply to leave a piece of unencrypted data exposed to the internet. A hacker will typically stumble across it and realize that somewhere, the person responsible forgot to set up an authentication or authorization protocol required for access. From there, hackers have surprising lateral movement within the network, as chances are there is other information exposed in this way.

Configuration mishaps occur on an app-by-app basis, and will be unique to the company trying to solve them, because no two companies have the same hardware and software or business flows. For an average environment, for example, during a configuration audit IT may discover:

  • Network segments without dedicated access rules
  • Access permissions without assigned IdP roles
  • Misconfigured security ports for inbound and outbound
  • Multi-factor authentication is not enabled for a sensitive asset
  • SIEM encryption is untoggled

These would all have the potential to open a wide avenue into the network for hackers, and they also vary by application. For any company, a way to stay on top of all these configurations is to intimately understand the stack and to work within each product so that they are secure, and to repeat this process for each user and resource – which is not preferable. A better way is to layer a solution on top of your corporate resources in order to gain central visibility and control. If IT is given a single dashboard where they can manage access and traffic across resources, they will be equipped to react more quickly than Capital One did. 

Because misconfigurations are the “silent killer” of the remote work era, it’s crucial to be on high alert for any sign of them. Common misconfiguration errors happening in cloud resources often expand and advance the attacker workflow in real-time, so real-time threat monitoring is vital given the scale and breadth of cloud solutions. Equally important is the ability for a security product to integrate across on-prem and the cloud, so hybrid-cloud models can enjoy the same level of network omniscience. With cloud-friendly network security, companies can easily filter out the noise, gain instant control, and encourage rapid response when risks are detected.

Adoption of the cloud and reliance on applications rather than on-premises solutions is a healthy trend for companies, but too many of them neglect the Shared Responsibility Model for security when this is the case. Companies that want to take advantage of the cloud must do security due diligence on their end and take ownership of ideas that only they can control: things like user access, encryption, monitoring, configuration, and education. If they can manage this, cloud migrations can be done confidently and with continuity in mind.

Read More
2020_data_breaches
2020’s Biggest Hacks and Data Breaches
Reading Time: 4 minutes

What a start to the new decade. The year 2020 was one best forgotten, starting with the wild Australian fires and shortly afterwards the global COVID-19 pandemic, which transformed billions of lives. 2020 also was a year full of numerous data breaches and chilling cybersecurity threats.

When looking back at the cybersecurity sector over the past 12 months, what characterizes it best was how the pandemic changed organizations’ and their employees’ working habits. While your typical worker now enjoys the simplicity and comfort of working from their couch, IT and security teams have been forced to work overtime behind the scenes to adapt. 

In the past, organizations needed to secure their on-premises network and resources inside their offices and dealt with few remote workers, but now they need to make sure their workforces – most of them off-site – are connecting securely. In the meantime, hordes of endpoints suddenly accessing critical resources from beyond the traditional perimeter ramped up attacks against networks in 2020.

From ransomware attacks, supply chain attacks, data exposures, social engineering attacks to state-sponsored breaches, 2020 was a strange year for the security sector. Here is a quick look at the five biggest cyber attacks that grabbed headlines.

SolarWinds Supply Chain Hack

If your approach to fighting off network security attacks is that of a fireman battling the blaze, then the headline-grabbing SolarWinds breach represents a massive global IT inferno, where all security professionals are expected to pitch in. Due to the impact of the SolarWinds breach, former federal officials are saying that this attack was one of the biggest breaches the United States government ever experienced – the Digital Pearl Harbor.

A group of state-backed Russian hackers exploited the SolarWinds Orion monitoring software via a malware attack, which allowed the cybercriminals to move within the network and create a backdoor into the system. This attack was followed up by creating a malicious update within the SolarWinds system, providing the attacker’s full visibility and mobility within the exploited victims’ systems.

SolarWinds suggested that 18,000 of their 300,000 customers had possibly downloaded and installed the malware within their organizations. Many of SolarWind’s customers include Fortune 500 companies, the majority of US-based telcos, and different branches of the US government. On top of these global organizations, other cybersecurity vendors such as FireEye and different US and UK government branches were potentially exploited in the attack.

Twitter Breached

On July 15th, we saw one of the most high-profile breaches of the year. At least one hacker known for hijacking high-profile Twitter usernames gained access to an internal admin tool on Twitter’s network, hijacked a ton of celebrity accounts — Joe Biden, Bill Gates, and Elon Musk to name a few — and spread a cryptocurrency scam. The hacker made over $120,000 in just a few hours. But how the hacker got in and whether an employee helped remains a mystery. It is likely the hacker found their way into Twitter’s Slack account where they found a set of credentials. 

Twitter announced that the hack was done through social engineering. In this type of attack, hackers tend to trick their victims into providing their login credentials for access. Some 130 accounts were affected by the breaches. Twitter later said eight users had their data downloaded — including their DMs. But the company refused to say if the hacker read anyone else’s DMs — even though they’re believed to have had access. The breach could’ve been so much worse, even having serious implications for national security, given that this is an administration that frequently uses Twitter to dictate policy. On July 31st, authorities arrested the 17-year-old hacker who was behind the hack.

Garmin Hit by Ransomware

In late July, the GPS and fitness wearables powerhouse Garmin were victims of a vicious ransomware attack. The attack simply encrypted Garmin’s systems and as result, their users were prevented from accessing their services. Security experts are suggesting that the Garmin Security Breach is possibly one of the biggest high-profile ransomware attacks in the past century.

Hackers targeted Garmin with a ransomware attack that encrypted the company’s internal systems and shut down critical services like Garmin Connect, flyGarmin, Strava, and inReach. The attack was first detected when an employee’s information was being shared, some information included personal photos and encrypted workstations.

After the hackers encrypted the files they demanded Garmin to pay a ransomware payment of 10 million dollars and in return, the company will gain access to the data. Initially, Garmin didn’t give in to the ransom but within four days later the company started to restore their services and implemented a decryption key to remove the restrictions on their data, hence they paid the hefty ransom. 

Software AG Gets Clop-pered

In early October of 2020, Software AG Germany’s second-largest software vendor fell victim to a Clop ransomware attack that exploited their corporate files and employee information. Shortly after, Software AG issued a statement that indicated that their internal network was compromised by a malware attack but security researchers found the Clop ransomware executable being used.  

According to Software AG, customer-facing cloud services were not impacted by the Clop attack, but both employee personal information and confidential files were breached. The exploited information included Software AG’s internal network and employee laptops which included information belonging to the company’s employees: Passport numbers, photo ID scans, health care information, emails, contact lists, and employment contracts among other items. The incident is yet another sign of ransomware groups increasingly going after large enterprise targets with deep pockets.

Attack on NorthShore Foundation 

On July 22nd and in near succession with the Garmin attack, NorthShore University HealthSystem announced they were part of a data security breach that potentially had affected over 348,000 people. They were informed about the breach from a company named Blackbaud, a software services provider to thousands of nonprofit fundraising entities worldwide, including NorthShore Foundation. According to Blackbaud, the breach occurred due to a ransomware attack on its systems between February 7th and May 20th, during which time unauthorized individuals accessed and extracted some of Blackbaud’s client files.

NorthShore determined that patients’ full names, dates of birth, contact information, admission and discharge dates and more were accessible by the attackers. 

The Biggest Data Breaches May Be Yet to Come

As we are at the start of 2021 many more breaches will grab the security headlines and we will learn how hackers are becoming more sophisticated when targeting large organizations. One thing that will never change is how employees unintentionally allow cybercriminals to exploit their information and their organization. 

As long as security hygiene isn’t up to par, hackers will continue to exploit organizations where it truly hurts, finally. Hopefully, we can learn from 2020 and avoid becoming a victim listed on the next year’s top attacks.

Read More