Freelancers Access
Contractors and Freelancers vs. Access Privileges
Reading Time: 5 minutes

If your organization is running like most other organizations today, you probably are working with freelancers and third-party vendors. On a daily basis, these non-employees are granted access to your organization’s internal networks, applications and resources. While most organizations rely on certain third-party vendors to support their development, IT infrastructures and networks, they tend to overlook the security risks that come with hiring these contractors. 

This has created a significant challenge for IT and security teams when it comes to network visibility and access management. Most security teams will have little to no information on how contractors or third-party vendors are working within the organization’s environment. Unlike an employee of the company, non-employees might be working with loose security policies or at worst no security hygiene. For this simple reason, privileged third-party access accounts are now becoming one of the biggest risks to organization’s security.

breaches                                                                                                                                                                                             Source: Soha Third-Party Advisory Group

 Over the past few years, we have seen major data breaches grab the headlines that were caused by third-party vendors. Some of the more famous breaches include Target, the U.S. Office of Personnel Management and Home Depot. All three breaches did not result from direct insider attacks but were exploited from a breach of a third-party vendor they were using. These examples of different attacks show that exploiting a contractor or third-party vendor can hurt an organization financially and even worse put your organization’s security at risk.  

thirdpartybreaches                                                                                                                                                                                             Source: CyberArk

To fight off different third-party security risks, many organizations have adopted different solutions to defend against them which has created a bigger issue as organizations are forced to provide non-employees too much access to resources and their network. To protect an organization’s data and resources against security risks that come with using third-party vendors you need to think about implementing a stronger access privilege strategy within your company.  

Managing Privileged Access 

Properly managing access is a much tougher task. In every organization, different users need different levels of access to do their daily work within their environment. Not every employee needs the same access to do their job, this is especially true for third-party contractors. For example, if an organization is using a vendor to run IT maintenance, they will need access to the IT infrastructure and networks and should not receive unlimited access like gaining permissions to the customer data. Security and IT teams should provide the correct access based on the user. By providing the incorrect level of privileges access to a user it can result in increased security risks within an organization.

Take Control of Contractors’ Access

Despite all the risks involved when working with third-party vendors, the IT community has designed a different but new identity and authentication process for organizations to manage privileged access with non-employees. Here are our top three methods that can help any organization achieve a more concrete strategy when providing access to third-party contractors.  

Implement Least Privilege Access

The idea of least privilege access is that your organization should limit each user’s access to only the privileges they need to do their job. By limiting each user’s access, you prevent an attacker from gaining access to large amounts of data through a single compromised account.

When an organization is creating an access management program it should start with the least privileged access model. The best way to achieve the least privileged access with an organization is through role-based access, which offers access and permissions based on the employee’s role. The role-based access model is the easiest for organizations to adopt when managing the access of contractors or third party vendors. 

Run an Audit of Vendor’s Privileged Accounts

If an organization is providing unlimited access to different vendors they are creating an “always-available entry point” for cybercriminals to exploit. So it’s best for IT and security teams to get a better understanding of who the vendors or contractors are and what access they have in the organization’s networks and applications. An easier way to solve is this by running a vendor’s privileged access audit. This will allow you to get a clear understanding of who has access to what and which users shouldn’t be having access to.

Enforce Strong Authentication Methods

To implement a well-tuned privilege access strategy it needs to include up-to-date authentication best practices. Your typical contractor or third-party vendor will be working remotely and will need a certain level of access to do the job that you hired for them to do. After providing the correct level of access, it’s crucial to implement a stronger authentication technique. 

To easily secure your vendor’s privileged identity from hackers looking in to steal credentials,  it’s highly recommended to enforce Multi-factor authentication. By forcing a second factor for identity verification, it eliminates the risk by ensuring that stolen credentials alone won’t be enough to ensure access. When you implement MFA capabilities with strong passwords, SSH keys, and strong internet hygiene, you can further reduce the chances of a breach. By requiring significant step-ups in authentication, as well as strong cloud policies, your organization can adopt more vendors without worrying about if the identity of their users will be exploited. and apply it to identity management.

Prioritizing Vendor Privileged Access Management Today

As organizations start to be more on top of who is gaining access and where they are coming from, the last thing an IT and security team needs is an external employee being the reason for a hacker comprising the network. Now that more organizations are partnering with other parties, it can create more security challenges. So best to address your third-party vendors to ensure they are only provided the right amount of access. 

By understanding who has access to what and who is connecting to the network, it will allow your organization to have a more meaningful privileged access management in place. This will evolve your contactors and third-party vendors from being the biggest risks to your security to them becoming the most secure users. 

Read More
The greatest hits of 2020
The Best of Perimeter 81 2020: Top 5 Content From Our Readers
Reading Time: 3 minutes

2021 is just a few weeks old, but we can’t forget the trend-setting year that was 2020. Here at Perimeter 81, 2020 was a fruitful year of growth and opportunity which included the launching of new features and integrations, the attainment of 650 new customers, a 40 million dollar Series B raise, three new offices, and a workforce that ended the year twice the size as when it began.

For the entire network security space, 2020 was impactful. Organizations moved entirely remote thanks to the rise of SASE and to different network security breakthroughs, and in response to several eye-grabbing breaches that caught the limelight.

As we look back at the year 2020, we wanted to get a bit nostalgic and look at the different kinds of content that reflected the past year best. Let’s take a moment to remember some of our best reads, including the popular blog posts, most-watched webinar, most listened-to podcast episode, our seminal industry report and headlining bylines.

Perimeter 81’s Top Content Hits of 2020

Employers See Rising Number of Remote Workers

To no one’s surprise, the most popular blog post for our readers was about the increasing number of remote workers due to COVID-19. We highlighted the different health concerns with the pandemic and how COVID-19 accelerated the sudden increase of remote work. We ended the post by providing our remote access security tips, and education organizations and employees on security hygiene and how to fight cyber-attacks from hackers looking to take advantage of the new situation. 

The 2020 State of Network Security Report

Network security is our expertise at Perimeter 81. With this in mind, in late 2020 we released our first annual State of Network Security report. This industry report’s purpose was to learn and get a better understanding of the different network access challenges that were facing IT managers from companies of all sizes and industries in 2020. We surveyed over 250 IT and security managers to gain their insights into what they have experienced since the major shift to remote work, and the results offered us a glimpse into the landscape and how its leaders think during these transformative times.

Importance of White Hat Hackers

In 2020 we launched the Beyond The Perimeter Podcast, our very own security podcast. In each episode, we discuss the latest and biggest breaches to hit the news and talk to different security experts to learn about their experiences in the security industry. Our most popular and listened-to podcast episode was when we interviewed Len Noe, who is a white hat hacker and cybersecurity specialist. Len talked about his role as a hacker early on and his experience transitioning from black hat to a white hat hacker (an ethical hacker). Len also explained how organizations can’t just depend on best practices and that they need to actually run internal tests on their system and networks for security risks.

The Year of Webinars

In 2020, events around the world turned into digital conferences and webinars. We saw more companies and conferences go virtual, and in our own company we hosted monthly webinars with security experts and security vendors where different subjects about security and actionable items for attendees were presented. Our most popular webinar was Criminal Evolution in the Age of COVID-19 & How Orgs. Adapt to the New Normal

In this webinar, we talked to Keren Elazari and Sivan Tehila about the evolution of security threats and cybercrime in our new remote work era. They shed light on emerging security risks and provided the audience with practical ideas on how to build a more secure future for your organization.

SASE is the Future of Network Security 

Despite being coined in 2019, Gartner’s SASE transformed the security industry in 2020. So this comes as no surprise that the most popular thought leadership post by our executive team was The Space Race For Secure Access Service Edge (SASE). This piece was published in Forbes and our Co-Founder and CEO shared his insights on the future of network and cloud security and how SASE will be a deciding factor.

2021 and Moving Forward 

From all of us at Perimeter 81, we hope you enjoyed reading, watching and listening to our different content offerings in 2020. We are eagerly looking forward to what the network security space has in store for us in 2021, so stay tuned to our weekly blog posts – found on our blog home page

Read More
2020_data_breaches
2020’s Biggest Hacks and Data Breaches
Reading Time: 4 minutes

What a start to the new decade. The year 2020 was one best forgotten, starting with the wild Australian fires and shortly afterwards the global COVID-19 pandemic, which transformed billions of lives. 2020 also was a year full of numerous data breaches and chilling cybersecurity threats.

When looking back at the cybersecurity sector over the past 12 months, what characterizes it best was how the pandemic changed organizations’ and their employees’ working habits. While your typical worker now enjoys the simplicity and comfort of working from their couch, IT and security teams have been forced to work overtime behind the scenes to adapt. 

In the past, organizations needed to secure their on-premises network and resources inside their offices and dealt with few remote workers, but now they need to make sure their workforces – most of them off-site – are connecting securely. In the meantime, hordes of endpoints suddenly accessing critical resources from beyond the traditional perimeter ramped up attacks against networks in 2020.

From ransomware attacks, supply chain attacks, data exposures, social engineering attacks to state-sponsored breaches, 2020 was a strange year for the security sector. Here is a quick look at the five biggest cyber attacks that grabbed headlines.

SolarWinds Supply Chain Hack

If your approach to fighting off network security attacks is that of a fireman battling the blaze, then the headline-grabbing SolarWinds breach represents a massive global IT inferno, where all security professionals are expected to pitch in. Due to the impact of the SolarWinds breach, former federal officials are saying that this attack was one of the biggest breaches the United States government ever experienced – the Digital Pearl Harbor.

A group of state-backed Russian hackers exploited the SolarWinds Orion monitoring software via a malware attack, which allowed the cybercriminals to move within the network and create a backdoor into the system. This attack was followed up by creating a malicious update within the SolarWinds system, providing the attacker’s full visibility and mobility within the exploited victims’ systems.

SolarWinds suggested that 18,000 of their 300,000 customers had possibly downloaded and installed the malware within their organizations. Many of SolarWind’s customers include Fortune 500 companies, the majority of US-based telcos, and different branches of the US government. On top of these global organizations, other cybersecurity vendors such as FireEye and different US and UK government branches were potentially exploited in the attack.

Twitter Breached

On July 15th, we saw one of the most high-profile breaches of the year. At least one hacker known for hijacking high-profile Twitter usernames gained access to an internal admin tool on Twitter’s network, hijacked a ton of celebrity accounts — Joe Biden, Bill Gates, and Elon Musk to name a few — and spread a cryptocurrency scam. The hacker made over $120,000 in just a few hours. But how the hacker got in and whether an employee helped remains a mystery. It is likely the hacker found their way into Twitter’s Slack account where they found a set of credentials. 

Twitter announced that the hack was done through social engineering. In this type of attack, hackers tend to trick their victims into providing their login credentials for access. Some 130 accounts were affected by the breaches. Twitter later said eight users had their data downloaded — including their DMs. But the company refused to say if the hacker read anyone else’s DMs — even though they’re believed to have had access. The breach could’ve been so much worse, even having serious implications for national security, given that this is an administration that frequently uses Twitter to dictate policy. On July 31st, authorities arrested the 17-year-old hacker who was behind the hack.

Garmin Hit by Ransomware

In late July, the GPS and fitness wearables powerhouse Garmin were victims of a vicious ransomware attack. The attack simply encrypted Garmin’s systems and as result, their users were prevented from accessing their services. Security experts are suggesting that the Garmin Security Breach is possibly one of the biggest high-profile ransomware attacks in the past century.

Hackers targeted Garmin with a ransomware attack that encrypted the company’s internal systems and shut down critical services like Garmin Connect, flyGarmin, Strava, and inReach. The attack was first detected when an employee’s information was being shared, some information included personal photos and encrypted workstations.

After the hackers encrypted the files they demanded Garmin to pay a ransomware payment of 10 million dollars and in return, the company will gain access to the data. Initially, Garmin didn’t give in to the ransom but within four days later the company started to restore their services and implemented a decryption key to remove the restrictions on their data, hence they paid the hefty ransom. 

Software AG Gets Clop-pered

In early October of 2020, Software AG Germany’s second-largest software vendor fell victim to a Clop ransomware attack that exploited their corporate files and employee information. Shortly after, Software AG issued a statement that indicated that their internal network was compromised by a malware attack but security researchers found the Clop ransomware executable being used.  

According to Software AG, customer-facing cloud services were not impacted by the Clop attack, but both employee personal information and confidential files were breached. The exploited information included Software AG’s internal network and employee laptops which included information belonging to the company’s employees: Passport numbers, photo ID scans, health care information, emails, contact lists, and employment contracts among other items. The incident is yet another sign of ransomware groups increasingly going after large enterprise targets with deep pockets.

Attack on NorthShore Foundation 

On July 22nd and in near succession with the Garmin attack, NorthShore University HealthSystem announced they were part of a data security breach that potentially had affected over 348,000 people. They were informed about the breach from a company named Blackbaud, a software services provider to thousands of nonprofit fundraising entities worldwide, including NorthShore Foundation. According to Blackbaud, the breach occurred due to a ransomware attack on its systems between February 7th and May 20th, during which time unauthorized individuals accessed and extracted some of Blackbaud’s client files.

NorthShore determined that patients’ full names, dates of birth, contact information, admission and discharge dates and more were accessible by the attackers. 

The Biggest Data Breaches May Be Yet to Come

As we are at the start of 2021 many more breaches will grab the security headlines and we will learn how hackers are becoming more sophisticated when targeting large organizations. One thing that will never change is how employees unintentionally allow cybercriminals to exploit their information and their organization. 

As long as security hygiene isn’t up to par, hackers will continue to exploit organizations where it truly hurts, finally. Hopefully, we can learn from 2020 and avoid becoming a victim listed on the next year’s top attacks.

Read More
solarwinds_breach
The SolarWinds Breach, And How to Avoid Falling Victim
Reading Time: 3 minutes

In case you haven’t been reading security news headlines recently, the IT security vendor space was shaken by the latest attack, which experts say is bigger than the famous Equifax breach. Thousands of global enterprises and government agencies may have been exploited by hackers via the Solarwinds Orion network monitoring solution.  

The security community is continuing to investigate the nuts and bolts of the attack. While some details have been announced, we want to briefly dig into how it occurred, who was affected, and what organizations should do to step up their security hygiene and avoid being breached in such a way. 

SolarWinds Orion Breach

The latest sign that 2020 was not going to go out quietly was when different sources from FireEye and Microsoft first disclosed that a highly advanced and sophisticated attack on SolarWinds had occurred. 

A group of state-backed Russian hackers exploited the SolarWinds Orion software via a malware attack, which allowed the cybercriminals to move within the network and create a backdoor into the system. This attack was followed up by creating a malicious update within the SolarWinds system, providing the attackers full visibility and mobility within the exploited victims’ systems. 

The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive on December 13th instructing that SolarWinds Orion network solutions have become exploited by malicious actors. On the same day, FireEye announced a detailed technical analysis of the backdoor created by the cybercriminals.

SolarWinds suggested that 18,000 of their 300,000 customers had possibly downloaded and installed the malware within their organizations. Many of SolarWind’s customers include different global Fortune 500 companies, the majority of the US-based telcos, and different branches of the US military. On top of these global organizations, other cybersecurity vendors such as FireEye and different US and UK government branches were potentially exploited in the attack.

Due to the impact of the SolarWinds breach, the security community will look back at this attack as one of the biggest breaches on the United States governments ever committed. 

How Does the Breach Affect You? 

While this breach demonstrates how far Russian state-backed attacks will go, most organizations need to think about the effect it will have on their businesses rather than who the attackers are.

First, every organization no matter its size should double-check and make sure that their SIEM solution is secure and up-to-date with the current threat landscape. While some people might refrain from putting their entire organization’s trust in a monitoring solution after reading about this attack, now is the time for stronger and more up-to-date alerts and auditing. 

These kinds of attacks should push your organization to better understand the status of their security, and if needed, to adopt the right solutions to patch up potential points of entry for hackers – literally. Patching is hugely important now as various solutions update in response to new threats, and the breach will push SIEM providers to investigate their solutions to see where they can be exploited.

Lessons to Learn From the SolarWinds Attack

While the details of the attacks are still being investigated and will continue for months, here are three takeaways that your organizations can think about to decrease the chances of becoming a victim.

Supply Chain Attacks Are Not Disappearing

Cybercriminals are increasing their attack efforts with more sophisticated attempts on organizations’ software supply chains, and the SolarWinds attack has forced everyone to pay attention. While your organization might believe it is secure, in reality, no one is. Ensure all communications are encrypted, and make good use of basic tools like 2FA.

Attackers Just Need One Entry Point

Cybercriminals are finding new ways to attack organizations and exploit their critical resources and networks. Hackers can easily exploit your organization from in-depth attacks or in some cases the simple theft of an employee’s password, but no matter how they get in they can still enjoy frightful lateral movement if the right access management precautions aren’t taken.

Vulnerabilities Take Time to Patch

As seen in different breaches, cybercriminals may not be detected for weeks or even months. People tend to think of data breaches as attackers quickly exploiting and deserting their victims within minutes. In reality, attackers often are lurking for years until a breach is found. To fight off unauthorized access from malicious actors your organization should prioritize monitoring and network visibility. 

Security Community as One

As a member of the cybersecurity vendor community, it’s tough to see a fellow vendor become the victim of a cyber attack. All cybersecurity vendors know we are working together to make the world a more secure place. At Perimeter 81, we strive to provide the most secure experience for our customers and partners, and take the SolarWinds breach very seriously As we look into 2021 we will innovate further and ensure even better network security in the upcoming year and on. 

Read More
2021_Trends
Top Security Trends & Predictions to Keep You Safe in 2021
Reading Time: 6 minutes

As the end of 2020 nears we like to look back at the different network security trends which shaped this year and estimate what the upcoming year holds for us. When looking back at 2020, there was some tumult for organizations and users that were fighting different security challenges – such as ransomware, exploited VPNs, RDP attacks and exposed network attack surfaces. 

Moving forward to 2021, it is crucial to look back on what we all experienced over the past year security-wise and use the lessons that were learned. We recently sat down with different security experts and discussed the top 2020 security trends and 2021 predictions they’ve identified and are expecting to see.

2020’s Top Cyber Security Trends

Remote Work Boosted VPN and IoT Usage

Due to COVID-19, most organizations were forced to require that their employees connect to corporate resources on the cloud or to the corporate network remotely, which created a massive surge of  Cloud VPN usage and traffic across IoT devices. 

“With the flood of folks working from home this year, there was a massive rise in Enterprise VPN usage and corporate devices on home networks. There was also more focus on Internet of Things (IoT) devices and device use cases not seen in prior years, with companies forced to adapt to a landscape with corporate IT devices sharing the same network with their users’ lightbulbs and washing machines”, said Kimber Dowsett, Director of Security Engineering at Truss.

Healthcare and Finance: Attractive Targets

Healthcare providers and financial firms were victims of cybercriminal attacks more than any other sector in 2020. This isn’t surprising, as hackers tend to exploit targets that are the right combination of vulnerable and profitable.

“Financial institutions, healthcare, and related supply chains will continue to see spikes in attacks. These verticals are deeply intertwined. Early in the pandemic, we experienced firsthand how a failure in any one link impacted the entire economy. A cyberattack against these verticals will begin to translate directly to increased loss of human life”, notes Mieng Lim, VP of Product Management at Digital Defense, Inc.

Work From Home Urged Digital Transformation

While working remotely isn’t a new idea, it transformed the way people worked in 2020 due to social distancing restrictions. Working from home also helped accelerate a digital transformation among organizations which moved to update their processes. 

Avi Raichel, CIO at Zerto is of the same opinion. He says, “This past year found nearly everyone working from home at some point. Some loved it, some didn’t, but I don’t see us ever going back to exactly how it was before. Recent months have made it clear that companies are coming to the understanding (or at least they should be) that digital transformation is not an option but an absolute necessity. Stakes are higher than just 12 months ago, the risks are more widespread, and there are more opportunities for cybercriminals to succeed. This means that IT disruption caused by the threat of ransomware is something that should be near the top of the list of concerns for every CIO and every company.”

The Rise of Secure Access Service Edge (SASE) 

The biggest trend that highlighted the network security industry in 2020 was Secure Access Service Edge (SASE). SASE helps accelerate the adoption of and eases the consumption of cloud security and networking technologies.  

Cloud adoption and remote work have been triggered by the pandemic, and the introduction of the SASE model brings network security up to speed. To be sure, security services that are cloud-based have grown and will continue to grow in 2021. SASE is a technology that unifies security and networking tools from the cloud, giving IT teams the tools they need to provide secure access to corporate resources. With SASE, security gaps will be minimized via a multilayer model, and latency will be reduced with the presence of encrypted gateways near the network edge. Security and networking will now become a single solution and natively inseparable from each other, says Amit Bareket, Co-Founder and CEO of Perimeter 81.

Insider Threats Expand

Hackers and cybercriminals are becoming more sophisticated, but breaches that occur from within the organization, whether intentionally or accidentally via misconfiguration or bad security hygiene, are some of the most popular attacks in 2020.

Steve Durbin, Managing Director of the Information Security Forum  says, “One area that organizations need to deal with is the rise of insider threats, with so many unhappy employees who have been furloughed or let go from their jobs. The trust organizations are placing in insiders has grown with advances in information technology, increasing information risk and changing work environments. The insider threat is one of the greatest drivers of security risks that organizations face as a malicious insider utilizes credentials to gain access to critical assets. Many organizations are challenged to detect internal nefarious acts, often due to limited access controls and the inability to detect unusual activity once someone is already inside their network.”  

2021’s Cybersecurity Predictions

Cloud Misconfiguration Mistakes 

Cloud misconfigurations will be one of the top causes of data breaches next year. The cloud played a huge role in enabling a swift shift to remote work in 2020.

“The lack of understanding of the shared responsibility model and the security hurdles in the cloud will cause serious problems in 2021. Indeed, the global shortage of IT pros skilled at cloud management and security, combined with lack of visibility into cloud design and workloads, will make cloud misconfigurations inevitable, leading to overexposed data and breaches”, said Ilia Sotnikov, VP of Product Management at Netwrix.

Ransomware Rising

 Ransomware will continue to be the biggest threat and financial risk to enterprises. Most organizations should be very concerned about ransomware as attacks designed to hijack networks and resources are becoming highly sophisticated.  

“Ransomware is going to continue evolving, with it becoming not just a security incident but also a data breach as organized cybercrime groups also steal the data before it’s even encrypted. This means that companies are not just worried about getting their data back but also who it gets publicly shared with. Ransomware has proven to not be ethical in any way and will target anyone, any company and any government including hospitals and transportation industries at a time when they are under extreme pressure”, warns Joseph Carson, Chief Security Scientist and Advisory CISO at Thycotic.

SMB’s Will Increase Adoption of Security Services 

Over the years, many mom and pop shops were always a bit behind when it came to security risks. In 2021 that will change, as everyone – no matter the size or business model – will look to increase their business security hygiene. 

“2021 is going to be the year that SMBs finally start taking fundamental network security seriously. I am not talking about the latest AI-powered thing. There are still countless businesses running without a properly configured firewall, opening insecure ports to the internet, and leaving default passwords on devices. Attacks have become so automated that these mistakes are a guarantee to get discovered and result in a breach. You are already seeing device manufacturers pushing these changes, such as ISP modems coming with unique logins. This will start pulling IT along in the same direction as well,” says Dustin Bolander, CIO at Clear Guidance Partners.

Deepfakes and Voice Fakes Hit Enterprises

In the upcoming year, the security industry will see an increase in deepfake campaigns and other AI-generated media designed to exploit victims with a more sophisticated style of attack.

“In 2021, threat actors will move on from basic ransomware attacks and will weaponize stolen information about an executive or business to create fraudulent content for extortion. From deepfakes to voice fakes, this new type of attack will be believable to victims, and therefore, effective. For example, imagine an attacker on a video system, silently recording a board meeting, then manipulating that private information to contain false and damning information that if leaked, would create business chaos, to compel a business to pay up,” says David “Moose” Wolpoff, CTO and Co-Founder at Randori.

Threat Hunting Tools Will Gain More Traction 

Over the past few years, organizations have understood that protecting their resources from risks is essential. However, most are still using outdated solutions especially when it comes to threat hunting solutions. 

“The key to steering toward a proactive security posture with better threat hunting procedures is to look at tactics or techniques known as TTPs. Instead of waiting for an incident to happen and setting off alerts or relying purely on IOCs, TTP monitoring looks for certain behaviors that are telltale signs of an impending attack. In 2021, we’ll see a steep rise in security analysts adopting this approach. By introducing analytics to the equation and pairing them with TTPs, security professionals will be able to filter out those everyday activities. Instead of monitoring for specific risks, analytics watch for changes in patterns, which can help prevent alert fatigue that comes from too many false positives. When a business is aware of the activities happening across its network, it’s better prepared to protect itself against security breaches”, notes Andy Skrei, VP of Worldwide Sales Engineering at Exabeam.

Looking to the Future

As we close the book on 2020 we must learn from all the security experiences and mistakes to understand what worked well and what could have been better. No matter if you are a security expert or a newbie, the entire security community needs to be aware of the new kinds of attacks, tactics and trends that will likely headline the upcoming year. Organizations should start implementing the right level of security inside their organizations based on how they’ve prepared relevant tools in the pre-2021 period. We wish everyone a happy and secure 2021!

Read More
Thanksgiving-Blog-Image
5 Network Security Technologies to Be Thankful for This Thanksgiving
Reading Time: 4 minutes

Thanksgiving is the time to reflect on all we are thankful for. While 2020 may have not been an ideal year, we have decided to focus on the aspects of network security that we are thankful for in any case.

2020 was a major year for the network security industry. While organizations made the shift to working from home overnight, the inevitable move to remote work was accelerated and securing the network became top priority for IT teams.

This past year we saw improvements in network security throughout the space and here at Perimeter 81, we are grateful for all the different ways that relevant technologies and solutions have evolved in the last year.

From faster and more effective authentication technologies to remote work networking infrastructure, 2020 has proved that network security is headed in the right direction.

As we take a look at the past year and move forward, here are the 5 network security technologies we are most thankful for.

Secure Remote Access 

Before COVID-19, most employees did not have the option to work outside the office. Although remote work and the “digital nomad” lifestyle has been steadily on the rise over the past few years, it was far from the norm. 

Suddenly, in March, all of that changed, and employees were required to work from home for the foreseeable future. Now organizations have implemented secure remote access solutions that provide their employees with a fast and secure remote network connection that don’t lag. 

Most remote users are connecting to their work environments that reside on the cloud and need to be granted full network access to reach their environments. Over the past year, more organization’s are dissolving their Remote Access VPNs and providing teams with a more scalable and secure remote access solution. 

Encouraging a more user-centric model, organizations are providing their remote workers with a quicker and more secure network connection to their corporate resources and applications.

Multi-Factor Authentication

It’s 2020 and MFA is everywhere. Multi-factor authentication (MFA) is one of the key technologies in use today for verifying the identities of users. With its roots in the RSA tokens and then Google’s Beyond Corp, MFA requires that a user requesting access has not only something that they know (ie. their credentials) but also something that they have. 

This kind of verification might be carried out with a device or by an application on the user’s device like Google Authenticator, push notification to their mobile, or in the worst of cases an SMS. The hope is that if an attacker has stolen the credentials from a breach, data dump, etc, then they will be denied access when challenged with MFA.  

A large amount of today’s massive data breaches are due to the result of the lack of password hygiene that fails to provide enough protection. In the past, a single authentication login may have been enough, but as hackers have become more sophisticated it has forced multi-factor authentication (MFA) to become a must when authenticating a user. 

By requiring users to login using their account password and then go through a second step, you can reduce your company’s potential risk exposure.

Micro-Segmentation

When mitigating risks inside an organization, it’s best not to put all your eggs in one basket. Micro-segmentation in network security refers to breaking up the different data or other resources into smaller and segmented sections, decreasing the chances of an attacker gaining access to all the critical resources and applications. 

Even if hackers breach a part of a network they won’t be able to gain access to all the data on the network just a small amount. Forrester Research recommends dividing network resources at a granular level, allowing organizations to tune security settings to different types of traffic and create policies that limit network and application flows to only those that are explicitly permitted. 

Adopting the network micro-segmentation approach provides IT and security teams with the flexibility to apply the right level of protection to a given workload based on sensitivity and value to the business.

Limited Privilege Access

With everyone working remotely, providing access is key but not every employee needs access to everything. This is the idea of limited privilege access: the model that users should only have access to resources they absolutely need in order to do their job well while also respecting security. 

Insider threats or the possibility that a user’s account has been compromised are common concerns that can be mitigated if we are able to limit what users are supposed to have access to in the first place. So even while we still require verification for every user, we need to provide everyone with the minimal level of privileges that they need for their job, hopefully making it harder for adversaries to access more valuable bits of information or controls. 

By the same token, we should be monitoring user behavior throughout all of their interactions to ensure that they are behaving like they are expected to. Chances are that Steve from accounting probably does not need to have access to your users’ passwords or other sensitive data that is unrelated to his job.

Secure Device Management

Nowadays, everyone is connecting from everywhere and different devices. This has created a challenge for IT and security teams to ensure their connection is secure at all times. By providing all your employees access to every resource in your organization, they are potentially creating more points and levels of risks. 

To keep it simple, only give network access to employees that have provided and passed the authorization process for each device. By limiting access, you will be safeguarded from potential leaking of your organization’s sensitive information (personal information, financial information) of the organization that shouldn’t be seen by your entire staff.  

With machines calling in for access from around the world, verifying that each device has proper authorization is essential. These may be mobile devices belonging to employees or an AWS server, verification becomes necessary before granting them access.

As you are checking the timer while cooking your Thanksgiving Turkey, catching up with family in person or virtually and jumping for joy while watching the big game, don’t forget to be thankful for the different technologies that keep us safe this thanksgiving. We certainly are.

Read More
networking_mistakes
5 Top Networking Mistakes and How to Avoid Them
Reading Time: 4 minutes

“To err is human” and as we know, everyone makes mistakes. Some can be harmless or slightly embarrassing, but there are mistakes that can topple an entire organization. Oftentimes, we assume the bigger the mistake, the faster we will respond in order to fix it but it is important to understand that even the slightest error can have immense consequences. 

IT teams have the all-important responsibility of ensuring that the corporate network is working smoothly and securely according to the organization’s policies. It’s their job to configure and update the network to the latest best practices for networking. Whether fixing security patches or adopting the latest technology on the network and its infrastructures they have to be aware of the possible mistakes that can occur in their position.

If your IT team is inattentive or doesn’t sufficiently prepare and strategize for possible changes in the network, it can result in massive mistakes that can put the network and even the organization at risk. 

The first step to solving mistakes in IT is understanding and acknowledging that errors and mishaps can and will occur. The next step IT managers need to take is understanding what action they need to implement to fix the mistake that occurred under their watch. Instead of overthinking how these networking errors happened and what could have been done ahead of time to avoid these mistakes, it’s best to do some research on best practices that will help avoid future networking mistakes to occur. 

To help avoid possible networking mistakes, here is our list of popular mistakes that IT teams tend to make with networking and how to fix them:

Forgetting To Set Access Controls 

Most organizations are storing sensitive data and resources inside their system whether in the cloud or on-premises. To gain access to these critical resources, users need to connect to the network where the resources are located. If access controls policies and regulations are not set properly then it will allow unauthorized users to easily gain access to the critical resources. 

To prevent any unauthorized access to your network environment and resources, IT teams need to implement the right amount of access control regulations. By implementing the proper access regulations it will prevent unauthorized users from gaining access to your organization’s network and resources. By enforcing access controls inside your organization, users will be only able to access the network and resources that they need to do their job. 

Ignoring Communication 

Communication is key, especially when it comes to working in networking. Despite IT managers working in a field where data is being communicated between devices and networks, many networking professionals are lacking proper communication in their day-to-day job.   

Neglecting proper communication occurs across all the different management levels of networking. When new features need to be applied to network infrastructure, or if a network security solution is being integrated, there must be open communication between the IT team and the rest of the organization. Without any communication, it could create massive mistakes which can increase security risks or internal setbacks. 

Overlooking Network Device Logs 

When possible, it’s best to have complete visibility of the network. Luckily, networking device logs can provide IT managers with better visibility into their users’ network activity. Network professionals at all organizations should be continuously checking their user’s network device logs. Each user device generates different logs that provide network visibility information that can help IT managers gain a better picture of the network. 

If the network team overlooks logging and ignores to collect the information in the logs of the network devices, then they are making the mistake of gaining valuable network insights in their organization’s network. To fight off these mistakes, it’s best to use networking solutions that come with an event logging feature (SIEM) integrated within the solution. IT managers will have a better understanding of the user’s history, network event logs, security events, and a more complete network visibility.

Not Expecting Any Updates to a Network

Organizations are more agile than ever before. Launching new features, applications and updates weekly. With every new launch, another situation is created where the organization is relying on the network to operate normally. This creates the situation for IT managers to be ready for any changes that are thrown their way. The IT team needs to anticipate every kind of change or integration to be added to the network before it occurs.

By strategizing ahead of time for different changes on the network, IT managers can account for network scalability and network space needed for future changes inside the network.  By planning ahead, IT managers will be ready for any kind of update on the network no matter the situation. 

Neglecting to Update Network Device Passwords

Passwords are seen as one of the most common forms of security, and they can be highly effective when used properly to protect the privacy of data stored on networks. When installing a new device on a network, the first thing that IT managers need to do is to update the password on the device from the default password that came with it. While this task might seem negligible, too often security teams forget to update the password, putting the organization’s network security at risk. 

No matter the level of the device, each password should be unique and be updated every few weeks. Implementing a stronger password-protection company-wide policy with periodic expiration of the password and multi-factor authentication can provide an additional layer of security against hackers.

While these five networking mistakes happen more often than any IT manager would like to suggest, with proper strategy and understanding of possible networking mistakes will allow IT teams to work more productively without worrying if they are in the wrong.

Read More
IT Report Banner
What Do Successful IT Leaders Identify as Their Top Remote Work Challenges?
Reading Time: 5 minutes

Network security is our expertise at Perimeter 81. With this in mind, we are excited to announce that we have released our State of Network Security report for 2020. The purpose of the report was to get a better understanding of the different secure network access challenges, facing IT managers from companies of all sizes and industries. We sought to determine the key IT and security insights they encountered since the shift to remote work, and the result provides insights into the IT landscape and how its leaders think during these transformative times.

The COVID-19 Pandemic Accelerated Remote Work

2020 has proven how important network security truly is. Due to COVID-19 health concerns, businesses were required to enforce company-wide work-from-home policies overnight. For many organizations, this new reality found entire teams working remotely for the first time ever. It was common for employers to focus the first two months of quarantine on ensuring that employees were healthy, devices were connected and projects continued to move forward, all while adjusting to the home becoming the new office. Now, with no real end in sight, businesses are facing the possibility that they will be managing their remote teams permanently, at least for some portion of the traditional workweek.

More than ever remote work is now considered a key element of effective business operation due to results including greater agility, employee satisfaction and productivity, and reduced costs. This incoming shift has created an unprecedented set of challenges for IT managers, however, who may not have experience leading their businesses’ networking and security remotely. 

With more employee devices and endpoints, IT teams are experiencing the challenge of lower visibility and potential network exposure, as their legacy security infrastructures can’t cover an increasingly dispersed and cloud-reliant workforce. With each passing month, IT and security teams are implementing more cloud-based SaaS vendor solutions on top of their network. While this may help businesses gain agility and boost productivity, it comes with security and networking challenges that must be addressed sooner rather than later.

Key Takeaways From The Report 

IT-report-

Majority of Organizations Poised to Adopt Cloud-Based Security Solutions

As technology advances by the day so do business networks. Thanks to the cloud, networks are now faster and more accessible than ever. However, as more devices connect and transfer large amounts of data between off-premises resources, it puts a massive obstacle in front of IT and security teams.

IT-report-2

These obstacles exist because until now, IT secured remote workforces with legacy technology, which creates bottlenecks and limits network visibility in situations where workers exclusively connect from home. Legacy solutions like VPNs – currently in use by 66% of IT managers – and firewalls make security difficult, because they are unable to scale to many different connections, each with various characteristics and risks.

To ensure that their growing number of remote employees are connecting securely to their hybrid-cloud network, no matter where they work from, IT and security teams are overwhelmingly looking to adopt secure information access solutions to replace or complement their legacy tools. This has meant an embrace of cloud-friendly security for a multitude of reasons.

IT-report-3

According to IT managers, their organizations are now more likely to invest in modern, secure information access solutions to support the remote workforce. With it they can complement their existing cloud infrastructure and replace old solutions that limit agility, security, and cost-effectiveness.

Increased Remote Worker Productivity But Network Performance Presents Obstacles

With remote work further ramping up investment in the cloud, companies are now concerned with making their hybrid-cloud networks as efficient as possible. The cloud is already beneficial in terms of reducing infrastructure costs and boosting accessibility for remote workers, but to maximize ROI, organizations want to help employees using the cloud perform as best as they can. For many, this has meant achieving the same low latency conditions that workers used to experience when they accessed resources that were hosted nearby.

In a network that’s accessible to remote workers, a wide array of different connections occur simultaneously across multiple resources. Unsurprisingly, for the majority (43%) of respondents, latency is sometimes experienced across these networks. This comes in the form of lag time when users connect and input data or commands into applications.

IT-report-4

Scalability, Budget Top Challenges for IT Leaders as Remote Work Becomes Permanent

A corporate network that is optimized for remote workers is crucial for satisfying operational goals and ensuring business continuity in the “new normal”, but these aren’t the only concerns for a growing company. The survey results reflect this idea well. Because new resources (such as SaaS applications) and users are added to the network as the organization matures, the scalability and visibility of user access enters the picture.

IT-report-5

With time, it’s possible for IT to make any remote access solution work well for a static number of apps or users. If they don’t do it in a scalable manner, however, the team must invest similar effort every time the network changes slightly. Accordingly, when asked about obstacles in the way of a secure remote workforce, most companies agreed that difficulty finding a scalable technical solution will likely loom the largest.

IT-report_5

Another interesting takeaway is that scalability and budget availability are neck-and-neck regarding secure remote work challenges, at 39% and 38%, respectively. In many ways, this makes sense: What’s the point in finding a scalable remote access solution if there’s no room in the budget for it, or alternatively, what’s the use in a non-scalable yet affordable solution?

Ultimately, workforces everywhere are already embracing the remote work status quo, and organizations have added tools that help them do their jobs from anywhere. The issue has then become how to increase the efficiency of the remote work security apparatus now that it’s in place.

Final Thoughts 

Remote work is here to stay, during and after COVID-19. The change it’s had on the business world, or more specifically the information technology supporting the business world, has IT managers thinking differently than they once did. Data gathered on various topics posed to these managers, surrounding remote work and networking trends, gives us a glimpse into how decision-makers in the industry see things moving forward.

Read additional valuable takeaways from this research and access the full report 

Read More
cybersecurity awareness month
5 Security Tips in Honor of Cybersecurity Awareness Month
Reading Time: 3 minutes

Each October, security professionals kick off Cybersecurity Awareness Month. First launched by the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security in October 2004, Cybersecurity Awareness Month is helping internet users all over the world stay safe and secure through awareness and training.

In 2020, cybersecurity awareness has taken on a new meaning. While in the past, IT and security teams have carried the main burden of securing their organization’s network, data, and resources, the last six months have proven that this is not enough. Now that home is the new office and entire organizations have shifted to remote work, each employee shares equal responsibility for the safety and security of their company’s network.

Before the transition to working from home, it may have been enough to require employees to lock their computers when leaving their desks, or enforce frequent password updates. Now, each employee has become the CISO of their home office, and most of them lack the proper training, opening the door to security hacks and breaches with simple mistakes.

Cybersecurity awareness and training for employees has always been important, but with the work from home model here to stay, CISOs and IT managers have been adjusting their business continuity plans and cybersecurity strategies accordingly. Whether working from home, from the office, a combination of both, or on the go, employee awareness should always be at the top of the security team’s mind.

In honor of Cybersecurity Awareness Month, we’ve compiled our top 5 tips for protecting your organization’s network and employee data, whether your workforce is remote or back in the office.

1. Increase employee awareness

“Only amateurs attack machines; professionals target people.” This quote by famous cryptographer Bruce Schneier in 2000 is still true 20 years later. Hackers seek out vulnerabilities in human beings – phishing attacks, social engineering, weak passwords, etc. Making employees aware of the different types of attacks and explaining their significance will put employees on alert to questionable links and downloads. Instilling the idea of shared responsibility among all workers is paramount to protecting everyone’s sensitive information.

2. Train employees on an ongoing basis  

The Aberdeen Group found that security awareness training for employees can reduce the risk of socially engineered cyberthreats by up to 70%. However, they emphasized the importance of ongoing training to counter the different methods of cyberattacks that are constantly evolving. It is important to not only make your employees aware of the various risks, but to have ongoing training that is both engaging and interactive.

3. Implement a Zero Trust solution

Even the most security-aware employees might occasionally drop the ball. The Zero Trust model means that no one is trusted by default from inside or outside the network, and verification is required from everyone trying to gain access to resources on the network. While we want to believe that everyone in our organization is trustworthy, we can’t make this assumption. Limiting access to resources to only those who are authorized can significantly lower the risk of attacks and data breaches.

4. Audit and monitor your network

Log management plays a key role in your digital security strategy. Collecting logs and monitoring your network is important in order to respond to a security incident in real-time. Complete network visibility is pertinent in order to focus on network events of interest and react accordingly to potential threats. Additionally, collecting logs and monitoring your network will help you to learn employees’ behavior and to adjust your training and awareness plan accordingly.

5. Ensure that your security strategy is user-friendly 

End-users should not be preoccupied with security issues yet must be able to adhere to the guidelines laid out by the security team. Adopting user-friendly solutions presented clearly and effectively (and not highly-technical documentation that will be lost on the average layperson) is paramount in having employees cooperate with the security strategy.

While your organization may rely on the security and IT teams to create and implement a strategy, employees share responsibility to adhere to the guidelines set out by security professionals. Above all, educating employees and increasing awareness will help your team manage cybersecurity risks and vulnerabilities. If everyone does their part, we decrease the risk of data hacks and breaches, creating a safer world for everyone.

Read More
work_from_anywhere
Can You Prove ‘Work From Anywhere’ Employees Are Secure?
Reading Time: 5 minutes

Before 2020, the idea of working from anywhere wasn’t the way most companies operated. A small number of open-minded organizations were the early adopters of a more flexible way of working but not many. Despite further adoption of remote workers, popular tech giants, corporate companies, and even startups weren’t as open to the idea.

While working remotely isn’t a new idea it has gained more traction in recent years due to an expanding array of benefits for organizations and their employees. Some of the benefits include increased work productivity, better retention of employees and cost savings. One of the key benefits that people tend to forget is work-life balance. As organizations allow their employees to work from anywhere they choose, whether it’s from home, a cafe, or even a different country, the flexibility of where and when you want to work can provide employees a mindfulness that adds to productivity and job satisfaction.  

buffer_report

More disparate branch offices and employees isn’t the only factor that is encouraging more organizations to go remote; we can’t forget about the technology. The idea is like the chicken and the egg: technology has advanced remote workforces and remote workforces demand more powerful technology. With the help of tech advancements made on behalf of remote workforces and the modern shift in our collective work culture, the future of work from anywhere is brighter than ever.

From a Benefit to a Necessity

Before COVID-19, most organizations saw remote work as a benefit to dole out to trusted employees, and less as a necessity. This has been thrown out the window in our current pandemic driven lifestyle. Over the past year, we have all experienced this idea – that in some way part of our professional responsibilities have gone mobile, and that is may likely become the new norm.

Close to 70% of businesses are in favor of shifting to work from anywhere permanently. Ironically, some of the major tech giants who were originally against working from anywhere have become its biggest supporters, largely due to their success during the pandemic. By 2030, Facebook said it expects that at least half of its 50,000 employees will be working from home permanently.

While the idea of everyone working from anywhere sounds ideal, it’s not without challenges. One of the most pressing is that it creates many security and networking obstacles for IT teams. IT managers need to protect hundreds or thousands of users, devices and faraway cloud applications even when they have no idea where users are connecting from – and even worse – who they are or what they’re doing in the network.  

This ongoing challenge has frustrated every security professional in every organization since early March. When their users suddenly were forced to work from home, IT teams scrambled to make sure these users could easily and securely connect to their network and resources overnight. They also discovered that the task was harder than initially anticipated.

Working from Anywhere Comes With Network Challenges

While the idea of working from anywhere comes with many benefits, organizations need to implement the right technology that will offer users a fast and secure network connection that isn’t lagging. Most remote users are connecting to their work environments that reside on the cloud, so security teams need to make sure that their security model can provide connections that are both secure and fast, no matter the location of the user. This means doing away with outdated security models.

By offering a more user-centric approach for secure network access it will allow for quick and secure connections to corporate resources and applications. Organizations that continue with the site-centric approach will be stuck with slower connection speeds which will result in decreased productivity for their workforce – and no stronger security to show for it. 

Organizations that will continue to depend on outdated network security technology will experience ongoing difficulties to the endless number of perimeters and endpoints that come with the transition to remote work. By not offering more modern and cloud-friendly network security policies, organizations’ attack surfaces are wider, and leave more doors to critical resources open for hackers. 

Even if it’s an easy social engineering attack or a spear-phishing attack, when not adopting the most up-to-date network security technology, organizations are not equipped to adequately protect a growing pool of remote employees, roles and identities, devices, and sources of data. This has forced many organizations to ask themselves how they can secure connections to the cloud when employees are working from outside the office.

Organizations Need to Be Security Ready for the Unthinkable

Organizations need to rethink how they will offer their remote workers secure access to work applications and resources. Until recently, the average organization forced employees to work with a VPN to gain remote access to corporate resources on the cloud. While this was a good idea at the time, this approach creates challenges such as latency issues when users are exclusively remote. A domino effect occurred which also reduced visibility over the organization and therefore risked compliance as well.

Instead of neglecting the proper up-to-date network security technology, organizations need to get with the times and adopt cloud-edge-based, secure remote access solutions that can integrate with the resources in use within the organization and help segment them for custom access policy. Automated policies, monitoring, and edge-networking deconstruct the barriers that previously bottlenecked IT and standard workflows. Companies can also be sure that their remote employees will stay productive no matter what unforeseen situations arise. 

The Hunt for the Right Security Solution for Remote

Organizations can adopt what they think is the right solution for secure remote access, but there will always be a risk of data exposure to attackers. It’s essential that organizations understand which network and security features are best suited to their ‘work from anywhere’ workforces. 

Here are three key features that every secure remote access solution should provide for better secure access.

Complete Network and Data Visibility

Full visibility of corporate resources, data and network are critical when working with unmanaged devices. When organizations don’t have the capability to clearly see and manage user network activity to all company endpoints, it reduces agility in threat response, which can result in hackers gaining data access within the network to exploit it. 

It is vital that the organization’s IT teams are provided complete visibility and control over data across all resources on the network. By adopting a software-defined solution that promotes interoperability within cloud and local resources, organizations can ensure that unauthorized access from malicious actors is harder to obtain and more visible should it ever occur. 

Identity and Access Management

Identity and access management should be a requirement for all secure remote access solutions. By implementing identity and access management solutions like multi-factor authentication (MFA) IT teams can put an extra verification barrier in front of would-be attackers. What’s great about MFA for organizations is that it requires their employees to provide a second form of identity verification that authenticates identities to ensure the user is who they say they are.

Organizations should also require that employees implement a single sign-on (SSO) feature as it securely authenticates users across all their cloud applications with one (strong) password. By simplifying the authentication process for remote workers, security and efficiency are a result. 

Agentless Security

Organizations should implement agentless security when protecting corporate resources and data for their remote workers. IT teams that are continuously using agent-based tools or solutions will require ongoing software update installments on remote devices which will decrease productivity and the privacy of each device. Organizations that adopt agentless tools will help IT and security teams to offer their remote users better compliance and security without needing any updates on the user side. When network teams take advantage of agentless security, they provide a more agile and seamless work environment for remote workers.

Future of Remote Workers

As working from anywhere is here to stay, IT and security teams need to look at the current status of their network solutions and understand the different roadblocks they put in front of remote workforces – and their security. It’s important to clearly understand what’s working and what isn’t and to quickly acclimate to the new network shape that we all experience. By enabling less obtrusive security that suits remote workforces, companies are safer and more agile, bringing operational goals in line with IT.

Read More
Can Companies Afford IoT Inclusivity?
Reading Time: 4 minutes

The Internet of Things grows more massive with each passing year, as devices gain internet connectivity and impart new convenience on our lives – and in many cases new novelty. No matter if the “thing” in question is a manufacturing robot or a Brita that automatically reorders filters upon expiration, if it can receive instruction from and send data to the greater internet, then there’s an IT guy somewhere worrying about how it may expose his or her network.

This goes double for IT personnel in companies that make good use of IoT for work purposes, but bad use of IoT security by neglecting to factor in the network’s exposure. Addressing this idea is now part of IT’s list of responsibilities, and when creating a plan for how to walk the line between trusting IoT and being wary of it, multiple factors come into play. Thankfully, this part of the job is getting easier.

IoT’s Slow Security Onboarding

IoT is useful for countless industries, and its benefits far outweigh security risks in any circumstance. In healthcare, for example, IoT data is used to more deeply understand what conditions patients are in, and how practitioners should respond. Internet-connected devices that record patient outputs such as heartbeat, blood pressure, blood sugar levels and other biological metrics feed their data to centralized IT systems, telling hospital admins where frontline staff are most urgently needed, and how.

But IoTs vital role in cases like these is also its weakness. IoT boosts mobility in many business environments, so much so that security is something that it has always grappled with as an afterthought. For businesses, the advantages of IoT have meant securing these devices is a second step, and the world is slow to wake up to the careful security deliberation that IoT requires. Ransomware, for instance, used to be hardly considered a credible threat to networks.

Ransomware attacks on IoT devices were long thought of as low-value for hackers and therefore not a pertinent worry for IT, given that these devices had little to no information on them (mostly in the cloud). There are also so many types of IoT devices that the economics of hacking them doesn’t work in the hacker’s favor – it’s too expensive and not worthwhile. Besides, even those hacked would likely never pay the ransom, because IoT devices aren’t known for having screens that relay information (like a ransom note).

Increasing IoT Popularity Opens Paths for Attack

However low-value IoT devices used to be, they’re now ubiquitous and hold a lot of importance for critical business functions. Security implications have changed as well, as hackers have changed their strategy, and no longer seek to crack the devices for their data but to interrupt these functions and create urgency and the risk of lasting damage. Take for example the IoT controller that adjusts how much of certain ingredients are added to drugs, an IoT-connected pacemaker, or a hacked power grid controller that determines electricity consumption for a small town. The ability to power these down or alter with their settings is dangerous enough to justify a ransom.

Traditionally weak entry points on IoT devices need to be shored up if we want IoT benefits to continue to outweigh its risks. However, most of the time patching is on the manufacturer, and low prevalence of hacks thus far has prevented manufacturers from acting with urgency, so companies using IoT devices are often unprotected from within and without. The internal awareness isn’t there yet, with many IoT connections unencrypted when connecting to the network, offering hackers a way inside when the device relays to or receives info from the internet. 

In the split second it takes for the device to grab data, hackers can slide in undetected and set up shop in an undefended company’s network. Hijacked or rogue IoT devices were present in over 46% of companies this year, according to a report on “shadow IoT” devices found on their corporate networks, demonstrating just how prevalent this dangerous exploit is. 

IoT Security Solutions Must Provide Visibility

Fortunately, most of the issues stemming from IoT come from how invisible they are on the network, and how unrestricted their permissions tend to be. IoT devices are easily discoverable by hackers, even using public resources like Shodan, so they must be at least this visible to internal IT teams as well. The key to allowing IoT freedom to participate in the network but also to respect its boundaries resides in some of the components of a single solution – Secure Access Service Edge – which was introduced just last year and seems nearly purpose built for IoT.

SASE is a cloud-based networking and security product, unified in its functionality and present on the edge of an organization’s network. A foundation of SASE is software-defined networking ideas, which are more inclusive to a variety of devices connecting to the network because there is no hardware setup required, and cloud nativity to easily match the infrastructure of any ecosystem. When an IoT device connects to the network, it will be easily visible in the cloud admin panel, but more importantly this identification also empowers IT to set identity-based access policies, which limit the extent to which specific parts of the network are exposed to these endpoints.

Enforcement is also about security and not just about how much attack surface is laid bare to IoT devices. Pushing all networking through a centralized, software-defined system also enables IT to demand all network connections happen through encrypted tunnels exclusively, so any IoT device (or company laptop, or mobile phone) that isn’t encrypted cannot connect to the network in the first place. It also helps IT layer even more security on top of IoT devices, even solutions like SSO, so that password management across thousands of devices will finally be feasible (and safe).

Why SASE Brings IoT Home

The combination of visibility, network access restriction, and security enforcement for IoT devices gives SASE a winning use case, and it’s already making headway. Internets, whether world wide webs or “of Things”, are deep and murky. Companies pushing for maximum interoperability can be free to brave the IoT waters confidently with SASE to help them stay on course, and avoid the icebergs lurking out there for us all.

Read More
intent_based_networking
Programming Intent: IT Teams Take a Shortcut to Better Security
Reading Time: 4 minutes

In today’s fast paced business world, organizations have been forced to become more proactive and faster to react to their customers’ requests. Despite this shift to a more agile business mindset, IT and security teams have been slow to catch up. 

Today, these teams are often forced into a no-win scenario. They are constantly critiqued about how fast they can deploy their organizations’ applications, features and network augmentations, while also making sure the data is secure from an increasingly threatening landscape. This is much harder to manage than one might think.  

When rolling out a new feature or application to the cloud, the time table that ensures security and segmentation complement one another often spans from days to weeks. But it’s all worth it: Syncing security and communication between applications plays a major factor in ensuring that unauthorized access will not occur by malicious actors.

To refrain from adding new vulnerabilities with each new feature, teams will run through hundreds of different in-house security checkpoints before deploying on corporate servers. Ignoring any of these policy rules can create major security and networking risks for IT and security teams, even if it means faster deployment and pleased superiors.

Instead of looking to cut corners on security policies or worse – build a burdensome and ever-growing security checklist – IT teams need to be more communicative about the different challenges they encounter when working on a project. The moment they have an idea of what their intent is for deployment, IT teams need to know how to communicate this and translate it into automated changes that occur on the network level. This is where intent-based networking comes into place.

What is Intent-Based Networking?

       Image Credit: Cisco, 2018

Intent-based networking is the idea that IT teams need to simply explain what their intentions are and devise how the network can easily translate their intent into policy. This means creating suitable configuration settings across the network environment while relying on the use of automation. 

Until recently, this task required hours of manual effort by network engineers to modify each server and device that would be affected by each change. Intent-based networking increases the speed at which implementations happen and leverage machine learning and AI to make sure that the newly deployed applications are behaving as intended.

What makes intent-based networking crucial for agile IT teams is when automated policies fail.  Intent-based network systems then recognize the failure and notify the networking team to suggest an action that will aid the reconfiguration process, once more ensuring the networks are compliant with the organization’s policies. 

While intent-based networking is still being designed and adopted by different organizations, the roots for intent-based networking are in front of our eyes. Early adopters of Software-Defined networking are already familiar with automated network access policies, for example, and more will soon see the benefits of intent-based networking architecture.

To deliver proper intent-based networking, organizations must include these three key elements:

Intent: The first and most important element is intent. In simple terms the “intent” is what you want to accomplish, it’s what you want the objective or outcome to be. The intent is communicated via the network system, which translates it into a policy that can be implemented across the network no matter which infrastructure is deployed. Intent is therefore itself supported by technology and prearranged processes. The idea is to simplify all operations and compliance conditions into policies that define user access level and security while also providing a more continuous understanding of the network. 

Automation: Once IT teams have established their intent and policies, it’s key to success to automate all processes if possible. By adopting automation network teams save time when implementing current and future changes that are needed on the network. As organizations grow in the number of employees and other new factors (IoT, remote workers and the cloud), automation will be a vocal element to help network admins reach the business and security demands of the organization.

Assurance: The last element but possibly the most crucial is the ability to assure that services put in place are working. Assurance begins with complete network visibility throughout the network and connected endpoints. The intent and visibility shouldn’t be only limited to devices but in fact should provide complete visibility of the user’s interactions with machines, applications on the cloud and the user’s location. 

The intent-based networking system will need to provide network-wide interactions and offer the option for predicting the results of changes with the intent and policies in place. To achieve this network environment, machine learning and AI are required. By enforcing real-time detection in the network your organization will be able to mitigate risks in a fraction of the time. 

Moving Forward with Intent-Based Networking 

As the network expands and more sophisticated security risks evolve, the importance of adopting a more agile intent-based network will become more clear for organizations. It will offer IT teams a system that allows them to detect and respond to incoming threats on the network while leaning on responsive policies that will provide another layer of defense versus attacks.

Most importantly to executives, intent-based network security in place provides organizations the opportunity to invest their attention in more pressing business needs, while being able to assume that network applications are being maintained and managed automatically. Total forward momentum on the business end, without leaving security behind.

Read More