All Posts By

Ofer Amitai

Portnox Announces New Risk-Based Authorization via NAC As-a-Service Solution for Companies Using Microsoft DirectAccess

By | press releases | No Comments

New  solution leverages Portnox CLEAR, a cloud-delivered Network Access Control solution, for increased network visibility, threat detection and enforcement for companies using Microsoft DirectAccess

ANAHEIM, Calif.–Portnox, a market leader for network visibility, access control and device risk management solutions, announced today a solution offering advanced network protection and control to organizations using Microsoft DirectAccess. In August 2018 the solution has been made available through premium partners and leading managed service providers such as Celestix and offers a unified platform that includes Microsoft DirectAccess with Portnox’s cloud-delivered network access control (NAC) solution, Portnox CLEAR.

According to IDC, mobile workers will account for nearly 73 percent of the US workforce by 2020. Organizations with decentralized structure and multiple locations deal with different security issues and risks on the network. To monitor for and combat these risks, Portnox’s NAC as-a-Service solution, Portnox CLEAR, offers all the benefits of traditional on-premise NAC solutions, delivering visibility and risk monitoring capabilities from the cloud. Microsoft DirectAccess is a remote access solution, offering geographically distributed enterprises corporate access to remote endpoints. By utilizing Portnox CLEAR, DirectAccess customers will also have increased visibility into all devices on the network, including BYOD, Internet of Things (IoT), mobile and managed devices.

The new solution provides robust and pervasive risk assessment and management to all levels of access from the cloud and across all network devices. This deep visibility into device activity and network traffic provides early warning of risky devices. Once a device with a high risk-score is detected, Portnox allows security teams to immediately remediate issues by segmenting or blocking devices from accessing the network, thus shutting down an attack before the attackers achieve their goals.


  • “Hackers are becoming more skilled at infiltrating the enterprise network, and as companies expand and open new locations, securing the entire network is more difficult than ever before.  “We are committed to helping enterprises implement easy-to-deploy network security solutions that stop an attack before it escalates, regardless of where the at-risk device may be located. By deploying NAC from the cloud, the new solution that works with Microsoft DirectAccess helps organizations to gain complete visibility, detection and control of risks to the network.”
    • Ofer Amitai, CEO, Portnox
  • “NAC as-a-Service is fully compatible with our Always On VPN with Microsoft DirectAccess, This is crucial protection for today’s decentralized enterprises where out-of-date software, plugins, and browsers, plus unpatched and unprotected systems leave remote employees extremely vulnerable to cyber-attacks. Businesses today must have full visibility of their network endpoints, giving IT departments the contextual endpoint knowledge required to know that their data and networks are secure.”
    • Yong Thye Lin, CEO, Celestix

About Portnox

Portnox secures connected organizations’ corporate networks utilizing its next-generation network access control and management solutions. Portnox’s solutions manage every user, every device – including: Internet of Things (IoT)BYOD, mobile and managed devices – accessing the network, everywhere.

Founded in 2007, Portnox provides its global customers with a complete view of device and network visibility, reducing security risks and improving network control. Portnox offers two solutions – CORE for On-Premise NAC and CLEAR for cloud-based NAC – allowing companies to grow, optimize, and evolve their infrastructure while maintaining the upmost security and compliance. The company has been recognized for numerous industry awards, including Info Security Products Guide 2018 and 2017, 2018 Cyber Security Excellence Awards, 2017 Computing Security Awards, 2017 Best of Interop ITX and 2017 Cyber Defense Magazine. Portnox has offices in the U.S. and in Europe.

onboarding your device

The Best Ways to Secure Device Onboarding in The Enterprise

By | Cloud Security, Network Security | No Comments

With the prevalence of digital transformation in the enterprise, there is a clear necessity to balance IoT security issues and BYOD security measures that will prevent suspicious or malicious devices from gaining access to the enterprise’s assets and data centers, while at the same time, making sure that productivity and easy onboarding of devices is maintained. Employees, guests and contractors are bringing all kinds of Wi Fi enabled devices to the enterprise environment and they expect easy and quick network connectivity.

Onboarding is the process in which new devices gain access to the enterprise for the first time. Unfortunately IT departments can sometimes experience additional workloads while endeavoring to get all the devices on the network so as not to hinder business productivity. At the same time, if they are not handling the process with top security standards in mind, they could potentially place users, devices, enterprise data and the network itself at risk. The question arises: how should IT Security teams allow for BYOD, IoT, contractors, guests, etc. to securely and quickly connect to the network without placing any of its components at risk of a breach or ransomware attack? The answer: automation.

By automating the entire onboarding process enterprises can achieve the following benefits:

  • Reducing the costs that are typically associated with manual work (including configuration and support activities).
  • Enhancing productivity – getting team members, contractors and guests connected to work faster.
  • Increasing end-user satisfaction – instead of hassling end-users with onboarding procedures, the whole process can and should be seamless.
  • Decreasing the risks – unmanaged, unpatched, high-risk devices should be blocked or connected from the beginning to a separate segment of the network from where the key corporate assets are stored (the “crown jewels” of the company).

Easy Onboarding

Employees, students, contractors, partners and guests should onboard their devices once and then automatically re-authenticate after that, within an environment that continuously monitors all devices on the networks and automatically provides a risk score for every device. This ongoing scoring allows security teams to understand the security posture of the devices and the network as a whole, at any given moment. At the same time, there is no need to have end users repeatedly re-enter credentials on subsequent network connections unless a device is deemed to have a high risk-score. This way the enterprise can easily onboard BYOD devices belonging to employees that are traveling, working remotely or working at a satellite office location. Additionally, this allows onboarding of IoT and smart devices for business such as flat screens, printers and IoT devices, as well as gaming consoles, smart refrigerators and more. These items, of course, must be on a separate segment from where company assets are kept.

Reducing Risks on the Network

A while ago Ofer Amitai, Portnox CEO, wrote about tips for securing endpoint devices on college campuses, institutions that are always desiring a relatively simple onboarding process. He discussed how changes in onboarding and guest access policies could reduce risks and improve network visibility and control. The principals for securing the enterprise require these steps and more. Having a clear onboarding set of policies will allow IT teams to have automated actions applied (see examples in the next section).

After handling the company’s initial network security audit and collecting the security posture of all devices, it is important to make sure that the enterprise authorization policies include conducting automated and continuous security assessments of the network.  This way, every device employs baseline security measures before being allowed to connect.  Additionally, the IT security team should use granular policies to govern the level of access while maintaining full visibility and control over network connected devices with the ability to revoke access at any time.

Automated Device Onboarding and Network Authentication

Having an automated onboarding set of policies can allow for automated actions such as:

  • Immediately allowing Internet access
  • Blocking/ disconnecting
  • Segmenting a device to a separate network section
  • Remediation actions

For example, IoT devices are considered to be easy to hack.  Therefore, once connected to the enterprise network, these devices should be separated from where core assets are located.  Having different segments on the enterprise network is a good solution for that.  Additionally, if a visitor is being connected, the visitor should gain access to the Internet and not to company files, even when plugging the computer to the wired network.

Two important advanced guest network onboarding features are recommended to be included:

  • Easy guest access – allowing for simple and fast connections together with the ability to continuously monitor all devices and ensure security.
  • Agentless access – once the IT administrators have set up the onboarding policy – contractors and guests on protected networks should be able to self-onboard without installing an endpoint agent.

Acquiring Advanced Onboarding Capabilities

One of the technologies that can help with safe onboarding is network access control (NAC).  In the past, companies used only desktops and laptops, connected and authenticated over a wired network, however; nowadays wireless networks and mobile technologies have introduced personal devices (via BYOD policies) and Internet of Things (IoT) to the workplace.  In addition, increasingly stringent compliance standards, such as PCI-DSS, SOX, and ISO standards require companies to openly communicate their security controls to external auditing authorities.  All of these can be achieved via NAC solutions. Network access security should be a priority for all companies moving forward.


Every enterprise today must support a rapidly proliferating world of devices and platforms.  From an operational view point, this shouldn’t pose an obstruction of workflows and productivity. Ideally, the enterprise IT team will automate and secure network onboarding and authentication so that the IT helpdesk doesn’t have to intervene when guests, contractors and IoT devices need to connect. Additionally, an effective plan for secure network onboarding will on one hand improve end-user experience for BYOD, IoT, users and guests and on the other hand improve IT security as part of a layered protection strategy.

Looking to set IT security policies and automate your device onboarding?

Portnox CLEAR offers easy onboarding while never compromising on network security across the enterprise.

Sign Up for Your CLEAR 30 Day Trial Now

IoT Security at Black Hat 2018: The Insecurity of Things

By | news | No Comments

Portnox CEO, Ofer Amitai, attended Black Hat 2018 and came back with some great insights. “It was astonishing to find out that companies manufacturing medical devices such as implants, insulin therapy devices and pacemakers, completely ignore current IoT security research, while designing their devices and machines. Legal measures are being taken care of, so this practice will no longer go unnoticed. Manufacturers will have to take responsibility for securing these devices or face the consequences.
Hopefully, we are at the beginning of a new security revolution for IoT devices, leading eventually to a healthier and device-secured world”.

Published in IoT Agenda.

Read the full article here.

Internet of Threats – Managing Risk and Governing it

By | news | No Comments

June 2018 was an important month in moving the conversation forward on IoT security legislation in the United States.

Portnox’s CEO, Ofer Amitai, shares his insights on this topic, looking at the progress in IoT security regulations, explaining why government agencies and organizations need to get involved and enforce IoT security laws.

The implications for consumers and manufacturers are noteworthy as well. IoT devices are found everywhere and are extremely easy to hack thus placing corporate and personal data at risk.

“There are so many vulnerabilities in IoT, and hacking IoT devices is so easy that we must proactively seek solutions rather than wait for disasters or emergency situations to force reactive responses.”

Published in IoT Agenda.

Read the full article here.

The IoT Security Revolution is Upon Us

By | IoT | No Comments

It is a long-known fact that most IoT manufacturers neglect IoT security while designing their devices and machines. If you are still amongst those who do not hold this view point, please join our webinar showing just how easy it is to brute-force IP security cameras by using hacking methods that are practically as old as those used in the 90’s. I also recommend catching up on the 2015 Jeep hack and the St. Jude Cardiac Devices hacks that started occurring in 2014. These hacks prove that even companies dedicated to life-saving technologies, often neglect to produce the necessary security measures to go with them.

Register for The Live IoT Hack Webinar

While attending BlackHat 2018, I saw a few jaw-dropping demonstrations. One of these demonstrations was on ATM break-ins. Typically, one might expect a machine containing money to have a more robust security system protecting the cash therein; and yet, the machines were broken into. Additionally, I attended demonstrations of hacks into crucial medical devices and medical networks that are instrumental in keeping people alive.

It was astonishing to find out that companies manufacturing medical devices such as implants, insulin therapy devices (radio-based devices) and pacemakers, completely ignore current security research. One example for this research is the extraordinary work done by Billy Rios & Jonathan Butts (in their free time I might add) in which they discovered many IoT vulnerabilities. This research will no doubt make our world a much safer place.

It was no less appalling to discover the deep contrasts existing between cloud security standards and IoT security standards; or rather, the lack-thereof. Cloud-based enterprises are applying major security standards such as SOC2 to ensure the security of cloud infrastructure and turning certain working procedures into the standard requirement for all. Simultaneously, when it comes to IoT devices, we are living in the proverbial wild west. There are currently no official industry security standards for IoT. In the healthcare industry physicians prescribing the use of these devices have no understanding of their lack of security and I don’t believe that they should be required to have it. However, at this point in time, it is a life-preserving piece of information to know that these devices have feeble security mechanisms in place and are therefore targeted for hacks.

All of this is taking a positive turn as Ijay Palansky, an attorney, stated in his presentation at BlackHat; with the first IoT related lawsuit being launched against Jeep, following the vulnerability discovered back in 2015 that had allowed a remote attacker to control the car’s steering and brakes.

The impressive aspect of this lawsuit is that while no car was damaged or controlled by the attackers beyond the proof-of-concept, there is still a legal bases on which to build the case. Even if FCA US LLC (Jeep’s brand owner) were able to successfully defend itself as far as the damage caused, this case will cause tremendous damage to the company in reputation and in dollars lost.

This lawsuit should be viewed as a striking warning sign for companies manufacturing IoT devices while ignoring security vulnerabilities. This practice will no longer go unnoticed. Manufacturers will have to take responsibility for securing these devices or face the consequences. Hopefully, we are at the beginning of a new security revolution for IoT devices, leading eventually to a healthier and device-secured world.

Looking for better IoT visibility and control? Look no further.
Now, there is another way. Portnox CORE offers a solution that allows for simple implementation, without compromising on security across the enterprise, allowing for visibility, control and segmentation options for IoT devices via a simple network access control solution.

Securing Your Network Before Summer Travel

By | news | No Comments
While summer vacations offer employees a chance to unwind, they have the opposite effect on the IT staff. When employees take company devices or check work emails while traveling, they may be putting the company network at risk, and IT teams need to be prepared. Portnox’s CEO and Co-Founder Ofer Amitai, looks at how company devices are susceptible to an increase in security vulnerabilities during summer travel and why IT teams must do the upfront work to keep these devices secure.  

Published in

Read the full article here.

Tips to Find the Right Risk Management Tools for Your Organization

By | news | No Comments

When choosing which specific risk management tools to use, there are a few key factors to address. Portnox’s CEO and Co-Founder, Ofer Amitai, shares a few tips to follow.

“It is extremely difficult to protect against threats that are not recognized by your risk management tools and not assessed as potential threats,” said Amitai. “Once detection is possible, protection is a viable option.”

Published in IT Business Edge.

Read the full article here.