All Posts By

Ofer Amitai

The IoT Security Revolution is Upon Us

By | IoT | No Comments

It is a long-known fact that most IoT manufacturers neglect IoT security while designing their devices and machines. If you are still amongst those who do not hold this view point, please join our webinar showing just how easy it is to brute-force IP security cameras by using hacking methods that are practically as old as those used in the 90’s. I also recommend catching up on the 2015 Jeep hack and the St. Jude Cardiac Devices hacks that started occurring in 2014. These hacks prove that even companies dedicated to life-saving technologies, often neglect to produce the necessary security measures to go with them.

Register for The Live IoT Hack Webinar

While attending BlackHat 2018, I saw a few jaw-dropping demonstrations. One of these demonstrations was on ATM break-ins. Typically, one might expect a machine containing money to have a more robust security system protecting the cash therein; and yet, the machines were broken into. Additionally, I attended demonstrations of hacks into crucial medical devices and medical networks that are instrumental in keeping people alive.

It was astonishing to find out that companies manufacturing medical devices such as implants, insulin therapy devices (radio-based devices) and pacemakers, completely ignore current security research. One example for this research is the extraordinary work done by Billy Rios & Jonathan Butts (in their free time I might add) in which they discovered many IoT vulnerabilities. This research will no doubt make our world a much safer place.

It was no less appalling to discover the deep contrasts existing between cloud security standards and IoT security standards; or rather, the lack-thereof. Cloud-based enterprises are applying major security standards such as SOC2 to ensure the security of cloud infrastructure and turning certain working procedures into the standard requirement for all. Simultaneously, when it comes to IoT devices, we are living in the proverbial wild west. There are currently no official industry security standards for IoT. In the healthcare industry physicians prescribing the use of these devices have no understanding of their lack of security and I don’t believe that they should be required to have it. However, at this point in time, it is a life-preserving piece of information to know that these devices have feeble security mechanisms in place and are therefore targeted for hacks.

All of this is taking a positive turn as Ijay Palansky, an attorney, stated in his presentation at BlackHat; with the first IoT related lawsuit being launched against Jeep, following the vulnerability discovered back in 2015 that had allowed a remote attacker to control the car’s steering and brakes.

The impressive aspect of this lawsuit is that while no car was damaged or controlled by the attackers beyond the proof-of-concept, there is still a legal bases on which to build the case. Even if FCA US LLC (Jeep’s brand owner) were able to successfully defend itself as far as the damage caused, this case will cause tremendous damage to the company in reputation and in dollars lost.

This lawsuit should be viewed as a striking warning sign for companies manufacturing IoT devices while ignoring security vulnerabilities. This practice will no longer go unnoticed. Manufacturers will have to take responsibility for securing these devices or face the consequences. Hopefully, we are at the beginning of a new security revolution for IoT devices, leading eventually to a healthier and device-secured world.

Looking for better IoT visibility and control? Look no further.
Now, there is another way. Portnox CORE offers a solution that allows for simple implementation, without compromising on security across the enterprise, allowing for visibility, control and segmentation options for IoT devices via a simple network access control solution.

Securing Your Network Before Summer Travel

By | news | No Comments
While summer vacations offer employees a chance to unwind, they have the opposite effect on the IT staff. When employees take company devices or check work emails while traveling, they may be putting the company network at risk, and IT teams need to be prepared. Portnox’s CEO and Co-Founder Ofer Amitai, looks at how company devices are susceptible to an increase in security vulnerabilities during summer travel and why IT teams must do the upfront work to keep these devices secure.  

Published in Business.com.

Read the full article here.

Tips to Find the Right Risk Management Tools for Your Organization

By | news | No Comments

When choosing which specific risk management tools to use, there are a few key factors to address. Portnox’s CEO and Co-Founder, Ofer Amitai, shares a few tips to follow.

“It is extremely difficult to protect against threats that are not recognized by your risk management tools and not assessed as potential threats,” said Amitai. “Once detection is possible, protection is a viable option.”

Published in IT Business Edge.

Read the full article here.

Junior C# Developer – Ra’anana

By | Careers | No Comments

Looking to hire a Junior C# Developer to join our engineering team. Portnox provides awarding winning solutions for Network Access Control, which is today a must have solution for most all enterprises.

Requirements

  • 2+ years of experience in C# development
  • Excellent C# and .NET skills – Must
  • Knowledge of relational databases and SQL – Advantage
  • Knowledge in web development concepts (REST, JSON, AJAX) – Advantage
  • Innovative and out-of-the-box thinker
  • BA/B.Sc. in Computer Science

Interested? Send us an email with your CV: apply@portnox.com

Inside Sales Specialist – North America

By | Careers | No Comments

Looking to hire an inside sales specialist to join our growing sales team. Portnox provides awarding winning solutions for Network Access Control, which is today a must have solution for most all enterprises.

Responsibilities

  • Phone and email follow-up to daily incoming leads
  • Scheduling on-line product demonstrations and/or sales follow up meetings
  • Tradeshow lead follow-up
  • Cold calling
  • Tradeshow support as required
  • Sales coordination activities

Requirements

  • Self-motivated individual with “can do” attitude
  • Strong communication skills
  • Experience using/working with Salesforce
  • A general understanding of networks and network security is a plus

Interested? Send us an email with your CV: apply@portnox.com

Is Blockchain The Answer to IoT Security?

By | news | No Comments

Blockchain is considered one of the most promising technologies for the future and it could- and should- be the answer to device-to-device communication and authentication for IoT devices. Portnox’s CEO and Co-Founder Ofer Amitai, shares his insights on Blockchain and IoT, looking at how blockchain technology can play a huge role in achieving increased security, reliability and trust in IoT networks in the future.

Published in IoT Agenda.

Read the full article here.

Sales Coordinator – Ra’anana

By | Careers | No Comments

Portnox, a quickly expanding Hi Tech company in Ra’anana is seeking for a talented individual for the role of Sales Coordinator, a part-time position (perfect for a college student).

This is an amazing opportunity to enter the Israeli Hi Tech industry.

Responsibilities

  • Follow ups and monitoring customer licensing in Israel and all over the world
  • Maintaining consistent communications with customers and business partners
  • Handling price quotes/bids as well as service and maintenance contract renewals

Requirements

  • Excellent command of the English language
  • Motivated and punctual
  • Great attention to detail
  • Excited to learn new things
  • Flexible hours, part-time position, ideal for a college student

Interested? Send us an email with your CV: apply@portnox.com

IoT ip camera

Why is It So Easy to Hack an IP Security Camera and Any IoT Device?

By | IoT | No Comments

A home or office that has connected IoT (Internet of Things) devices or machines is actually full of possible weak spots for hackers, and, ironic as it may be, security cameras are often at the top of that list. It is up to us, the end-users, to reduce the threat. While cameras are storing security video to prevent crime or corporate espionage, hackers are quietly able to brute-force their way into many devices and turn them into an army of attack soldiers, as was the case in the October 2016 massive Dyn Cyberattacks that affected large chunks of the United States and Europe.

Security cameras are connected to the Internet so as to allow users remote access, along with anyone else they need to let in. This feature lets users check in on security cameras when no one is at home or at the business, and allows manufacturers to update device software without having to make house calls. The convenience and brilliant simplicity notwithstanding, this very feature that is the essence of all IoT devices is actually a cyber-bug. IoT devices are easy to connect to remotely by just about anyone, and unfortunately, not just by the people one would wish to share access with.

Yes, it really is that easy.

All Internet connected devices have IP addresses and therefore can easily be found on search engines such as Google and Shodan (a searchable registry of IP addresses with information about connected devices). Hackers can find thousands of hackable devices such as cameras just by entering a few search terms, and armed with this information they move to the actual breaking in.

Additionally, IoT devices typically come with default passwords, and many users, even after the 2016 Dyn Cyberattacks, stay with the default settings and do not bother to set a unique username and password. Hackers can find lists of vulnerable devices and try out default passwords. If those have never been changed – they are in. Even if the passwords have been changed, hackers can use SSH and telnet services that unfortunately allow hackers to force their way into devices, since changing a device’s web app password typically does not guarantee that the password coded into the device has been updated.

According to Flashpoint (a cybersecurity company), in the 2016 Dyn attacks, hackers inserted Mirai, malicious malware that allowed the use of at least 100,000 IoT devices as soldiers in a botnet (zombie army), including printers, IP cameras, residential gateways and baby monitors. This botnet was used to send thousands of junk requests to Dyn, a company that manages web traffic for many prominent websites such as Twitter, Amazon, Netflix, and Reddit, who were knocked offline by the attack. Dyn couldn’t separate the legitimate requests from the junk, and consequently internet users in the US were cut off from these websites, which is the definition of a DDoS attack (Distributed Denial of Service). This example, though extreme, shows the potential vulnerabilities that unknown and unmanaged IoT devices can cause a network.

Securing IoT devices in two steps:

Step 1: Visibility

With the number of IoT devices entering the enterprise network, it is challenging to keep track of them. Without network visibility, it is impossible to see, manage, control and secure the network, and the risk for breaches increases. Clearly the first step in securing IoT devices is making sure that they are seen and acknowledged as existing on the network. IoT devices in the enterprise could include time-attendance clocks, smart TVs, temperature gauges, coffee makers and the above mentioned IP cameras. To minimize the risks, once identified on the network, there should be a centralized control mechanism that would enforce updates of the latest patches in security software.

Step 2: Network Segmentation

Once an organization has established complete visibility and centralized management across the network, it is crucial to segment all valuable enterprise data and establish controls to protect the expanding IoT surface. IoT devices should be on a separate network segment from the organization’s mission critical systems or data, including segmentation from devices such as laptops, PCs, tablets and smartphones containing enterprise data. Segmenting into secured network zones should be automated and then firewalls must be deployed between these segments to prevent IoT devices from reaching enterprise assets. With intelligent and automated segmentation, the enterprise increases ROI from its existing detection technology, making it more accurate and effective. Thus, even if IoT devices are breached, it shouldn’t expose enterprise assets along with them.

Conclusion – Using Intelligent Network Access Controls (NAC)

For the foreseeable future, it appears that cyber offenders will continue to take advantage of IoT vulnerabilities, but there is no reason for today’s enterprise to sit back and do nothing. All of the steps mentioned above and more can be achieved by using Portnox NAC solutions. Having full network visibility to identify devices on the network, followed by a layered and automated approach will allow the enterprise to secure these devices and respond to any potential breach, keeping important assets protected.

Want to see just how easy it is to hack an IP camera?
There are just a few steps required to perform a live hack of an IoT device, and without proper network segmentation, the consequences could be disastrous.
Once you have seen just how easy it is, check out more information on integrating connected devices into your network in the optimal way for security as well as ease of use purposes.

How Can IT Safely Embrace Digital Transformation?

By | news | No Comments

The digital transformation of business gives employees flexibility and choice, which can increase productivity, enterprise revenues and job satisfaction. Moreover, it allows companies to expand to more cities and countries, growing their direct markets, but at the same time, it opens up a whole new batch of cyber threats. Portnox’s CEO and Co-Founder, Ofer Amitai, looks at how IT should safely embrace the benefits of digital transformation and explains why CIOs and CISOs need to implement strategies that meet the ever-changing needs of the company and allow for flexibility, scalability and agility of the mobile and digitally transforming enterprise.

Published in Business.com.

Read the full article here.