real estate
The Real Estate Industry as an Unexpected Target for Hackers
Reading Time: 4 minutes

Over the past decade, companies in the technology, government, finance, and retail industries have become a common target for cybercriminals, but additional – and less obvious – industries are at risk as well. One of these unexpected targets is real estate, which has recently grabbed the attention of hackers as a source of data that’s easy to dip their fingers into. 

The real estate industry does not immediately bring to mind data security, password management, or networking. However, it is important to consider the amount of personal data stored in the networks of real estate firms. Between contracts, personal information, bank accounts, and other details – data floating around the real estate industry is much more valuable (and exposed) than previously assumed.

Real estate companies and agents often work online with housing listings and hosted real estate systems. While these systems offer many modern benefits for real estate agents, they also increase the exposure to different security risks including outdated software, limited password policies, and system vulnerabilities. While these systems are critical for real estate agents to do their job, they must consider the different security risks that can threaten clients’ data and personal information. 

The average real estate agent or employee does not consider the security risks that come along with their job. In order to protect their clients’ information, it is pertinent that real estate workers understand what they can do to avoid falling victim to a cyber attack.

Why is the Real Estate Industry an Attractive Target? 

real_estate_infographic

 

 Image from One Step Secure IT, 2018

The real estate industry accounts for a large number of financial transactions that involve sensitive information. This information tends to include bank account numbers and the buyer’s personal data based on the real estate system stored via the cloud. With a large amount of sensitive data on the cloud, hackers are finding real estate data is more accessible than ever before.  

The most famous attack on the real estate industry occurred in 2019 with a data breach of real estate and title insurance giant First American. The data breach exposed the sensitive financial data of over 885 million customers. This is just one example of recent attacks on the industry. It makes sense to aim at the real estate industry as its market value is evaluated at over $32 trillion: a ripe target that makes it clear why hackers are attracted to this sector.

Hackers enjoy learning more about their victims by taking the time to research the ins and outs of their targets. When attacking targets in the real estate industry they run phishing campaigns to gather personal information in order to exploit the different accounts of real estate agents, sellers, buyers, and anyone involved in the sales process. After gathering the requisite information, hackers might casually wait when the sale of the property is final, and when it’s time to transfer funds they will imitate the person they are hacking and redirect the funds into their own accounts. 

Easy Targets to Attack 

Many real estate companies are not up to date with the most recent security risks, which can make them an easy target for hackers. In general, the real estate industry is less security-minded than other industries, lending itself to a weaker security posture. 

Unlike governments or financial regulators, which enforce some level of compliance or security policy on various sectors, the real estate industry has relatively less oversight and has not entertained any law requiring relevant companies to adopt policies to protect their client’s data or their network systems and resources.  

Even with regulations in place, merely implementing security policies isn’t enough for real estate businesses. Unlike other industries that have been dealing with cyber attacks for years and are more prepared against attacks, the real estate industry is far from safe and must do extra reinforcement. 

Most real estate firms are still implementing outdated and non-cloud friendly network solutions to run their infrastructures. These systems don’t have the modern security features in place to fight off more sophisticated attacks. 

The systems, and how to revamp them, are not the only problems that real estate players tolerate. They must also be aware of the popular types of attacks that hackers will implement and how they can direct their resources to defend against them:

Business Email Compromise

The most popular attack used by hackers on real estate companies is a business email compromise (BEC) attack. A BEC attack convinces businesses to wire funds to an account by impersonating the business (in the case of real estate it would be the sellers of the property). In most cases, the hackers will send an email from a fake account that looks similar to the employee in the business. Often they will use the name of the CEO or the name of the trusted party in the transaction. According to the FBI, over $3 billion of losses have been due to business email attacks.  

Ransomware 

Cybercriminals send out malicious emails to victims with the sole intention to click on a link in the email. If the person falls victim, the hacker can easily encrypt all of the victim’s data and resources. A successful ransomware attack results in blocking access to the exploited data and resources, making it unusable until the ransom is paid to the hacker. Real estate is targeted frequently with ransomware attacks due to massive amounts of employee data, significant sums of money in bank accounts, and confidential information that can be exploited. 

Cloud Vendor Flaws

Real estate businesses are following the popular trend of adopting cloud-based services for implementing corporate resources on the cloud. While the cloud offers many benefits it does come with some security risks. Cybercriminals won’t need to attack your business to gather your sensitive information, instead they can target cloud vendors to access your data. By adopting a cloud service provider you might think you are decreasing security risks but in fact  organizations need to take extra steps internally to stay secure. Stay up to date with securing business devices and enforce strong password protection. 

Looking Forward

It is important for the real estate industry to understand the risks involved in storing sensitive data without proper security precautions. For the employees who are leading IT and security efforts at real estate firms, it’s vital to think about security on a daily basis and learn to face the ramifications of a poor cyber security policy. Not doing so risks the erosion of the industry and also faith in one of the strongest and most foundational markets in the world.

Read More
1000 customers - Blog Banner
Perimeter 81 Surpasses 1,000 Customer Milestone
Reading Time: 3 minutes

We are excited to announce that we have surpassed a long-anticipated milestone: There are now 1,000 customers using Perimeter 81 to secure their networks. Our company has witnessed tremendous 500% year-over-year growth and tripling the customer base in less than one year. 

Customers have expressed that they appreciate our service for its intuitiveness, ease of deployment and high scalability. We truly see our customers as partners in building our product, and we believe this has been our real growth engine. 

When we launched our Secure Network as a Service in 2018, the majority of our initial customer base was tech and SaaS companies. Early adopters of cloud and mobile, tech organizations were onboard with our innovative solution from the start. As the shift to cloud and remote work became more widespread across all industries, even before COVID-19, we were able to roll out our platform to relevant sectors and fields. 

Now, we serve customers in a range of industries with our clientele comprising 38% tech companies, 10% healthcare, 9% in the finance sector, 6% consulting services, and the remainder in retail, media, education, government and more.

With remote work as the new normal and our collective status quo for the near future, more businesses have realized the continuity plans they have in place aren’t equipped to safeguard against new and evolving security risks for remote workers, or resilient enough to sustain operations through another potential outbreak. We’ve come prepared with a solution that will drive us moving forward.

Gaining Momentum Towards SASE

The typical organization’s network is more complicated than ever, and traffic through these networks is increasingly convoluted, with data flowing between local resources, cloud applications, and mobile devices in rapid succession. As resources are now more present in the cloud than on-premises, IT teams have enlisted a bevy of tools to regain the network visibility they need to ensure security. These are numerous, and while they may be able to together provide visibility, orchestrating and managing them is difficult and unwieldy. 

Accordingly, for the past year we have been working tirelessly to build out a holistic SASE solution. SASE (Secure Access Service Edge) is a new converged solution for network and security services. While the term was only recently introduced and coined by Gartner in August 2019, Perimeter 81 is already considered by industry participants to be winning the “SASE space race”. 

SASE enables IT security solutions to provide a more holistic and agile service for business networking and security. By offering a unified security solution, we are simplifying the consumption of network security for organizations of all industries and sizes – and this is shown through our expanding customer base. 

Looking to the Future

While COVID-19 will not last forever, the technologies adopted during the pandemic will continue to be used far into the future. Many businesses that previously did not have the option for employees to work remotely or from home can now allow their workforce to remain remote if they choose, as employees can securely connect to the organization’s resources through Perimeter 81. We are proud to help businesses continue functioning productively and securely through these times and into the future. 

It is time to look past the legacy hardware solutions and look into the future with a more secure and modern approach to network security. Organizations are relying on Perimeter 81 to continue working securely from home, with our cost-effective, cloud-based, highly-scalable solution. We are helping organizations of all sizes and in many industries work through these trying times and continue to use our services well into the future and we are grateful to our 1000+ happy customers who are along for the ride. 

Looking forward to celebrating many more milestones together,
Amit and Sagi
Perimeter 81 Co-founders

Read More
Webinar Recap: Criminal Evolution in the Age of COVID-19 & How Organizations Adapt to the New Normal
Webinar Recap: Criminal Evolution in the Age of COVID-19 & How Organizations Adapt to the New Normal
Reading Time: 4 minutes

Remote work is here for the long run, and as businesses adapt to the new normal, hackers are also adjusting to – and taking advantage of – this new status quo. The COVID-19 pandemic has changed the way we work by transitioning most of the workforce to be remote and turning our homes into offices. This shift has seen hackers and cybercriminals modify their approach and adapt their hacking methods accordingly. 

The combination of rapid cloud adoption, BYOD, and remote work have opened the door to new breaches and hacks. This requires organizations to transform their defensive playbooks and to better understand how hackers are utilizing the crisis for data theft. Recognizing how criminal business models have evolved is key to protecting our data and resources in the present. 

In early September, security researcher and “friendly hacker” Keren Elazari joined Sivan Tehila, Director of Solution Architecture at Perimeter 81, in a discussion about the evolution of security threats and cyber crime in our new remote work era. From Zoom bombing to account takeovers, access mining and phishing, Keren and Sivan shed light on emerging security threats and shared practical ideas on how to build a more secure future for your organization. 

Watch the webinar on-demand:

 

What new security threats and trends have developed over the past 5 months of working remotely? 

Keren kicked off the discussion by explaining that during the pandemic, criminals have amped up their activity. During the pandemic, we saw how adaptable hackers really are. Once a specific region was hit with COVID-19, cybercriminals hit those areas with phishing, malicious emails, contact tracing apps, etc. They have been following the pandemic and capitalizing on it. Keren also discussed access mining, AWS mining, malware, ransomware, island hopping, and more developing trends. Sivan followed up with examples from current events and trends from the industry. During the pandemic, more organizations have been adopting cloud-based solutions and rethinking their business continuity plan, especially healthcare and educational organizations that have been a hot target for hackers during the pandemic. 

What are some things that we should understand about the way a hacker’s mind works? 

Keren discussed how hackers are curious and constantly striving to find ways to use tools and processes in an unexpected way. For years, hackers have been “living off the land” and utilizing resources that they access in order to exploit them, especially during the pandemic. Keren gave examples of opportunities from within an organization that hackers leverage for their advantage. Additionally, hackers are finding ways to have more interaction with their targets in order to craft their attacks.  

Now that home is the new office, what does this mean for IT Managers, organizations, and employees?

In our new normal, the responsibility to secure our networks falls on all employees as well. Sivan explained that IT Managers must have a strategy in place in order to deal with the challenges of remote work, as well as make adjustments to their security training in order to find a balance between realistic security requirements from employees and the appropriate enforcement of policies. Attackers are becoming more sophisticated but when we use different layers of security, we can help protect our data and networks. IT Managers should adopt unified solutions that give them control and visibility of their network and users in one place, in order to simplify managing employees remotely. 

How has the rushed adoption of cloud computing and storage brought about more ways to exploit network vulnerabilities? 

Continuing from the previous question, Sivan discussed dark data and a lack of awareness of where remote employees are storing their data. When moving to use cloud-based infrastructure, it is important to map out assets and prioritize security goals based on this map. When using the cloud, we use more applications and remote protocols in order to access data, so we must manage this remote access with the correct encryptions and protocols in order to avoid hackers exploiting our networks.

Keren expounded on how the land has expanded for cybercriminals – infinite computing power that they can leverage. When working from home, there are additional devices that we are using and that are additional entry points for hackers. After providing some recent examples of vulnerabilities in existing systems, Keren explained how criminals are aware of the way we are using various tools and software. 

Moving forward, how should organizations set up a business continuity strategy for cybersecurity? 

For the final question, Keren discussed multi-factor authentication and the need to eradicate passwords. We can take this pandemic as an opportunity to improve our security posture and throw old practices, such as passwords, out the window and to move on to more modern and more secure technologies. Sivan added the importance of going back to the basics and asking ourselves what type of adjustments we need to apply – how we identify a threat, how we protect our networks, and what new layers of security we need to adopt in this day and age. In the past when we used to protect the perimeter, now we have to protect not only outside but inside the network as well with micro-segmentation and different security layers. 

After an exciting discussion with insights, examples, and tips, the panelists moved on to answer questions from the audience. If you were unable to tune in live but still would like to address questions to the speakers, feel free to reach out to us on LinkedIn, Twitter, or Facebook

About the Speakers

Keren Elazari is an internationally recognized security analyst, author and researcher. In 2014, Keren became the first Israeli woman to speak at the prestigious TED Conference. Keren holds a CISSP certification and a Masters in Security Studies, and is currently a senior researcher at the Interdisciplinary Cyber Research Center at Tel Aviv University. Keren is the founder of Israel’s largest security community, BSidesTLV, part of the global SecurityBSides movement, and the Leading Cyber Ladies global professional network for Women in Cyber Security.

Sivan Tehila is the Director of Solution Architecture at Perimeter 81. Sivan is a cybersecurity expert with over 13 years of experience in the industry, having served in the IDF as an Intelligence Officer and then in various field positions including Information Security Officer and a cybersecurity consultant. For the past two years, Sivan has dedicated herself to promoting women in cybersecurity and founded the Leading Cyber Ladies community in NYC.

 

Read More
Business Continuity Plan Blog Post
Business Continuity Planning: 5 Actions CISOs Need to Take Now
Reading Time: 4 minutes

Organizations around the globe are engrossed in one of the major network revolutions of all time. The COVID-19 pandemic forced organizations to quickly adapt to different challenges over the past six months. With the sudden transition to working from home, organizations were required  to rethink their digital strategy in order to deal with the new normal.   

Remote work policies are changing the way we work. As new remote technology is introduced into the organization strategy, it’s important for the entire organization to understand the importance of how it affects their daily work routine. 

With the changes in technology and the location of the working environment, the organization’s management team needs to think about the different challenges facing them. One of the more important but less headline-grabbing threats that all businesses need to think about is their business continuity plans.

Business continuity is coming up with a plan for a company to deal with serious incidents and disasters in order to ensure the business can continue functioning within a reasonably short period. In the case of COVID-19, most organizations were unprepared for this unprecedented shift to remote work, something they had not previously considered and therefore not included in their business continuity plan. Too often we see business continuity plans to be over technical or high level for the casual employee which usually results in the lack of actual actionable items to implement. 

Now that we are currently over six months into the new reality and remote work is inevitable for the foreseeable future, organizations should be updating their BCPs. Chief Information Security Officers (CISO) and Chief Information Officers (CIO) have invested time and responsibility in the effectiveness of their business continuity plans. In today’s day and age, a cybersecurity strategy is an integral part of keeping businesses running while workers are remote. 

In order to gain insights into actions that CISOs can take to improve their organization’s business continuity plan, we spoke with experts who gave us their top tips. 

Be Involved In the Process But Delegate

Business continuity is an essential part of the survival planning for every business and organization. Too often it is erroneously assigned to the Information Security leader when in essence it is a business project and process that involves the key decision-makers in the C-Suite. Of course, a good CISO needs to be involved in the process, but should not own it.

“Any viable Business Continuity Plan must be tied and coordinated with a Disaster Recovery Plan. Essentially, a business must go on regardless of any type of interruption. If that requires manual systems to be brought up and be put into place, which is sometimes the case, then a good contingency plan to do this must be well-thought-out and everyone needs to know their part. Building a Business Continuity Team is the important first step and as it must include sponsors at the decision-making level. Additionally, the CISO, CIO, CFO, Legal, Human Resources, and Risk also need to be on this team.” – Richard Greenberg, Founder and CEO of Security Advisors LLC.

Make Sure Recovery Locations Are Useable

One of the biggest lessons people have learned during the pandemic is that business continuity planning needs to account for the fact that the recovery location(s) might also not be usable. The option of working from home was always viable but it was assumed by business continuity planners to be only a few employees and not the entire business. 

COVID totally put that idea out to pasture. The idea that everyone would have to work from home was a total game-changer. Organizations were caught without equipment to make WFH viable thus having to rely on bring your own device (BYOD) which brings a lot of potential risks as well as finding ways to minimize and manage those risks. Some had to re-engineer multi-factor authentication (MFA) to allow for use of Google and Microsoft Authenticator solutions by their employees. They found that their infrastructure was unable to scale, even in the cloud.” – Jeff Hall, Senior Manager of Auditwerx.

Don’t Forget Security

An effective business continuity plan enables employees to continue their work safely and effectively, no matter the circumstances. When working from home, cybersecurity should be one of the main aspects of the continuity plan. 

“To make security stringent your company should follow basic and advanced cybersecurity measures. Always prefer using a secure remote access solution as it provides you with security and privacy over the internet. Similarly, always encourage using systems issued for office work only. Additionally, make sure that your official documents are only shared with the restricted persons this way no irrelevant person will be able to open it even if it’s shared over email. “- Shahid Hanif CTO and Co-founder of Shufti Pro.

Educate Your Employees

Educating your employees about the new security protocols and technology being implemented is an integral part of business continuity. This requires more than just a single briefing, but instead, a regular and ongoing plan of educating employees. 

“With everyone working remotely, it’s a mistake to suggest that the business security only falls on the IT and security teams. Organizations should schedule a virtual security session to prepare employees with the new tools and protocols that the business has implemented. Additionally, security teams should educate employees about the different security risks and attacks that are on the rise with everyone working from home. By educating your staff you will be one step ahead of potential attacks and risks inside your organization.” – Sivan Tehila, Director of Solution Architecture of Perimeter 81.

Test Business Resiliency Capabilities

Given the new and possibly unique user requirements working from home under the current circumstances, are real-time operating systems and a recovery point objective and determined in a pre-COVID world still reasonable, logical, appropriate under the current operating conditions?

“By continuously testing your ability to recover critical business processes with your entire recovery team not being physically in the same location you will be more as a business. I suggest that you check if you can effectively coordinate your recovery team and individual assigned duties via communications tools such as Zoom and Webex. Additionally, you need to check if individual recovery team members have, at their home locations, sufficient Internet capacity to coordinate recovery activities (with multiple other company employees), while at the same time competing for local bandwidth with other in-home Internet capacity demands.” – Al Marcella, President of Business Automation Consultants.

Moving forward 

While COVID-19 will pass, the different actions and experiences can help businesses moving forward. With the right business continuity plan in place, you can provide transparency with your business in the case of recovery should another pandemic or emergency occur. The stronger the business continuity plan the fewer future headaches. 

Read More
Choose SASE for better performance and security
Don’t Neglect SASE’s Impact on Network Performance
Reading Time: 3 minutes

In the end-of-2020 cybersecurity word cloud – a swarm in which floats the most frequently seen, heard, and spoken words in the industry – one four letter acronym will appear bigger and bolder than all the rest: SASE. When discussing Secure Access Service Edge, most of the excitement surrounds its unifying characteristics and how IT finally has a consolidated tool for both networking and security from the cloud.

SASE will improve security and make it easier to achieve, but along with this simple idea comes other benefits. Anticipated less frequently (given that these solutions aren’t being widely consumed yet) is how SASE also delivers better performance across the organization in terms of throughput and productivity. Performance is a complement to the security delivered to companies, thanks to multiple factors including SASE’s presence on the edge, its low-touch quality in terms of IT effort, and the clarity it brings to networks.

A Measurable Network Boost

A central tenet of SASE is that the network is no longer organized around resources that are held in the headquarters, so security needs to match this arrangement. SASE therefore exists in the cloud where its network security functions can be easily integrated into both local and cloud architecture, and managed from a single panel. 

Key to the networking chops of SASE is that providers with a global backbone of data centers are able to put resource access portals closer to where employees and branch offices reside. Instead of every employee connecting to the same resource through a single point, they can do so with their individual devices through gateways nearby. This offers employees around the globe lower-latency access to the tools they need for work.

Speed is increased further due to the lower amount of network congestion that occurs due to SASE’s user-focused access policies. Because it’s built on SD-WAN, organizations using SASE for distributed, secure remote access are able to also create custom rules for certain sources of traffic. This reduces the bandwidth allowed to low-priority users or guests on the network, for example, and it all happens with rules that trigger based on granular qualifiers such as location, device, role and more. With the visibility that SASE provides over network endpoints and resources, it’s easy to “direct traffic” autonomously and efficiently.

Finally, since SASE is a unified solution, customers of a single SASE provider such as Perimeter 81 have multiple choices even within individual security tools. For example, if a company’s network is seen to enjoy faster connection times and lower latency while using the WireGuard encryption protocol, instead of the IPSec or SSL protocols available with other vendors, then they can freely switch to it or even create rules that determine under which traffic conditions these various protocols are applied.

For IT and Employees, SASE Aids Productivity

With traffic controls, segmentation, better visibility and local gateways pushing resources to the edge, it’s no wonder that networks on SASE run seamlessly and smoothly. However, that’s only half the equation. SASE also reduces costs and simplifies the processes that IT engages in, which improves departmental performance significantly.

IT employees no longer have to navigate several different misaligned security solutions each with various ways to control access – they need only to login to their centralized SASE panel, on which all functions related to networking (access policies, segmentation, creation of users and groups, traffic rules, gateway building etc.) and security (enforcement of tools like 2FA, DNS filtering, encryption etc.) reside. 

The sheer amount of time saved maintaining, patching, configuring, and returning to the same tools every time the organization adds a new resource or user is astounding. Not only does this cut costs in terms of the raw number of solutions managed by any organization, it also cuts the burden of time invested from IT’s side, and gives IT managers more leeway to assign proactive, performative, and potentially profit-seeking IT activities to their staff.

With SASE as a multitool – almost a Swiss Army knife of network and security functionality – organizations can clean house and quickly consolidate the various security vendors and subscriptions they used to consume. Suddenly having the same total utilities but concentrated into one tool is a self-explanatory advantage, but the residual benefits – mostly performance related – will be more visible as SASE gains market share.

Read More
Podcast Ep.4 - Blog-min
Your Security Strategy Is Only as Strong as Your Security Hygiene
Reading Time: 4 minutes

Listen to this podcast on iTunesSpotify or wherever you find your favorite audio content.

In this edition of the Beyond the Perimeter Podcast, we discussed the Promo.com data breach and interviewed Sivan Tehila, our very own Director of Solution Architecture,  to gain her insights about security hygiene. 

Breach of The Month: Promo.com

On July 21st, Israeli marketing video creation site Promo.com announced that a database, which contained over 22 million user records, was hacked and leaked for free on a hacker forum.

The data included users’ email addresses, names, genders, geographic location, and 2.6 million of the users, their passwords. This leak included 1.4 million cracked passwords, which is when passwords are decrypted and could immediately be used by attackers.

After the public leaking of their database, Promo.com announced a data breach notification saying they became aware of a vulnerability on a third-party partner’s service that affected their data. If you are a customer of Promo.com, I suggest you should immediately change your password to one that is strong and unique.

If you use that same password on other sites, it is strongly advised that you change your password to a unique one at those sites as well. A password manager can make it much easier to use unique passwords at every site and is highly recommended.

In this episode, I talked to Sivan Tehila to get a better understanding of the importance of proper security hygiene and why it’s a shared responsibility between employees and organizations. 

Military Experience Shaped Her Career

Many career coaches will bring up the idea that your life experiences will help mold your professional career over time. This was especially true for Sivan when it came to her time in the IDF. “I started my security journey in the Israeli Defense Forces as a cybersecurity specialist. If you would ask me before I joined the army, if I would work in cybersecurity as a career, I would say no way. But thanks to the IDF I was exposed to the fascinating world of cyber and the fact that I had a chance to participate in cybersecurity operations and to get that perspective from the army, I fell in love with the dynamic profession. It makes it even more interesting to me and that’s why I love the cybersecurity world, that no day looks like the day before.”

When asked which cybersecurity tendencies she uses in her day to day life in cybersecurity professionally, Sivan discussed how people need to embrace the day to day uncertainty in cybersecurity. “The fundamental thing in cybersecurity is to understand that no day looks the same as the day before. By people understanding and embracing uncertainty it will help them to manage their day to day life.”

Sivan believes the same approach should be taken when it comes to cybersecurity strategies. “I believe that by building a cybersecurity strategy, it’s the right thing to do before you start any project in cybersecurity. You need to understand the environment, threat factors and the attack factors. By having a better understanding of the situation, you will be able to manage and build different solutions for each environment while still being able to operate in such a dynamic environment and responding in real-time in case of an incident. We’re seeing it now with the current situation with the pandemic and the fact that many companies are practicing for the first time their business continuity plan.

“If you have a strong strategy and an updated business continuity plan, you could succeed and get over this crisis. But if you don’t have it, it just takes more time and more effort to be able to overcome this challenge.”

Organizations Are Not Thinking About Security  

The lack of security hygiene for organizations and its employees isn’t new especially when it comes to modern cybersecurity. According to Sivan, the current pandemic highlighted most organizational security mistakes. “When COVID-19 came most companies focused more on the communication between their employees and the company and less on security. Organizations were more worried about how they could communicate via Zoom. I think many of them left the security procedures behind and when they understood that they had to worry about security, for some of them, it was late. It was the regulations that enforced them to apply security procedures and policies.”

When asked about where she learned her security insights and how organizations can implement them, Sivan mentioned how most organizations lack security awareness. “I experienced many security incidents during my service in the army and when I worked for different defense industries in the private sector. The most common issue I experienced was that most organizations lack cybersecurity awareness. The best way to learn and improve awareness is by building a stronger security strategy. An example I experienced was when I built security campaigns and I created a phishing campaign in one of the companies that I worked with. When I scheduled a phishing campaign and I got an email the morning later with the campaign that I created and I did such a great job. So I was the one who clicked the phishing email. I think that was a moment when I understood that it can happen to everyone and that we all are vulnerable.“

Security Hygiene at the Forefront 

When discussing if employee security hygiene is strong, Sivan commented on how employees need to be properly trained. “I think it’s an ongoing process. I mean it’s never enough to just do one time an awareness workshop in a company. It’s something that you need to train your employees all the time. Awareness is something that you should build over time while you need to make sure you keep your employees aware.

“In order to make sure your employees are up to date, training is not enough. For example, organizations should run quarterly phishing campaigns and quarterly workshops that remind employees all the time that security and hackers never sleep. Security awareness has to be always in their mind.”

Sivan emphasized how hackers easily trick employees. “My prevention tips for employees are they shouldn’t just click on a link or open attachments from emails you are not expecting or from unknown senders. Even if you know the sender, still check it twice. Make sure that the sender is someone you know and you were expecting to get that email. Check the URL of the sender to make sure that it’s a legitimate address and remember that companies like banks and the government won’t put a web link in their email to you. They will usually instead advise you to visit their web page and log in through the web page.”

To hear the entire interview with Sivan please listen to the full podcast here. You can follow Sivan on Twitter @securitywitch

If you enjoyed listening, don’t forget to subscribe so you never miss a new episode. Please also consider rating the podcast or leaving your feedback on iTunes or wherever you listen.

Read More
Defend Crypto Attacks
Profile of a Cybercriminal: Cryptocurrency Attacks
Reading Time: 4 minutes

 

It’s true that data has value – just look at Google and Facebook’s business models – but blockchain and cryptocurrency take this idea literally. Cryptocurrency is a literal term because for its hordes of users, cryptography fulfills many of the characteristics that are required to define a “currency”, such as verification of ownership and transferability. Data’s value, on the other hand, comes from the information it holds.

The cryptocurrency model has worked so far, and so naturally, people want to steal it as much as they do data or paper money. Metaphorically, hackers might perpetrate a smash and grab job to steal an organization’s data, but cryptocurrency can sometimes involve more subtle attacks of a different kind – even if the company doesn’t have any cryptocurrency in the first place. Learning to recognize these attacks and others is vital for achieving a proper security posture.

A Blockchain Breed of Cyber Threat

Thanks to blockchain’s unique style of decentralized networking, companies will encounter a new type of attack that isn’t the outright theft of data, a DDoS attack, or something similarly brash. It revolves around the core idea of decentralization that defines blockchain:  that computing power needed to serve users of blockchain websites or apps isn’t generated by a server on the grid. Instead, it’s shared between participants – ideally regular people who use their own computers to support the network.

But hackers exist to turn innovations into weapons. They’ve begun designing attacks that hijack remote PCs to do this, even corporate endpoints, and these attacks connect affected PCs to the blockchain, enslaving them in service of the chain. Crypto mining scams steal a small, nearly untraceable amount of CPU power – even from an employee’s mobile device – and essentially donate it to a blockchain that then rewards the hacker with cryptocurrencies that are then sent to their wallet.

Employees don’t even have to download anything – merely browsing the wrong website is enough. The popular CoinHive program, for example, can steal power from tens of thousands of PCs at once, and stays active even when users close their browser windows. Once a person lands on an infected website, it opens a tiny window hidden under the Start icon on the Windows OS desktop, so CPU power continues to be siphoned off even if the main window is closed. 

For IT teams looking to defend against drive-by crypto mining, it is possible with a two-pronged approach that uses both DNS filtering and advanced network monitoring utilities. The first line of defense is the DNS filter, which can proactively block sites that are known to be infected or those likely to be (using “bitcoin” as a blacklisting keyword for instance). Monitoring can then keep a close eye on bandwidth usage over the network, ensuring that all network bandwidth is being used for the company’s benefit. 

Crypto Scam Defenses Combine Old and New

In a reversal, attacks might be perpetrated from your network and not against it. An employee might mine on his or her company laptop, or if they were especially malicious, use company resources like the website to purposely infect visitors’ or users’ PCs to mine coins. This may have been the case with popular tech support tool LiveHelpNow, a widget which was installed on thousands of customers’ networks to provide their users with easy access to support – but also secretly provided one malicious hacker with a personal stash of Monero coins.

The Zero Trust security approach, achievable with software-defined networking tools, contains elements that would help identify strange network behavior but also institute least-privilege permissions to employees. These would filter who gets access to specific resources on the network. If LiveHelpNow had a rogue employee compromising its product, perhaps limiting access would have stopped them from sneaking in code that affected customers.

For organizations, it’s also important to remember that not all cryptocurrency attacks are this subtle theft of processing power, there are also the more noticeable and devastating network breaches like those meant to steal data. Some of the biggest ransomware attacks infiltrate the network and encrypt important files. They make themselves known by demanding a ransom in cryptocurrency to unlock access to the files, but a classic cybersecurity defense is effective against these events: firewalls, backups, and traffic encryption.

Ransomware can easily make its way into the network when a remote employee connects to resources on an unmanaged device or through an exposed Wi-Fi connection, so enforcing VPN use is bare minimum. Users shouldn’t be able to access resources without encryption, and firewalls are helpful in identifying suspicious traffic and deterring it. Finally, regular backups and patching go a long way to making ransomware attacks harmless – backups mean that data ransoming is pointless, while patching prevents the biggest OS exploits much like with the bitcoin-rich WannaCry worm, which took advantage of weaknesses in Windows 7 and 10.

A Blockchain Re-education

Only a comprehensive security model, one that’s classically equipped but updated with new training against its new foe, is capable of claiming confidence against cryptocurrency scams. From new types of attacks to familiar ones that have an alternate purpose, organizations should ideally go for a multilayered approach in order to put their concerns behind them. Educating employees, as it is with non-crypto attacks, is vital as well.

The decentralizing ideas that define cryptocurrency are all about empowering individuals, but unfortunately, the wrong individuals can feel empowered as well. It’s useful to remind employees how to resist temptation and improve their habits, and also to prepare networks for a younger generation of attacks that manipulate them in new ways.

Read More
Funding
An Exciting Announcement: Perimeter 81 Raises $40 Million in Series B Funding Led by Insight Partners
Reading Time: 3 minutes

Today truly marks a milestone for Perimeter 81.

We are so proud to share the news that we have raised a Series B round of $40 million, led by a premier VC and private equity firm, Insight Partners with the participation of Toba Capital and our existing shareholders. The financing represents a giant leap forward in our efforts to simplify and modernize the way businesses consume cyber and network security.  

It will help support our rapid growth and accelerate our hiring and development, it will further our disruption of the traditional VPN and Firewall markets and most importantly, it will allow us to create the best possible service for you, our valued customers and partners.

We’d like to take this opportunity to reflect on the past and look to the future —  sharing the vision that has driven us so far, and our hopes and aspirations as we move forward.

It All Started with a Vision for Change

Back in our early days as startup founders, when we were working part-time at large enterprises, we had to deal with outdated and complicated network technologies on a daily basis. These were the only choices available to securely access corporate resources. And while these tools were so critical to maintaining employee productivity, they were also incredibly difficult to use.

The first company we founded was a personal VPN service that allowed consumers to browse securely and privately over the public Internet. With this business, we were able to learn how to build highly scalable and global network infrastructure, as well as design a single-click cybersecurity product for the end-user.

During that time, we often reflected on our enterprise experiences. We believed that innovation in B2B network security was necessary and that we could apply what we learned from creating a service for consumers to create a much better experience for businesses. And so, Perimeter 81 was born.

Remote Work Became the New Reality

Three years ago we noticed two key trends in the modern workforce: Cloud and Mobility. Many companies started to migrate their entire assets to cloud infrastructures and the employees — they were working from different locations across the globe. With that in mind, we understood the huge potential and immediate need for a change in the cybersecurity landscape.

We assumed that in the next 5 to 10 years there would be a complete digital work transformation, but in March of this year, everything changed in the blink of an eye. COVID-19 spread across the globe and as it evolved from an epidemic to a pandemic, it forced companies worldwide to send their employees home.

Many new clients came to us in need of a scalable and reliable network security solution. Their site-centric and hardware-based legacy VPN solutions had severe licensing restrictions, or they were simply too difficult to manage — no longer accessible with the new work-from-home reality.

In tandem, our current customers turned to us needing to rapidly expand their accounts, as it was no longer specific teams but rather, their entire organizations that were now reliant upon secure remote access in order to stay productive.

This major global event clearly demonstrated to us the significance and importance of our vision to bring network security into the 21st century, and deliver a ‘one-stop-shop platform’ to house network and security solutions as a service under one roof.

Looking to the Future

As we look at our current global reality, one truth is clear: the future of network security is now. We feel fortunate to have the support of such amazing investors that recognize this truth as well, and want to help us propel a necessary market transformation.

We are thrilled that Insight Partners embraces our vision and shares our belief in the importance of transforming the way organizations are consuming cyber and network security. We’ve had a long relationship with them and have always been closely aligned on the significance of strong SaaS offerings and the value they bring to the market. 

This latest funding round will launch us forward as we build our complete SASE solution. With this platform, we aim to eliminate tool sprawl and consolidate fragmented legacy technologies — protecting businesses globally from large scale, and potentially devastating, cybersecurity breaches. 

On a company level, to support our vision, we are rapidly growing our talented team and hiring for multiple positions across our Sales, Marketing and R&D teams in our Tel Aviv, New York and California locations.

We are confident that in working together with our committed investors, dedicated employees and our valued customers and partners, we can continue to develop highly innovative network security solutions and further disrupt the industry — driving a new path forward to securely enable and fully empower our modern, ‘work from anywhere’ society.

Best,

Amit Bareket & Sagi Gidali, Perimeter 81 Co-Founders

For more information about our unique vision and SASE platform, click here.

Read More
Tool_sprawl
Tool Sprawl: Does Your Company Have Too Many Security Tools?
Reading Time: 4 minutes

Over the years, technology has designed the way we work and live today. As the world evolves and advances, technology does as well.  Just in the past century, we have seen unimaginable technological advancements that have shaped the way we work. Technology allows businesses and their employees to work quicker, be more productive and more efficient.

In the security sector, there is a new phenomenon that is affecting productivity. Today, businesses are shifting from implementing internal security solutions to adopting third party security solutions for their internal and external security.  

While adopting third-party vendor security solutions comes with many benefits such as saving costs and time, automation and more, a common challenge has arisen: security teams are using hundreds of security solutions in their security stack. Each solution provides security alerts that they need to fix manually. On many occasions, businesses will be using similar technologies for the same security challenges. This abundance of solutions offers the idea that security teams won’t know where to go when a security risk occurs in their business. 

What is Tool Sprawl?

The typical organization’s network is more complicated than ever. More resources are in the cloud than on-prem and  IT teams have enlisted a bevy of tools to regain the network visibility they need to ensure security. These tools are numerous, and while they may be able to provide visibility, orchestrating and managing them is difficult and unwieldy even for the most seasoned IT professionals. 

Tool sprawl is the idea of organizations investing in a range of products that make it harder for IT teams to manage and orchestrate the solutions. In the security industry, we see this challenge on a daily basis. While tool sprawl doesn’t happen overnight, it slowly creeps up with every addition of a new solution. 

Most businesses will adopt a new tool in order to fix a specific challenge and then before they know it, they will be using hundreds of tools that become unmanageable. Instead of fixing a problem businesses suddenly have added more challenges. According to a 451 research survey, the average IT and security team are using between 10-30 security monitoring solutions for applications, network infrastructures, and cloud environments. 

Tool sprawl isn’t just for businesses. In fact, the average employee experiences the challenge of tool sprawl in their daily work environment. According to a HubSpot survey, the typical employee is using more than 6 tools on a daily basis and the number will continue to expand. In every level of a business, the result of tool sprawl has become a burden instead of a solution to the problem. 

The increasing adoption of more solutions has created more consequences for organizations and their IT and security teams. The main repercussions that businesses will experience with tool sprawl is high cost and less effective threat response. 

Tool sprawl can get expensive as each additional solution is added. With each solution, employees are forced to be trained on how to use it and how it can relate to their day to day job. Over time this approach is extremely time consuming and not cost-effective.  

Secondly, tool sprawl lowers threat response time. By trying to manage a “Tool Sprawl” environment. Sometimes it might even put the organization at risk when it comes to identifying an attack or to incident response. Instead of responding fast to an attack, it will take the organization a long time to collect the logs and notifications and understand what kind of attack they are dealing with and what action they should take. 

Tool Sprawl Increasing Security Vulnerabilities  

Today’s cyber attacks are more sophisticated and harder to detect – which means sensitive data is more vulnerable than ever. Organizations are adapting to the new threats by moving all their networks and resources to the cloud which has resulted in an increase of misconfigured and exposed deployments of various software. 

This fact, together with ensuing hybrid IT complexity, is creating new security challenges for IT teams. Many organizations choose to implement a range of innovative security technologies in order to deal with the new-generation threats. Implementing those solutions seems essential to IT managers for improving visibility across cloud deployment but the adoption of more solutions to their security stack creates more security risks. 

The result of tool sprawl is diminishing the visibility across employees’ devices and networks which are trying to connect to cloud resources. With the lack of network visibility due to tool sprawl, security teams will experience delayed threat response time and not knowing which tool will fix that specific security risk. By not knowing which tool to use when a specific attack occurs, the organization’s resources and networks will become more vulnerable than before.  Additionally, tool sprawl can provide another challenge for IT and security teams by accidentally creating a lack of confidence in employees’ ability to monitor and enforce fixes when a security risk is presented.

While tools are numerous and they may be able to provide visibility, orchestrating and managing them is difficult and unwieldy even for IT professionals. How do we fix the issue of tool sprawl?

The Emergence of SASE Could Finally End Security Tool Sprawl

In order to gain a high Return On Investment (ROI) with third-party security solutions, organizations need to rethink their security approach. Instead of adopting many different cyber solutions and vendors, organizations should look to implement an easy to use unified platform where they can manage and consume security solutions from a range of different vendors through the cloud as a service.

This new approach will allow organizations to easily consume network security solutions that can be easily integrated with each other all in one platform. This is where the SASE model comes into play.

The Secure Access Service Edge (SASE) model is the idea of combining the key elements of network and security solutions into one unified cloud platform to be delivered as a service. The ideal features in a SASE platform are ZTNA, SDWAN, CASB, FWaaS and others. This unified platform will help organizations to simplify secure access and security to resources and networks on the cloud.  

The emergence of SASE will consolidate the essential network and security functionalities for easy consumption within a single product. When these solutions become the norm, IT teams will be able to more easily manage security, achieve network-wide visibility (even across cloud deployments), and reduce costs, readying themselves to be agile and cloud-confident for the future. Over time, organizations will start to adopt this more unified platform approach which will dissolve the challenge of tool sprawl.

Moving Forward 

As more organizations continue to adopt numerous security tools, they will need to rethink their security strategy to avoid security flaws such as tool sprawl. However, if organizations continue to ignore the fact that too many security products are causing more risks, then those organizations are opening themselves up to potential breaches and poor management which will all point to tool sprawl. Instead, businesses should look for more simplified unified platforms like the SASE model to solve the issue of tool sprawl.

Read More
Security Solutions Escort Banks Through the Cloud Shift
Reading Time: 4 minutes

Data is a commodity that has value just like any other: It can be used to pay for products and services (most free apps use your data in exchange for access), it can be bought and sold, and as we all know, it can change hands. Unfortunately, it doesn’t always fall into the right ones, and so for a bank – which is responsible for both our money and our priceless financial data – security is of the utmost importance.

As they say, “If it ain’t broke, don’t fix it.” So most banks having already found the right security approach for their legacy, closed off, and internal IT systems means that they are hesitant to embrace new technology – this might tip the scales in the favor of hackers. It might also make them more profitable, but upgrading infrastructure comes with new security complications that are a roadblock – because a data breach trumps any business advantage. Right now, cloud technology is in the epicenter of this dilemma.

Is the Cloud a Compromise?

If there are two sides of the fence, on one side is the cloud’s immense potential for bank customer service and competitiveness, and on the other, the need for significant investment and security due diligence that comes with any change to the status quo. The cloud can help banks diminish their core costs and overheads by eliminating hardware and the need to maintain it. It can also help to roll out new financial products and services to customers more quickly, and scale them inexpensively as demand waxes and wanes.

Despite these benefits the transition to the cloud is daunting, and outside of retail or commercial banks, it is happening at a snail’s pace. Of total spending on the cloud, banking accounts for only 10.6% in 2020, according to IDC. Reasons for hesitation include difficulties configuring cloud solutions to both work together and with legacy tools, which may create unanticipated (and intolerable) gaps in defense. Furthermore, banks may feel as if they lose control by offloading internal processes to third-party cloud providers, putting them at these providers’ mercy. Compliance is an obvious issue to be concerned about as well, and the extra degree of separation between banks and their cloud-based resources doesn’t inspire confidence at first.

This hesitation is more unfounded as time passes, however, because the cloud is changing quickly and so is the security surrounding it. For their part, banking perspectives on the issue are changing in tandem.

Lift, Shift, and Uplift

Banks can now be relatively confident that security will be tight as they embrace the cloud, since data isn’t the only thing that’s been commoditized; so has security. Cloud providers invest heavily in their defenses and for many industries, they offer greater safety out-of-the-box than customers can achieve with their own investment in IT. Banks appreciate these assurances, but still have enough at stake to need more. 

In their efforts to avoid a long and complicated process, reduce risk, and front load cloud benefits, executives sometimes see cloud adoption as an “all or nothing” idea. However, the “lift and shift” approach is getting more traction, as it moves parts of their infrastructure to the cloud in piecemeal fashion, based on the importance of the workload and other factors. Many banks are adopting this hybrid cloud model and taking their first baby steps into the 21st century, but if the piecemeal approach is going to be taken, their networks will get complicated quickly and will be in constant transformation. 

This requires a security solution that is more comprehensive than what providers offer, and one that can flex as the network perimeter shifts.

Elastic Security for an Extended Transformation

A bank requires a simple security solution that makes data protection easy, no matter how mix-and-match their infrastructure looks during the various stages of its cloud migration. While hybrid cloud models help banks meet the expectations of demanding and digitally adept customers, they also allow banks to keep sensitive processes internal, and to encourage data protection in diverse environments. Hybrid cloud security is also easier for banks to obtain these days, with SaaS security solutions that more easily integrate into both local and cloud environments.

Network as a Service products help IT professionals apply a plethora of security tools such as DNS filtering, Wi-Fi security, VPN encryption, and multi-factor authentication across the various resources that make up a bank’s network – no matter if it’s local server storage or a popular software consumed “as a Service”. The seamless level of integration covers more bases as the network slowly migrates to the cloud, but NaaS is also especially suited to the hybrid approach because it allows IT to segment the network and restrict access within it, not just into it.

Accordingly, just-migrated bank resources can enjoy multilayered security and yet also be inaccessible to only the roles (and devices) held by IT higher-ups, until they are confident that compliance is achieved. Security can be easily tuned to the changes made to a bank’s network throughout its cloud transformation, with scalable and secure access policies and a quilt of tools that will have any hacker think twice about attempting to get at its data. With time otherwise spent on maintenance, IT is freed up to pursue profit-seeking initiatives.

Security Ups Its Game for a Tough Customer

It takes a lot for banks to be confident in their security, but cloud advancements have extended to security ideas, and make upgrading infrastructure a win-win proposition. With confidence in the cloud’s compliance and safety, banks are able to morph in pursuit of better service, without concern for how customers or their data are affected. Now that this piece of the puzzle is finally in place, banks can go full speed ahead into the cloud, and soon, customers will feel the change in both better financial services and the gradual yet pronounced lack of big hacks hitting the headlines. It’s hard to estimate which will be more welcome.

Read More
Podcast-Ep.3-
Hacking with a Purpose: Life as a White Hat Hacker
Reading Time: 6 minutes

Listen to this podcast on iTunes, Spotify or wherever you find your favorite audio content.

In this edition of the Beyond the Perimeter Podcast, we discussed the Twitter hack which saw many famous celebrity accounts being hijacked which resulted in spreading a cryptocurrency scam. We also interviewed Len Noe who is a white hat hacker and cyber security specialist.

Breach of The Month: Twitter Hack

On July 15th we saw one of the most high profile breaches of the year. At least one hacker known for hijacking high-profile Twitter usernames gained access to an internal “admin” tool on Twitter’s network, hijacked a ton of celebrity accounts — Joe Biden, Bill Gates, and Elon Musk to name a few — to spread a cryptocurrency scam. The hacker made over $120,000 in just a few hours. But how the hacker got in and whether an employee helped remains a mystery. It is likely the hacker found their way into Twitter’s Slack account where they found a set of credentials. 

Twitter announced that the hack was done through social engineering. In this type of attack, hackers tend to trick their victims into providing their login credentials for access. Some 130 accounts were affected by the breaches. Twitter later said eight users had their data downloaded — including their DMs. But the company refused to say if the hacker read anyone else’s DMs — even though they’re believed to have had access. The breach could’ve been so much worse, even having serious implications for national security, given that this is an administration that frequently uses Twitter to dictate policy. On July 31st, authorities arrested the  17-year-old hacker who was behind the hack.

In this episode,  I talked to white hat hacker Len Noe to get a better understanding of why hackers might transition into becoming a white hat hacker and why organizations should look into implementing white hacker programs, 

Attracted to the Art of Hacking Early On  

Most hackers will tell you that their interest in hacking started at a young age. In Noe’s case, it started when he learned he could make small code edits which would change the outcome of a program. “I got into hacking early on. It all started for me back in the Commodore 64 days and the truth is there was a magazine that you could get that would actually give you some very simple, rudimentary programs that you could write for your Commodore 64 and the one that got me was Frogger, the old video game.

“During the time where I was trying to code the game, I messed up some of the code while I was programming and for some reason my frog would not die. It just opened up a whole new world to me if you do something in the background, it can affect what’s going to happen. So that was kind of what really sparked it for me was the idea that I was in control and even though the way that the game was supposed to be played, I could play the game the way I wanted to play it.”

Unlike today where hackers can easily find online different how-to guides and learn from other hackers, back in the ‘80s, Noe had to learn the trade through trial and error. “It was mostly trial and error. I mean you got to remember, this was back in like the pre-Pentium days. We’re talking 386 DX2, 486 with the math coprocessors so you could have the floating decimal point. There were a lot of bulletin board systems and many techniques came from a good understanding that I don’t think a lot of people get these days.

When I was going through this originally, this was when the personal computers were first coming out. You learned how to use a terminal and it was before any real GUI, before OS was available. I just knew how things worked and it was a lot of trial and error and logging in to other like-minded individuals like myself who are into this kind of thing and it was kind of the pre-birth of the hacker collectives. I mean we weren’t hackers at the time because there really wasn’t a term. At the time, we were just geeks.”

Evolving From a Black Hat Hacker to a White Hat Hacker

Life as a black hat hacker early on wasn’t as dangerous as it is known today according to Noe. “Being a black hat was simpler, at the time, there was no real hacker. There wasn’t any kind of GDPR or any type of disclosure laws in the US. You know, if you got caught hacking, they would slap your hand. Maybe you weren’t allowed to use a computer until you were 18. But it wasn’t until after the 9/11 incident in the United States where any type of hacking really started to become a major issue and started to command heavy jail times and fines.I was always very interested in hacking and I always have had that innate sense of wanting to know not just the fact that it worked but how it works. My father was a mechanic and always told me if you understand the basics, then any of the complicated things become very simple if you break it down to its rudimentary form.”

When asked why he transitioned from a black hat hacker to a white hacker it was simple for Noe. “I don’t like the idea of state-funded vacations. The idea of being locked away just really didn’t appeal to me. I mean I’ve never been one of those – even when I was a black hat, I was never one of those kinds of guys that would go after people and try to steal their personal information or try to ransomware somebody or blackmail somebody. For me, it has always been more about just the puzzle and I like those people who always say, ‘I’m secure.’ Really? Let’s test that theory and I’m a firm believer. If you think you can get into my stuff, come on. If you can get past the securities and the preventative measures that I’ve put in place, then you deserve it.

“For me, it was always am I smarter than the guy that set up the security? I know there are people better than me and there’s an old expression, Those who exalt themselves will be humbled but those who humble themselves will be exalted. Be humble with your security. Know what you’re doing and don’t brag. I’ve seen it so many times in my life where they’re those people who are basically taunted to attack and they always wind up sorry for it in the end.” 

Implementing White Hat Hacker Programs 

Over the past decade, we are seeing more organizations stepping up their internal security team. Noel believes implementing white hat hackers in the internal security teams comes with its advantages. “I think having a red team and white hats on staff is a great idea. It keeps you fluent. It keeps people updated on the types of attack factors that are new and it’s going to keep fresh eyes and people that are actually in this community. 

“But at the same time, I also think that even if you do implement a red team or a white hat on your payroll, I think once a year, it’s still a good idea to get an external pen test done or invoke the services of a third party just to keep everybody honest. Always look at security from the sense that it is going to always be as strong – only as strong as your weakest link. Get those fresh eyes and unbiased opinions every now and then. Keep your red teams and your white hats on staff just because these are people that are going to be tuned into what’s going on and what’s current.”

Endless Amount of  Resources Available 

When asked what his advice is for young security enthusiasts looking to become a white hat hacker, Noe emphasized on the importance of taking advantage of the numerous resources online. “ Play, get out there. YouTube is an amazing resource. But study up on YouTube. The one thing I will say about the cybersecurity community is for the most part, we are pretty open with our information. Go to our GitHubs. Go to our YouTube channels. You will find gists of information. You will find example videos of different attack scenarios and different attack applications. 

“I have a GitHub repo on my GitHub that is just links for new cybersecurity people. You know, sites like Packet Storm, Vulnhub. One of my biggest recommendations for newbies and a lot of people think I’m stupid for making this recommendation. Vulnhub, if you’re not familiar with it, is a site where you can just go download premade capture-the-flag VMs for VMWare or VirtualBox and a lot of the times, you can actually go to Google or DuckDuckGo and you can search for a walkthrough of that capture-the-flag. For newbies, it’s a great way to actually see and walk through the entire process and at the end of it, you actually are able to complete the capture-the-flag.”

To hear the entire interview with Len please listen to the full podcast here. You can follow Len on Twitter, Github, Youtube and SlideShare. 

If you enjoyed listening, don’t forget to subscribe so you never miss a new episode. Please also consider rating the podcast or leaving your feedback on iTunes or wherever you listen.

Read More
Sauce Labs Webinar - Blog BG - 768X432
6 Tips to Securely Manage a Global Remote Workforce
Reading Time: 3 minutes

Written By: Justin Dolly, CSO, Sauce Labs

With the global COVID-19 pandemic still raging in many countries around the world, many workplaces are still remote and will stay that way for the foreseeable future. Given this, how do we support high levels of security in a remote workforce, all while maintaining required levels of productivity? It’s a challenge for IT teams, to be sure—but not an insurmountable one. In this article, Sauce Labs CSO Justin Dolly offers six tips for teams wrestling with this conundrum.

1. Be Flexible

Security has to be present wherever remote workers are, and it must enable employee productivity, not prohibit it. If we aren’t flexible enough with how we’re asking employees to get things done, they may take matters into their own hands and go elsewhere, thereby opening up your organization to vulnerabilities.  It’s important to communicate to your users the security technologies and processes that you’ve put in place and to ensure they are robust and flexible enough to support a workforce that’s remote.

2. Encrypt All Drives

Laptops and mobile devices can present a huge risk. Encrypting drives can protect organizations from accidental data loss. If an employee accidentally leaves a device at a coffee shop, for example, the organization can feel secure that the sensitive data and the business at large will not be compromised thanks to the encryption capability in place.

3. Enforce Multi-Factor Authentication (MFA)

Enforce multiple layers of authentication for access to any system of information that is deemed sensitive. Modern, adaptive methods should be employed since two-factor authentication has been compromised in certain scenarios.

4. Don’t Forget the Endpoints

Your security program needs to provide a 360-degree view of what employees are using to access company assets. BYOD is an ongoing concern especially in a remote environment, so you must put security measures in place to know which endpoints have access to what resources. Also, Intelligent software installed at the endpoint will protect devices from modern malware and provide the necessary visibility at the endpoint.

5. Implement Both Defensive and Offensive Strategies

Defensive measures include tools that make it difficult for your environment to be attacked. Offense means you need to constantly be testing yourselves to make sure the defensive elements you put in place are working as they should. This may be more difficult in a remote environment, but it’s no less important.

6. Don’t Just Communicate—Overcommunicate

Communication is always important, but especially during a time of remote work. When everyone is dispersed to their homes, it’s critical to be in close touch when you can’t get into a room with everyone to hash out plans. This goes double for dealing with a security incident and roles and responsibilities must be clearly defined and communicated, along with the critical network and data recovery processes that are needed for the team’s incident response. Even outside technical teams, communication about security issues is paramount: You need to respond to all stakeholders, whether inside or outside the company, in a timely and appropriate way.

Conclusion

The remote workforce has shined a light on the importance of security. At Sauce Labs, we talk a lot about digital confidence, meaning that we enable organizations to feel confident that their web and mobile apps are performing exactly as intended. As security professionals, we owe that same confidence to the customers using our Continuous Testing Cloud. Even and especially during a pandemic, we have the opportunity to address security and make sure remote work and other concerns don’t impact your business in a negative way. Following these guidelines will get you started on the way to successfully managing security for your organization—even while remote.

Perimeter 81 and Sauce Labs recently hosted a joint webinar about how organizations’ networks and connections must be secured in order to add another layer of protection against hackers trying to breach the testing environment. Watch the replay here.

About the Author

Justin Dolly is Chief Security Officer at Sauce Labs, where he oversees the development and implementation of the company’s long-term security strategy, ensuring its customers have the highest level of protection to support their digital goals. He is a Certified Chief Information Security Officer (CCISO) with more than 20 years of experience in building and implementing a culture of security within global organizations.

Read More