All Posts By

Juda Thitron

Handling Network Security in Today’s Highly Decentralized Organizations – Part 1: The Challenges

By | Cloud Security | No Comments

The Perimeter is Dead

We know that our businesses are becoming more digital and connected every minute, of every hour, of every day. This is a global trend and the foundation for increased delivery speeds, efficiency and productivity in all organizations. Organizations these days are no longer limited to their physical office premises as they once were. In many cases, team members are allowed the flexibility of working remotely, telecommuting and working in different branches across different countries, sometimes working in shared co-work offices with other remote employees and business owners. That said, IT Security Officers have their work cut out for them, whether they are handling a large multi-national organization or a small-to-medium business. We all know and feel the incredible threats looming on our networks and the constant care that must be taken to assure the security and integrity of our organization’s assets, whether they are physical or intellectual. In this, first post of a series of three, we’ll review a few challenges with network security and then consider some solutions in parts 2 and 3 of this blog.

Register for the Decentralization Webinar

We Adore Our Mobility

There is a lot of satisfaction that comes with the increased productivity, flexibility and mobility offered by digital transformation. Is there anyone out there who would like to trade their smartphone back to a flip phone? Their laptop for a desktop? The answer is clear: obviously – no. We all adore our mobility and digital advancements. So much so, that IDC predicts that within the next two years there will be close to 200 billion Internet connected devices.

If you are reading this article, there is an excellent chance that you use 5-6 connected devices, including your smartphone, a wearable of some sort, a laptop or two and a tablet or two. Perhaps you have a few IP cameras monitoring your home and office while you are away. And that’s just you. Now think of all the people bringing their own devices to the enterprise these days.

Next, let’s think of the IoT (Internet of Things) devices that are increasing their presence everywhere, according to IDC, there will be 80 billion connected IoT devices by 2025, enhancing a security concern stemming from the fact that IoT devices are almost invisible on many enterprise networks. Additionally, employees are accessing any kind of application under the sun (or florescent light), on their own devices and via the Internet on their company managed computer. These applications and websites are used for both personal and work-related purposes, placing the organizations’ assets at risk.

Network Complexity

In today’s decentralized enterprises there are multiple access layers at play, including the use of wired, wireless and VPN connections. This is one of the core security issues with complex networks in decentralized organizations with locations in different states and countries. Multinational organizations suffer from increased risk due to their IT security loopholes and the abundance of access ports and end-users. It is no wonder then that many IT departments have settled for half-promises of asset security and network controls. They must work within the constant cyber threats that seem to be spreading faster and everywhere these days. Unfortunately, one of these half-promises leads to uncompleted NAC implementations (Network Access Control) and to lengthy and unsuccessful projects.

Security Vendor Fragmentation

Vendor fragmentation is an incredible headache that must be handled. It seems like there is a solution for every inch on the network, as long as you are willing to work with five different vendors.  Implementation is labor intensive and expensive. Moreover, IT leadership struggles when selecting vendor software because the solutions are diverse with no single vendor able to meet all requirements and use cases, especially with decentralized organizations.

Safely On-boarding All Devices

On-boarding devices onto the network in a distributed organization is not hassle-free, often slowing productivity down. Additionally, compliance must be enforced across the organizational network, no matter which location around the world or which device is being used. At the same time, if one of your team members lost their computer, there should be a clear path to prevent that device from on-boarding the network.

Cybersecurity Posture

Many CIOs and CISOs have the constant burden of dealing with and maintaining the organization’s cybersecurity posture while potentially being targeted for cyber-attacks. With cyber-attacks being on the rise and in the news every week, it is no longer a question of if, but rather a question of when one’s organization will be under attack. And so the question arises – are we as prepared as we could and should be?

The network complexities outlined here may be preventing many from establishing optimal solutions and procedures for their organization, especially those that allow full visibility and risk management, not even imagining how serious the threats are till it is too late. Is it really going to take a complete data breach before we do anything about it? Can’t we just learn from other organizations’ mistakes and misfortunes? (Note the 2017 WannaCry attacks for example). Still, once IT departments have been burnt by unsuccessful NAC projects, they might be slow and cautious before initiating the implementation of a new and ideally – better – technology.

Looking for an easier NAC project?

Now, there is another way. Portnox CLEAR offers a solution that allows for simple deployment, without compromising on security across the enterprise.

Sign up for your FREE 30 DAY TRIAL with PORTNOX CLEAR NOW.

Easy 802.1X

By | Cloud Security | No Comments

The IEEE standard for port-based authentication, 802.1X, has been around since the early 2000’s, but in recent years has been met with frustration from network administrations and architectural experts. While 802.1X is well suited to the needs of the wired, desktop-dependent enterprise, with the shift to wireless networks, together with an upsurge of BYOD and Internet of Things (IoT) devices, deployment of 802.1X has become more of headache than a help.

Much of the criticism for 802.1X centers around the difficulty of deployment, namely that certain hardware infrastructure, such as RADIUS authentication and user repository servers, are required. In addition, with an increase of mobile devices in the enterprise, 802.1X is not able to provide enough contextual information on devices to allow for effective security controls. Finally, the difficulty of deployment involves the allocation of agents, which must be carefully managed on endpoints and could become a nuisance for employees if they are constantly required to enter their access credentials.

So Why Reconsider 802.1X?

Despite these technical difficulties, 802.1X has proven to be the strongest method for authenticating devices on the corporate network due to its continuous and direct communication with authenticating servers as opposed to pre/post scanners or the use of logs. The benefits for centralized management and enhanced security should not be deserted based on the sheer complexity of 802.1X deployments.

802.1X Delivered as a Cloud Service

Now, there is another way. With the growth of cloud computing technologies, Portnox CLEAR offers a solution that allows for simple deployment of 802.1X authentication , without compromising on security across the enterprise. By deploying RADIUS and user repository servers from the cloud, and delivering 802.1X as a software-defined cloud service, admins can embrace the benefits of 802.1X authentication by deploying a zero-touch solution that eliminates geo-redundancies. In a matter of minutes, admins can see and control every device connecting to their network and issue agents to monitor and control those devices with one swift action.

To find out how 802.1X authentication from the cloud works, read more in our White Paper, “802.1X Authentication Is Simpler Than You Think“, or TRY PORTNOX CLEAR NOW!

A New IoT Botnet Is Upon Us – What You Need To Know

By | IoT | No Comments

As if we all haven’t gotten over the Mirai botnet attack that happened last year, there’s news of a new IoT botnet in town. “IoTroop” or “Reaper” as it is being called by security researchers at Check Point and Qihoo 365 that discovered the attack, is said to affect millions of devices, but it’s still early days with information still being compiled on the full list of vulnerabilities.

So far, 9 exploitable vulnerabilities have been identified in Wireless IP security cameras from manufacturers such as GoAhead, D-Link, TP-Link, AVTECH, NETGEAR, MikroTik, Linksys, Synology, and others. Check Point and Qihoo report that they identified recurring security vulnerabilities in the IoT devices beginning from the end of September, but report that the recruitment phase of the botnet attack is still underway, with up to 10,000 new devices compromised each day.

IoTrooper/Reaper appears to use some vestiges of code from the Mirai attack, but as opposed to the Mirai attack that recruited IoT devices with factory default or missing telnet credentials, this botnet attack dives deeper into inherent IoT hardware and software vulnerabilities. This makes the potential for recruitment much greater in this current attack, garnering the potential to take down the entire internet, according to experts. These “thingbots”, as they are called,  carry out distributed denial of service (DDoS) attacks to the similar effect of Mirai, or create the possibility of an anonymity network, which allows for anonymous surfing of the internet and preventing network surveillance.

Before panic over the potential damage ensues, know that there are ways to secure IoT devices and prevent them from being recruited as thingbots. The first step is to check if there are available firmware updates for network-connected IoT devices (particularly those from manufacturers listed above), and to verify if your security solutions have picked up on one of the 9 published vulnerabilities being targeted.

Next, a rule of thumb with all IoT devices is to disable the peer-to-peer (P2P) communication mechanism that’s available on many security cameras and DVRs. With P2P enabled, hackers can remotely locate and gain access to vulnerable devices that may not be connected to the internet. In addition, consult with security professionals regarding your IoT security stack – if you aren’t using an IoT visibility and detection solution, now is the time to consider the investment. With IoT botnet attacks proliferating, organizations should do everything in their power to understand and protect their enterprise IoT environment.

Finally, and most importantly, don’t panic. At the moment, we know very little about the intentions, scope and warpath of the IoTroop/Reaper attack, so don’t jump to any conclusions just yet and do not abruptly disconnect connected devices; if those devices are infected, they could cause significant network-wide damage once disconnected, not to mention data loss.

If we thought that Mirai was as bad as IoT botnet attacks could get, it appears that IoTroop/Reaper is here to prove otherwise.

Find out about Portnox’s IoT Security Solutions and start protecting your network from botnet attacks today.

Portnox integrates with Check Point’s ThreatCloud solution to provide complete control and strong security for enterprise network IoT.

What KRACK Means For Your Wireless Networks

By | Threat Detection and Response | No Comments

Last week, news surfaced of a serious vulnerability with the Wi-Fi Protected Access II (WPA2) protocol that is used to secure the majority, if not most, protected Wi-Fi networks. According to the research, published by Mathy Vanhoef of the University of Leuven, the vulnerability lies in the 4-way handshake that is part of the WPA2 protocol, which can be manipulated to carry out man-in-the-middle attacks on network users, forcing them to reinstall the encryption key. Furthermore, Android and Linux devices can be tricked into reinstalling an all-zero encryption key, making it possible for the hacker to intercept and manipulate traffic from these devices when they are connected to the WPA2 network.

The implications of discovering such a vulnerability are huge as most modern networks are protected through the WPA2 encryption protocol, but there are a few caveats. For instance, in order to carry out a KRACK (Key Reinstallation Attacks), the hacker needs to be in close logical proximity to the Wi-Fi range. In addition, browsing over HTTPS may protect some traffic from interception, as it is protected with an additional level of encryption. Yet, at the moment, it appears that most devices that support Wi-Fi are affected, including Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys and more.

So what are the implications of the discovery of KRACK for the enterprise network?

By manipulating the KRACK vulnerabilities, hackers (or even employees, guests and contractors) within close vicinity of the Wi-Fi network can eavesdrop and alter information being transmitted over the network. While the location caveat does have its benefits for smaller and tighter organizations, for larger organizations with far-reaching networks, it provides little solace.

Though little is still known about how the KRACK vulnerability will be addressed (or when a new secure wireless encryption protocol will be issued), there are a number of steps that enterprise IT departments can take to secure their data.

  1. Install the latest security patches and updates: This is a given, following any vulnerability, and should become standard practice throughout the enterprise. If possible, use a network access control solution to alert IT administrators and employees, when their devices are in need of updates, and enforce those updates by quarantining or blocking non-compliant devices until their security posture is updated. Also, regularly check for firmware updates that address WPA2 vulnerabilities across all connected devices and appliances.
  2. Look out for IoT devices: Direct attention to all connected devices – not just managed and BYOD devices – namely IoT devices that present a challenge as many of them cannot be patched or updated with the most recent firmware. Consider sandboxing IoT devices into a separate part of the network until a larger solution for the WPA2 vulnerabilities is reached. Currently, those organizations that depend on the data processing capabilities of IoT devices should be concerned and take all possible measures to protect and manage the security of these devices.
  3. Maintain consistent visibility into connected endpoints: One of the best ways to identify vulnerabilities is to maintain consistent visibility into connected endpoints. That way, if there is suspicious activity being carried out on the network, or if device specifications have been changed (good indications of a KRACK breach), IT administrators can take actions to control access for the device in question. Consistent visibility makes it easier to establish regular patterns of network behavior, providing important context when it comes to identifying and preventing cyber attacks.
  4. Consider wired networks: While these may seem like a thing of the past, in most organizations, wired internet connections still exist in some form. Encourage employees to connect their managed and professional devices over wired networks where possible, at least until firmware updates are installed and a remediation policy is put in place. For mobile devices and BYOD, ask employees to refrain from engaging in work-related activities over the enterprise Wi-Fi connection until the vulnerability is effectively addressed.
  5. Use WPA2 AES-CCMP as opposed to WEP, WPA/WPA2 TKIP and GCMP: The researchers identified that with WPA-TKIP or GCMP, hackers can not only decrypt encryption keys, but forge and inject new encryption packets. Therefore, it’s better to use a different encryption method until a more concrete solution for secure WPA encryption is reached.

The most important thing to remember about WPA is that there is no use in panicking. Most connected devices and enterprise networks are affected at this point. Mathy Vanhoef and his team at the University of Leuven have done us all a favor by informing us of the vulnerability, giving IT departments and security experts an opportunity to shore up their Wi-Fi security and take measures to prevent data loss.

How to Discover and Control a Vulnerable Device

By | Our Technology | No Comments

With BYOD, IoT and the growth of the mobile workforce, CISOs and system administrators are faced with mounting challenges in discovering and controlling all of the devices on their network. The proliferation of these technologies makes it easier for hackers to gain access to the network, by gaining control over and access to rogue and vulnerable devices, although they have obvious benefits for business. In this environment, a cloud-based network access control solution like Portnox CLEAR can go a long way in identifying and automatically controlling access for endpoints on the corporate network, both on and off premise.

Watch the following video to find out how easy it is to discover and control vulnerable devices with Portnox CLEAR.

Don’t Let your Network Become Hostage to WannaCry

By | Threat Detection and Response | No Comments

The WannaCry cyber attack has reached 150 countries (and still counting), which will leave its mark for months and years to come. As the damage is still being sorted out, one story is most prominent –  the story of unpatched devices being connected and having access to the corporate networks.

To think that with one simple action of patching a well-known “Eternal Blue” vulnerability by Hot-Fix released by Microsoft two months ago, organizations were able to delay dramatically the spread of the malware and to a degree even stop the ransomware worm from end-point to end-point.

It’s such a shame that even today, after so many cyber-attacks have hit organizations, they still fail to adopt a very simple but powerful approach to control the risk of devices connecting to the corporate network and especially via remote, VPN access.  Not making intelligent, threat and risk oriented access decisions leads to finding a huge exploit in the backyard of organizations. One simple decision, based on one click, that defines access policy – “do not let in unpatched devices” will make the difference between being cyber-breached and humiliated and being safe and undisrupted.

How can organizations address these critical steps of devices entering the network? One example of a solution that can make the difference without additional configurations, rules or signatures, is Portnox CLEAR. CLEAR is a cloud-based, Security-as-a-Service, which allows organizations to monitor, detect and manage device risks and vulnerabilities along with managing end-point access to corporate networks by remote or local access.

Powered by machine learning, CLEAR constantly analyzes hundreds of different endpoint parameters, including the state of patches for the operating system and for multiple applications installed on a device. In the case of detecting an unpatched system, “Eternal Blue” missing patch, as an example, CLEAR will immediately, in real-time, notify the security officer or IT manager about the high level of risk. If needed, it will even block access for such a device to the network. This will be done in default, no changes to the configuration, and without any additional cost (CLEAR is a SaaS system) to the organization. With Portnox CLEAR, there is an immediate benefit of detecting and removing from the network vulnerable devices that could make your organization potential ransomware victims.

It is clear that ransomware is a complex problem with many different aspects of cyber defense, which requires a wide coalition of multiple products and technologies to fight a kill chain of a cyber-attack. End-point risk and access management should be the center and front of this cyber defense effort.

Take these steps now to remain safe and not allow attacks such as WannaCry to get to your network!

 

 

Don’t trust that TV in your boardroom

By | IoT | No Comments

With the recent hacking developments, we are constantly reminded how dangerous IoT devices can be in a corporate environment. No IoT device is off the table for hackers, considering the massive set of DDoS attacks that utilized compromised surveillance IP cameras to generate a huge amount of traffic that crippled many websites and the recent WikiLeaks news, threatening that your Samsung TV could be spying on you.

The leaked documents from WikiLeaks reveal that the CIA developed an exploit that perhaps utilize some unknown, “zero-day” vulnerability to breach and take control of TVs. This malware puts the TV on a “dissipation mode” which misleads the owner to believe the device is turned off, when in fact the TV is still on and recording conversations.
Is it possible to protect your business from being yet another victim of an IoT-based breach? If so, what can we do?
In order to keep your network secure and compliant, organizations should follow best practices for IoT security. This includes rapidly adopting software systems to help implement and enforce threat prevention and security management of IoT devices.

These best practices include 4 major areas:

1. “Lock-Down” – Implement a device lock-down, hardening policy, or procedure. Vendors of IoT devices don’t always provide the best security configuration and correct security posture. Instead, adopt systems and processes that automatically reconfigure the IoT system and constantly institute a lock-down policy with respect to best practices, known vulnerabilities and threat intelligences. Minimal complexity of passwords, open ports, running unused services and always-on peripheral devices such as microphones are all part of a wide attack surface that must be reduced by fully-automated hardening of IoT devices. Automated hardening solutions provide the ability to restrict device features and services, allowed control of incoming and outgoing traffic, and even force patch updates for device software.

2. “Micro-visibility and Risk Monitoring” – Adopt systems that provide pervasive inside monitoring on all aspects of IoT devices on your network, from running processes to firmware changes and more. These systems discover and deeply understand the nature of any IoT device on corporate networks, and consciously monitor and present all possible risk factors introduced by a device. Such a security system must collect and analyze hundreds of different parameters from IoT devices. The system then can analyze and correlate collected data against known vulnerabilities and threats, and detect behavioral anomalies or post-breach activities on the device.

3. “Untrusted by Default” – Do not allow unauthorized devices to plug into your network. Implement secure access and governance flow of how to on-board new devices. Each device that is connected to your network, whether wired or wirelessly, must be authenticated, authorized, and assessed. Determine each device’s risk level prior to entering the corporate environment.

4. “Discover the invisible” – Adopt network-wide actionable visibility on all devices connected to the corporate network, and constantly discover new and unknown IoT devices. Act on each device that has been discovered by such network visibility systems to ensure the device is known, authorized and properly configured.
Protecting against IoT attacks begins with visibility, followed by detection and then reaction.
Portnox CORE provides an additional layer of device visibility and offers full capabilities for device discovery, authentication, and compliance enforcement. It provides a cutting-edge approach to network security that allows you to see any device on the corporate network, manage its risk and react upon automatically and in real time.

Use these best practices listed above to ensure your network is secure, and then nobody will be able to record your meeting discussions without consent via that TV in the boardroom.

Contact us to learn more about how Portnox CORE can help your organization secure its network.

Securing VPN remote access with Portnox CLEAR

By | Our Technology | No Comments

Compromised and stolen credentials remain the main threat to corporate data. Remote access via VPN is the most vulnerable method of access, due to compromised employee credentials. The need for flexible and extremely easy to implement two factor authentication (“2FA”) has become crucial for organizations of all sizes. Another weak link in remote access, beyond user authentication, is generated by connecting to organizational insecure and vulnerable end-points. It is not uncommon that when accessing the network using a VPN through a personal device, any vulnerability existing on that device can quickly become a security hole in the entire network’s protection. To address the heavy challenges of securing remote access, organizations should look for solutions that are cost-effective and provide a cohesive approach for all aspects of access security: compromised credentials, lost or stolen devices and access from insecure endpoints.

Meet Portnox CLEAR – cloud-based access control for VPN

Portnox CLEAR is a Security Software-as-a-Service (SaaS) cloud platform that delivers continuous, on/off-premises risk monitoring and access control to all organizational endpoints. It assigns each connecting device a risk score (similar to a credit score), dynamically assesses the threat they may pose to your network and enforces access control actions in real time. Portnox CLEAR can be used in many flexible ways to authenticate user remote access by VPN providing a unique combination of access control by authentication (Active Directory or Open LDAP), strong factor validation and end-point cyber risk assessment (“risk-based access”).
Demo CLEAR today!

Portnox CLEAR™ Unique Two-Factor-Authentication Solutions

As part of its entire cloud-based NAC offering, Portnox CLEAR offers a unique approach to 2FA for VPN. 2FA is a method of computer access control in which access is granted only if two separate pieces of evidence are presented to the authentication mechanism – typically, knowledge (something the user knows, such as his username and password), and possession (something the user has, such as a security token).

Conventional 2FA solutions, however, completely ignore the device that is requesting remote access. Portnox CLEAR, on the other hand, can offer device authentication via its device enrollment mechanism. Devices that install the Portnox AgentP application and have been enrolled in the organization are uniquely recognized and are, therefore, continuously monitored and tracked.

The two elements in Portnox’s unique 2FA solution are the typical knowledge (user credentials) coupled with a unique possession (the enrolled device), ensuring that security is offered on two levels: authentication of the user himself and authentication of the device. Stealing a user’s credentials is useless if the device requesting access is not enrolled; and stealing an enrolled device is of no use if the credentials are not available.

Portnox device authentication is offered in two formats: One-Time-Password (OTP) 2FA and Portnox AgentP 2FA.

OTP 2FA

In this solution, the AgentP application on the enrolled device acts as a soft token by implementing the HMAC-Based OTP algorithm. It generates an OTP upon demand and, together with the user’s username and password, the app allows that specific device access to the organization’s remote network.

As Portnox knows which AgentP generated the OTP, the supplied OTP is the method of authenticating the device; while the supplied credentials are the method for authenticating the user.

Portnox AgentP 2FA

In this solution, a call back mechanism is utilized, relying on the fact that each deployment of AgentP on a device is uniquely recognized. When a user tries to log in by VPN with his credentials, CLEAR calls back the specific AgentP on the device requesting access, to verify that the device is the one it claims to be.

Because Portnox knows that the requesting device is an enrolled device, callback is the method for authenticating the device; while the supplied credentials are the method for authenticating the user.

Portnox CLEAR end-point risk assessment and access policy

Portnox CLEAR offers pervasive and context-aware risk assessment for VPN clients to address attempts by unsecured, vulnerable devices to access the corporate network:

  • Real-time pervasive monitoring of any device, mobile and laptop, on and off the corporate network
  • Monitoring changes in hundreds of parameters, analyzing security posture and known-vulnerabilities of end-points
  • Analyzing and correlating to multiple context attributes
  • Taking historical observations into account
  • Calculating cyber risk score and making access decisions based on this score

CLEAR customers have flexible, granular control of risk assessments and risk actions thought CLEAR Access Policies. Access Policy allows organizations to define the exact level of acceptable risk and compliance standards for end-point devices that are acceptable in their enterprise.

Sign-up for CLEAR now!

This blog was written by Portnox.

Portnox is the manufacturer of Next generation Network Access Control (NAC), that can assist you in protecting your network including your VPN.

Portnox CLEAR offers many other capabilities for real-time access control and risk assessment as part of its entire SaaS offering, which is fully subscription based and does not require deployment of any on-premise software or appliances. With its Fall-2016 release, Portnox CLEAR demonstrates again its leadership and unparalleled innovation as already recognized by the latest award from Frost and Sullivan.

5 Reasons to Move your NAC to the Cloud

By | Network Access Management | No Comments

Have you ever thought about migrating your network access control (NAC) to the Cloud? Are you apprehensive about taking this step? Traditional NAC solutions were built to address a premise-based infrastructure. A new next generation NAC approach is required to protect companies in today’s BYOD, cloud-based, IoT world.

Enterprises will need to change their security procedures and postures to function in cloud-based IT environments. Classic, on-premise infrastructure-based NAC is ineffective against modern applications and these days security threats that are not part of the IT infrastructure such as, mobile phones and cloud-based applications. Today’s enterprise users are not constrained by enterprise network perimeters as they regularly use mobile devices and cloud-based applications. They often sign up for cloud services for HR or marketing departments, for example, without even notifying IT that they are doing this.

The following five prevalent trends in the enterprise marketplace highlight why a cloud-based next generation NAC is essential to any organization.

    1. Disruption – The Corporate Network Goes GlobalEnterprises have been going through a process of de-perimeterization. Traditional perimeters have been torn down by employees’ adoption of BYOD, telecommuting and cloud computing. You can no longer look at the network as a defined infrastructure within a physical firewall. The network is a global network without boundaries. Most workers nowadays are road warriors who spend 50% or less of their time in an office. Companies need to distribute materials, goods, and services to these employees in their offices and on the road all over the world.According to a poll conducted by Gallop News Service in 2015, thirty-seven percent of U.S. workers have telecommuted for work. This is up slightly by 30% from the last decade but four times greater than the 9% found in 1995. The average worker telecommutes two days per month and is just as productive as other employees who work in the office.
      “Borderless” companies need the kind of continuous risk assessment and mitigation that is only possible through the Cloud. There is no reversing these trends.
    2. Flexibility – Supporting Any Type of Business Size InfrastructureCompanies are constantly undergoing changes: reorganizations, M&As, opening branches globally, etc. Only the cloud can deliver the flexibility to support operations for the distributed enterprise. Traditional NAC is too rigid and inflexible and only works in small rigid corporate environments. In larger environments, like a university with its multiple departments, NAC deployment becomes impractical.

Demo CLEAR today!

 

  • Speed – Rapid Service Delivery Required

 

Enterprises of all sizes need rapid deployment of security measures, rapid adoption of NAC policies and procedures, and immediate expansion around the world. One of the key strengths of application delivery in the cloud is its ability to rapidly deploy and implement services on demand. A NAC implementation on the cloud can adjust and adapt along with developing policies and requirements of the organization.

  • Agility, Scalability and Affordability – Enabling Business Growth

 

Enterprises need agility not only in their software programming but in all facets of their businesses. Scalability is important to support rapid growth. As we continue to recover from recent economic crises, affordability is more important than ever. Cloud computing excels at helping companies become more agile and scalable. It enables companies to pay only for the services that they use, when and where they use them. This “pay-as-you-go” model is much more affordable to businesses than standard software and hardware licenses.

Cloud-based NAC is ideal for organizations with limited resources and limited in-house experts who need to provide convenient and secure network access for personal mobile devices. Cloud-based next generation NAC can be provided without having to worry about the time, costs, or resources associated with installing and maintaining hardware and software and keeping everything up to date.

Demo CLEAR today!

 

  • Machine Learning – Making the Most of NAC

 

Machine learning takes NAC knowledge and experience from other organizations and applies that learning to your organization. This sharing of compliance and other valuable data and experience can be accomplished most efficiently and affordably in the cloud. Companies no longer have to reinvent the wheel themselves. Machine learning services make many advanced services much more accessible to SMBs at an affordable price.

Next Generation Cloud NAC

This blog was written by Portnox. Portnox is the manufacturer of Next Generation Network Access Control (NG-NAC), that can assist you in protecting your network in general and your IoT devices specifically.

Today, NAC solutions must go well beyond just permitting access to devices and individuals. Portnox CLEAR cloud NAC solution is able to provide both full control of access permissions to the network and full visibility of activities within the network and who conducts them. Furthermore, cloud NAC separates BOYD and mobile devices from the core servers of the company, ensuring network security in the world of IoT. It does so by enabling continuous risk assessment of all components of the network, no matter where they are located.

Today’s enterprises are clearly going through a period of de-perimeterization and they will suffer great losses if they are not prepared for this. With next generation NAC in the cloud from Portnox, network administrators in SMBs can be sure they are provided with all the levels of network security they require.

DDoS Attacks are a Loud IoT Wakeup Call for Enterprise Security

By | IoT | No Comments

The recent headline grabbing DDoS attacks on IoT devices that occurred at OVH, Krebs on Security, and DYN, were performed and spread by taking control of IoT devices found today in most homes and offices. These attacks reveal the true danger in our IoT devices – attacking them is child’s play. Surprisingly, most users do not bother to change factory default usernames and passwords, making the hackers’ lives much easier.

Gartner estimates that the IoT market will grow to 20.8 billion connected devices by 2020 and IDC estimates that by 2020 there’ll be nearly 30 billion connected devices. More than half of major business processes will incorporate IoT.  As with all ‘good things’, this growth brings with it dangers from IoT that will go far beyond DDoS attacks. Unfortunately, this is not FUD; it is the equivalent of leaving the office doors unlocked and expecting nothing to get taken.

IoT devices are the weakest link in corporate cybersecurity

IoT devices are the perfect candidate for criminal takeover. The devices are everywhere, always online and are largely unprotected. Hackers transform the devices into “command & control base stations”, where devices receive commands from their operator, usually to perform network information reconnaissance in order to find the information to steal, take down the system or extract valuable intelligence. Because they are always connected, there is no human to detect that the device is slow or sluggish, and they are generally not protected by security measures – such as anti-malware software. Many device users are unaware of the danger and don’t take the time to change the default passwords (they are not always aware that multiple admin accounts might exist), or to upgrade the latest version of the operating system software, all of which could stall or even stop a malware attack. Bringing these unprotected devices to the office makes the sloppy practice (or lack thereof) a problem for organizations large and small.

layered approach for corporate IoT security

It is impractical to reach each IoT device vendor once (yet another) zero day vulnerability attack occurs. Organizations typically have dozens of vendors and most IoT devices are NOT centrally managed. This leaves the security team with only one option – a software solution that will find those devices ahead of time and move them to a dedicated segment away from the organization’s most mission critical systems.

A layered approach that includes the following levels is most effective:

  1. Assessment – A network discovery process of all of the existing IoT devices including managed and partially managed devices. Then, understanding what each type of device is, what operating system it is running on, and which application and processes are installed on it.
  2. Segmentation – IoT device should not be in the same network segment as other devices or within reach of the organization’s mission critical systems and data. Firewalls must be deployed between these segments to prevent IoT devices from reaching the “crown jewel” section of your network. By performing proper segmentation, you enhance the ROI on your existing detection technology by making it much more accurate and effective.
  3. Detection – The ability to immediately detect every IoT device which joins the network and carefully verify whether it behaves similarly to other typical devices. A compromised device or a fake device might look the same but will behave differently.
  4. Response – Once a breach is discovered, it is poor practice for an alert to be sent and then processed manually. Manual actions take time — hours or even days (a weekend breach for example). Not to mention the costs associated with manual responses. An automated breach response is required to block a specific device or limit its access within seconds. Network Access Control (NAC) tools are one way to achieve this.

It’s far from all doom and gloom but organizations will suffer if appropriate cybersecurity measures are not a priority.

This blog was written by Portnox. Portnox helps organizations to see, control, react and manage the risks their networks face for any user, any device, anywhere. Using Next Generation Network Access Control (NAC), Portnox secures connected organizations with ease.

How does Portnox do this? By discovering 100% of an enterprise’s connected endpoints and profiling them, Portnox can point out which devices are IoT devices. Next,  Portnox can also force these devices to a defined segment of the business network. This creates network hygiene and ensures that the rest of the network remains out of reach of the IoT devices. Sensitive information and systems that are vital to the organization are maintained segregated and secure.