All Posts By

Idan Kuperman

Organizational Security Starts with the Network

By | Threat Detection and Response | No Comments

Ransomware and malware, malicious cyber threats that demand ransom payments from the organization being attacked to retrieve stolen and encrypted data, have become the most prevalent cybersecurity threats. In the last few years, such attacks have increased in frequency and severity, and typically the large-scale cyber-attacks reach the headlines as seen in the 2017 WannaCry and NotPetya attacks that affected close to 300,000 computers globally.

Faced with the increasing threat of ransomware attacks, many organizations are now actively engaging in updating their cybersecurity defenses and authentication procedures to avoid the attention of cyber offenders. This can be a difficult process because many companies lack visibility of their network in terms of which points of connection are vulnerable to threats – such as Internet of Things (IoT) and personal devices (Bring-Your-Own device -BYOD). Therefore, Portnox recommends implementing a layered ransomware defense, response and remediation plan on the enterprise network. This plan would integrate full visibility of the network with all connected and managed/ unmanaged endpoints (including IoT and BYOD); control over access to files, resources and data, and remote remediation capabilities. Furthermore, the plan should include the possibility of quarantining or blocking infected devices to control lateral attacks.

Request a DEMO

Ideally, an effective plan for defeating cyber extortion would include defense tools, such as anti-virus and anti-ransomware software that provide behavior-based detection, prevent access to files and file modifications, recover files, and vaccinate against the ransomware strain. All of these together create a comprehensive ransomware response and remediation solution. Portnox’s solution addresses all phases of the ransomware kill chain – reconnaissance, exploitation and remediation, and together with its technology partners and integrations, offers a holistic ransomware solution. Notwithstanding the ability to mine data from other sources, Portnox’s solution is known for its seamless deployment, even across the most complex networks and security architectures.

Phase 1 – Reconnaissance:
During this phase, the attacker collects information on the target through research of publicly available information or social engineering. At this phase Portnox’s solutions provide a real-time picture of all network elements, so that organizations can understand the level of risk and identify vulnerabilities early-on. Endpoints that are deemed to have a high risk value (fail to uphold the network security policies, are missing the latest antivirus and OS patches, or have certain technical specifications that have been deemed vulnerable), will be blocked from accessing the network or quarantined until security updates are made. Additionally, Portnox offers the ability to see into the weakest areas of the corporate network, i.e. Internet of Things (IoT) devices. CISOs, network administrators and IT teams can discover where IoT devices are located on the organizational network and detain them in a separate VLAN network with limited access.

Phase 2 – Delivery & Exploitation:
At this point hackers use the information attained in reconnaissance to carry out attacks on vulnerable endpoints, users and different areas of the network. Portnox software receives information from third-party security vendors to actively identify anomalies. There is full communication between Portnox and these vendors, so that their assessments are seamlessly integrated. The system can carry out on-going sandboxing of endpoints according to defined characteristics (including for IoT devices), and it can filter endpoints according to patch, anti-virus, operating system and active applications as well as quarantining them if one or more of these aspects has been deemed vulnerable. Portnox shares information when an endpoint’s posture assessment changes, helping network administrators identify attempts at social engineering in the early stages of a breach. The admin can then bring that device into compliance with security policies, or quarantine it until remedial security measures are taken.

Phase 3 – Command & Control Actions and Extraction:
At times, despite having all the right solutions in place, ransomware still gets through. Once this phase is reached, the ransomware is installed and the hacker can take full control of the organization’s system and do with it as he or she pleases. The hacker could freeze the organization’s data and demand ransom to give the access back (“Cryptolocker attacks”) as in some of the major ransomware attacks in the last few years. A new era of “CryptoWorms” is expected to surface as malware writers become more sophisticated and now, more than ever is time to have the right technologies in place to defend the organization’s assets, accessibility and private customer data.

Remediation:
Having a rapid remediation plan in place will not only help prevent further damage or the lateral spread of the attack; it will allow business continuity. Portnox uses the following:
• Automated Patch Updates Across the Network – Enforces necessary patch, anti-virus, operating system and application updates across managed and unmanaged endpoints, located both on and off premise.
• Immediate Incident Response – Contains ransomware events by remotely disconnecting endpoints from the network (no manual touch required). The program drills down to the level of specification: device type, operating system, anti-virus software version, switch location, and more. Finally, it performs automated actions on every device, in all locations, instantly.
• Armed Incident Response Teams – Portnox arms IT professionals and network admins with the ability to remotely take actions on employees’ devices. In addition, with Portnox’s solution, IT professionals can create an effective incident response plan for any device based on network specifications.

In conclusion, ransomware and malware are considered to be the top cyber-security threats of our time. Therefore, it is imperative to significantly increase organizational security so as to be prepared, with the right response and remediation software to such frequent and wide-reaching attacks. Portnox offers network access control solutions that allow organizations to maintain the upper hand in network security, allowing business continuity, securing company assets and avoiding prohibitive financial losses.

Request a DEMO

Network Security Audit

Conducting Network Security Audits in a Few Simple Steps

By | Network Security, Threat Detection and Response | No Comments

What are the steps necessary to defend your organization’s assets in an optimal framework, while cutting costs at the same time?

If you have spent five minutes on our website or blog, you are probably well-versed on the notion that conducting automated and continuous security assessments of your network is the way to go, where pro-active and preventative security measures are concerned, so as to protect any company’s assets. Still, when new clients get started with one of the Portnox solutions, it is advantageous to kick things off with a simple, yet crucial, security audit. When undertaking an initial security audit, it is important to use the most up-to-date compliance requirements to uphold security protocols. This clearly defines what CISOs should be looking at, and helps in shaping and setting up the future of your automated security monitoring and assessments.

 

Step 1: The Scope of the Security Perimeter

The first step in the auditing process is to clearly define the scope of the audit. For most companies and organizations this will include both managed and unmanaged devices and machines. Managed devices will encompass a list of computers, machines, devices and data bases that belong to the company directly, which contain sensitive company and customer data. Additionally, in a world that includes BYOD policies and IoT connected devices and machines, as well as contractors and visiting guests, the unmanaged segment of the audit should be positioned to continuously update visibility of all connected endpoints. Without clear visibility, it is impossible to create segmentation and remediation procedures. Thirdly, the security perimeter must include definitions relating to software that is allowed and not allowed so as to define a software perimeter as well. Finally, the scope should include all access layers: wired, wireless and VPN connections. In this manner, the scope of the audit will ultimately include all software and devices, in all locations, so as to ultimately define the security perimeter for the company.

 

Step 2: Defining the Threats

The next step is to list potential threats to the security perimeter. Common threats to include in this step would be:

  • Malware – worms, Trojan horses, spyware and ransomware – the most popular form of threats to any organization in the last few years.
  • Employee exposure – making sure that employees in all locations change their passwords periodically and use a certain level of sophistication; (especially with sensitive company accounts) as well as protection against phishing attacks and scams.
  • Malicious Insiders – once onboarding has taken place- employees, contractors and guests – there is the risk of theft or misuse of sensitive information.
  • DDoS Attacks – Distributed Denial of Service attacks happen when multiple systems flood a targeted system such as a web server, overload it and destroy its functionality.
  • BYOD, IoT – these devices tend to be somewhat easier to hack and therefore must be completely visible on the network.
  • Physical breaches, natural disasters – less common but extremely harmful when they occur.

 

Step 3: Prioritizing and Risk Scoring

There are many factors that go into creating the priorities and risk scoring.

  • Cyber security trends – working with a network access control system in place that factors in the most common and current threats along with the less frequent, could save you and your CISOs a lot of time and cut costs, while at the same time defending the organization in an optimal framework.
  • Compliance – includes the kind of data that is to be handled, whether the company stores/transmits sensitive financial or personal information, who specifically has access to which systems.
  • Organization history – If the organization has experienced a data breach or cyber-attack in the past.
  • Industry trends – understanding the types of breeches, hacks and attacks within your specific industry should be factored in when creating your scoring system.

 

Step 4: Assessing the Current Security Posture

At this point you should start to have an initial security posture available for each item included in your initial scope definition. Ideally, with the right access control systems in place, no internal biases affect your initial audit or any continuous risk assessments performed automatically later on. Additionally, making sure that all connected devices have the latest security patches, firewall and malware protection will assure more accuracy in your ongoing assessments.

 

Step 5: Formulating Automated Responses and Remediation Action

Establishing a corresponding set of processes designed to eliminate the risks discussed in step 2 includes a few solutions that should be included in this step:

  • Network monitoring – establishing continuous automated monitoring and creating automated risk assessments will lead to improved risk management. Cyber offenders are typically working to gain access to networks. Activating software that automatically takes notice of new devices, software updates/changes, security patches, firewall installments and malware protection is the best way for any organization to protect itself. Ideally your CISOs should be alerted to any questionable device, software, activity, unknown access attempts, and more, so as to be a step ahead of any harmful activity whether it is maliciously done or not. Network Access Controls such as the solutions offered by Portnox offer 24/7 risk control and risk management and use machine learning to identify cyber offenders, while at the same time cutting costs oIoT Ip Cameran employee hours and replacing expensive systems with cloud distributed software, pay-as-you-go and scalable options.
  • Software Updates – Making sure that everyone on the network has the latest software updates and patches, firewalls etc. It is highly recommended to take advantage of this built-in feature in Network Access Control Software that alerts you when those are required.
  • Data backups and data segmentation – relatively simple but crucial steps, because obviously consistent and frequent data back-ups along with segmentation will ensure minimal damage should your organization ever fall to malware or physical cyber-attacks.
  • Employee education and awareness – training for new employees and continuous security updates for all employees to make sure best practices are implemented company-wide, such as how to spot phishing campaigns, increasing password complexity, two-factor authentication and more.

 

Conclusion

If you have completed these simple but crucial steps, you have finished your first internal security audit! Now you can proceed to establishing your ongoing automated risk assessment, management and controls to secure your company’s assets for the short, medium and long terms. Your first security audit, when done properly will serve you well as a touchstone for future risk assessments and self-audits. Monitoring all devices and machines as well as software over time is the best way to control the risks within your device and software security perimeter. The continuous fine-tuning of your controls and processes will maintain ongoing visibility as well as the ability to properly assess your overall preparedness for cyber-threats along with the ability to manage risks and remediate attacks.

Due to the proliferation of wireless networks and mobile devices, through BYOD and IoT, the workplace has become, on the one hand, a more agile and flexible environment, increasing productivity and employee satisfaction, and on the other, a breeding ground for vulnerabilities and cyber risk. As NAC solutions address the needed steps to audit your organization’s security while also providing intelligence into network behavior through various integrations and methods for achieving compliance, they are well suited to help meet and address these risks. For these reasons, NAC, today, is a must-have part of a robust self-auditing security mechanism. By controlling access to the network with a NAC solution, organizations control their exposure to a wide array of emerging digital business risks, keeping their organizational network healthy and secure.

Now that you have completed your initial network security audit, you can focus your attention on keeping your network safe.
A core factor in achieving that is to have full visibility and control of all devices connecting to the network in real time.

Request a Demo

How NAC Achieves CIS’s Top Security Controls

By | Cloud Security, Network Access Management | No Comments

The value proposition of network access control (NAC) solutions has shifted in recent years due to the onset of wireless networks, coupled with technological advancements in mobile and Internet of Things devices. Together with growing demands for the implementation compliance standards across a number of industries, companies are now required to openly communicate information about their security controls to external auditing authorities.

NAC is well positioned to provide an answer to these concerns by directly addressing the Center for Internet Security’s Top 5 Security Controls, which are a prioritized set of actions to protect organizations and data from cyber threats. NAC solutions address: collecting the inventory of authorized/unauthorized devices and software (including applications); ensuring secure configurations of hardware and software; carrying out continuous vulnerability assessments and remediation measures; and allowing for the controlled use of administrative privileges through role-based access.

Find out how NAC solutions address these security controls in our infographic and “The Importance of a NAC Solution” White Paper!