All Posts By

Idan Kuperman

Cyberattacks ≠ Compliance

Cyber Attacks ≠ Compliance

By | Network Security | No Comments

In our recent “Cyber Threats Cannot Compete with Strong Compliance” blog, we covered cyberattacks in the financial and retail industries and the importance of visibility, network access and control, and risk management to achieve strong compliance, defend against cyberattacks, and grow a successful and secure business. In this blog, we take a quick look at the attacks that hit government and medical industries, the regulations these verticals face and how to build a strong compliance foundation. A deep dive into each of these verticals can be found in “The Compliance as a Strategy for Business Success eBook”.

The DNC Got Phished

How did Russian hackers gain access to the email correspondences of the Democratic National Convention throughout the recent US election? The answer is by using the oldest trick in the book: phishing emails. In one case, John Podesta, chairman of Hillary Clinton’s campaign received a phishing email, which was in fact correctly identified as such by an aide. The problem was that the aide accidentally made a note calling the email “legitimate” instead of “illegitimate”, leading Podesta to open the email. This single mistake placed over 60,000 highly sensitive emails in the hands of the Kremlin, which went on to distribute the information to websites like WikiLeaks.

Even after the FBI sent a special agent to warn to the DNC of the phishing emails, their IT did not respond to the warnings because computer logs did not reveal any intrusion. Podesta should not have required an aide to manually mark the email as illegitimate. Had the DNC incorporated an agentless solution into their network, they could have automatically monitored, identified, tagged, or blocked a potential attack.

The Dark Web Over the Medical Industry

Since 2010, the number of attacks against healthcare providers has risen by over 125% and risk levels in the industry are now at the highest ever. In fact, just last year, cyber criminals hacked over half a million patient records and began selling them over the Dark Web for profit of approximately $365 per record. That is about one-third more costly than selling stolen financial records – no wonder that this form of theft is growing at a dizzying speed. Part of the big issue is that hospitals, private clinics, vendors and insurance companies all share digital information, which of course creates the perfect conditions for cyber-criminal activity.

There is no doubt that the medical industry is struggling to uphold HIPAA regulations regarding privacy, security and enforcement. As medical connected devices continue to grow, a solution that is scalable across a wide range of institutions is a must. It is crucial that every institution sharing this data implements a solution that enables security teams to have complete visibility of all connected devices in real time, including switches, wireless controllers, VPN gateways, and routers.

A Boardroom, Samsung and the CIA

Among the 7,800 CIA records released via WikiLeaks, it was revealed how the CIA has been taking advantage of devices like Samsung’s smart TVs to spy on people across the United States.  Under the codename “Weeping Angel”, the CIA used malware that makes the television act like a bug and send recordings back to them.

Samsung had already warned within its privacy policy that the voice recordings are uploaded to servers and can be passed on to third parties. However, while it is possible for the user to shut off the microphone completely, the CIA found a simple way to circumvent that. As such, organizations need to check the state of their equipment, whether it be a smartphone, laptop or a TV screen. Any device that can record and has access to the internet is susceptible to hacking. Companies must safeguard their equipment and implement practices like device lock-down, micro-visibility, and risk monitoring.

Whether you run a financial, governmental, retail or healthcare organization, it is essential to see, control and automate your network. Without full network visibility, it is impossible to control devices or maintain compliance standards. The challenge for many is how to maintain a level of security (even large companies struggle to attain compliance) often with limited resources and budgets. Portnox’s advanced technology – available both on-premise and in the cloud – gives security officers and network operators the tools they need to see and control any device, at any time, from any place. With these tools, Portnox makes compliance a more straightforward and smooth process, setting your business up for success.

Download our new eBook on “Compliance as a Strategy for Business Success and learn how you can stop cyberattacks by maintaining strong compliance and visibility over your network.

Which is best for Your Business: 802.1X VS. A NEXT GENERATION NAC SOLUTION

By | Network Access Management | No Comments

NAC is making a comeback, and this time it’s IoT (Internet of Things) which is responsible for that. Past waves including the increase of guest and contractor access and BYOD, have resulted in the understanding that the network is no longer composed of securely managed devices.

NAC technology is becoming a must-have technology for organizations of all sizes.   It is not only used to provide an  authentication mechanism for endpoints and users, but also to gain visibility into what exists on the network and where it connects. Whether it’s on the wired or the wireless network, it is the only available prevention technology that can assist with the many risks of bringing IoT (Internet of Things) devices onto the network.

There are currently two prevalent ways of doing this, the first is based on using the 802.1x protocol and the other newer option, a commercially available  Next-Generation NAC solution (NG-NAC). This blog post will clear up some of the confusion between the two different methods, point out the challenges with implementing 802.1x and help you decide which solution is the best fit for your business.

Challenges with the implementation of IEEE 802.1x

In September 2003 the 802.1x usage guidelines were introduced by IEEE in RFC 3580 and were later transformed to become the leading standard for authenticating endpoints on a network. These guidelines also define all the required components for an 802.1x implementation, which includes not only the network switch but also a supplicant on the endpoint, authentication server or radius server at least. Thus, making the standard rely on a lot of moving parts.

The following are some of the concerns when implementing 802.1x on your local network:

MAC Address Managers

For 802.1x to work well, you need a supplicant on the endpoint and an agent to implement the client side of the protocol. Unfortunately, most vendors of digital equipment do not embed such software in their offering. You will find multiple endpoints on your network that are non-managed devices, AKA IoT devices, such as time attendance controllers, IP security cameras, temperature controllers, and IP phones which do not support 802.1x at all. In fact, it is estimated that in most organizations more than 50% of endpoints are IoT devices.

The solution, for connecting these devices is one of two: either to exclude that specific port on the switch level, or authorize that device by its MAC address.

However, managing MAC addresses is cumbersome and not secure. They are easily forged and are available at the bottom of each physical port – effectively making your network password public and available for all.

BYOD trend

The ‘Bring Your Own Device’ (BYOD) trend is making the life of network and security admins a nightmare. How can you control or secure a device that is not under your control?
The easiest solution is to create a clear separation between your managed devices and unmanaged BYOD. With 802.1x, which is only based on usernames and passwords, this is not a possibility: any user can connect any device to the network using his/her username and password. So if you do not roll out certificates to all of your managed devices, you cannot use 802.1x without the risk that your network will become an IT jungle.

Health State – Risk Score

Implementing 802.1x by itself does not mean the connected device is not secure. In order to comply with both regulations and best practice standards you should have posture assessment carried out on the device and allow access to the network, not only with a “password” but based on the posture assessment as well. For that you need to implement a commercial product, usually implement another agent on each device and integrate all of these together.

Level of Expertise

For on-premise 802.1x implementation, the level of expertise required from a network engineer is very high. S/he should know about radius, 802.1x, EAP, different switch configuration, endpoint configuration (Windows / MAC OSX) and be able to point out where the root of an issue is when a problem arises. This includes any endpoint, network equipment, configuration or hardware issue.

The number one problem in IT in general, and in security specifically, is the shortage of skilled professionals. Without a skilled professional, an 802.1x implementation would fail and the maintenance would be a nightmare.
There are a lot of other issues to handle as well – such as connecting two devices behind the same port, bypassing 802.1x with a hub, high availability or how to implement in monitor mode in existing networks. All of those and more need to be taken into consideration when implementing 802.1x.
You can read in detail of some of the issues with the implementation of that standard in the following whitepaper.

Other approaches: NG-NAC and SaaS

There are two routes to  solve the 802.1x implementation issues : the first is to use 802.1x in the cloud – as a SaaS. The second is  to use an NG-NAC that will operate differently yet achieve the same desired results.

Cloud 802.1x

With a cloud 802.1x SaaS solution you can solve many of the hurdles mentioned above. There is no need for expertise since all the heavy lifting is already done for you; no need to take care of high availability and no need to worry about the many moving parts.

Additionally, with the suitable solution that supports flexible on-boarding options, you can delegate access management and still have workflow based authorization for devices, thereby making the management of non-802.1x based devices possible.

On-Premise NG-NAC

NG-NAC technology is a flexible approach to NAC which takes into account three types of system users – the network team, security team and the system team. Different values can be supplied for each persona..
Important features of an NG-NAC:

  1. Agentless capabilities – the ability to identify and authenticate both managed and unmanaged BYOD devices.
  2. Flexible enforcement – from monitoring and limiting access all the way down to blocking devices.
  3. Centralized control – maintain a central view of the whole network.

All of the above characteristics make a deployment simple, meaning that overly high levels of expertise are not required.

Click here for a demo of the Portnox solution.

Download: The 802.1x Sting Whitepaper Now!

This post is an updated version of a post previously posted. Some changes were made to clarify a number of points raised.

Is this NAC solution suitable for your business?

By | Network Access Management | No Comments

While NAC is most effective when it follows a defined, proprietary security policy that is specific to a particular company, there are some more general considerations that apply to any type of enterprise. These are discussed below.

There are two main challenges when choosing the right NAC for your company. The first stems from the fact that corporate networks today are crammed with so many deployed devices (including IoT devices, but not only) that it can be a major challenge to see all of the devices and to not miss out on any suspect behavior or telltale signs of a potential breach.

The other key challenge is the ability, once a potential threat is detected, to deal with it effectively.

    1. Comprehensive authentication and authorizationAt least 13.9% of workers (4.2 million) in the UK were working from home in 2015, as revealed in the Work from home week. It is estimated that 3.9 million people will telecommute in the USA in 2016. The work from home trend is so prominent that 75% of the jobs in the hiring website skipthedrive.com are with Fortune 500 companies. These numbers illustrate the real challenge of the BYOD era, in which companies need a network admission control solution that is able to secure access and monitor the activities of many users and devices from multiple locations and for various roles.
      Comprehensive authentication and authorization functionality to detect users on the company network is critical. You’ll need a solution that can see all of the devices on your network and can deal with the endpoint rapidly once a potential threat is detected, in order to minimize the damage. This includes verifying log-on information, restricting data access for each particular user and implementing security applications such as firewalls, antivirus software, and spyware-detection. It is also essential that your NAC solution monitor, regulate and restrict network subscribers once they are connected to the network activities according to company policy.
      Other considerations such as, network compatibility and device deployment are secondary.Avoid the 5 Pitfalls of NAC – Get our Free Whitepaper Today! 

 

  • The 802.1X standard – yes or no?Largely speaking, there are two main categories for Network Access Control solutions:
    – Based heavily on the 802.1x standard for wired switches and wireless networks
    – Those that do not rely on 802.1x but rather perform switch and wireless integration or port mirroringDeciding on the type of authentication mechanism would work best for your company is really important.We believe that 802.1x is problematic because it is very difficult to implement and maintain in the long run. Both network equipment and the endpoints themselves are required to support this protocol and in many cases this is not feasible for a given network. The 802.1X standard also lacks the visibility required for monitoring activity after the device has been allowed onto the network.Your network admission control solution also needs to be adaptable to your company’s cloud computing, VPNs, and BYOD environments. Enterprises considering a NAC solution must look at integration from the standpoint of their end user base.
  • Compatibility and integration

 

Can the NAC solution under consideration be easily integrated with your current network topology? Some NAC solutions are placed between access and core switches so that they can enforce policies. Since many data centers often use a mix of switches, this scenario requires any Network Admission Control solution to be compatible with your existing network infrastructure.

As your network requires BYOD access for your user base, your NAC solution needs to either automate or greatly simplify the device enrollment in conjunction with an enterprise mobile device management (MDM) system.
The speed of authorized data throughput will have a major impact on your bottom line and your corporate users’ level of satisfaction.

  • What about compliance?

 

Does your company fall under regulatory or industrial compliance requirements, such as PCI DSS (for credit cards), HIPAA (for patient health records), and Sarbanes-Oxley (for business and financial data)? If so, then the NAC that you select must meet these requirements and be capable of streamlining the compliance auditing process. You’ll thank yourself when auditing time rolls around.

  • Don’t skip over support
    Support plans should not be overlooked. Consider this: Is support available in your geographic region? How frequently will you need to upgrade the product and when do the free upgrades run out? How much of your own internal support management will be required?

 

New generation NAC from Portnox, we have it all

At Portnox we have considered all these aspects when developing our NAC solutions. Our software only NAC can be integrated with other security solutions and which traverses all networking layers – Ethernet, wireless, virtual, VPN and even the cloud to illuminate, visualize, analyze and control all connected users and devices. With Portnox you get full visibility of your corporate network to cover both your access control needs and monitoring requirement, so that quick action can be taken when a breach occurs.

Click here to see a demo of how Portnox covers all of these critical issues for its customers.

The dawn of Massive IoT DDoS Attacks and why it matters

By | IoT | No Comments

Unless you have been busy climbing the Himalayas for the past couple of months, you’ll have heard a lot about Mirai, a deadly malware causing the largest DDoS attacks to date. Yes Yes, the IoT botnet attack that took down the Internet for users trying to reach an array of sites, including Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix.

In September 2016, the same malware hit the prominent security blogger, Brian Krebs. Both attacks drew on an army of IoT devices. In Krebs’ case, the hit was so massive that Akamai had to shut down Krebs’ account with them because defending it consumed too many of their resources. No one wants to be in a position to have to shut down a customer (let alone a prominent one such as Krebs) or even an internal enterprise user. That is a good way to lose business, possibly your job, and to anger people. One of the key ways to stop these IoT DDoS attacks is through network access control (NAC). More about that later.

In the same month, hosting provider, OVH, suffered a 1Tbps DDoS attack that had 150,000 IoT devices behind it. These attacks are becoming more frequent. IoT botnets are very powerful due to the fact that there are so many vulnerable IoT devices out there that can be commandeered in an army of botnets. Each device –  baby monitors, CCTV’s, connected LED light bulbs, even smart cars that are connected to a high bandwidth internet connection, are lacking in the area of basic security features and can be easily leveraged in a powerful IoT botnet DDoS attack.

Avoid the 5 Pitfalls of NAC – Get our Free Whitepaper Today! 

The Scope and Ease of IoT Botnet DDoS Attacks

The threat these attacks create should not be underestimated. These attacks can take any company offline. There is really no limit to the potential size and scale of future DDoS attacks involving botnets, particularly when they harness the full range of smart devices incorporated into our everyday lives, both at work and at home. Gartner Inc. forecasts that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from 2015, and will reach 20.8 billion by 2020. In 2016, 5.5 million new devices will get connected each day, Gartner estimates.

For many of these household IoT security is an afterthought. Furthermore, in the residential space, IoT devices are plug-and-play and the average user is incapable or uninterested in security and may never upgrade or download a security patch.  So, if an IoT device ships with such an exploitable vulnerability in it, it will likely remain vulnerable the whole time it is in service.

The challenge with many IoT devices, from a security perspective, is that many devices are by default, open and available to the Internet. This is convenient to the average home user but a nightmare to corporate security (which needs to take all these devices into consideration as they are entwined into the lives of employees) and to the overall security of the Internet.  Manufacturers of these devices must make the security and overall protection of these devices against the dark web a priority.

What makes this worse is that most users will never change factory set usernames or passwords. The average user is mostly likely taking advantage of default passwords and auto-connect functionality without much thought. Users may well be unaware of the security risks entailed in using default settings, or they may not know how to make the changes. Some education needs to happen in order to begin eliminating vulnerable devices from being hijacked for nefarious purposes.

The Release of Mirai Source Code is a Big Deal

The DDoS attacks are relatively easy for the hackers to execute. The tools and devices used to conduct the attacks are out there and available to most people. The hackers enjoy almost complete anonymity in these scenarios. This powerful combination could potentially bring down the Internet.

There are two main malware families that are currently being used to quickly assemble very large IoT-based DDoS armies, one is dubbed “Mirai” and the other is called “Bashlight”. They function in similar fashion, with Mirai infecting vulnerable devices by scanning IoT systems protected by factory default or hard-coded usernames and passwords, while “Bashlight” is especially designed to infect systems via default usernames and passwords on IoT devices. The fact that the Mirai code for the DDoS attacks is now released means even more trouble for businesses as more people have access to the malware used to quickly assemble very large IoT-based DDoS armies. The rising threat of IoT botnets is one to be reckoned with, and a threat that needs to be defeated within the Internet itself.

DDoS Attacks and Network Security

These attacks are placing even more strain on the enterprise networks and are changing the priority level to ‘tackle’  IoT and mobile device security.  Security and Network Administrators need intuitive and granular network admission control and remote access security to prevent these security breaches. Detection, compliance and protection solutions should be the building blocks of every NAC solution.

A new generation NAC solution gives visibility into the network and enables monitoring actions in it after access has been authorized. Should a DDoS attack happen, this monitoring feature would be instrumental in stopping the attack. With a software NAC solution, all security software in the company can be easily integrated without the need for costly equipment.

Now is a really good time for Security and Network Administrators to do some homework. What would happen if the company came under DDoS attack?  How would the company cope? Is the network secure?