2020 Predictions

2019 Security Trends & 2020 Predictions That Will Shape Your Organization’s Strategy

Reading Time: 5 minutes

As we commence a new year and century, we tend to look at the different trends from the previous years and think about what the future holds for us.

When looking back at 2019, it was a wild run for organizations that were fighting different challenges such as cryptojacking, phishing, ransomware and making sure their critical resources stayed in the clear from hackers. However, not everyone stayed safe in 2019 as we saw different organizations fall prey, for example, the Capital One breach. As we move forward it is important to dwell on what we experienced, take those lessons, and implement them in order to improve your organization’s internal and external security.

Looking forward to 2020 and beyond, organizations will need to be prepared against attackers who will create and implement different kinds of attacks. We talked to different security experts who explained what 2019 trends and 2020 predictions they’re most excited about seeing in security in the upcoming year.

2019 Network Security Trends

Insider Threat Attacks

Hackers and malicious actors have a massive resource pool available to them which helps them easily access an organization’s networks and resources. One of the most popular kinds of attacks in 2019 was insider threat attacks.

“The insider threat is one of the greatest drivers of security risks that organizations face as a malicious insider utilizes credentials to gain access to a given organization’s critical assets. Many organizations are challenged to detect internal nefarious acts, often due to limited access controls and the ability to detect unusual activity once someone is already inside their network. The threat from malicious insider activity is an increasing concern, especially for financial institutions, and will continue to be so in 2020.” – Steve Durbin, Managing Director of the Information Security Forum

More Data Privacy Regulations

“With new legislation such as CCPA for California Residents and previous regulations such as GDPR, Data Privacy and Compliance are huge issues for 2019. There is an ongoing focus on protecting consumer’s personally identifiable information (PII) and a lot of companies are falling short. If each person took five minutes to run an internet search, they would likely find a wealth of information about themselves on public websites that they didn’t know existed. This will continue to be a problem in 2020 as not all companies will comply with privacy laws and some companies will continue to sell people’s personal information for profit.” – Courtney H. Jackson, Founder & Chief Information Security Officer (CISO) at Paragon Cyber Solutions

5G leading to More IoT Risks

With the rollout of 5G, we have seen more data than ever before being gathered from IoT, to protect access to those devices, IAM solutions for IoT will be a major need in 2020.

“With the opportunity of higher bandwidth provided by 5G, there are emerging threats, to name a few, that threat actors will dedicate more effort to hijack these devices for botnets for DDOS, malware distribution and recognizance of the target organization.

Enterprises should start planning now to protect this type of asset that is often forgotten, leaving them unmanaged from a security point of view and a low effort entry point for an attacker, often combined with the device vendor unwilling or unable to patch known vulnerabilities. This lead to a continued spread of Mirai botnet and their clones across the globe in 2019, three years after the threat was identified it is still a danger, given the current trend, I predict we will continue to see them grow in 2020.”- Fausto Oliveira, Principal Security Architect at Acceptto

2020 Security Predictions


Ransomware has always been a continuous threat to organizations over the years and in 2020 and beyond we will see many businesses and users in the financial sector become a more popular target by hackers.

“We will continue to expect to see more ransomware attacks on healthcare, education, and government sectors due to the large ransoms and success over the past year. Additionally, several ransomware groups have started to exfiltrate data in order to force victims to pay ransoms as many organizations started to ensure that they had good backup systems in place and avoided paying ransoms. But with this new twist to ransomware, companies now face the release of information and a data breach.“ – Shannon Wilkinson, CEO of Tego Cyber

Increasing Automated Security

There’s a huge shortage of skilled cybersecurity personnel, several million worldwide according to some reports.

“To make do with too few skilled resources, more companies will explore and expand security automation initiatives. In recent years, a whole market has emerged for Security Orchestration Automated Response (SOAR) platforms which enable teams to orchestrate and automate security actions to get more done in less time and with less manual effort. In 2020, look for greater adoption of SOAR platforms and automated playbooks, as well as for SIEM and Threat Intelligence Platform vendors to add more SOAR-type capabilities.” – Atif Mushtaq, CEO of SlashNext

Shadow IT

Over the past decade, many organizations have considered “shadow IT” as one of the key risk trends expected to change the way we think about security risk. As we enter 2020 and the next decade, shadow IT will become not just a trend but the native way we do business.

“Organization, from the largest hospital systems to rapidly-growing startups, will have an ever-growing set of thousands of external, cloud-based software systems, or externally managed dependencies introduced into their systems and software. It will be critical that companies understand which type of data they are sharing and with which third parties – and the security postures of those third parties.

In order to mitigate the risk in this fundamental change to the way we do business, information security organizations will need to support all areas of the business with more efficient processes and practices so everyone can make informed, risk-based decisions about the software they use and how to manage it securely – in line with a shared responsibility model.” – Ben Waugh, CSO at digital health firm Redox.

Unified Security Platforms

Today the majority of organizations are continuously adopting many different kinds of security solutions. Most of them are outdated, hard to manage and no longer relevant to the modern world and its new threats. The idea of a unified security platform will be introduced in 2020.

“Modern organizations will need to adopt Saas based unified cybersecurity platforms that are easier to implement and manage inside the organization’s environment. Moving forward, instead of using different vendors for different security needs, I believe IT managers will prefer to implement a central security system that provides complete visibility of its networks to help the cybersecurity analysts identify threats and respond in real-time in case of an incident. This concept presents the idea of having one platform for all solutions which provide the idea of a  one-stop-shop to consume cybersecurity.” – Amit Bareket, Co-Founder and CEO of Perimeter 81

Looking Past the Predictions

When looking back at 2019 and even earlier, we must learn from our previous security experiences and mistakes to learn what worked well and what didn’t. However,  looking into 2020 and forward we can’t depend on outdated tactics to fight off hackers and attacks.

The security community as a whole needs to stay informed daily about the different kinds of attacks, tactics and trends and start implementing them on an organization level to stay safe in 2020. We wish everyone a happy and secure 2020!

Read More

Gartner SASE: Transforming Network Security

Reading Time: 4 minutes

SASE is now doing to network security what storage devices did to the IT space.

SASE was coined in late August by leading Gartner security analysts Neil MacDonald, Lawrence Orans, and Joe Skorupa. They published the “The Future of Network Security Is in the Cloud” report, which discussed for the first time a new model for network security which will change the way organizations secure their networks and data. This model is called Secure Access Service Edge (SASE).

SASE was announced as the emerging technology model that will shape network security in the upcoming years. Gartner believes that SASE will change the network security industry, similar to how IaaS changed data center architecture. Despite being just introduced, the emerging SASE market is becoming apparent. In the report, Gartner says by 2024, at least 40% of enterprises will have security strategies that will require the SASE model. The concept of the model is to create and provide a secure cloud environment that is fully integrated into one’s network.

Cloud Services Adoption Requires Better Security 

As the majority of organizations are moving to the cloud and adopting different cloud services, they are quickly learning network security isn’t so simple. The traditional network security model was built on the idea that organizations should send traffic to corporate static networks where the necessary security services were located. At the time, this was the accepted model due to the majority of employees working from site-centric offices. 

The idea of more user-centric networks is changing the traditional network we once knew. While people are now working more remotely from home, cafes, as well as around the world the standard, hardware-based security appliances we’ve depended on are no longer adequate in securing remote network access

With the widespread adoption of cloud computing, organizations started to see the increase in employees becoming nomads. As more digital workspaces increased, the static network model became a thing of the past. This new approach presented an increase in network security issues. While static network security solutions provide a level of security for most organizations, a fundamental transformation is essential. However, this network and resources digital transformation haven’t provided a smooth transition. 

Organizations have implemented cloud services with traditional hardware security solutions such as firewalls, SD-WAN devices, and other security products. This attempt to work with both outdated security solutions and cloud services has created more problems than solutions. How can organizations moving forward combine their hardware and cloud security solutions? 

The cyber security and network security solution space is highly segmented with an endless amount of different solutions by security vendors. This is creating a massive headache for organizations that are trying to smoothly integrate these solutions in their network environment. Instead, the entire cybersecurity space needs to converge to provide a more holistic cybersecurity approach. This is where SASE is introduced. SASE allows organizations to have a software-based and service-based network that will provide a unification of different security solutions approach. It happened with the IT space with storage devices and it is now happening with the network security space with SASE.

What is SASE? 

Secure Access Service Edge (SASE) is the cloud architecture model that combines the different functions of network and security solutions into a unified cloud security platform to be delivered as a service without any or small amounts of hardware and appliances involved. The new cloud architecture model which is transforming how the cloud will integrate more smoothly with outdated security technologies all in one network. SASE provides organizations the opportunity to securely connect to a single network where they can gain access to physical and cloud resources – no matter their location.

SASE enables IT security solutions to provide a more holistic and agile service for business networking and security for its customers. What makes SASE innovative and disruptive is the idea of how it will transform the way network security is consumed over traditional products and cloud services. 

SASE Is Networking

Unlike traditional networking, SASE is removing the outdated network idea of site-centric to a more user-centric mindset. Instead of organizations connecting their networks and resources under one branch to a central office, the SASE model suggests that businesses should instead connect their employees and networks on a more user-centric level to a cloud-based service. 

In the past, the majority of networks for organizations were pinpointed at the central data center for user access. While this approach was implemented by global organizations, Gartner suggests that this site-centric approach is outdated and not effective as organizations are turning to edge platforms, SaaS solutions and cloud services. While the concept of organizations providing a data center for user access won’t disappear overnight its will become less relevant as the majority of services are moving to the cloud. 

According to Gartner, SASE provides organizations of all sizes many advantages over traditional security technologies such as better flexibility for users and IT managers, more affordable network costs and greater performance. 

SASE Means More Security Features

While current network security solutions emphasis on very specific features in their product, SASE creates the opportunity for security services to provide different security features than their initial offering. One of the key additional security features that SASE can offer is Zero Trust network access. 

Due to the SASE model, which is not dependent on an IP address or location of a user’s device for policy enforcement, organizations can implement the Zero Trust approach for consistent and secure network access and policy enforcement. 

By enforcing the Zero Trust approach for identity user access ensures policy enforcement and protection for all users, devices, applications, and data, regardless of where they’re connecting from. This user-centric approach makes the verification of authorized entities mandatory, not optional. By implementing a holistic security approach with the SASE model will provide a more flexible and adaptable versus any potential network risks moving forward all organizations no matter the size. 

Is SASE the Right Model For Your Organization?

For each organization the successful network security depends on the right solution, organizations can feel confident that they can implement the SASE model without needing to modify the existing network.

With secure, segmented and audited access to cloud environments, applications, and local services, Perimeter 81’s SASE service increases security, auditing, monitoring, and visibility while reducing help-desk support and hardware spending.

Read More
How Employees Open the Door to Hackers (and how to prevent it)

How Employees Open the Door to Hackers (and how to prevent it)

Reading Time: 5 minutes

With every passing day, we are seeing more and more security breaches announced globally. Whether it’s the massive Capital One data breach or the latest CafePress data breach, organizations of all sizes are being targeted and breached by malicious actors. While these breaches grab headlines, reporters are constantly highlighting the hackers, information or the failure of technology. 

These stories may be exciting for your casual reader, we should be asking ourselves what is the real reason these breaches are happening. Unfortunately, companies prefer not to admit to it but the reality is that breaches, no matter the size, tend to be caused by a mistake from someone inside the company.

According to an industry report by Shred-it, 47% of business leaders cited human error as the main cause of a data breach at their organization. These simple but harmful mistakes are hurting organizations financially and ruining customer’s trust in their service or product. One of the main reasons for these mistakes is that far too many employees are not fully aware of the security policies implemented at their company. By not following these security policies, employees are lowering their guard and presenting an easier target for hackers.

Remote Workers: Ideal Target for Hackers

The adoption of remote workers for organizations is increasing by the day. More and more companies are hiring remote workers and allowing employees to work on the go, which presents an increase of potential security risks. For example, when remote workers are using an unsecured public Wi-Fi network, it provides an easy path for hackers to gain access to your organization’s critical resources and network.  

When allowing employees to work remotely, organizations must clearly outline those remote employees’ responsibilities regarding IT security best practices and the importance of data protection. To provide another layer of defense, organizations must implement remote worker specific security policies which include device monitoring, multi-factor authentication and forcing employees to specific locations with secure Wi-Fi networks.

While remote workers might be easier targets for hackers, all types of employees must be aware of all the different kinds of attacks that will exploit human behavior to open the door for hackers. 

The 3 Most Popular Types of Attacks on Employees


Phishing is the most common and easiest way to attack company employees due to its low costs and its organic nature. Hackers target your employees by sending official-looking emails requesting that they send them critical information from their work device. Despite it being one of the oldest and original methods of hacking, most phishing emails can fool the common employee. 

The most famous phishing attack was Phish Phry, where hundreds of bank and credit card customers received an official-looking email directing them towards fake financial websites. People entered their account numbers and passwords into fraudulent forms, giving the attackers easy access to their private data.

Pro Tip: Remind your employees to always make sure the email address, email tone, requests fit the sender’s tendencies and if suspicious to report it to the security team. Another confirmation of a phishing email can help prevent a future phishing attack.

Social Engineering

This kind of attack is when hackers lure your employees into the trap by gathering personal data on them or your organization from the internet or social media. Hackers will use psychological manipulation to trick users into making security mistakes or giving away sensitive information. Hackers will investigate on how to gather the necessary background information and then gain the employee’s trust, which will result in the person breaking security practices, such as revealing sensitive information or granting access to critical resources.

The most famous social engineering attack was 2013’s Yahoo data breach. Leaked data included names, email addresses, phone numbers, security questions (encrypted or unencrypted), dates of birth, and passwords. Furthermore, the breach was used to falsify login data, allowing hackers to grant access to any account without the use of a password. 

Pro tip: Check the source. Make sure your employees check the URL links to see if they are real, and the person sending you the email is actually someone you know or work with. Usually, a spelling error is a dead giveaway that they are being attacked.


This kind of attack is a type of malicious software which is designed to deny access to critical files unless a ransom is paid. Companies that don’t give in to ransomware attacks tend to result in the publishing of their critical data on the dark web or in the headlines. Even if organizations pay the ransom it’s not guaranteed that they will regain access. 

The most famous ransomware attack was Wannacry. It struck a number of important and high-profile systems globally. This attack exploited a Windows vulnerability that was suspected to have been first discovered by the United States National Security Agency

Pro Tip: To fight off ransomware attacks, your employees should regularly update their devices’ software and block fake email messages using email authentication.

Keys For Better Employee Security Hygiene 

Fighting off potential attacks such as described above starts with continuous and ongoing security training with your employees. The better trained your employees and organization are with IT security best practices, the lesser chance of a successful attack sneaking into your networks and resources. 

Educate Your Employees 

One of the key steps for better employee security hygiene is knowing the best practices and how to implement them in your daily workday. It is important to train employees on security policies and to explain the rationale behind those policies.

Employees don’t care about creating a strong password or watching for phishing emails if they don’t understand the risks behind them. You don’t need to teach employees about every technical detail in security protocols, but they should know which risks can impact their jobs. Organizations should frequently run training sessions to keep their employees up to date with security best practices. 

Minimize Data Access

If you provide all your employees access to every resource in your organization, they are potentially creating more levels of risks. To keep it simple, only give access to employees that need those resources to do their job. By limiting access, you will be safeguarded from potential leaking of your organization’s sensitive information (personal information, financial information) of the organization that shouldn’t be seen by your entire staff.  

Implementing Multi-Factor Authentication (MFA)

It’s 2019 and MFA is everywhere. Despite its importance, MFA frustrates many employees, even though it is one of the most effective practices today. By forcing a second factor for identity verification, risks are eliminated by ensuring that stolen credentials alone won’t be enough to ensure access. When you implement MFA capabilities with strong passwords, SSH keys, and strong internet hygiene, you can further reduce the chances of a breach.

User-Friendly Security Solutions

One of the most effective ways to make sure your employees aren’t creating security risks is by implementing user-friendly security solutions throughout the entire organization. By implementing employee-friendly security solutions, another layer of defense against hackers will be added. To make the user experience more useful and enjoyable for your employees, these solutions should be easy to implement, straightforward, not too technical and optimized for their work environment. The better the user experience, the more secure your employees are. 

Moving Forward 

The common misconception is that malicious actors are gaining access to devices and networks by exploiting systems and vulnerabilities. In reality, they are actually targeting your employees with simple and effective attacks. 

Moving forward, your organization should implement a combination of engaging employee training and the adoption of security solutions. By implementing periodic employee security training and security solutions, your organization and its employees will be moving in the right direction to fight off attacks from hackers. 

We hope you found this post helpful! If you’d like to learn more about the many advantages a Zero Trust Network as a Service solution, check out our blog 5 Non-Disruptive Tips to Get Started with Zero Trust Network Security.

Read More

The Rise of Network as a Service

Reading Time: 5 minutes

An increase in innovation in enterprise IT is changing how companies manage every aspect of their business. At the core of this revolution is the rise of cloud computing, which is among the most significant transformations since the launch of the internet.

Before cloud computing technology was available, businesses had to manage their network and resources on-premises, with employees working from one site-centric location. Today, the IT industry is seeing a massive increase in organizations adopting cloud services that use private clouds, which are created independently and used by a single organization. 

As for employees, we are seeing an increase of over 16% of global companies fully employing remote workers on the go and thus make the adoption of the cloud a requirement for organizations moving forward. 

The global cloud computing market is estimated to be worth over $300 billion by 2022. Cloud computing has transformed IT offerings for organizations with cost-effective, scalable solutions to the various needs of the IT teams. Further, it has proven to be a critical stepping stone for the future of how organizations adopt cloud-based networks. 

Cloud Networks May Lead to More Security Issues 

The use of cloud network services is universal—we’ve seen this rise over the past decade to the point where many of our organizations couldn’t function today without the cloud. The ability to quickly upload resources, adopt new applications, and respond in real-time to end users’ tickets allows organizations to compete effectively in today’s ever-changing marketplace. The understanding that sensitive data lives in the cloud and must be protected is critical for cloud adoption growth. Critical to cloud adoption growth is the understanding that sensitive data, now lives in the cloud and must be protected. The cloud also introduces a different set of risks that need to be understood properly in order to prevent potential cyber.

The expansion of cloud services being implemented by organizations means that it can be confusing to clearly understand where and which data is being exposed to risk. Storing data without encryption and lack of multi-factor authentication for access can lead to loss of intellectual property, loss of management control, exposure to malware, compliance violations, massive data breaches with customers and partners and ultimately loss of customer trust and loss of revenue. As we learned in the Capital One data breach, we need a clear understanding of which cloud services are being used and which data is being uploaded in order to implement specific security policies.  

Organizations that introduce company-wide identity access policies provide another layer of security for their employees and their customer’s data. This is where the idea of Network as a Service is introduced. 

What is a Network as a Service?

To understand if Network as a Service is the right solution for your organization, we need to understand what it actually is and why it’s the modern solution for cloud network security

Network as a Service is the model of delivering enterprise network services virtually on a subscription basis. Configuring and operating business networks and protocols routers can be time-consuming and complicated. With Network as a Service (NaaS), the entire network operations can be handled by a third-party service provider, such as Perimeter 81.

Small to midsize businesses are the classic NaaS buyers, however, with the rise of SaaS and other service models, enterprises and large organizations are becoming more interested in the network model. NaaS can also be appealing to new business owners because there is no need for a large investment for traditional network hardware. This model also reduces the amount of staff time required to maintain the network and reduces the level of training and skill required of network staff.

In the NaaS business model, IT Security teams can manage the organization’s network through a portal rather than through network management tools and out of date hardware. A new virtual network can be added to the organization’s WAN by connecting it to the NaaS provider’s nearest point of presence (POP) either directly through a leased line to a nearby data center or over the internet.

Now that we’ve explained the advantages of a Network as a Service, read on to find out how this particular model can benefit your organization. 

Benefits of Network as a Service

Network as a Service will become the ideal business model for delivering scalable network services using a subscription-based application and enables vendors to scale the service by the customer needs and add new functionality and features on-demand. 

Additionally, businesses can easily deploy custom routing and user access protocols. Further, by modifying the content of the network, businesses can efficiently implement advanced network services, such as in-network data aggregation, redundancy elimination and more. 

Here are some key benefits when implementing a NaaS for your business:

Reduced Costs

Implementing a Network as a Service reduces many IT costs including infrastructure, hardware, software, operations, and maintenance. The lowered expenses are due not only to outsourcing but also to the knowledge and expertise that NaaS providers can bring to the table. The right NaaS partner can make the transitional period as smooth as possible, minimizing expenses and mistakes as you implement new processes and equipment.

Continuous Maintenance 

Network as a Service provides a continuous monitoring service to ensure that threats are easily preventable, and notifications can often be configured so that major issues can be identified and resolved.

Enhanced Security

With Network as a Service, service providers can protect and secure sensitive data, applications, and resources. 

Increased Levels of Uptime  

Many Service Level Agreements (SLAs) are created with managed network service providers that guarantee levels of their availability, network uptime, and response and resolving services for addressing network issues. Employing a Network as a Service with a reputable provider is an easy way to ensure these service level guarantees, and provide organizations with confidence that they have a dependable and stable communications system.

The Future of Network as a Service

Software-defined wide area networks have opened new opportunities for network service providers to offer Network as a Service to more enterprise businesses. While organizations today are expanding globally, relying on data and applications on the cloud and driven by the mobile workforce, SD-WAN is addressing the right IT needs. This new network service approach allows security vendors to provide one network with one security framework for all users and applications, which makes IT leaner, more agile. While a software-defined wide area network has played as a strong variable with today’s evolution of the wide-area network, it has successfully encouraged businesses to adopt Network as a Service by bringing a new vision for networking and security to today’s business.

When looking into the future of Network as a Service, another phase is now developing. While still being defined, some of the attributes that are emerging include the expansion of running Network as a Service workload in public clouds.

The transition of running cloud services in the public cloud domain will likely be a gradual process, but there is already an initial demand for this capability for applications. The attraction here is that the public cloud is well-suited to deliver any service that requires cloud computing. 

As a result, future phases of NaaS will continue to expand with the increasing adoption of cloud services. Every business will have its own strategy for migrating to the internet. However, given the fact that Network as a Service is always evolving with the cloud, IT managers will have a lot of different network options moving forward.

We hope you found this post helpful! If you’d like to learn more about the many advantages of a Zero Trust Network as a Service, check out our blog 5 Non-Disruptive Tips to Get Started with Zero Trust Network Security.

Read More
Capitol One Breach

The Capital One Data Breach: How Crisis Could Have Been Averted

Reading Time: 3 minutes

One of the largest hacks in 2019 was made by a former Amazon employee who stole credit card data, including 80k bank account numbers and 140k Social Security numbers affecting millions of Americans and Canadians. Here’s how this crisis could have been averted.

The largest category of information which was accessed is related to consumers and small businesses who applied for credit cards between 2005 and early 2019, according to a statement from Capital One. 

The stolen information included names, addresses, postal codes, phone numbers, email addresses, dates of birth, and self-reported income, as well as other bits of important data that may be used by criminals to carry out fraud. 

Who Let the Data Out?

The cause of the breach was a cloud firewall configuration vulnerability, which Capital One said it has since fixed. The unauthorized access took place on March 22-23, 2019 when the attacker exploited a firewall misconfiguration which permitted commands to reach the impacted server. 

This exploit allowed a hacker to execute a series of commands on the bank’s servers. Once through the perimeter, the intruder commandeered the credentials for an administrator account, gaining access to Capital One’s data stored on their AWS servers. The file contained code for three commands:

The first command obtained security credentials from an administrator account that had access for web application firewalls. The second listed the number of buckets or folders of data in an Amazon Web Services (AWS) database. The final command by the hacker was to copy the data from the Capital One repository. After successfully exfiltrating the data from Capital One’s servers, the hacker posted the stolen data to GitHub for a brief while before dropping a dime on herself on Slack. Despite her use of tools aimed at keeping her anonymous, it created a digital trail for their potential arrest. 

Is Capital One to Blame? 

Data breaches on cloud storage services are occurring more often, primarily because more companies are using the cloud and attackers are seeing this as a fruitful platform. Despite the migration to cloud services, companies are still responsible for their own security even on the cloud. When implementing a cloud storage service there are many financial and logistic benefits but companies must not forget the importance of cloud storage security. 

There is no denying that cloud computing is the way of the future, but when financial institutions that house so much sensitive customer data approach the cloud, implementing the proper security measures is an absolute must. In the case of the Capital One breach, despite being cloud innovators, security wasn’t up to par.   

Capital One has been a major advocate in the banking world for cloud services. The company is migrating more of its applications and data to the cloud and plans to be done with its data centers by the end of 2020. Other financial institutes have been more cautious of implementing cloud services, largely for security reasons.

Cloud-hosting services such as AWS are very appealing to companies looking to cut costs as data centers carry a hefty price tag, often tens of millions of dollars. When it comes to data security, AWS, like most providers, the cloud storage model is the Shared Security Responsibility model. This assures certain layers of infrastructure and software security, but the customer is ultimately responsible for how data is used and accessed.

Clearly, there were mistakes with how Capital One was protecting this AWS bucket as it appears someone was able to access the data it contained pretty easily. The Capital One breach is proof that companies have a lot to learn when it comes to deploying security technology effectively and especially the importance of access to cloud storage must be defended and protected by adopting security strategies.

Stay on Top with Secure Network Access 

Many organizations still rely on outdated hardware-based VPN technology with a distributed management system and other complicated client applications. These systems are complex, costly, require extensive management, and most notably, they are not cloud-friendly.

Access to cloud storage must be defended and protected by adopting security strategies, like the Zero Trust security model, which enforces multiple layers of verification before granting resource access. Furthermore, this breach highlights the need to embrace cloud-compatible cybersecurity solutions. 

To prevent similar risks such as the Capital One breach, organizations should use Software-Defined Perimeter technology and the Zero Trust model to close their cloud environments and SaaS services so that they can only be accessed by authorized devices, users and locations.

The shift to the cloud is inevitable, so it is key that financial institutions also adopt cybersecurity services that are well designed to integrate with major cloud providers. Our solution is based on the Zero-Trust security model and allows direct access to cloud resources and applications while evaluating the user permissions and related metadata. With Perimeter 81, organizations can ensure that only authorized connections are being established while leaving their cloud environments completely hidden from attacks.

To learn more about Perimeter 81’s Zero Trust Network as a Service be sure to request a complimentary demo.

Read More
5 Network Security Mistakes

5 Network Security Mistakes Your Employees are Still Making

Reading Time: 4 minutes

Network security breaches are frequently grabbing the headlines, often with the same angle of how big was the hack, who was affected and what information was taken. The majority of the time, the source of the hacks tend to be influenced by which actor or which technical error occurred. While these data breach stories grab readers attention, we need to rethink how these kinds of hacks really occur.

5 Network Security Mistakes Your Employees are Still Making

Today, companies are increasing their cybersecurity budget by implementing different security solutions to fight off hackers. This is good news as we are not just depending upon best practices. However, there is one security patch that can never be fully fixed the errors committed by the company’s employees.

Every organization is aware of the risk of human error. Employees occasionally commit mistakes, which can hurt the network of their company. However, not all organizations realize how dangerous human errors can be when it comes to the network security of the organization. 

So how do you help lead your employees past some of the common and painful network security mistakes?

Here are the 5 most common network security mistakes by your employees and how to fix them.

1. Using Weak Passwords

One of the most common network security threats is the usage of weak passwords. When passwords are not set using the correct procedures, they can be easily hacked by external actors which will allow them to infiltrate the company‘s network.

Passwords are considered one of the most common forms of security, and they can be highly effective when used properly to protect the privacy of data stored on servers across the network. The use of weak passwords can easily be resolved by educating employees about strong passwords and the part they play in keeping hackers away. For critical and sensitive business data, implementing a stronger password-protection system like periodic expiration of the password and multi-factor authentication can provide an additional layer of security against hackers.

2. Using a Traditional VPN

More and more companies have adopted remote workers and the migration of their critical applications to the cloud. Traditional VPN services are too tolerant, allowing staff to access their company’s network for their day-to-day work. As a result, these resources assume unwarranted visibility and become more receptive to compromise.

Instead of providing your employees with a traditional VPN, you should adopt an organization-wide Software-Defined Perimeter solution. Implementing a Software-Defined Perimeter will allow you to restrict network access and provide customized, manageable and secure access to networked systems. 

Traditional security models are designed to protect the perimeter to fight off threats that try to exploit your company’s network. By implementing the Zero Trust need-to-know model, each employee will gain a customized secure connection to their organization’s resources requiring access.

3. Using Unknown Devices

Employees tend to make the mistake of sharing external USB devices or using unauthorized devices which can be plugged-in any machine on the network. In addition, some employees make the potentially harmful mistake of plugging in unknown USB drives into their laptops that they find around the office.

These devices may contain a virus that could spread from one infected computer to another. Employees should refrain from using these kinds of devices that were not authorized by the administrators of their network. Organizations should set up company policies that prohibit employees from using their own devices which might have been controlled remotely by a hacker.

4. Using Free WiFi Hotspots for Work

Public Wi-Fi hotspots are convenient when abroad on vacation, at a cafe, and at the airport. Remote workers and employees who frequently travel for business often take advantage of public Wi-Fi to work on the go. However, connecting to public Wi-Fi for accessing your company’s network can prove risky to your employees as these networks are easy to hack. Hackers can easily gain access to the company’s confidential and sensitive data.

Hackers can also use public Wi-Fi hotspots to install malware on the mobile devices of those employees who have enabled file-sharing on their system. To fight off the hackers, organizations should advise employees to avoid using public Wi-Fi networks to connect to corporate resources without a secure network as a service solution.

5. Unauthorized Application Installation

Another common security threat by your employees is the installation of unauthorized applications on the company’s network. This can be a critical threat to a company because it just takes a few small installation steps for a small program to take control of the whole network.

This can easily be fixed by revoking administrative access for most employees. Another way to fix this type of threat is by training employees the importance of third-party credibility and authenticity. This can be enough to make employees aware of the threats posed by the installation of unauthorized applications.

Moving Forward 

The human factor is one of the main issues in ensuring the security of corporate systems. More and more often attackers choose to slip into the corporate network by attacking the employees, rather than hacking into the infrastructure directly from outside the perimeter.

To prevent attackers from getting inside your company’s infrastructure, your organization’s employees should be properly educated about security and the risks involved. By properly educating your employees with network security best practices, they will provide an additional layer of defense against hackers attempting to gain access to your network.

We hope you found this post helpful! Feel free to share any network security mistakes that you have witnessed in the comments section below. If you’d like to learn more about the many advantages a Zero Trust Network as a Service, check out our blog 5 Non-Disruptive Tips to Get Started with Zero Trust Network Security.

Read More
Perimeter 81 featured in Gartner Zero Trust Network Access Market Guide

Perimeter 81 Recognized in Gartner’s 2019 Market Guide for Zero Trust Network Access

Reading Time: 3 minutes

Perimeter 81, a secure network access solution for the modern and distributed workforce has been included in the 2019 Market Guide for Zero Trust Network Access by Gartner Inc., a leading IT research and advisory company.
Gartner Zero Trust Market Guide

At Perimeter 81, our Software-Defined Perimeter (SDP) service, backed by Zero Trust access control, ensures secure access to web applications, SSH, RDP, VNC or Telnet, through protected IPSec tunnels – without an agent.

Employees simply access their application portal, select the application they have permission to enter and create a session that is fully audited, recorded and monitored.

According to Gartner, “ZTNA, which is also known as a software-defined perimeter (SDP), creates an identity- and context-based, logical-access boundary around an application or set of applications. The applications are hidden from discovery, and access is restricted via a trust broker to a set of named entities. The broker verifies the identity, context and policy adherence of the specified participants before allowing access. This removes the application assets from public visibility and significantly reduces the surface area for attack.”

What Is the Market Guide for Zero Trust Network Access?

Each year, Gartner publishes the Market Guide for Zero Trust Network Access. This report states that “this research helps security and risk management leaders choose the best solutions for their use cases, including application-centric and demand-driven connections.”

According to Gartner, “Zero trust network access replaces traditional technologies, which require companies to extend excessive trust to employees and partners to connect and collaborate. Security and risk management leaders should plan pilot ZTNA projects for employee/partner-facing applications.”

The Perimeter 81 Secure Connection Product Offering

For Zero Trust network access, it’s essential that organizations obtain unparalleled visibility into enterprise computing activity. Our Zero Trust solution, managed through our central management platform, provides visibility, control, and threat protection with comprehensive coverage for all IT domains.  

Our  non-disruptive Zero Trust network security solution features:

  • Secure Network Access
    Network security, implemented via a client application for endpoints, allows for secure IPsec and SSL VPN connectivity for all employees, partners, customers and guests no matter where they’re connecting from (e.g., remotely, on the local network, or over the Internet).
  • Inspect and Log All Traffic
    Accurately monitor network activity by identifying and classifying all traffic, regardless of ports and protocols, encryption or hopping. This reiterates the need to “always verify” and eliminates methods that malware may use to hide from detection and provides complete context into applications, associated content and threats.
  • Least Privilege Access Control
    Many legacy solutions are limited to port and protocol-level classification, resulting in too much unfiltered traffic. With granular access control, users can safely access appropriate applications and data by reducing available pathways and eliminating unauthorized and malicious traffic from the network.
  • Advanced Threat Protection
    Legacy stateful inspection technology is incapable of enforcing a least-privileged policy because they only understand IP addresses, ports and protocols – not specific applications. Perimeter Zero protects against both known and unknown threats is necessary to support a closed-loop, highly integrated defense stature that consistently and cost-effectively enables trust boundaries.
  • High-Performance Design
    Zero Trust security and networking capabilities must be implemented in a way that they do not become a performance bottleneck. The Perimeter 81 software architecture minimizes latency and surpasses processing requirements, providing high availability, avoiding loss of service and increasing the uptime of your network. By deploying multiple server instances in locations closest to your business, data centers or remote employees, organizations can prevent slow-downs and reduce redundant loads on servers.

Penetrating a Growing Market

From our perspective, being recognized as a Representative Vendor in the 2019 Market Guide for Zero Trust Network Access from such a reputable resource validates our continuous effort in the enterprise cybersecurity market.

“With a least-privileged strategy and strictly enforced access control, organizations can control interactions with resources based on relevant attributes, including application access, user and group identity and the sensitivity of the data being accessed,” said Amit Baraket, CEO and Co-Founder of Perimeter 81. “With unmatched visibility and control of applications, users, and content, organizations can migrate to Perimeter 81’s Zero Trust network security flexibly and non-disruptively.”

Read more about our recent recognitions:

Gartner Hype Cycles
- Hype Cycle for Infrastructure Strategies, July 2018
- Hype Cycle for Cloud Security, July 2018
- Hype Cycle for Enterprise Networking and Communications, July 2018
Comet Competition Finalist
- Perimeter 81 was announced as one of 12 finalists
for the 2019 Comet Competition, held by Ingram Micro
Inc., in partnership with MassChallenge
Annual Cybersecurity Breakthrough Awards
- “Mobile VPN of the Year” - 2018 CyberSecurity Breakthrough Awards
Info Security Products Guide
- Silver Winner of Startup of the Year – Founded in 2018
- Bronze Winner of Cyber Security Vendor Achievement of the Year
Gartner Market Guide
- Gartner, Market Guide for Secure Enterprise Data Communications, April 2019
Gartner Cool Vendor
- Gartner, Cool Vendors in Network and Cyber-Physical Systems Security, April 2019

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

(1) Gartner, Market Guide for Zero Trust Network Access, 2019, Steve Riley, Neil MacDonald, Lawrence Orans, 29 April 2019.    

Have any product questions or suggestions? Don’t hesitate to contact us at [email protected] or drop us a line in the comments section below.

To learn more about Perimeter 81’s Zero Trust Network as a Service be sure to request a complimentary demo.

Read More
Network Building Feature - Perimeter 81

Perimeter 81 Platform Release: Introducing Our Network Building Capabilities

Reading Time: 3 minutes

We’re excited to announce the launch of our new and powerful network building capabilities which now allow you, our valued customers, to create fully flexible, customized networks that are multi-regional, interconnected to your environments and optimized for speed.

Perimeter 81’s new network building capabilities enable you to model your entire network using several advanced security features. Our new and easy-to-use UI helps you create, manage and secure multi-regional custom networks that are interconnected to your cloud and on-premise environments.

New Network Building Capabilities

Perimeter 81’s new Network Capabilities allow you to automatically create fully customized networks.

The new and innovative platform UI includes:

  • Multi-Regional Support: Now you can have private gateways in different locations to ensure your network can best serve international branches and employees with reduced latency and optimal speed. Since our applications are optimized for performance, employees will automatically connect to the nearest private gateway.
  • Split Tunneling: Control whether you tunnel all your network traffic, or specific subnets, from the client applications to Perimeter 81’s Secure Network as a Service. You can choose to add a Perimeter 81 Connector to interconnect your cloud (AWS, Azure, Google Cloud) and on-premise environments, or use an IPsec Site-to-Site Tunnel to create a secure communication link between two different networks located at different sites.
  • Custom DNS: Now you can opt-in to use a Custom DNS will allow you to utilize your organization’s DNS servers, as well as local domain names. You can choose to either obtain a DNS server address automatically, or select a primary and secondary DNS address manually.

Network Innovation

Businesses across a wide variety of industries are in need of simpler, more reliable network security. By delivering a single-click service that eliminates much of the hassle and headache of the past, our users are able to deploy, manage, and visualize network connections using only software. This enables the integration of powerful APIs, as well as the ability to analyze and visualize network traffic.

With Perimeter 81, you get the full package. Along with our new networking building capabilities, our platform continues to provide:

  • Sleek, User-Friendly UI: With our improved UX and UI, compatible for web and mobile devices, it’s now easier than ever before to deploy, manage and secure your organization’s network.
  • Single Sign-On Integration: Our customers can enforce secure policy-based access with total ease. Perimeter 81 offers integration with several leading Identity Providers including G Suite/ Google Cloud, Okta, Microsoft Azure AD and Active Directory/LDAP.
  • Two-Factor Authentication: Add an extra layer of security and prevent remote attacks with SMS notifications, Google Authenticator and Duo Security authentication. We know this feature will be highly valuable for all businesses, and particularly those that need to adhere to strict industry regulations, like HIPAA compliance standards.
  • Advanced Activity Monitoring: With the management platform, you can gain even more insight into your network’s health, activity and security. Our platform includes a wide range of activity types including visibility into group and server creation, team member authentication, password changes and more.
  • Automatic Wi-Fi Security: Immediately protect your traveling employees from Wi-Fi hotspot threats with an encrypted connection that activates the moment your employees connect to an unsecured network.
  • Cross Platform: Easy-to-use cross-platform applications available for all your employees’ corporate and BYOD devices.
  • Private Servers: Private servers with dedicated IPs so you can skip manual IP whitelisting and lock down secure resources to protected IPs.

Have any product questions or suggestions? Don’t hesitate to contact us at [email protected].

If you don’t currently have an account and would like to experience a full tour of our platform, be sure to request a complimentary demo.

We hope you enjoy all the new networking features and benefit from a faster, simpler, and more seamless way to build and manage your network!

Read More
Zero Trust Network Security - Perimeter 81

5 Non-Disruptive Tips to Get Started with Zero Trust Network Security

Reading Time: 4 minutes

Zero Trust is an alternative IT security model that remedies the shortcomings of legacy technology by removing the assumption of trust. Under the guiding principle, “Never trust, always verify”, Zero Trust restricts access to the entire network by isolating applications and segmenting network access based on user permissions, authentication and verification.

Conventional security models that “trust, but verify”, fail to meet increasingly sophisticated cyber threats, hyper interconnectivity, globalization and user mobility. By assuming everything “on the inside” can be trusted, these legacy technologies are, for the most part, no longer effective.

Zero Trust network security ensures policy enforcement and protection for all users, devices, applications and data, regardless of where they’re connecting from. This user-centric approach makes the verification of authorized entities mandatory, not optional.

The Benefits of Adopting Zero Trust Principles

Zero Trust provides adequate visibility, control and threat inspection capabilities that are necessary to protect your network from modern malware, targeted attacks and the unauthorized exfiltration of sensitive data.

By migrating to a Zero Trust security architecture, organizations can experience several technical and business advantages, including:

  • Mitigating Data Loss
    Dramatically enhance your security posture and mitigate data loss via visibility, safe enablement of applications and threat prevention.
  • Effortless Compliance
    Simplify compliance with highly effective trust boundaries by segmenting sensitive resources into many small perimeters that are secured and segmented based on user policies and permissions.
  • Enabling Mobility and Virtualization
    Increase the ability to accommodate transformative IT initiatives such as cloud computing, infrastructure virtualization, user mobility, social networking and more.
  • Reducing TCO
    Reduce total cost of ownership (TCO) for IT security by replacing disconnected point products with a single, consolidated security platform.
  • Increasing Security
    By adequately accounting for encrypted traffic and filtering for known threats, organizations can prevent sophisticated cyber threats from penetrating perimeter defenses and moving laterally across the internal network.

The Zero Trust Model – How it Works

Internal networks are comprised of different levels of trust which should be segmented according to sensitivity. Organizations looking to establish secure “trust boundaries” according to the Zero Trust model need to improve their defensive posture through:

  • Network Segmentation
    Network segmentation allows organizations to define internal trust boundaries to granularly control traffic flow, enable secure network access and implement network monitoring. This reduces the attack surface and provides a distributed security solution which operates as a holistic threat protection framework.  
  • Trust Zones
    Trust zones are comprised of distinct pockets of infrastructure where resources operate at the same trust level and similar functionality such as protocols and types of transactions. This minimizes the number of allowed pathways and limits the potential for malicious threats to access sensitive resources.
  • Infrastructure Management
    Zero Trust segmentation relies on the ability to efficiently monitor the network via centralized management capabilities. This allows data to be processed by out-of-band analysis tools and technologies that may further enhance network visibility, detect unknown threats, or support compliance reporting.

5 Tips to Get Started with Zero Trust Network Security

It is important for IT security managers and architects to realize that it’s not necessary to wait for the next network and security infrastructure. By obtaining unparalleled visibility into enterprise computing activity, organizations can incrementally and non-disruptively make the transition to a Zero Trust model.

Here are 5 tips to get started with a Zero Trust approach to network security:

Tip #1: Secure Network Access

To get started, it’s critical to ensure that all resources are accessed securely, regardless of location. Network security, implemented via a client application for endpoints, allows for secure IPsec and SSL VPN connectivity for all employees, partners, customers and guests no matter where they’re connecting from (e.g., remotely, on the local network, or over the Internet).

Additional policies determine which users and devices can access sensitive applications and data. This requires multiple trust boundaries, increased use of secure communications to and from resources and more.  

Tip #2: Inspect and Log ALL Traffic

To accurately monitor what’s happening in the network, organizations must identify and classify all traffic, regardless of ports and protocols, encryption or hopping. This reiterates the need to “always verify” while also making it clear that adequate protection requires more than just strict enforcement of access control. It also eliminates methods that malware may use to hide from detection.  

Tip #3: Least Privilege Access Control

Many legacy solutions are limited to port and protocol-level classification, resulting in too much unfiltered traffic. With granular access control, users can safely access appropriate applications and data by reducing available pathways and eliminating unauthorized and malicious traffic from the network.

With a least-privileged strategy and strictly enforced access control, organizations can define user interactions with resources based on relevant attributes, including application access, user and group identity and the sensitivity of the data being accessed.

Tip #4: Advanced Threat Protection

Legacy security that relies on stateful inspection technology is incapable of enforcing a least-privileged policy because their classification engines only understand IP addresses, ports and protocols – meaning they can’t distinguish between specific applications.

To implement Zero Trust, comprehensive protection against both known and unknown threats, including threats on mobile devices, is necessary to support a closed-loop, highly integrated defense stature that consistently and cost-effectively enables trust boundaries.

Tip #5: High-Performance Design

Since Zero Trust relies on numerous security and networking capabilities, these features must be implemented in a way that doesn’t hinder performance. The Perimeter Zero software architecture minimizes latency and surpasses processing requirements, providing high availability, avoiding loss of service and increasing the uptime of your network.

With unmatched visibility and control of applications, users, and content, organizations can migrate to Zero Trust network security with a highly flexible solution made possible by non-disruptive deployment.

Convert to Zero Trust on the Fly

Because every successful Zero Trust initiative depends on the right solution, organizations can feel confident that they can implement Zero Trust network security without needing to modify the existing network.

Perimeter 81’s software-defined perimeter Zero Trust access feature, called Perimeter Zero, provides a completely transparent experience for all users by enabling access to web applications, SSH, RDP, VNC or Telnet, through resilient IPSec tunnels – without an agent. All your organization’s employees can easily go to their application portal, select the application they have permission to enter and create a session that is fully audited, recorded and monitored.

With secure, segmented and audited access to cloud environments, applications and local services, Zero Trust increases security, auditing, monitoring and visibility while reducing help-desk support and hardware spending.

We hope you found this post helpful! Feel free to let us know if you have any questions and follow us on social media if you’d like to continue receiving all the latest business security news. 

Read More
Replace SDP with VPN - Perimeter 81

5 Reasons Why You Need to Replace Your VPN with SDP

Reading Time: 5 minutes

It is now clear that VPNs do not always provide the visibility and control threat inspection needed for companies. In fact, it’s estimated that 60% of enterprises will phase out network VPNs in favor of software-defined perimeters called SDP by 2021.

Thankfully, these critical pain points can be easily addressed with a consolidated network access solution that provides secure, segmented and audited access to cloud environments, applications and local services – the Software-Defined Perimeter (SDP). 

The Modern Business Environment

It’s critical for cybersecurity to evolve alongside technological advancements and increasingly sophisticated cyber threats.

In today’s modern working environment, there are many endpoints and processes that must be secured, including:  

  • Remote employees, mobile users, and cloud computing solutions
  • Wireless technologies and third-party pathways into the network
  • Malicious outside and inside security threats
  • Weak perimeter defenses that allow intruders to gain access and move laterally within the internal network

Legacy VPNs Provide Inadequate Capabilities

Today’s threats are no longer isolated to on-premises applications and devices. When the average organization uses 1,427 cloud services, of which 90% are unknown to IT, it is clear that legacy technology, such as VPNs, do not provide the visibility, control and threat inspection capabilities needed to effectively secure your network.

Reason #1: Lack of Network Segmentation

Internal networks are rarely homogeneous, which is why different users should have different levels of access and trust to sensitive resources. For example, a remote worker would not have the same access to the network as you would. Which is why network segmentation and user access control is critically important to limit resource access and mitigate cyber attacks. However, traditional VPNs are not able to provide coarse-grained network segmentation with different levels of access for different users.  

Reason #2: Lack of Traffic Visibility

Unfortunately, legacy devices and technologies commonly used to build network perimeters let too much unwanted traffic through. For example, legacy VPN technology is unable to distinguish between good and bad applications which means IT is responsible for building and maintaining extensive permissive access controls. They also fail to adequately account for encrypted application traffic and are unable to accurately identify and control users.

Reason #3: Not Suited for Dynamic Networks

Traditional VPNs require tedious hardware, constant management and cannot easily adjust to network or server changes. These VPNs make it more complicated to scale and rapidly adjust for new users and network locations, making it increasingly difficult to effectively manage hybrid and cloud-based computing models. 

Reason #4: Lack of On-Premises User Security

VPNs are often used to enable remote connections to the network, but as a siloed solution, do not secure on-premises users. This lack of on-site security allows bad actors to exploit weaknesses in the office by gaining access to user accounts and moving laterally across the network.

Reason #5: Lacking Wi-Fi Security

Many remote and traveling employees often can’t tell whether Wi-Fi networks are secure, have devices that automatically join unsecured public Wi-Fi hotspots without their knowledge, or utilize VPN services that simply disconnect when a device is in locked or sleep mode. While many VPN providers offer this function, hardware-based legacy appliances and open-source VPN solutions require hours of manual configuration, lack unified network visibility and do not integrate well with the cloud.

Introducing the Software-Defined Perimeter

Replace SDP with VPN - Perimeter 81It’s clear that organizations need an entirely different set of technologies and policies to provide secure network access to both on-site and remote users. The Software-Defined Perimeter (SDP) is an emerging technology that is changing cloud networking. In fact, 60% of enterprises will phase out network VPNs in favor of software-defined perimeters by 2021.

The emergence of SDP has provided a holistic solution to remove the reliance on hardware across the entire security stack and to deploy, manage, and visualize network connections using only software. This enables the integration of powerful APIs, as well as the ability to analyze and visualize network traffic.

Implementing SDP allows organizations to restrict network access and provide customized, manageable and secure access to networked systems. Connectivity is based on the need-to-know-model, meaning each device and identity must be verified before being granted access to the network. This significantly reduces the attack surface area, hiding system and application vulnerabilities from unauthorized users.

How It Works

An SDP solution allows IT Managers to deploy gateways on-premise or over the cloud, securing employees’ remote access to cloud and on-premise applications, all while keeping sensitive data within the organizational network. It has been shown to stop all forms of network attacks including DDoS, Man-in-the-Middle, Server Query (OWASP10) and Advanced Persistent Threat.

A Software-Defined Perimeter (SDP) architecture has three important components: a Client, a Controller, and a Set of Gateways.

  • Client: The client runs on each user’s device while the controller is required to authenticate the users and their devices.
  • Controller: Each user is evaluated by the controller and issues tokens granting each user individual network entitlements.
  • Gateways: The set of gateways is where access is granted to the previously private resources. Network traffic is encrypted and tunneled between the user’s device and the corresponding SDP Gateway. This access point is logged, allowing compliance and auditing to track and record.

Twice as Many Reasons to Use SDP

Without SDP, a single user can do a lot of damage to your organization’s network. While some legacy solutions might be able to provide some of the following benefits with additional customization and integration, the SDP has been found to do it much faster and better.

  • Adaptive
    With an SDP, you can implement automated policies that dictate which device, user or service is able to access the network.
  • Global Access
    Using an SDP, you can deploy unified gateways, giving access to any resources, from any location. This provides connectivity for remote and on-premise users.
  • Precise Segmentation
    SDPs integrate with any Identity Provider, including Active Directory and SAML services, allowing you to utilize precise segmentation.
  • Secured & Encrypted
    To ensure total privacy, data security and classification, SDPs provide client and endpoint protection, identity and access management, OS and application level security, all while encrypting traffic with mutual TLS encryption.
  • Policies Based on Users
    Because SDP systems are user-centric (i.e. they validate the user and the device before permitting any access), they permit organizations to create access policies based on user attributes. This enables automated compliance reporting based on these details.
  • Seamless Audit and Report
    Exporting of logs and connection data to SIEM (security information and event management software products) or analytics platforms (such as Sumo Logic) via API is simple.
  • Account Hijacking
    Session cookie-based account hijacking is completely mitigated by SDP. Since all access is pre-authenticated and pre-authorized, incoming requests from malicious end-points are rejected.
  • Denial of Service
    Single Packet Authorization (SPA) makes SDP architecture much more resilient towards DoS attacks. Since SPA takes significantly fewer resources than a typical TCP handshake, servers are able to drop unsolicited network packets at scale.
  • Reduced Costs
    Automation reduces the need for manual firewall updates, reducing workload and labor costs and increasing productivity.
  • Least Privilege Access
    Secure, policy-based access and network segmentation create one-to-one network connections between the user and the resources they access. Everything else is invisible – including the system itself. This not only applies the principle of least privilege to the network but also reduces the attack surface area by hiding network resources from unauthorized users.

Cost-Effective SDP Network Access and Security

The bottom line is that legacy, perimeter-centric technologies are no longer effective against sophisticated cyber threats, growing endpoints and increased mobility, hyper interconnectivity and globalization.

Perimeter 81 is a technology built to replace traditional VPN technology and provide secure on-premise and remote access for the modern and distributed workforce. It offers a hardware-free, highly-scalable, cost-effective solution that ensures simplified secure network access to protect IP assets from end-point to data-center to the cloud. With a “Dropbox-like” intuitive user-interface, Perimeter 81 is the ideal solution for SMB-sized organizations not currently using a VPN due to cost and complexity.

With Perimeter 81, businesses can monitor and manage their network all in one place and easily secure and segment resource access. Our service provides greater network visibility, seamless onboarding and full integration with major cloud providers, giving companies of all industries and sizes the power to be truly mobile and enjoy complete confidence in the cloud. 

We hope you found this post helpful! Feel free to let us know if you have any questions and follow us on social media if you’d like to continue receiving all the latest business security news. To learn more about the many advantages new SDP technology has over legacy VPN solutions, we invite you to schedule a complimentary demo.

Read More
InfoSec Trends - Perimeter 81

10 InfoSec Trends CISOs Are Excited About Seeing in 2019

Reading Time: 6 minutes

As the number of cyber attacks continues to grow and privacy regulations such as GDPR take effect, it’s clear that security is pushing its way to the forefront of business priorities.

However, simply dumping money into a complex cybersecurity problem isn’t going to protect customer data, segment user access or secure remote connections to the network. Instead, businesses will need to invest in a cybersecurity solution that works for them.

While simple tips such as encrypting data, changing the default passwords on server infrastructure and monitoring network traffic and server usage can help secure your business’ private data, these CISOs explained what trends and innovations they’re most excited about seeing in the InfoSec industry this year.

Trend #1: Talent Availability and Mastering InfoSec

While the new year introduces endless predictions for the next popular product, service and technology, one trend many CISOs are hopeful to see is an increase in talent availability. Information security is only becoming more complex which is why we need more professionals actively seeking to fill this talent gap. 

“At the heart of the challenge is the small number of people with a cybersecurity skillset. We need to find ways to leverage a small population of qualified practitioners while at the same time finding ways to develop new security and risk professionals with a mindset of fundamental best practices. My focus and evangelical mission this year is helping organizations address the fundamentals (setting the stage for taking on the shiny and exciting technical innovations) and finding ways to leverage existing experts and building and fostering new talent.” – Christopher Gerg, Vice President of Risk Management at Gillware

Trend #2: Zero Trust Security

Zero Trust - Perimeter 81

As new cloud applications and services are being introduced all the time, many global enterprises are welcoming more advanced security solutions such as zero trust.

“The zero trust model eliminates the idea that internal players are trustworthy individuals who mean no harm. Zero trust security continuously evaluates an individual’s behavior and actions to identify and eliminate potential threats. This is accomplished by defining parameters of legitimacy via a range of factors that determines the validity of a user’s behavior in the form of a risk score. These determining factors may include a user’s physical location, IP address, and permissions, among many others.” – Aaron Walker, Senior Research Analyst at G2Crowd.com

Trend #3: Application Security Testing

Application layer attacks are expected to increase this year, which is why emerging application security tools such as Interactive Application Security Testing (IAST) and Runtime Application Self-Protection (RASP) are necessary to protect custom code, open source libraries and frameworks.

We are seeing a wholesale shift from legacy perimeter defenses and vulnerability scanning to instrumentation-based defenses that run as part of the thing being defended. This is true at every layer of the stack, where we can protect individual workloads by integrating security vulnerability detection and attack prevention directly into each layer. IAST and RASP are the most disruptive here, integrating security directly into custom code applications.” – Jeff Williams, Co-Founder and CTO of Contrast Security

Trend #4: More Immersive Machine Learning and AI Systems

Artificial Intelligence - Perimeter 81While Artificial Intelligence is a trending topic, many of these information security tools remain overcomplicated. In some cases, AI and Machine Learning can be useful as strong detection and prevention tools, but industry-wide, the implementation of these pattern recognition technologies can be troublesome.

“CIOs are realizing that through improper implementation of such disruptive technologies, security weaknesses have been built inside of their organizations. In order for these advanced systems to benefit enterprises, establishing clear requirements and investing in the education of the technology is integral for proficient deployment. We should expect to see CIOs adopting platforms that allows developers to store info with your own security models and is more applicable to the needs of the future.” – Lawrence Flynn, CEO of Artificial Solutions

However, AI systems and machine learning are able to effectively learn from user behavior and apply adaptive controls which can automatically detect known threats before they cause significant harm.

“Machine learning is a large experimentation process. Right now, however, most companies are failing to capture information on the vast majority of their experiments and failing to provide their researchers with the tools they need to efficiently develop cutting-edge models. We’re also going to see a shift from simple, end-to-end tools to custom, best-in-class machine learning platforms as people begin to realize the value of specialization. A leading indicator of this trend will be the rise of new jobs around product management for ML platforms. As specialization occurs, more advanced methods of machine learning like deep learning and reinforcement learning will gain traction.” – Scott Clark, CEO and Co-Founder of SigOpt

Trend #5: Workflow Automation Within SOC Organizations

Workflow automation is expected to increase within SOC organizations this year. “CISO’s will start to explore tech solutions paired with process and procedure to offset the amount of skilled engineers to combat cyber threats. Tooling implemented will not only be focused around workflow, but also machine learning capabilities to identify patterns and behaviors that can drive automation to remediate threats. As enterprises increase in devices, networks, and identities, organizations will need to implement tech to increase awareness driving automated solutions to keep networks secure.” – Ray McKenzie, Founder and Managing Director at Red Beach Advisors

Trend #6: Prioritizing DevOps as the Focus of an Agile Strategy

Agile DevOps - Perimeter 81One of the primary challenges in DevOps is overcoming the “separation of concerns” that exists by providing DevOps teams with a collaborative environment that can be accessed securely without restricting the agility of development and operations.

“In 2019, more companies will begin to prioritize DevOps as the focus of their agile strategy. As nearly every company is shifting their business model towards software in some capacity, those that will be successful will recognize that their ability to be agile can only be accomplished if they are automating as much of their pipeline as possible..” – Alex Salazar, Vice President of Product Strategy at Okta

Trend #7: SDWan Simplifies Network Security

“Services like Megaport and Masergy will increase the ability for InfoSec teams to monitor, control and adapt their networks to mitigate threats. Instead of having to support MPLS, Dark Fiber and ISP, SDWan will pull the networking experience under one roof and allow for greater flexibility and integration which will enable better security.” – Drew Farnsworth, Partner at Green Lane Design

Trend #8: Cloud Security Concerns

As companies continue to shift to the cloud, we’ll see more businesses who fail to configure their cloud environments correctly. One of the first strategies companies attempt for cloud migration is named “lift and shift,” which simply takes an application and migrates it up to the cloud provider. This often unintentionally exposes the applications to more users, where the internal application from several years ago with limited maintenance is now available up in the cloud.

With cloud migrations, I see a level of bill hijacking, where hackers attempt to run their services in other companies’ accounts. When you look at crypto-mining and bustable cloud resources, it’s perfect: the hacker gets the coins and the victim pays for the resources. The cloud always has more resources for sale.” – Erik Costlow, Principal Product Evangelist at Contrast Security

Trend #9: Increased Managed Security Services

Managed IT - Perimeter 81

While businesses move to the cloud, in-house IT services and localized networks are becoming a thing of the past. “Managed security services, where someone is always on and watching your system against threats, is becoming more the rule than the exception. There are nearly a million pieces of malware released per day, and that’s even including more specialized attacks like DDos. The number of threats isn’t going to diminish anytime soon. Being prepared is the only solution.” – Adnan Raja, Vice President of Marketing for Atlantic.Net

Trend #10: Increased Network Segmentation

While many organizations rely on dated, hardware-based VPN technology, these systems are complex, costly and require extensive management. The Software-Defined Perimeter (SDP) model addresses traditional VPN limitations while providing a flexible cloud-based platform, granular user-access control and analytics, and segmented access to on-premise and cloud resources. 

More advantages of SDP technology include the ability to:

  • Employ role-based access controls, logs and analytics
  • Distribute global IP addresses  
  • Save money on deployment and management
  • Easily achieve compliance regulations
  • Enable secure remote connections”

– Amit Bareket, Co-Founder and CEO of Perimeter 81

We hope you found this post helpful! Feel free to let us know if you have any questions and follow us on social media if you’d like to continue receiving all the latest business security news.

Read More
Webinar Increase Network Security

Webinar: How to Increase Network Security with a Few Clicks

Reading Time: 1 minute

The static, corporate network we once knew has completely transformed. More and more people are working from outside networks as they connect remotely or on-the-go, and company resources are no longer solely hosted in closed, on-premise environments, but have also expanded to the open Internet and cloud.

The IDC has projected that by 2020, 75% of the workforce will be comprised of mobile workers, and public cloud spending will have reached a whopping $162 billion dollars.

For years we’ve relied on the traditional hardware-based VPN to enable secure network access. Yet with fragmented architecture, complicated client applications, and a lack of seamless cloud integration, the traditional VPN is no longer a viable option for today’s modern workforce.

Luckily, there is a change on the horizon. This webinar outlines how the emergence of the Software-Defined Perimeter technology and Zero-Trust network architecture has the power to improve network security for companies across the board.

This webinar also reveals how Software-Defined Network Access solutions can effectively hide critical resources from unauthorized users and bad actors.

For more information, please visit www.perimeter81.com or send an email to [email protected].

Read More

10 Reasons Why a Cloud VPN is the Secret Ingredient for Your Company’s Success

Reading Time: 7 minutes

Give your business a competitive edge with a Cloud VPN service. In this post, we’ll tell you why a VPN is the secret ingredient for your company’s success. Continue reading

Read More