remote_workers
When Hackers Attack: 5 Essential Security Tips For Working Remotely
Reading Time: 4 minutes

Whether working from home or remotely, social distancing has grabbed headlines as one of the most popular buzzwords on the internet due to COVID-19.

Once the World Health Organization declared COVID-19 a global pandemic, the shift to working remotely became a reality. Governments forced all nonessential places of work to close up shop and recommended that all companies who can work remotely shift their employees to work from home model.

While remote work and social distancing have been essential in flattening the curve and the spread of the coronavirus, they open a Pandora’s Box of cybersecurity risks. By having employees work from home, organizations are forced to face the fact that employees’ devices are now the main way that they connect to their work resources. While this might not sound worrisome, it comes with many security risks, especially when coping with hackers and malicious actors. 

More Remote Workers = More Attacks

With each passing day, we are seeing more and more hackers trying to take advantage of the COVID-19 situation to target remote workers with different attacks such as phishing, VPN vulnerabilities, and malware. According to CNBC, the rise of cyber attacks is occurring due to the fact that the majority of companies have implemented an entirely remote workforce.

Due to the increase of attacks, IT and security teams are forced to make quick changes to their security policies and best practices for their remote employees. The in-office, company-wide security policies and training are not accommodated for the new reality that hackers are trying to exploit. Now, organizations must depend on their employees to be on the front lines against hackers, making it essential that organizations strategize and plan out employee-friendly security policies.

To Work Securely You Need to Think Like a Hacker

To help global organizations’ remote workforces to learn more about the different security risks we co-hosted a webinar with SOSA, Leading Cyber Ladies, the Israeli Economic Mission to North America, and the Global Cyber Center of NY on April 1st. The panel of security experts included Sivan Tehila, Director of Solution Architecture at Perimeter 81 and Founder of Cyber Ladies NYC, Nicole Becher, Director of Information Security & Risk Management at S&P Global Platts and Guy Franklin, MD, SOSA NYC – Global Cyber Center of NYC. In this webinar, the panel of experts provided their insights on the number of cyber threats facing everyone while working remotely and how organizations should protect their data, resources and remote employees. Watch the entire webinar on-demand below.

5 Essential Tips for Securing Remote Workers

Throughout the webinar, the panel of experts provides great insights into the different kinds of attacks remote workers can face on a daily basis. However, we would like to highlight the great security tips they provided throughout the webinar. You can find them below:

Update Your Business Continuity Plan

One of the most important tips that we can provide to organizations is to update their business continuity plans so that they can adapt to the always-changing landscape of uncertainties. When thinking about the rise of remote workers, organizations need to strategize and plan out how to keep their business afloat while staying secure. 

Take a closer look and assess risks and response technology to decide if you are prepared enough for the new changes in cybersecurity planning. This is an important tip as this division of a business must provide a quick and immediate assessment period. 

Create Strong Passwords and Enable 2FA

One of the most common mistakes that employees can make is using weak passwords. When passwords are not set using the correct best practices, they can be easily stolen by hackers. The use of weak passwords can easily be resolved by educating employees about what makes a strong password and the role they play in keeping hackers away.

Additionally, organizations should enforce the usage of a 2FA solution. Two-factor authentication (2FA) ensures that, in addition to usernames and passwords, the second layer of verification such as an SMS code is required. By adopting stronger passwords and 2FA, employees will be one step closer to working more securely.

Beware of Phishing Emails

When experts think of the most common attack on organizations, phishing is the first thing that comes to mind. Phishing is the easiest way to attack an organization’s employees due to its low cost and familiar presentation as an email. The process is simple; hackers begin by emailing employees an official-looking email that requests that they send them critical information from their work device. Despite it being one of the oldest ways to hack an organization or a user, most phishing emails can easily fool employees. 

To avoid such phishing attacks, they suggested educating employees to always double-check the email address, the tone of the email and the request itself. 

Implement Training and Awareness Programs

Educating employees on the importance of remote security will help them understand the impact they have on their organization. Implementing a security awareness program is a crucial step for organizations’ remote security planning efforts.

The program should cover why security is a joint responsibility for everyone from management to employees by providing clear examples of their roles in the organization and how security may be affected. The mistake of employees often thinking that the responsibility of the organization security solely falls on the security team is dangerous, but with the right education and real-life examples, employees will understand the importance of working remotely the right way.

Ditch the Legacy VPN

As most companies have become fully remote during this time, the need for secure remote access has become a must. While you might turn to traditional VPNs in order to access company resources, they are not the right solution to attain policy-based secure remote access today. Traditional VPN services are not scalable for organizations moving their entire workforces remotely and they lack network visibility, which opens the door for hackers to breach an organization’s network and critical resources, without any warning.

Instead of adopting a traditional VPN for remote access, you should look towards a solution that is based on the SDP architecture and the Zero Trust model. By Implementing a Software-Defined Perimeter solution, IT managers can customize permissions for those employees who need access to specific parts of the organization’s network. Additionally, by adopting the Zero Trust need-to-know model, each remote employee will receive tailored secure access to only the resources necessary for their roles.

Looking into the Future of Remote Workers

 As we see remote work becoming the norm for organizations moving forward, it’s important to think about the different risks that employees are facing on a daily basis. While some might believe hackers are thinking outside of the box with remote workers, they are actually targeting remote employees with the simplest and most effective of attacks. 

Looking into the future of business, security teams should adopt a mix of user-friendly security solutions and engaging employee security awareness programs. These are the first basic steps in the direction for total security for remote employees. 

Read More
April Product Updates: New SIEM Integrations, Amazon S3 and Azure Sentinel
Reading Time: 3 minutes

It’s not only the excellent feedback and requests from our customers that push us at Perimeter 81 to seek constant improvement. Our drive towards a complete SASE (Secure Access Service Edge) platform is a goal we’ve always got our eyes on, and we just got even closer. In that light, we’re excited to introduce some important new functionality to our solution this month: integration with Microsoft’s Azure SIEM and Amazon S3.

Smart Networks Lean on SIEM

No comprehensive network security platform should be without the ability to monitor and log the traffic or user activity that takes place. For ensuring total compliance and obtaining awareness of potential network exposure, SIEM (Security Information and Event Management) tools allow Perimeter 81 users to receive security alerts and analysis of events generated by applications and other parts of their networks in real-time.

Starting now, users with an Enterprise plan will be able to integrate their Perimeter 81 platforms with two more popular tools for free alongside our previous Splunk integration: Azure Sentinel and Amazon S3.

Azure Sentinel

A perfect fit for Perimeter 81, Azure Sentinel is a cloud-native SIEM and SOAR (Security Orchestration Automated Response) solution that is known for its scalability and ease of use. Now that it can be integrated directly with Perimeter 81, customers will be able to enjoy smart security analytics capabilities and live threat intelligence across their networks and applications.

Perimeter 81 customers will find it simple to set up a Log Analytics Workspace within our platform and link it to their Azure Sentinel solution, providing them with a unified platform that includes our rich array of network and security functions, and now also alert detection, threat visibility, proactive hunting, and threat response.

Perimeter 81 Azure Sentinel Integration

For a guide on how to integrate Azure into your Perimeter 81 platform, see our complete integration guide.

Amazon S3

The popular Amazon Simple Storage Service (abbreviated Amazon S3) helps organizations store their network objects and scale easily as they expand. Offering superior data availability, security, and performance than other leading solutions, organizations around the world rely on S3 to store, manage access to, and protect the enormous amount of data generated by their operations. Perimeter 81 now integrates with Amazon S3, enabling our users to forward data captured on their networks to their Amazon S3 bucket and improve their access controls in pursuit of specific business and compliance goals.

Perimeter 81 Amazon S3 Integration

For users relying on Amazon S3 to capture and who want to gain greater visibility over their Perimeter 81 network data, our handy integration guide makes it simple.

Stay Tuned for More

We’re hard at work adding features that complement our already robust Secure Zero Trust Network as a Service solution. Get in touch with us if there are features, functions, or integrations you’d like to see in the future – and keep an eye out for them!

Read More
SASE_ZT
SASE and Zero Trust Are a Perfect Match
Reading Time: 5 minutes

As more and more organizations are shifting their resources and applications to the cloud, we are seeing how edge computing is changing networks. These organizations must enforce policies on their employees for access to the networks and resources which are now in the cloud or on-premises. Additionally, employees are working remotely more than ever and their employers are seeing more applications and cloud services being consumed outside the traditional workplace. 

With the move to a remote workforce, the outdated hardware we once depended on is creating more issues by the day. The traditional network security architectures and solutions that pinned data to the headquarters of most organizations are a thing of the past. The challenge is that these organizations now need to provide their data and services no matter where their employees are located. 

Today, companies are adopting a more user-centric approach, which will provide a flexible network model for the remote workforce and cloud resources and services which must be accessible for employees around the world. This new model is forcing organizations to implement edge networks, connecting users to networks closer to their location and thus providing a more agile and secure access model to their organizations’ networks.   

To protect these networks, organizations typically shop around in the cybersecurity and network security solutions space, which is highly segmented offering an endless amount of different solutions from many vendors. Instead of simplifying the consumption of cybersecurity, these services are complicating what should be a smooth transition for integrating solutions in an organization’s network environment. The entire security space needs to join forces and offer a holistic approach to cybersecurity, and this is where the idea of Secure Access Service Edge or SASE comes in.

New Kid on the Block

Secure Access Service Edge (SASE), pronounced “sassy,” is a new cloud-based network security model that was coined by research firm Gartner. It combines the different functions of network and security solutions into a unified cloud platform to be delivered as a service without any or very little hardware and appliances required. The key solutions in a SASE platform are ZTNA, SDWAN, CASB, FWaaS and others. This unified platform will help organizations by simplifying secure access to critical resources and networks. The more streamlined model allows IT security teams to easily connect and secure all of their organization’s networks and users in an agile, cost-effective and scalable way.

Gartner also suggests that SASE offerings will offer policy-based “software-defined” secure access with a more agile and flexible networking where security and IT professionals of organizations will be able to customize the level of security, performance, reliability, and cost of every network session based on the identity of each user and prioritization of access needed. 

SASE enables the consumption of integrated secure network security services which promotes the adoption of digital transformation, edge computing, mobile workforces and identity and access management. Further to more advanced security and networking, key benefits include IT productivity, cost reduction, efficiency and flexibility to adopt new business services. Additionally, SASE enable organizations to update their security solutions against new threats and establish policies more quickly for the agile adoption of new security capabilities. For organizations looking to adopt the SASE model for their network security, it’s important to implement a solution that hinges on the Zero Trust approach. 

Zero Trust is a Process, Not a Product

Zero Trust (ZT) is a decade-old security approach that is based on the idea that organizations can’t automatically trust anything inside or outside their perimeters, but instead should verify anything and everything before granting access. They must also keep an eye on users within their borders at all times, and be able to get a warning when (and where) exposure is imminent. This Zero Trust model to secure network access services allows for the delivery of high-security, enterprise-wide network services virtually, and on a subscription basis for small and mid-market to large enterprises.

“Companies cannot afford to trust internal network traffic as legitimate, nor can they trust employees and partners to always be well-meaning and careful with systems and data. To manage the complexities of their environment without constraining their digital transformation ambitions, many companies are moving toward a Zero Trust (ZT) security model — a more identity- and data-centric approach based on network segmentation, data obfuscation, security analytics, and automation that never assumes trust,” states analyst firm Forrester Research. 

When implementing a Zero Trust security architecture, IT managers must isolate resources within their IT infrastructure using micro-segmentation. By dividing network resources at a granular level, organizations tune security settings to different types of traffic and create policies that limit network and application flows to only those that are explicitly permitted. This network micro-segmentation approach allows security teams the flexibility to apply the right level of protection to a given workload based on sensitivity and value to the business.

Today’s digital businesses need security technology partners that offer a range of capabilities that are easy to use and integrate, improve their network visibility and support the ZT model. The modern enterprise places a high value on partner solutions which can apply security controls across environments uniformly and quickly, with features that allow them to modify security policies and access as business needs change. This is where the SASE comes into play with a Zero Trust mindset. 

Zero Trust in a SASE World

Given that the Zero Trust network access model is geared around data access controls and visibility to organizations’ corporate resources, it’s easy to understand why Zero Trust and the SASE model are a perfect match. The two core elements of every SASE platform are its CASB (Cloud Access Security Broker) and the ZTNA (Zero Trust Network Access) solutions. 

By implementing both CASB and Zero Trust organizations can control their users’ activity and access based on preassigned rules created by the IT team. 

This will allow them to fully monitor their employee’s access to the different resources inside their network. But restricting user access to specific cloud resources based on each user or team of users isn’t the only feature that makes Zero Trust so attractive for organizations looking to implement the SASE model. The importance of complete network visibility is also a deciding factor.

As organizations implement SASE platforms with a Zero Trust model that has CASB, ZTNA and Layer7 (the application layer) integrated, IT managers have full control and visibility of user’s access throughout their organization’s networks and applications. Additionally,  any organization’s Zero Trust solution should be easily able to easily integrate with their current IAM – for example Azure AD, Okta and MFA. 

The number of agents required on a device will be reduced with SASE compliant solutions such as Zero Trust Network Access to a single agent or device with streamlined access policies that do not require user interaction while at the same time providing a consistent access experience regardless of the location or resource requested. y providing Zero Trust protection of user sessions seamlessly and consistently on and off the enterprise network, SASE solutions will offer end-to-end encryption as well as web application and API protection (WAAP) services. Using Zero Trust Network Access, SASE platforms will also extend protection to endpoint devices for public Wi-Fi network protection to protect remote workers. This dual-sided approach is crucial as endpoints pile up and expand their reach into organizational networks from afar.

There is No SASE Without Zero Trust 

As we are seeing a massive shift for organizations of all sizes moving to a more modern user-centric model, where the cloud and mobile are the center of attention, we need to adopt an approach that helps them enable better and more flexible security. The model we’ve been waiting for is here and it now has a name; SASE.  

This new approach will allow organizations to easily control their security and connectivity all under one platform. However, we must not forget that the Zero Trust model is a cornerstone of SASE and in a way, is a reason it can be defined as “unified”. Implementing Zero Trust alone is a strategy that gets companies most of the way there, in terms of security, but as this approach is delivered as a service alongside other functions, SASE begins to materialize. In the future, instead of thinking that Zero Trust and SASE are each a stand-alone offer, they will both reinforce each other to provide a revolutionary offering.  

Read More
Telehealth
The Proper Privacy Regulations TeleHealth Needs Right Now
Reading Time: 4 minutes

When the average American thinks of March, the first thing that pops into their mind is the beginning of spring. Unfortunately, in March 2020, life as we know it has changed completely due to COVID 19. While only essential employees are allowed to continue work as usual (with additional regulations), anyone and everyone who is able to work remotely has transitioned from the office to home in order to keep things on an even keel. 

This new remote lifestyle has changed the way we live, work, interact with people, and how we approach doctor appointments as well. The healthcare sector quickly implemented changes to provide a more remote experience to comply with social distancing regulations. 

In order to decrease the amount of face-to-face doctor appointments, on March 17th the Department of Health and Human Services (HHS) announced they “will not impose penalties for noncompliance with the regulatory requirements under the HIPAA Rules against covered health care providers in connection with the good faith provision of telehealth during the COVID-19 nationwide public health emergency.”

This popular move has allowed different healthcare providers to implement some of the most popular communication applications such as Zoom, Skype, WebEx, GoToMeeting, and others. Is this move to provide a remote option for patients the right decision for the current situation? 

The Right Healthcare Solution for the Current Situation

With the increasing rise of social distancing limitations and regulations, telehealth services are seeing an overflow of patients requesting a remote doctor appointment instead of face-to-face. 

As hospitals and governments are urging patients to avoid visiting emergency rooms,  many are turning to the online option of telehealth. The online option allows patients to consult with their doctors and specialists over the phone, video or chat as a feasible option. Telehealth video visits can be a successful tool for remotely monitoring and treating patients with mild symptoms who are staying home. Telehealth providers are easily able to monitor a patient’s symptoms and quickly decide whether they should stay home, go to the hospital, or meet their general practitioner. 

While telehealth has many benefits for patients, it comes with its challenges for healthcare providers – especially the traditional healthcare companies that did not have a telehealth program in place. Similar to scaling an entire company remotely, implementing telehealth programs takes time to establish the necessary technology, recruit doctors, train doctors about the best virtual practices and teach the patient how to use the platform. 

Healthcare providers that have not implemented a telehealth program yet should educate their patients with internal resources to learn more about moving to digital doctor appointments. In order to allow patients to take part in telehealth visits instead of in-person, providers should frequently provide medical best practices through their website, blog and social media to keep their patients engaged and informed.  

HIPAA Solves Privacy Risks

Due to surging increase of patients who are turning to telehealth services it comes with many privacy risks. Instead of doctors having previous knowledge of the patient’s medical history, the patients will need to explain more in-depth to their new doctors due to the lack of medical records on hand.

The lack of updated records on patients creates a massive privacy issue between the doctors and the telehealth platforms which they are using. Due to the history of healthcare’s super sensitive regulations for sharing records and the restriction of sharing patients’ data, this presents a problem for telehealth platforms. By sharing sensitive data over a communication app it creates an opportunity for hackers to be a fly on the wall of these more vulnerable conversations between doctor and patient, since communication apps may sometimes be easily breached and represent a trove of valuable patient information. Additionally, hospitals and healthcare providers need to double down on IT and cybersecurity to fight off potential privacy risks. This is where HIPAA comes into play. 

healthcare stat

Over the years, healthcare has been an attractive target for hackers trying to breach patients’ sensitive records. While medical data and records are some of the most delicate pieces of information out there, the healthcare industry has the right compliance regulations in place. HIPAA and other regulations have been around for years but since the HHS weakened the previous compliance regulations, telehealth is now a more attractive target for hackers.

Now that the government has become more lenient with telehealth regulation rules, enforcing HIPAA with telehealth communication is the right move to provide better privacy for patients.

The Health Insurance Portability and Accountability Act (HIPAA) requires medical providers to adopt data security in order to protect their patients’ information from disclosure. The HIPAA regulation requirement of encryption initially sounds a bit confusing, however, it’s much more simple than suggested. The HIPAA encryption requirements for transmission security state that covered entities should “implement a mechanism to encrypt PHI whenever deemed appropriate.” 

In other words, majority healthcare organizations are required to be HIPAA compliant and each provider needs to have some level of security for PHI. Healthcare providers are required to encrypt their data unless they can justify why they can’t implement encryption and can provide an equal alternative.

Achieve HIPAA Compliance with Secure Solutions

Tasked with choosing the best way to store, access and back up electronically protected health information, many healthcare technology companies and providers are looking at cloud computing. Adopting cloud-based Network as a Service technology is a great choice in comparison to traditional hardware-based solutions, as it offers scalability, affordability and increased compatibility with cloud storage environments. But remember, the security service you choose must be SOC 2 type 2 compliant and ISO 27001-compliant and have signed multiple HIPAA BAAs. With these checks in place, a Network as a Service solution like Perimeter 81 for healthcare can offer a highly effective solution for any organization’s HIPAA compliance needs.

TeleHealth is the Future

As we are experiencing a global social distancing, telehealth is quickly evolving, as is the way that it presents a remote option for healthcare services. However, potential privacy and security risks could decrease its value moving forward. Soon, we should begin seeing more government bodies authorize and create federal telehealth privacy and security protocols which will help healthcare providers avoid risks to their patients and better show the numerous benefits telehealth has to offer. With the help of the government and best privacy and security in place telehealth will have that added security to fight off hackers, and be able to shrug off questions about its security.

Read More
New Product Update: DNS Filtering and Data Centers
Reading Time: 4 minutes

The dilemma that Perimeter 81 has always sought to address is simple: In a world where mobile and cloud have moved the network perimeter, how do we provide a complete, scalable security solution that moves along with it? 

With our Zero Trust Network as a Service, we’ve so far helped IT teams to pivot their security strategies around users rather than sites or resources, and this month we’re excited to introduce a new feature that makes it easier to implement this type of agile network security.

Perimeter 81’s new DNS filtering tool is a great addition to the array of network security features we offer in our Zero Trust NaaS, but it’s also one of the first one to be offered as a part of our vision to build a complete Secure Access Service Edge (SASE) platform. 

Thanks to our highly talented team, and some excellent feedback from our users, we can now offer DNS filtering immediately. We’re excited to show you how to use it to more effectively secure networks for your remote and on-premise employees. 

DNS Filtering Feature Goes Live

With a user-centric approach to network security, it’s easier for IT teams to monitor and stay aware of those accessing their organization’s resources, but it’s often not enough. Active measures for blocking entry to certain websites is a cornerstone of any truly secure access management model. This is especially true when hackers create over 300,000 new pieces of malware every day, and when at any given time, it’s estimated that a full 1% of the internet’s 1.5 billion websites are infected.

Being aware of risky internet browsing habits does little to secure your network against the malware that often lurks on these sites – gambling, pornography, and others. This is why as of March 2020, DNS filtering is being rolled out to customers of Perimeter 81 who are using the Premium or Enterprise plans. 

How Does DNS Filtering Work?

Activate DNS filtering on your Network page.

We recognize that the Domain Name System, or DNS, is used for mapping written URLs to IP addresses, and DNS filtering can be used in the same processes for an opposite result. By typing a URL into your Perimeter 81 DNS Filtering dashboard, you’re telling the DNS Resolver not to resolve the website associated with its IP address and display in internet browsers. 

Instead, Perimeter 81 steps in and tells it to show a custom page indicating to the user that the content they’re trying to access is blocked. There are a few ways that IT teams  can broaden or narrow which sites are blocked on network-connected devices.

This is what employees will see when trying to navigate to a blocked URL.

Blacklisting: When any URL is entered into a browser, the DNS Resolver receives a query, and if the name matches any of those that have been typed directly into the Blacklisted URLs field in Perimeter 81 (or uploaded as part of a list), then it cannot be reached by users. 

Whitelisting: Web filtering also acts in the other direction as a whitelisting tool, which gives IT administrators more control over the list of web destinations that employees are allowed to access. This two-pronged strategy is vital for herding users away from the bad and towards the good.

Category-Based Filtering: It’s easy to block access to the most popular and often compromised websites by category. Social media, pornography, news sites, gambling and gaming sites, and other categories can be removed in their entirety, and then supplemented with individual additions to either the Blacklisted URLs or Whitelisted URLs fields.

Why DNS Filtering is In Demand

The primary goal of DNS filtering is to block access to resources which shouldn’t be accessed from the company’s network, whether from a PC or user devices that may be accessing resources thanks to a BYOD policy. Blocking serves many purposes, sites may be malware infected, copyright-infringing sites, or just distracting sites. People use their personal devices differently than they do a work laptop, for example, and thankfully web filtering has utility for blocking malicious websites but also phishing emails.

  • Block websites: Compromised websites can go about infecting you with malware in many different ways. A drive-by attack simply downloads the malware onto your employee’s computer once the page loads, for instance. It may also try to trick them into downloading malware by clicking a button or banner.
  • Phishing emails: A phishing email is intended to get the recipient to go to a fake, yet official-looking website. If the DNS filter is aware of the most notorious fakes and phishing domains it can save a fatal error from being made, and block access to the problematic domain immediately.

More Gateways in New Places

We wouldn’t leave the update at DNS Filtering. Network security features must also be applied efficiently and non-intrusively across networks of any size, granting remote access that is as fast as it is expansive. In pursuit of this need, and thanks to requests from our loyal customers, we’ve continually strengthened our global backbone of data centers (and plan on continuing this trend) by adding the following gateway locations:

  • Helsinki
  • San Jose
  • Fremont
  • Mumbai

Six will be added in the very near future, bringing the total new data center additions to ten.

Sprinting Into 2020

We’re confident that these updates, and those coming in the future thanks to the combined power of SonicWall and Perimeter 81, will bring a better experience for users and we stand by to help you implement them. With a quickly expanding toolkit of network security features, our race towards a holistic, cloud-based SASE platform is happening at a breakneck pace, so stay tuned: It’s only a matter of time until we announce the next steps toward the future of network security.

For a free demo to see how DNS filtering and other Perimeter 81 features work in real-time, click here.

Read More
Security tips
The 7 Top Security Tips While Working Remote
Reading Time: 5 minutes

The curtains have opened on 2020, and the scene depicted so far has been difficult to observe.  In early March, COVID-19 literally took over the world, halting our day to day activities full stop. After some negligent optimism and resultant consequences, the 11th of the month saw the World Health Organization finally declare the Coronavirus to be a pandemic, forcing governments worldwide to come to terms with the outbreak and institute measures that would “flatten the curve”.

Countries closed their borders, disallowed public events, forced all nonessential businesses to close their doors and instructed that their employees work remotely. Some jobs cannot be done remotely while others can, and while the former have caused economic chaos the latter simply wreak their havoc on networks.

The primary strategy called social distancing goes hand-in-hand with working remotely, and has been one of the key tactics in limiting the spread of the coronavirus, yet this new way of doing things has its distinct disadvantages. While some experts might say lack of productivity is the biggest issue of the remote workforce, I think security is the biggest issue. 

This is especially true with remote workers and the additional network security challenges and risks it presents. We talked to different security experts who explained this notion, and provided their best security tips when working remotely. Without further ado, here are the top security tips for organizations to follow to fight off any untimely attacks from malicious actors.

Only Connect to Trusted Networks 

Accessing sensitive resources over public Wi-Fi or an unknown connection can prove risky to your remote employees as these connections are easy to hack. Hackers can easily gain access to the company’s confidential and valuable data when employees are connecting to public networks. 

“Many newly remote workers don’t have a dedicated home office and have to go to coffee shops or other public areas. However, public Wi-Fi is incredibly insecure and can leave you and your company exposed — no matter what industry you’re in. The best practice when working outside your home is to use your phone’s personal hotspot as well as a business VPN. While VPNs can sometimes slow your connection, a phone’s 4G or 5G service is almost as fast as your home network access, so it won’t be terrible and could mean the difference between your company getting hacked or not.” – Michael Alexis, CIO of Team Building

Use Multi-Factor Authentication (MFA)

Multi-factor authentication (MFA) is one of the key technologies in use today for verifying the identities of users. MFA requires that a user requesting access provides not only something that they know (their credentials) but also something that they have (their personal device).

“There are shortcomings with 2FA, as hackers can bypass wireless carriers, intercept or redirect SMS codes, and easily compromise credentials. Multi-factor authentication is more secure as it adds an additional layer of protection. Instead of  just asking for a username and password, MFA requires additional credentials, such as a code from the user’s smartphone, the answer to a security question, a fingerprint, or facial recognition.” – Aaron Zander, Head of IT of HackerOne

Adopt a Password Manager 

The expectations for secure passwords have undoubtedly increased in recent years. Using common and frequent passwords have enabled hackers to access millions of accounts annually. This is why many experts are recommending that employers encourage workers to use a password manager. 

“If office network permissions previously gave you unfettered access to work software, now you may be required to enter a variety of passwords to gain access. If your workplace doesn’t already offer a single sign-on service, consider using a password manager. It will be much more secure than a written list of passwords left on your desk.” Pieter Arntz, Malware Intelligence Researcher for Malwarebytes Labs.

Use a VPN Alternative like SDP

With more and more organizations enforcing work from home with the current situation, many of them are thinking of implementing a legacy VPN. Network-security-wise, VPNs are not the right route to take and far from an adequate magic bullet – especially as workers go remote and resources move to the cloud.

“Traditional VPN services are too lenient when it comes to visibility and security features. This results in your network and resources becoming more receptive to compromise by hackers. Instead of providing your employees with a traditional VPN, you should adopt an organization-wide Software-Defined Perimeter solution. Implementing a Software Defined Perimeter will allow you to restrict network access and provide customized, manageable and secure access to networked systems. Additionally, in the Zero Trust least-privilege model encouraged by SDP, each employee will gain secure access only to the organizational resources they need for their roles. This drastically reduces the attack surface.” Amit Bareket, Co-Founder and CEO of Perimeter 81

Practice Smart Email Security Methods

Email is the most popular method of communication on the Internet – maybe even on the planet. However, its popularity comes with risks. Hacking emails or phishing attacks are some of the oldest tricks in the book for hackers. It’s therefore important that remote workers know the best email security practices. 

“Whenever you receive an email — even when it’s from your boss, a colleague, be sure to check the sender “From” field and also hover over any links or attachments before engaging with them. Phishing is commonly used to spread malware and to infiltrate businesses’ networks and databases and can be used to pull off business email compromise (BEC) scams. You can also use an email signing certificate (S/MIME) certificate to increase email security.” – Casey Crane, Cybersecurity Journalist at Sectigo

Don’t Use Work Devices for Personal Needs 

Easier said than done, we know, especially when the mirror image of this rule (BYOD, or Bring Your Own Device) is so prevalent. Still, just as it’s important to carve out boundaries between work life and home life while working from home, the same is true of those devices you use in these settings.

“Make sure that you have a malware protection software installed to monitor activity and keep out unwanted intruders. Also, make sure both your personal and business data are hosted on a secure platform that encrypts the files. Ideally, look for a platform that has built-in security timeouts if a device is left inactive too long and allows you to wipe data remotely in the event that your device is lost or compromised.” – Brian Schrader, Co-Founder and President of BIA,

Get Security Hygiene Training 

Fighting off potential attacks from hackers is largely a matter of identifying their attempts, and employees can do so with a little security training. The more trained your organization is with the best avoidance practices, the more the chances of an attack on your network and organization decrease.

“Train and educate your employees about security awareness and protecting company information. Be sure to include situations that are unique to remote workers that wouldn’t normally show up when working on-prem, such as the dangers of using free public Wi-Fi. Instruct employees to disable Wi-Fi and Bluetooth services when not in use, to prevent their devices from connecting to unknown (and possibly malicious) networks.” – Darren Guccione, CEO of Keeper Security

Working Remote, Securely 

With the right amount of security technologies and rules in place, IT teams can add an additional layer of defense versus hackers, and supplement it by encouraging more security hygiene among the workforce. The tips provided by the different security experts above should help your employees work safely and securely no matter where they choose to log in. Take a proactive approach to network security in these days of remote access, and it will continue paying dividends well into the future.

Read More
Can Zero Trust Redeem Fintech?
Reading Time: 5 minutes

Though the ripples are gentler than they once were, the wake of the 2008 financial crisis is still felt today. Financial regulators around the world have since adopted laws that increase transparency and scrutiny alike, making it difficult for traditional banks to operate as opaquely they once did. This has opened the market wide for tech-assisted financial services that people like to refer to as fintech.

It’s a mistake to assume that fintech innovations come from independent programmers or garage development shops, though it has lowered the barriers to entry for providing financial services. Almost all of the world’s biggest banks and institutions invest heavily in fintech for their own products in order to stay competitive, and accordingly the market is enormous, estimated to claim upwards of $4.7 trillion of the sector’s total revenue

However, opening a market may also mean exposing something within it, and alongside a rash of serious breaches in the last decade, fintech’s pace of innovation is now threatened by its inability to be a trustworthy custodian of customer data.

Technology Both a Catalyst and a Cure

The fintech sector is responsible for many new ideas, some of them the same types of products and investment instruments we already have, like loans, but improved. Others, like crowdfunding, robo-advisors, and mobile payments are new and could have only existed with the addition of technology. An online lender that uses an algorithm to match someone’s credit profile with applicable lenders, do a credit check, and approve the loan within 24 hours is a good example.

Despite convenience, a series of serious data breaches in the sector have customers thinking more about how complex fintech services like this handle their data, and regulators’ ears have perked up as well. Credit and identification details must be entered into an online database, trade hands, and be processed and sometimes stored and shared externally. It may result in an approval a hundred times faster than going into the bank, meeting with a loan agent and filling out forms, but it comes with risks that customers shouldn’t be forced to consider.

Even after GDPR laws went into effect, cyber attacks on EU companies increased to a rate of one attack every five minutes, and these days the bigger the company the harder they fall, with damage that’s both hurtful to their brand and to the bottom line. For organizations in the sector, innovation and the intricacy of data structures has resulted in growth, even if customer trust lags behind. Regulations like GDPR and MiFID II are pushing against this notion, just in time for technology like Zero Trust security to provide an answer: remove trust from the equation altogether.

Zero Trust: Few Can Step Into the Vault

What’s so safe about a brick and mortar bank? Cameras are there to watch all entrants and occupants at all times. The money is tucked away behind layers of security and many walls and floors. Only a few employees have access to the vault – where the customers’ most sensitive possessions are – and there are alarms everywhere. How can online financial services providers redeem this level of security?

At a time when hackers are more clever than ever and regulations are boosting enforcement, Zero trust security solutions represent a redemption. In terms of product, Zero Trust is a platform integrated across financial service providers’ networks to enable a superior level of protection for all the data their employees even get close to touching. It accomplishes this by giving IT control over which employees have access to certain parts of the network, and gain oversight over who enters it and what they do.

Using Zero Trust solutions, finance companies and banks can regain the confidence of the market, move faster towards growth and tech initiatives, and take a zero-tolerance approach to compliance, ending an era where data breaches are the new normal. There are three ways it can do so:

With segmented policy access: Don’t give every employee the key to the bank vault. This makes each employee as big a risk as the last, no matter their personal security hygiene. For a platform that helps someone do their taxes and submit the correct forms, an accelerated personal lender, or even a regular online bank, Zero Trust creates specific user access policies at the individual application and even file level, rather than providing full data access to any employee with a password. 

Employees of financial institutions only have access to the least amount of sensitive resources required to do their jobs, and no more. This significantly reduces the number of relevant targets for hackers, and lessens the impact of employees with poor security habits. Access is often synonymous with speed, however, and so banks with staff who wear multiple hats – a necessity in this era of customer convenience – can rely on other aspects of Zero Trust.

By monitoring the network: The equivalent of cameras to watch and record all corners of the bank, activity monitoring features are a central aspect of Zero Trust and run constantly when users are connected to the network. Suspicious activity is more visible to IT, which can then prioritize the threat and close the gap if necessary. Zero Trust also means zero tolerance, after all, so having proof of what occurred on the network in black and white is necessary for ideas that are crucial for financial services companies, such as compliance reporting. A central management dashboard reduces the manpower requirements of monitoring and also can funnel data to other processing tools that look for deeper insights. 

By securing network access: Though resources like files and applications can be segmented with the least-privilege principles of Zero Trust, it still benefits security to install multiple layers of identification and protection at the edge of the network. Encrypted IPSec tunnels, provided by a standard enterprise VPN or business VPN, stretches across the network and cloud and requires employees to first connect through an application before being allowed inside. This also offers the chance to integrate other network-wide features such as automatic Wi-Fi protection (which cuts the internet off should the VPN connection fail), multi-factor authentication for extra device-based security, and web filtering tools that limit what network-connected devices can access on the internet.

Trust is an Achilles Heel

With these tools, IT teams at banks and fintech companies can safely abandon the defenses they used to post at the network perimeter. Zero Trust lets them build a more agile, aggressive security apparatus which refocuses on users and employees instead. That’s an important milestone when the reality of financial breaches is that it’s often sloppiness or negligence that exposes customer data, not an intrepid hacker genius. For Equifax and JP Morgan, failure to patch and install 2-factor authentication on crucial servers, respectively, caused irreparable breaches of customer data and industry damage. 

Hackers search endlessly in repetitive fashion across employees, devices, and systems for these kinds of human errors, and so an idea like Zero Trust not only makes gaps less common, but also reduces their impact and improves accountability. It’s the type of safety net that helps organizations like healthcare providers and financial service providers and meet compliance expectations confidently, and meet the pace of innovation they’ve so far set for themselves without looking back.

Read More
press release image
Perimeter 81 Closes $4.5M Series A Extension Round to Further Accelerate Market Adoption of Cloud-Agnostic Network Security Offerings
Reading Time: 2 minutes

Latest Investment Led by Toba Capital Brings Network Security Disruptor  and Emerging SASE Leaders’ Total Funding to $19.5M in Less Than One Year

TEL AVIV, Israel, March 11, 2020Perimeter 81, a leading Secure Access Service Edge (SASE) provider, announced today that it has completed a $4.5 million Series A extension round, bringing the company’s total funding to $19.5 million raised in under twelve months. The round was led by Toba Capital, a US-based early-stage investment firm focused on high-growth technology companies. Existing investors also participated. The financing will help support Perimeter 81’s rapid growth and accelerate the development and go-to-market strategy of its holistic, cloud-agnostic Zero Trust Secure Network as a Service.

Perimeter 81 simplifies network security for the modern and increasingly remote and mobile workforce. Since its 2018 inception, the company has emerged as a SASE leader and grew 450% in 2019. Named a Deloitte Technology Fast 500™ for EMEA and a Gartner Cool Vendor, Perimeter 81 has gained immediate market traction and quickly acquired more than 620 clients — including Fortune 500 companies and some of the most prominent organizations in government, entertainment, technology and AI.

“Legacy network infrastructure has proven unable to support the modern security requirements of the modern workforce, creating a global need for unified security and network platforms that are cloud-based and easy to use,” said Perimeter 81 CEO and Co-Founder Amit Bareket.  “As corporations of all sizes increasingly work in remote environments and rely upon the cloud to run their businesses, they need new ways of consuming security to effectively prevent cyber-attacks regardless of their location or network environment. The investment from Toba Capital will enable Perimeter 81 to grow even faster, add additional security features and fulfill our vision to fully bring network security into the cloud.”

Perimeter 81’s user-centric and highly intuitive Secure Network as a Service enables businesses to more easily secure access to local network resources, cloud environments, and business applications using a 100% cloud service. Over the next few months, Perimeter 81 will add user and branch internet security, branch interconnectivity and endpoint security to its offering. In February 2020, the company unveiled a new Secure Access Service Edge (SASE) platform that combines its Network as a Service offering with advanced cloud security capabilities licensed from SonicWall.

“Rapid, global adoption of the cloud and widespread employee mobility are driving a radical transformation of security infrastructure including the replacement of traditional firewalls and unification of network and security services under a single SaaS and cloud-based platform,” said Vinny Smith, Managing Partner, Toba Capital. “Perimeter 81 is at the forefront of this shift to deliver an innovative and consolidated network security platform that simply and securely connects employees to their company’s resources and to the Internet. In the past year, they’ve met and exceeded several strategic milestones and Toba Capital looks forward to supporting their continued growth and market adoption here in the U.S.”

About Perimeter 81

Perimeter 81 is a Zero Trust Secure Network as a Service that is simplifying network security for the modern and distributed workforce. Based in Tel Aviv, the heart of the startup nation and a global hub for innovative technology development, Perimeter 81 was founded by two IDF elite intelligence unit alumni, CEO Amit Bareket and CPO Sagi Gidali. Perimeter 81’s clients range from small businesses to Fortune 500 corporations across a variety of sectors, and its partners are among the world’s foremost integrators, managed service providers and channel resellers. Earlier last year, Gartner selected Perimeter 81 as a Cool Vendor in Network and Cyber-Physical Systems Security. For more information, visit www.perimeter81.com

Read More
Employers See Rising Number of Remote Workers During Corona Scare
Reading Time: 5 minutes

 

In late January, the World Health Organization declared the Coronavirus outbreak an international health emergency, and on March 11, 2020, they officially declared the virus to be a pandemic. It’s the first time the organization has declared a pandemic since the H1N1 “swine flu” in 2009. Though the numbers keep rising, currently over 315,000 cases have been reported in 109 countries, and over 13,500 have died from the virus.

While people think coronavirus is a new outbreak of disease, it is actually a common thread of various, known viruses. Officially named the 2019 Novel Coronavirus, or Wuhan Coronavirus, this latest and ongoing outbreak contains the most severe type of the virus. Some of the symptoms include coughs, sore throat, vomiting, lack of breath, and fever. A respiratory illness, the severity for patients has ranged from a mild cold to very serious symptoms that can (and do) lead to death. These symptoms tend to occur between 2 to 14 days after being infected. 

The effects of this particular coronavirus have put a spotlight on the need to protect employee health and that of their organizations. Accordingly, remote work has gone from an already popular workplace strategy to a necessary one for companies worldwide. Organizations that have contact with people affected by the Wuhan strain of coronavirus need to consider how to restrict their employees from being in physical contact with each other and potentially infected individuals. As a central tenet of this strategy, gatherings of large numbers of people in public places or in the office should be avoided as much as possible. 

A clear example of this precaution is the recently canceled World Mobile Congress. A majority of vendors decided to pull out of the event and its organizers requested that the city of Barcelona declare a state of health emergency, due to numerous attendees coming directly from the epicenter of Wuhan Coronavirus’s origins.

Coronavirus Has Boosted Remote Work

The concept of working remotely or working on the go isn’t a new trend, and has largely become the status quo for modern organizations. Allowing employees to work “off-campus” is a perk that has mutual advantages for both employees and organizations, and this is why 61% of organizations allow staff the privilege of remote work.

According to Harvard Business Review, ““A key takeaway from our research is that if a work setting is ripe for remote work – that is, the job is fairly independent and the employee knows how to do their job well – implementing WFA (working from anywhere) can benefit both the company and the employee”. This trend is only increasing, and has already grown 159% since 2005 – skyrocketing past the growth of the rest of the workforce.

In places like the UK and USA, the prevalence of flexible work policies runs parallel with employee preferences.

This is no surprise, as managers and executives have found that implementing a remote work policy improves productivity so much that it’s easily measurable, with the estimate that flexible work models will save organizations up to $4.5 trillion in the US alone by 2030. One part of this more tangible productivity is sick days, which traditionally cost organizations significantly when they need to be used, but are reduced by over 13% among remote workers. Another measure is retention. It comes as no great shock that when 70% of potential hires consider remote work flexibility a top priority as to whether or not they’ll join, that organizations who do offer it will retain employees with 10% greater efficiency in 2020.

A New Purpose for Remote Work

To fight off the spread of Coronavirus, organizations are enforcing remote work as a necessity instead of a privilege. Around 60 million people in China were forced to work from home in January as the government tried to contain the virus. Most recently, with the global spread of the virus, major tech giants have begun to follow suit. Twitter has asked all of its international employees to work from home, and Amazon, headquartered in Seattle, now labeled “America’s Corona Virus Capital,” has begun planning remote access stress tests for all employees.

Over the past ten years, organizations around the globe are increasing and expanding opportunities for remote work due to the need for an agile workforce spurred on by new technology. Yet despite the advancement of tech and the tools that create an increasingly mobile workforce, the trend comes with risks that have more to do with network health than personal health. 

More Remote Workers, More Security Holes 

The burgeoning remote work paradigm is creating countless security gaps for organizations. While remote workers might be easier targets for hackers, all employees must be aware of the different attacks that will exploit human behavior to open the door for hackers. One of the easiest attack vectors is unsecured Wi-Fi networks. 

When allowing employees to work remotely, organizations must clearly outline those remote employees’ responsibilities regarding IT security best practices and the importance of data protection. To provide another layer of defense vs unauthorized network access, organizations must implement remote-worker-specific security policies which include device monitoring, multi-factor authentication and Wi-Fi security.

Today the majority of global organizations still depend on legacy hardware-based VPN technology for secure network access and access to cloud resources on different networks.  These site-centric and hardware-based network security appliances that we’ve relied on for the past 30 years are no longer adequate in securing remote and on-premise access.

In providing secure network access to remote workers, organizations need to create and implement different security strategies to fight off different attacks on their network and resources. The user-centric Zero Trust security model enforces multiple layers of verification before granting resource access to any user.

Additionally, by implementing a solution that offers Software-Defined Perimeter architecture, organizations are helped to deploy perimeters globally while retaining the traditional model’s value of invisibility and inaccessibility to “outsiders”. These can be deployed anywhere – on the internet, in the cloud, at a hosting center, on the private corporate network, or across some or all of these locations.

Security Hygiene and Health Go Hand in Hand

To prevent remote access risks such as a sudden movement of employees off-premises in order to fight off Coronavirus, organizations should implement Software-Defined Perimeter technology and the Zero Trust model to ensure secure access by authorized devices, users and locations. They should also seek services that include advanced or even automatic Wi-Fi security features, ensuring employee communications are encrypted across all Internet connections. With the right security tools in place, organizations can ensure that only authorized connections are being established while leaving their cloud environments completely hidden from attacks, giving networks as clean a bill of health as their users.

 

Read More
One Small Step for SASE: Perimeter 81 Lands at RSA 2020
Reading Time: 3 minutes

After a record-breaking and thought-provoking 2020 RSA conference, we’re excited to gush about Perimeter 81’s successes and reminisce on the latest security trends – not to mention the adventures we had in sunny San Francisco. 

While it will be impossible to cover all that was discussed during the countless visits to our (literally) stellar booth, some of the most important highlights can definitely do our accomplishments justice.

RSA Revs Up

Over 650 companies attended this year, and the space was a loudly buzzing forum for security-centric activity and discussion. Despite the hubbub, we grabbed a significant amount of attention from thousands of curious event-goers, and so our team was constantly on their feet demonstrating the advantages of Perimeter 81’s Secure Network as a Service platform.

VP of Customer Success Daniel Goldfeld, deep in conversation.

The Crown of the Conference

Though RSA is where “the world talks about security”, our booth design was the real talk of the town. 45,000 people attended RSA this year and thousands were drawn to our space-themed booth, which was the biggest we’ve ever had. With asteroid beanbags and an anti-gravity prize display, it was pretty hard to miss. Just ask this enthusiastic visitor:

It was even harder to miss the intrepid Perimeter 81 team, outfitted with some sassy SASE jackets to signify that we’re already far along on our expedition to take network security to places it’s never been – and beyond. Secure Access Service Edge is the way the security sector’s rocket ship is headed: a unified cloud-based solution for both network and security.

The team, fully outfitted, flexing on the streets of San Fran.

The “SASE Squad” wore our colors around town as well, and it wasn’t just for the famously temperate San Fran weather (but they did help). Though we had tons of fun exploring, seeing the sights, and eating our way through the city, as always it was important to balance work with play. And work we did.

Leading the Discussion on Network Security

Our presence as an industry leader was exemplified during panels in which our CEO Amit Bareket and Director of Business Development James Alvarez led their respective conversations, perking ears and drawing crowds as they outlined the biggest issues in network security that organizations face and talking with other industry leaders about what the future will look like.

The panel left our fearless leaders a bit hungry, but they’re not the type to dismiss an opportunity when it comes into their orbit. Accordingly, they managed to find time to grab a quick bite with security expert and prolific author Richard Stiennon, who quickly found himself deep in conversation with the two executives, and was generous enough to give them a copy of his Security Yearbook 2020: A History and Directory of the IT Industry. Cheers Richard!

RSA 2021 Here We Come

Given the skyward trajectory of Perimeter 81’s ship, we’ve already booked a booth that’s double the size as this year’s for RSA 2021, and we look forward to showing off our complete, fully unified Secure SASE platform. See you there!

Read More
ZT_Healthcare
Zero Trust a Frontline Defense Against Healthcare Attacks
Reading Time: 4 minutes

To optimize their nefarious efforts, hackers often employ the admittedly logical strategy of targeting only the most lucrative sources of personal information. With this in mind, medical records bring a particularly greedy gleam to their eyes. The value of a stolen healthcare file is quite literally ten times that of standard identity theft, with hackers able to squeeze about $2,000 out of a hijacked identity, on average, while the amount and type of information contained in one’s medical records often means profits of up to $20,000.

For hackers, Personal Health Information (PHI) is a veritable treasure trove of rubies, sapphires, and other precious gems in the form of birthdates, family names (useful for cracking passwords), social security and tax identification numbers, and other data tied to receiving medical care. The value of this information is hard to overstate, but multiple other factors have compounded to make PHI more vulnerable than it should be. Healthcare providers struggling with the security of their patients’ data are now beginning to realize the solution is right in front of them: don’t trust a soul.

PHI and Hospitals: A Perfect Storm

A volatile mixture of factors has created the biggest ever hoard of hackable personal data – and it’s in the hands of the industry least prepared to cope. Complete medical files contain identifying data that is nearly impossible to change on the fly, such as one’s SIN. Once this information is exposed, the lengthy time to a resolution offers hackers days or weeks to defraud patients before the tap runs dry. Moreover, the haphazard implementation of IoT devices and other machines used in patient care give hackers a way to affect patients’ health, and not only their wallets.

 Image from Comparitech, 2020

In attending to those under their care, hospital staff are overworked and simply don’t have time to consider the implications of their substandard security hygiene. Their priority is to utilize the complex and precariously stacked array of applications, network resources, and internet-connected devices that help them do their jobs. Any downtime is a health risk, and so resistance to multi-factor authentication and other best practices is the norm. In networks with multiple attack vectors, highly valuable data, and negligent (if well-meaning) workers, it’s clear a low-touch security strategy is necessary to raise the lowest-hanging fruit out of hackers’ reach.

Zero-Trust is the Exclusive Answer

One of the most glaring trends to illustrate this idea is that it took until 2017 for the majority of breaches to originate from hackers, rather than by individual security mistakes within healthcare organizations. Though healthcare had been a ripe target for hackers long before then, that sheer insider negligence outpaced intentional breaches for so long is a scary thought – especially for providers who put a premium on HIPAA compliance. In one particularly cringe-worthy example, it took a whopping 14 years before a PHI breach was discovered and closed.

Providers in the healthcare industry are now forced to confront the fact that their highly-educated workforce simply doesn’t have the security education to be trusted. Many are therefore adopting Zero Trust as a network access model, which takes a different approach to security. In traditional network security solutions, once a doctor had the authorization to enter the network, he or she was trusted within every corner of it, full stop. Accordingly, at a time when one in five healthcare workers are willing to sell PHI for as little as $500, Zero Trust is key.

Why Trust is Obsolete

Zero Trust is aptly named because it enables IT managers to implement a security model where absolutely no one is trusted, and all who enter the network are both allowed only into the places they’re supposed to be and monitored at all times. If you don’t need to see certain parts of the network, you can’t, nor can you do anything compromising inside it without setting off alarm bells in the IT room. For regulatory compliance such as HIPAA, this level of vigilance isn’t frivolous, it’s necessary.

In hybrid-cloud environments like the ones commonly implemented by healthcare providers, Zero Trust is much safer than perimeter-centric security models simply because the perimeter is no longer there. It’s constantly moving, and constantly being accessed by a range of devices and people with varying degrees of protection. As Zero Trust segments users only into the areas they absolutely need to be in, the number of accidental insider breaches and those coming from the outside are decimated. 

The idea behind Zero Trust is one thing, but arriving there is another. Healthcare providers should look to network security solutions that implement a Software Defined Perimeter (SDP) as their foundational step towards winning the ongoing cyber war. Supplementing this SDP solution with security awareness education is also important. Healthcare workers need to recognize that they face daily threats regarding data security, and to learn what their role is in securing the network. This dual-edged strategy is robust, but it will never stave off hackers entirely; PHI is just too lucrative. What it will do, however, is make hacks expensive and difficult enough to dissuade bad actors, shooing them away to the next most vulnerable industry. Better there than here.

Read More
ddos-attacks
The Psychology Behind DDoS: Motivations and Methods
Reading Time: 5 minutes

DDoS attacks, also known as distributed denial of service attacks, are one of the oldest internet cyberweapons used today by everyone from hacktivists and governments to disgruntled video game players and thrill-seekers purely for personal enjoyment. The attacks disrupt access to web sites and servers or take them offline completely by using co-opted online resources such as zombie PCs and servers or Internet of Things (IoT) bot networks that flood and overwhelm victims with online traffic.

If you want to take a network off the Internet, the easiest way to do it is with a distributed denial-of-service attack,” says security researcher Bruce Schneier. “These attacks are not new: hackers do this to sites they don’t like, and criminals have done it as a method of extortion. There is an entire industry, with an arsenal of technologies, devoted to DDoS defense. But largely it’s a matter of bandwidth. If the attacker has a bigger fire hose of data than the defender has, the attacker wins.”

Although individual and group motivations may differ, DDoS attacks have the same objective: take a target server or servers offline with internet traffic until the internet services are no longer operational. DDoS targets range from individuals to government organizations and businesses such as e-commerce sites, banks, stock exchanges, credit bureaus, gaming sites or internet service providers.

DDoS Attack Psychological Motivations

The motivations and psychology behind DDoS attacks vary. They span financial or economic benefits, revenge, ideological beliefs, cyberwarfare or even solely personal enjoyment. Large scale DDoS cyber attacks tend to be the result of group efforts, as opposed to individual actors, with a specific goal or agenda in mind.

DDOS graph

 Images from Elsevier Inc, 2015

The majority of DDoS cyber-attack psychological motivations fall into several categories:  

  • Financial gain or economic benefit. DDoS attacks against e-commerce sites and banks is a growing trend, especially during the holidays, according to technology industry research firm Forrester. And extortion or blackmail is another motivating factor to use DDoS attacks. Using DDoS attacks as a financial weapon is also a favorite technique for hackers who demand Bitcoin via email to stop the onslaught of traffic.
  • Revenge. It’s a DDoS attack motivation used against companies, organizations, and individuals where victims include non-profit organizations, community colleges, courts and law enforcement entities, or journalists. In most cases, the disgruntled individual or group behind the attack has a goal of inflicting damage for a perceived wrong.
  • Ideological belief. Also known as hacktivism, some attackers become motivated to attack political targets because of their ideological beliefs against a nation-state or government policies. This motivation has become an influential reason behind many DDoS attacks where independent “hacktivists” DDoS government websites to cause outages and disruption. In January 2019, Zimbabwean government-related websites were hit with a DDoS attack by hacktivist group Anonymous protesting internet censorship in the country.
  • Intellectual challenge. Some attackers DDoS web sites to demonstrate their technical capabilities skills. DDoS tools and even services are available via the Dark Web making it easy for attackers to deploy and experiment with the latest technologies such as automation and botnets against targets.
  • Personal Enjoyment. This type of DDoS attack falls under the category of cyberbullying and trolling. It’s intentional and meant to be either fun or vindictive (or both) while at the same time demonstrating the power to disrupt a web site or network.
  • Cyberwar. Used for political and military advantage, cyberwarfare is normally associated with nation-states. It’s designed to inflict economic or physical impact on its targets. Groups that use cyber warfare strategies and tactics and are well-trained, organized, and belong to government militaries or terrorist organizations. Many world governments have devoted significant resources and time to conduct attacks that have disrupted an adversary’s online and critical infrastructure.

DDoS Attack Methodologies

DDoS attacks consist of three major phases and four different sub-components, according to researchers. The sub-components are an attacker, multiple control master or handler computers, multiple “slave” computers or botnets, agents, or zombies, and a victim or target machine. 

In the first phase of a DDoS attack, hackers take control of network-attached computers called “masters or handlers” to control other machines that will ultimately execute the DDoS attack. Creating a network of handlers and attack machines is an automated process where hackers scan the internet for computers or Internet of Things devices that can be compromised, usually with malware. 

When the desired number of compromised machines is reached, hackers start the second attack phase. The aggregate number of machines, called a botnet, is loaded with the necessary instructions and commands to launch an attack by the network of compromised zombie computers.

In the final DDoS phase, hackers direct the botnet to execute the attack or attacks on victim machines. The distributed nature of the attack sends massive amounts of internet traffic to the victim’s system or online resources that in turn disrupts or slows down the intended target’s services. Spoofed or fake IP addresses hide compromised device identities and discourage the victims to filter out malicious traffic to find the attack source.

Increasing DDoS Sophistication

The threat landscape of today is constantly opening up new opportunities for attackers to take advantage of the latest internet-connected devices and cloud technologies to launch even more massive DDoS attacks. These new attacks have also gotten easier to execute with zombie botnets able to take down large corporations or government entities.

The latest attack vector is physical access control systems installed in places including corporate headquarters, factories, or industrial parks. “Hackers are actively searching the internet and hijacking smart door/building access control systems, which they are using to launch DDoS attacks,” according to firewall company SonicWall.

Hackers are now scanning the internet for exposed Nortek Security & Control (NSC) Linear eMerge E3 devices and exploiting one of the ten newly discovered vulnerabilities, according to SonicWall. Their primary purpose is to control what doors and rooms employees and visitors can access based on their credentials (access codes) or smart cards and then block or disrupt access to physical buildings.

DDoS-as-a-Service

To mitigate the popularity and accessibility of DDoS attacks as a tool for non-technical attackers, security researchers and law enforcement agencies regularly track and take down malicious web services that are now offering for-profit DDoS-as-a-Services that have weaponized for the masses what was once only done by sophisticated hackers.  

Called “booter” or “stresser” sites, cybercriminals are marketing and selling attack-for-hire services that can be easily purchased online. According to Cloudflare, “Booters are slickly packaged as SaaS (Software-as-a-Service), often with email support and YouTube tutorials. Packages may offer one-time service, multiple attacks within a defined period, or even “lifetime” access. A basic, one-month package can cost as little as $19.99. Payment options may include credit cards, Skrill, PayPal or Bitcoin (though PayPal will cancel accounts if malicious intent can be proved).”

And security journalist Brian Krebs says “Booter sites are dangerous because they help lower the barriers to cybercrime, allowing even complete novices to launch sophisticated and crippling attacks with the click of a button.”  DDoS-as-a-Service provides yet another attack vector for non-technical users to use for cybercrime, revenge, hacktivism, enjoyment or even cyberwar. 

Finally, the motivation or psychology behind DDoS attacks can also be viewed as merely a tool meant for distraction. Hosting company LiquidWeb claims that “while your security team is distracted mitigating the denial of service attack, the party responsible is free to go after what they actually want – whether it is financial information, intellectual property, or client data.”

If, as LiquidWeb states, DDoS attacks are the “equivalent of driving a bus through the front door of a bank while an associate tunnels into the bank vault from below,” then organizations must be vigilant about their IT security and take an approach that makes securing the network edge against all attacks a top priority.

Read More