All Posts By

Ofer Amitai

How New Students and Devices Can Create Network Security Threats

By | news | No Comments

The new academic year is upon us and with it comes a number of concerns for IT professionals tasked with securing the network and its various endpoints. Portnox’s CEO and Co-Founder Ofer Amitai shares his insights on what are the ways to deal with the endpoint challenge on college campuses that will give IT departments peace of mind and how changes in onboarding and guest access policies can reduce risks and improve network visibility and control. Published in EdScoop.

Read the full article here.

Portnox CLEAR Brings Complete Discoverability and Risk Monitoring of All Endpoints

By | press releases | No Comments

New features provide enhanced monitoring, remote profiling and outage coverage  

New York, September 12, 2017Portnox, a market leader for access control and end point risk management, announced today Portnox CLEAR Summer 17’ Version, a cloud-based network access control solution that simplifies the management of emerging cyber risks for enterprises and mid-market organizations. This version provides CISOs, CSOs, network administrators and IT teams, the ability to better monitor all network endpoints and identify devices that are potentially at risk, minimizing digital business risk associated with IoT, BYOD, cloud computing and the mobile workforce.

According to a recent report by 451 Research, 60 percent of enterprise workloads will run in the cloud by mid-2018. With the move of data storage, applications, servers and more to the cloud, security solutions should run from the cloud as well. This version streamlines monitoring and securing from the cloud, offering access controls, network visibility and real-time risk assessment of all endpoints in all locations. CLEAR generates unique risk scores for each device, allowing network administrators to create accurate risk profiles of their networks, helping them gain an understanding of underlying threats and vulnerabilities.

Portnox CLEAR adds four distinct features with this version:

  • Monitoring-Only Mode: Provides 100 percent discoverability of each network endpoint by serving all network access requests. It accepts all authentication requests to grant access regardless of the credentials validity, policy violations or authorization incompatibility. The feature provides zero-touch on-boarding and discovery of devices through the CLEAR Portal, gradual deployment of 802.1X without interfering in standard organizational activities or operations, and helps determine best practices and deployment methods for 802.1X authentication.
  • Fail Open: With a lightweight on-premise software architecture, Fail Open provides access to the network based on historical information, and provides 24/7 availability of all network resources while maintaining security, even during internet outages.
  • Remote Profiling for Agentless Devices: Provides the ability to collect device data and visualize devices without the need of an agent in the CLEAR Portal using endpoint OS profiling and deep inspection. This allows network admins to achieve better network visualization and discovery of network elements, including IoT, BYOD, and IP devices on the network. The feature enables risk policy enforcement for agentless devices, such as a device needing patching or updates to its anti-virus software.
  • Network View: Offers a complete picture of network entities, including classification, OS, switch connections and installed software/application. This allows for alternate presentations of organizational device inventory, guided by the physical location, and not simply by user accounts. Network admins gain a better understanding of the type of devices accessing their network, helping them better formulate access and security policies.

“Companies are relying more and more on the cloud not only to store information, but also to manage their infrastructure from the cloud, and by doing so securing the infrastructure is becoming more of a challenge” said Ofer Amitai, CEO, Portnox. “Adding these new features to Portnox CLEAR, our SaaS platform, makes real-time continuous risk assessment easier and more reliable, monitoring all network elements – without the need for an agent, even if an internet connectivity outage occurs.”

This new version also improves the platform’s modes of enrollment, two-factor authentication, dynamic VLAN for wireless access, quarantine action, troubleshooting capabilities, and RadSec support.

The Portnox CLEAR Summer version is available now. For more information or to try Portnox CLEAR visit: https://www.portnox.com/portnox-clear/

About Portnox

Portnox secures connected organizations’ corporate networks utilizing its next-generation network access control and management solutions. Portnox’s solutions manage every user, every device – including: Internet of Things (IoT), BYOD, mobile and managed devices – accessing the network, everywhere.

Founded in 2007, Portnox provides its global customers with a complete view of device and network visibility, reducing security risks and improving network control. Portnox offers two solutions – CORE for On-Premise NAC and CLEAR for cloud-based NAC – allowing companies to grow, optimize, and evolve their infrastructure while maintaining the upmost security and compliance. The company was recognized by Gartner as a pure-play security vendor of network access control solutions and is a recipient of the 2016 Global Frost & Sullivan Award for Competitive Strategy Innovation and Leadership, among other Security Industry Awards. Portnox has offices in the U.S. and in Europe.

###

Ransomware and Internet of Things: Partners in Crime

By | Threat Detection and Response | No Comments

If you’ve been reading cybersecurity publications lately, you’re probably aware that ransomware  and Internet of Things (IoT) are now some of the biggest concerns within the cybersecurity community. Besides all of the relevant scenarios and security products that are presented to prepare for or attempt to prevent ransomware attacks or an IoT breach, there is one scenario that isn’t being talked about – ransomware attacks on IoT devices. This blog will attempt to shed some light on how these factors can work together to put your organization, and even human lives, at risk, as well as suggest ways that such an event can be prevented.

At the recent Black Hat conference in Las Vegas, two cybersecurity researchers, Billy Rios and Jonathan Butts demonstrated how the mechanical arm of an automated car washing machine could be hacked to cause damage to a vehicle, and potentially threaten human life. This is not the first time that Rios and Butts have put a connected device to the test; the team has successfully hacked a pacemaker and a smart car to highlight life-threatening vulnerabilities. They are probably not the only team that has made a point of demonstrating the dangers of IoT malware and ransomware, yet still, manufacturers, organizations and consumers continue to produce, purchase and deploy these inherently vulnerable devices. What makes IoT ransomware a grave security flaw?

Let’s start by stating that all connected devices (not just IoT devices) are potential victims of ransomware attacks because they are connected to the Internet. Ransomware attempts to gain access to mission-critical data on the network, then encrypting that data until the organization or individual pays the ransom (usually in a cryptocurrency), at which point they are provided the encryption key to recover the data. While ransomware is well understood when it comes to more “traditional” devices such as computers, phones, and servers, IoT devices are rarely considered as a point-of-entry, and if they are, there’s no way to patch, protect or install anti-virus software. Really, your best hope with an IoT device is that the manufacturer installed firmware and that there are available upgrades that somehow address ransomware risks. In the majority of cases, these firmware updates simply do not exist.

Then there’s the issue of visibility. When organizations and individuals connect IoT devices to their network, the excitement of deploying a new technology resulting in greater efficiency tends to overshadow precautionary measures to ensure the device is secure. There are a number cases in which organizations were attacked via IoT devices that they didn’t have knowledge of. In addition, many of these devices have default passwords that can be easily discovered through the Shodan search engine, Hydra or other IoT search tools and password generators. In most cases, the username is ‘admin’ and well, the password is the same. Oversight of IoT devices on the network greats a gaping hole for hackers to plant ransomware that, while not directly targeting the IoT device, can reach the mission-critical data they are after by gaining access to the network.

Finally, there is the physical aspect of IoT devices. Usually, these devices are deployed to control temperatures in the HVAC room, or as a smart coffee machine, smart TVs and in industry as part of the movement to connect machinery to the Internet (Industry 4.0). That means that unlike most computers and other “traditional” devices, IoT devices are tied to a physical function that could have real, and potentially dangerous consequences. The demonstration of the car wash hack is a good example, but what about IoT door locks that could trap people in a building or prevent entry, or a smart TV that allows for espionage. At the moment, the majority of these are hypothetical scenarios, but as the Mirai botnet incident demonstrated (what’s known as a pivoting attack), the hacking of IoT devices presents a real threat that should be addressed now, rather than later.

At the moment, IoT manufacturers aren’t doing much to make sure these devices are secure, so what should organizations eager to implement IoT devices do to make sure that they aren’t putting their network at risk?

The first thing that should be done is to find out if the IoT devices you’ve deployed have firmware, and if they do, if that firmware can be upgraded. But, as mentioned, not all IoT devices have firmware, which is why the next step should be to secure the IoT network with firewalls or create a network perimeter. With the devices quarantined in a “safe” part of the network, pivot attacks and access to mission-critical data on other devices are (largely) out of the question. Visibility is key for knowing where hidden threats lie on the network, which is why a solution that discovers IoT devices, their location and characteristics should be an essential part of any security stack. If possible, deploy a network access control solution that will allow for authentication of IoT devices to ensure that vulnerable devices can’t enter the network and gain access. Finally, and as previously mentioned, consistently update the default passwords and manage the security certificate lifecycle (if any).

While we haven’t heard of too many IoT ransomware attacks yet, you can bet that they will be in the news soon enough. Beat the black hats to the chase and shore up your network with IoT visibility, discovery and control tools that will protect against malicious exploits, including malware and ransomware.

Find out more about Portnox’s Rapid Ransomware Control & Response Solutions.

Cybersecurity Training May Have Been The Only Way To Stop Money Transfer Attacks

By | news | No Comments

Portnox CEO and co-founder Ofer Amitai shares his insights on cybersecurity challenges with TMCNET CEO Rich Tehrani . In the article, Ofer discusses the increase in attacks targeting money-transfer, and explains why companies can and should be doing more to protect themselves, like  training their teams. Cybersecurity training may have been the only way to stop these money transfer attacks.

Read the full article here.