All Posts By

Nilly Assia

Tips to Stay Secure in the Mobile Enterprise

By | Cloud Security | No Comments

Enterprise mobility, or an approach to the workforce that enables employees to do their work from any location using available devices and applications, is a growing trend tied to digital transformation. In a 2016 survey conducted by Harris Poll, 90% of IT decision makers marked enabling enterprise mobility as a significant chunk of their IT spend due to its positive impact on workplace satisfaction, customer engagement, competitive stance and operational productivity. Yet despite the benefits of workforce mobility for a company’s business, there are a number of inherent IT security concerns that come along with the shift away from the office.

Enterprise mobility is strongly tied to BYOD trends in the enterprise that encourage employees to use their own smart devices (smartphones, tablets, laptops and watches) instead of investing extraneously dedicated corporate devices. The up-side of this trend is the budgetary savings, but the downside is that IT departments have less control over what’s connecting to the enterprise network and a weaker understanding of the vulnerabilities BYOD devices may introduce. Whether an employee intends to or not, their device may introduce cyber threats to the network that are difficult to control, as the device is not managed. Therefore, for companies that want to securely engage in BYOD and enterprise mobility, an agentless network visibility and control solution is essential, filling in the gaps on device health posture and providing methods to address threats, if they arise.

Another issue with enterprise mobility is location. Just as the location of a store is directly tied to how much it sells, the location of a connection, no matter where, is a good determiner of its security If an employee heads out on vacation with their laptop to do some work, you want to ensure that they can securely access company data without compromising it. Some IT departments set a range of valid locations from which employees can connect, but this limits the scope of activity for mobile, international organizations. Therefore, a network security solution that can provide visibility and automated methods of control will ensure that “sketchy” connections won’t jeopardize the safety of the entire network; and if they do, those connecting devices will be automatically blocked or quarantined until they are in a location with a safe connection.

A third, but by no means final, issue with enterprise mobility is that it is directly tied to the cloud computing trend. While this is great news, for a variety of reasons that we lay out here, many cloud applications only have rudimentary authentication methods that ensure the employee connecting is really who they say they are. Therefore, it’s important to have stronger authentication measure in place, either tied to a RADIUS server, Active Directory or based on a multi-factor authentication mechanism when they are connecting, be it over a wireless network or VPN connection. The cloud can definitely be trusted, but with the spike in cyber attacks such as distributed denial of service attacks and malware, it’s a good idea to add an extra layer of protection for accessing company documentation over the cloud.

The pace with which companies are embracing enterprise mobility leads many to believe that office building could soon be a thing of the past. However, it is important to remember that while employees may seem to have all the tools they need to effectively complete their tasks remotely – a laptop computer and phone connection – there is important network security ground to be laid prior to enabling this shift. By controlling access to the company network and its data, enterprises can safely engage in the mobility trend with the confidence that their network is as safe as it would be if everyone was still working from the office.

National Cyber Security Awareness Month is all about sharing knowledge to promote a safer and more secure internet environment for all users. When you hear of threats, inform your peers to prevent spreading, and always remain wary of what you search, receive and send over the internet. Awareness and education are the best ways to beat hackers!

Stay #CyberAware

Phishing And Ransomware – Your Inbox’s Worst Nightmare

By | news | No Comments

Phishing and Ransomware are two of the most common cyber attacks in the current internet landscape, yet center around the practice of digital blackmail. With a combination of the two, phishing ransomware attacks, are some of the most vicious threats. Nilly Assia, Portnox’s CMO, shares several rules of thumb that we should live by in the evolving landscape of digital threats. Published in ITProPortal.

Read the full article here.
Read about our Rapid Ransomware Response & Control Solution

IoT

IoT Poses Risks in Home, But There Are Ways to Remain Secure

By | IoT | No Comments

Imagine: You’re sitting at home on a conference call for work and, unbeknownst to you, hackers have gained access to the files you’re sharing on the call. How did they do this you ask? It’s really quite simple: through your smart home IoT devices. Because IoT devices like smart fridges, garage doors, home alarms, baby monitors and even toasters are connected to the same wireless network used to host your conference call, hackers can hijack those vulnerable, unsecure devices and gain full access to everything happening on your network. Soon enough, you might discover that they’ve gained access to your organization’s customer data, business plans and internal financial reports.

IoT devices are inherently insecure and there are a myriad of real-world examples of this very kind of occurrence. Take the massive denial of service (DDoS) attack on the Internet traffic company Dyn in 2016. The attack affected major Internet platforms and services such as Airbnb, Amazon, Box and PayPal, to name a few. It was later discovered that the attack targeted over 100,000 Internet-connected devices such as IP cameras, printers, residential gateways and baby monitors to install Mirai malware. The Mirai malware then overwhelmed Dyn-hosted sites with traffic so that they were forced to deny service to users.

The Mirai botnet is only one example. Recently, cybersecurity researchers at Black Hat 2017 proved that the mechanical components of an automated car wash could be hacked, including the entrance and exit doors, dangerously trapping the passengers of the vehicle inside. The hack was achieved by gaining access to internet-connected operating system running the car wash parts, which was protected only by a default password, readily accessible on connected device archival networks, such as the Shodan Network.

Despite these examples, only a handful of IoT device manufacturers are taking heed. As more consumers purchase connected devices – an integral part of the smart home – it’s worth taking a few precautionary measures to prevent the device from wreaking real havoc.

  1. Segment IoT Devices: Most people don’t have two wireless connections in the home, which could make segmenting a challenge, but it’s really quite easy and entirely necessary. A lot of recent 5G networks come with a 2.4G or option with a weaker bandwidth, just in case the higher bandwidth has performance issues. If you have two networks, set up the IoT device on the network with the lower bandwidth and keep it there. You could even create a separate network for all of your IoT devices, if you want to be on the safe side. Make sure to create a different password for your IoT device network so that if hackers commandeer the device, they can’t access private information.
  2. Change Default Passwords: This tip should really be the first direction in any IoT device instruction manual, but it rarely is. The moment that you begin the installation process for an IoT device, make sure to change the default password to something that’s hard to guess and not the same as other passwords that you commonly use. Even using your telephone number presents a risk as hackers could somehow access that information. This step is crucial as the passwords of connected devices are available over the Internet (see the car wash example).
  3. Create a Back-Up Plan: If some of the critical systems in your home are connected devices, make sure that you have a back-up plan in place in case they go haywire. This may seem like a silly enough step, but hacker’s goal is often to inflict physical and psychological damage on their targets in order to extract a ransom payment. A go-to strategy would be to disconnect and reset all of the IoT devices if they start acting out of line, but sometimes even those steps can’t remediate the problem. Try to consult with an expert or cybersecurity professional at the point of purchase and ask them about a continuity plan, or data back-up if the device stores information.

IoT devices are quickly becoming the mainstay of home appliances which is why it’s important to know the risks and have strategy in place that will help you recover in case the connected device is compromised. Until IoT device manufacturers are required to integrate security software into their products, make sure you are taking precautions while implementing connected technology.

National Cyber Security Awareness Month (NCSAM) is all about sharing knowledge to promote a safer and more secure internet environment for all users. Inform your peers when you hear of threats to stop them from spreading and always remain wary of what you search, receive and send over the internet. Awareness and education are the best ways to beat hackers!

Stay #CyberAware

Nominate Portnox & Portnox CLEAR in the 2018 Cybersecurity Excellence Awards

By | Cloud Security | No Comments

Portnox is proud to announce that it has been nominated in two categories for the 2018 Cybersecurity Excellence Awards, in the company category for “Most Innovative Cybersecurity Company” and in the product category, for the second-year in a row, Portnox CLEAR is nominated in the “Cloud Security” category. The Cybersecurity Excellence Awards are an annual competition, produced in partnership with the Information Security Community on LinkedIn, which has over 400K members and recognize companies, products, and individuals that demonstrate excellence, innovation, and leadership in information security.

Portnox CORE was the proud winner of the 2017 Cybersecurity Excellence Awards in the IoT Security Category for its “IoT Visibility Radar” that provides complete visibility into IoT devices on the corporate network. With the IoT Visibility Radar, organizations are able to discover the characteristics and location of IoT devices and set their network access policies. With this feature, organizations gain control over the IoT devices present on their network, to protect against hidden threats and vulnerabilities resulting from a lack of IoT security solutions.

Additionally, Portnox CLEAR was selected as a 2017 Cybersecurity Excellence Awards finalist in the Cloud Security category.

As Portnox continues to innovate the network access control space with its CORE, on-premise, and CLEAR, cloud-based, solutions, vote for us and show your support! Click here to nominate Portnox for “Most Innovative Cybersecurity Company” and here to nominate Portnox CLEAR as the top “Cloud Security” solution for the 2018 Cybersecurity Excellence Awards.

Thank you for your support and best of luck to all of the candidates!

How to Avoid the True Cost of Ransomware

How to Avoid the True Cost of Ransomware

By | Threat Detection and Response | No Comments

Recently, ransomware attacks on enterprise were all over the news. From the massive WannaCry attack in May 2017, which affected 300,000 devices worldwide (if not more), and the Petya (also known as NotPetya) attack in June 2017, it seems that there is no rest for the ransomware wicked. More than ever, businesses are aware that they need to have a ransomware game plan, and fast, because if not, they might find themselves in the headlines, having to take on the enormous costs of the attack aftershock, or worse – losing business due to system downtime and outages.

The wide-reaching effects of ransomware attacks on large corporations such as FedEx, Merck, HBO and Maersk are living examples of why it is important to avoid paying the true cost of ransomware remediation. The US pharmaceutical giant Merck was attacked by the Petya strain in June, yet still the organization is struggling to recover all its information and to account for the damages. The attack cost the organization billions in downtime, not to mention the significant funds required to staff around-the-clock IT experts, lawyers and PR reps to get business back on track. Global entertainment giant HBO was presented with a multi-million dollar ransomware demand this August, wasting billions in ad revenues for the company. These are just two examples that highlight the need for a review of remediation procedures, as well as ways to avoid paying the true cost of ransomware.

One of the easiest ways to avoid paying the true cost of dealing with a ransomware attack is simply not to pay the ransom. This may seem to go against organizational, or even your moral principles, but it has been established that paying the ransom seldom pays off. That’s because it’s unlikely that the hackers will release back all the information, upping the PR costs of dealing with potential media backlash, and, despite paying the ransom, showing a willingness to pay might brand your company as an easy target in the hacker community. But more than that, paying the ransom won’t prevent future attacks, because, in most cases, ransomware is distributed at random to any of the non-patched or vulnerable devices that particular strain is targeting. That’s why it’s a better idea to use the money that would go toward paying the ransom to shore up your cyber defenses, authentication tools and network firewalls.

Then there’s the issue of backups. Many organizations create a ransomware response plan that involves storing critical data on a secure server so that they can quickly bounce back from an attack. Yet while it is a good idea to back-up critical data, it’s possible that the back-up won’t recover all the information that’s in hackers’ hands. This presents threats to the stability and safety of your organization, and creates the possibility of a PR mishap (see the HBO example). In addition, the most recent ransomware attacks are targeting network-connected computers that have access to these back-ups, which means that attempts to fully restore systems are largely futile. So while back-ups are a good practice that should remain part of remediation plans, they shouldn’t be too heavily depended upon to get you back on your feet.

The bottom line: You need a multi-pronged approach to remediation.  If there’s one thing that can be said about ransomware, it’s that it doesn’t discriminate, which is why, more than ever, companies need to have the right remediation plan in place to avoid paying the true cost of ransomware attacks. A good place to start is integrating a solution that will allow IT professionals to remotely disconnect corporate devices from the network. This will help prevent the lateral spread of the attack throughout the organization, on both patched and unpatched devices (because the latest NotPetya strain targeted both). In addition, it’s important to have constant awareness of network areas at risk. This can be done by deploying a network access control solution that provides full visibility into devices, assess their level of digital risk to your business, and controls which devices are allowed on the network, and which aren’t.

To avoid paying the true cost of a ransomware attack, i.e. system and employee downtime, PR brand name damage as well as brand equity loss, and legal efforts and recovering data losses, your organization should consider a multi-faceted remediation approach that integrates a network authentication and endpoint control solution, allowing for business continuity with customers and partners.

Find out more about Portnox’s Rapid Ransomware Control & Response Solutions.

Cloud Security Mythbusters – Debunking the Top 5 Cloud Security Myths

By | Cloud Security | No Comments

Whether you’re a fan of digital transformation or not, there’s no denying that the shift to the cloud is engulfing enterprise IT. According to Gartner, over the next five years, over $1 trillion in compounded IT spending will be directly or indirectly impacted by the cloud shift, making cloud computing one of the most disruptive forces of IT spending since the early days of the digital age.

That said, it’s time to debunk some of the most common myths regarding cloud security before an outdated IT stack exposes your organization to emerging digital business risks.

Check out our Top 5 mythbusters Infographic here!

Myth #1 – The Cloud Isn’t Secure

The top concern among C-Suites and IT teams alike is that cloud-based security solutions are more prone to external threats than legacy security solutions.

Debunked: On-premise security appliances require firmware upgrades to protect against known exploits, resulting in a constant need to keep the solutions up-to-date. In addition, configuration changes could expose the network to potential vulnerabilities, requiring tedious maintenance of management procedures and periodic penetration testing. However, cloud-based security solutions are constructed, from the outset, to evolve to address relevant threats in the current cyber security landscape. David Linthicum, a leading cloud analyst and VP at Cloud Technology Partners, explains that the security of the cloud is on par with the security of any external device: “Anything that can be possibly accessed from the outside – whether enterprise or cloud – has equal chances of being attacked, because attacks are opportunistic in nature”.

Myth #2 – The Cloud Is Still Too ‘New’ To Be Trusted

Cloud-based applications and services are relatively new on the IT front. So why trust them?

Debunked: An increasing number of both large and small to medium-sized enterprises across a variety of industries – government, healthcare, ecommerce etc. – are employing cloud-based solutions for everything from human resource management to network security. According to IDG Research, “Cloud technology is becoming a staple to organization’s infrastructure as 70% have at least one application in the cloud”.

Use of Cloud Technology 2011-2016

Reference: “2016 IDG Enterprise Cloud Computing Survey

Myth #3 – The Cloud Is Great for Productivity Apps, But Not for Securing the Network

There is big difference between cloud productivity apps, and performing key security actions, such as Network Access Control (NAC) from the cloud.

Debunked: NAC is a growing concern for CIO/CISOs and IT teams in large to SMEs due to the increased need to gain control over digital business risks. And the stigma of the cloud being less secure isn’t necessarily correct. Gartner reports that by 2018, the 60% of enterprises that implement appropriate cloud visibility and control tools will experience one-third fewer security failures.

Myth #4 – Cloud Solutions Require Re-Educating IT Teams

Training IT teams to deploy a cloud-based security-as-a-service solution would require significant time and resources.

Debunked: Cloud solutions inherently cut time and costs associated with security management in IT teams, freeing them up to carry out more productive and profitable action items. That’s added to the easy and instant deployment associated with cloud-based solutions including automatic system updates, usage demos, access to use cases, and more.

Read our Debunking Cloud Security Myths White Paper for more fun facts!

Myth #5 – Cloud Solutions Can’t Help with Compliance

Cloud solutions are constantly changing – one minute they are a “must have” security tool, and the next they are an imminent source of risk to company information. How can you trust cloud security solutions uphold compliance?

Debunked: Cloud solutions are taking heed and are doing their part to relieve this part of the “IT headache”. Many solutions integrate compliance standards into their product while allowing for modifications to the network policy where necessary. Built-in compliance is a winning strategy for business success, and ensures that there aren’t any loopholes the IT team is missing out on.

As Gartner puts it, “By 2020, a corporate ‘no-cloud’ policy will be as rare as a ‘no-Internet’ policy is today”. While in many cases, hype can have dangerous potential, in the case of cloud security, it’s a win-win situation: a win for digital transformation and a win for the IT team that’s eager to expand their business value proposition.

Portnox CLEAR – Security-as-a-Service Solution: The first completely cloud-based Security-as-a-Service solution for Network Access Control (NAC), CLEAR controls access for all devices and users to wired, wireless and virtual networks, to effectively confront digital business risks and cybersecurity threats.

Try it Now!

Portnox’s Security Solutions Reviewed in 451 Research Report

By | Our Technology | No Comments

The leading information technology research and analyst firm 451 Research Group recently published an impact report that reviewed and commended Portnox’s Network Access Control (NAC) solutions, CORE & CLEAR, entitled “Portnox connects enterprise reality to its risk-based perimeter”. You can read the full report here.

The “451 Take” on Portnox’s solution for on-premise NAC, CORE, and cloud-based NAC, CLEAR, was that, “Portnox is helping redefine the value proposition of NAC, focusing on visibility, access control and flexibility. The company’s sensible risk orientation and the lightweight architecture of its CORE on-prem and CLEAR cloud services appear to be well aligned to help meet enterprise demand for a better NAC experience.”

Download the full report here.

Compliance is a Strategy for Success

Compliance is a Strategy for Success

By | Network Security | No Comments

As the nature of compliance grows increasingly complex, it becomes more difficult for companies to understand what applies to their business and how to build and implement protocols. Furthermore, as cyber threats grow exponentially, companies are facing problems like potential governmental fines and financial theft, breach of sensitive data and loss of clientele. Author of the bestseller “Security Risk Assessment Handbook” and cybersecurity expert, Douglas Landoll, recently stated that, “Non-compliance with information security regulations remains one of the top mistakes made by companies in their current data security approach.” Don’t say we didn’t warn you.

We have mapped out the four steps that you should follow for your business to become compliant and ready to counter growing cyber instability.

 Step 1 – The tight relationship between compliance and cyber security

Once upon a time, organizing cyber defense fell under the domain of the IT guys, but over time, the cybersecurity tent has broadened to encompass CCOs and CISOs. According to a recent survey conducted by BAE Systems, the majority of IT staff want C-Suites at the front and center of cybersecurity decision making. One can have the best technology on the market, but without a clear process and defined roles, it will be exceedingly difficult to prevent attacks.

The New England Chief Audit Executives group conducted a roundtable discussion, which concluded that without a comprehensive strategy of processes in place, your tools are more or less useless. Simply put, having great technology without a compliance program will likely result in failure. We saw this very clearly in the Yahoo hacks between 2013-2015, which compromised one billion accounts and caused the company tremendous damage both financially and to its reputation.

The creation of an efficient cybersecurity compliance program involves many factors like auditing, understanding all relevant stakeholders, understanding country specific regulatory laws and the adoption of the right security technology to meet these needs.

Step 2 – Know your country

Cybersecurity regulations can vary from country to country or region to region. For instance, the EU is 12 months away from implementing its General Data Protection Regulation (GDPR), which covers a wide range of security issues like data security, management, and transparency. It is worth noting that fines can reach up to 20 million euros. This past October at the UK CISO Summit, participants discussed the implications of the new regulations, in that companies will be forced to devise new approaches to storing, protecting, monitoring data, and staff and resources involved in order to be in compliance with GDPR.

In fact, in March, Democrats in the United States Congress began demanding that the Federal Communications Commission (FCC) create new regulations for cybersecurity for cellular networks. However, the FCC claims that cybersecurity is not under its purview and thus they will not act on the issue. This comes on the heels of an executive order by President Trump calling for an extensive review of US cyber vulnerabilities and capabilities. Considering that the United States is a gigantic bureaucratic web, and executive orders are usually short lived, it will take time for the US to get its act together. Other countries like Japan and Brazil are also in the process of developing their own regulations for transparency, consistent access and authentication for various types of data. Countries around the world are recognizing the importance of digital compliance and standards and are making steps toward ensuring the safety of their citizens’ and businesses’ data.

Step 3 – Timelines and shareholders

When first building your compliance structure, start with timelines. Governmental agencies often put time constraints on companies to come into compliance. For example, the new standards for the NY State Department of Financial Services. The agency is giving companies until March 1, 2018 to provide a risk assessment report, but an additional six months to implement the programs that result from the report’s findings. Business and organizations should push lawmakers to prevent a situation where the global marketplace becomes fragmented by regulations, due to rapidly changing technologies and threats. This would lead to the crippling of competition and innovation and subsequent the strengthening of cybercrime.

It is furthermore important that all stakeholders, including directors, management, security staff, and vendor partners be connected via a shared platform. This will allow them to collaborate within a defined framework. The platform should incorporate governmental regulations like FINRA, HIPAA, FERPA to better connect directors with technological experts, track progress or changes, and allow for effective oversight. However, it is becoming increasingly clear that the bulk of the responsibility for heavy decision making is shifting from IT personnel to the board of directors. This is a natural response to increased demands from organizations like the SEC and FTC. However, it is imperative for communication between the board and all stakeholders to remain strong. It should be noted that compliance is critical in order to prevent theft and mishaps similar to what happened at Bangladesh Central Bank.

Step 4 – Compliance starts at the CORE

Once your organization fully understands the regulatory policies it is subject to, it must then learn how to see and profile all network devices, remediate any security issues and automate actions that have traditionally been conducted manually.

There are four segments to this process:

  • Understanding how mobile, BYOD and IoT devices will affect and transform not only the organization, but the industry and implementing the right processes and tools control them.
  • Tracking any network related device or program in real time via a centrally secured platform providing full and actionable visibility.
  • Addressing cloud security is paramount, because everything today is going through the cloud. It is important to strictly control access to the network and to cloud applications, even based on the geographical locations of users.
  • Ensure that your business is in compliance with governmental regulations like SOX, PCI DSS, HIPPA, FINRA, FISMA, GLBA among others. Strict compliance will provide legitimacy with clients and partners.

Once your organization understands that without full and actionable visibility on the network it will be impossible to control devices or maintain compliance standards, the next step is finding the right tools. Portnox’s advanced system allows network operators to see and control any device, at any time, and from anywhere, making compliance a more straightforward and smooth process. Portnox continues to lead the way with its innovative technology that will allow you to tackle risk challenges in a simple and straightforward manner.

Check out our “Compliance as a Strategy for Business Success eBook” to learn more on how to become complaint with security regulations and grow a successful business.

Cyber Threats Cannot Compete with Strong Compliance

Cyber Threats Cannot Compete with Strong Compliance

By | Network Security | No Comments

2016 saw several high profile cyber-attacks, which resulted in costly breaches and damages to reputable companies and corporations. There have been several discussions in how to effectively preempt such cyber-attacks with solutions ranging from firewalls, endpoint device security, to network access management solutions.

Mindful that many industries maintain tough regulatory standards, companies are now required to implement automated systems to keep up with reporting, while also preventing breaches. The “Compliance as a Strategy for Business Success eBook” covers the key points that need to be considered when trying to achieve security compliance for regulations like SOX, HIPAA, PCI-DSS, FISMA, and GLBA. For instance, any company that stores, processes, or transmits cardholder data, must be PCI-DSS compliant. Compliance includes restricting access by what businesses need to know, creating processes to provide user access to system components, initialization of audit blogs, and more. However, these processes come with significant cyber risk.

If the cyber-assaulted companies had stronger foundations for compliance, they would not have needed to devise new and expensive technologies.

The Importance of Visibility to Achieve Compliance

When Yahoo Got Stuffed

Yahoo is no stranger to breaches. This past year it came to light that nearly 1 billion Yahoo accounts had been compromised between 2013-2015. How did this happen and what could have been done to mitigate or even prevent the hacks all together?

This was a type of mass-scale brute force attack called “cyber stuffing” which took advantage of previously hacked credentials by inserting them into random websites via automation until they found a match. Automation allowed this attack to be conducted quickly and more often than not, completely anonymously. Shuman Ghosemajumder, CTO of Shape Security, found that credential stuffing is successful in 0.1-2% of attempts and considering that many people reuse passwords across a range of websites, it can be damaging. This is especially concerning because as a publicly tradable company Yahoo is subject to SOX compliance, which was designed to protect data integrity via compliance.

If Yahoo had implemented an intelligence engine to provide admins with wider and deeper visibility of their network in real time, they would have better understood the warning signs presented in 2008 by Carnegie Mellon University’s Software Engineering Institute. The institute urged Yahoo to replace their encryption technology, MD5, which was considered cryptographically broken. Despite years of warning before the major hacks of 2013-15, Yahoo never brought the encryption up to date, because they lacked visibility and oversight.

The Ghost of Bangladesh Central Bank

 In February of 2016, $81million disappeared from Bangladesh Central Bank and was subsequently laundered in casinos throughout the Philippines. Cyber criminals used bank employees’ stolen Society for Worldwide Interbank Financial Telecommunication (SWIFT) credentials to send dozens of fake money transfer requests to the NY Federal Reserve, requesting a total of a $1 billion to be transferred to various bank accounts that had been set up a year earlier in Asia. While most the requests were blocked, $81 million was released in four transfers of about $20 million each. So how was the heist pulled off and what could have been done to stop it?

The hackers implanted malware on end-point devices on the bank’s network, which prevented the automatic printing of SWIFT transactions. This undoubtedly, brought the bank into conflict with GLBA, which demands financial institutions to protect data. Both the bank and the Federal Authorities are playing the blame game. The Feds claim they followed protocol which permitted several transfers, while blocking dozens of others. There is no doubt that lack of end-point visibility and virus protection were massive issues here. The theft could have been avoided if both the bank and the Feds had total control over all network infrastructure.

To become security compliant and run the business successfully, companies need visibility on what is happening on the network. In other words, what devices are connected to the network, when they connected, what OS, applications and services they are running, who has access to what data, and proof that mechanisms to secure private data are operational. Without visibility into what is on the network, it’s impossible to control the network and ensure compliance. Check out our “Compliance as a Strategy for Business Success eBook” to grow a successful and secure business.