All Posts By

Ofer Amitai

portnox pr logo

Portnox Introduces Okta SAML Integration for Cloud-Delivered Network Access Control Platform

By | press releases | No Comments

Integration of Okta with Portnox CLEAR delivers seamless & secure identity management solution for NAC platform customers

NEW YORK–Portnox, which supplies network access control, visibility and device risk management to organizations of all sizes, today announced its newest integration with Okta, Inc., the leading independent provider of identity for the enterprise.

“Our recent integration with Okta for improved IAM will make the self-onboarding process easier and more secure for new and existing Portnox CLEAR customers who already rely on Okta for single sign-on (SSO) and identity management,” said Tomer Shemer-Buchbut, Vice President of Product at Portnox. “Portnox CLEAR customers can now take advantage of our simplified, cloud-delivered NAC platform with a built-in integration with Okta – out of the box,” continued Shemer-Buchbut.

Portnox CLEAR is a cloud-delivered service for automated network visibility and access control management (NAC as-a-Service) providing control of IoT, as well as managed and unmanaged devices. The platform’s integration with Okta Universal Directory now allows Portnox CLEAR end-users to enroll their devices into CLEAR and connect to organizational networks using their corporate Okta accounts. Additionally, organizational administrators now have the ability to log into their CLEAR portal from their Okta user portal using SAML SSO.

“This integration signifies our commitment to improving and further simplifying the Portnox CLEAR user experience from start to finish,” said Portnox CEO, Ofer Amitai. “With Okta’s industry-leading Identity-as-a-Service platform, we’ve further strengthened the Portnox product offering and helped many of our customers extend their SSO requirements to their network security efforts,” added Amitai.

Okta is the leading independent provider of identity for the enterprise. The Okta Identity Cloud enables organizations to securely connect the right people to the right technologies at the right time. With over 6,000 pre-built integrations to applications and infrastructure providers, Okta customers can easily and securely use the best technologies for their business. Over 7,000 organizations, including 20th Century Fox, JetBlue, Nordstrom, Slack, Teach for America and Twilio, trust Okta to help protect the identities of their workforces and customers.


Click here to watch a video demonstrating CLEAR’s easy set up

Portnox CLEAR – FREE Signup

Try Okta+CLEAR

Try Okta+CLEAR Self-onboarding

portnox pr logo

Portnox Q3 2019 Revenue Surges 40% Year-Over-Year with Expanding SaaS Customer Base in U.S., U.K. & Beyond

By | press releases | No Comments

Cloud-delivered network security solution & subscription-based business continues to fuel revenue growth for cybersecurity firm

NEW YORK–Portnox, a leading provider of network access control, visibility and device risk management solutions, today announced that third quarter revenue for 2019 surpassed the same period for 2018 by 40%. Driving this year-over-year growth is the increasing adoption of Portnox CLEAR, the only cloud-delivered network access control (NAC) solution on the market today.

“We bet big on Portnox CLEAR and the SaaS business model,” said Portnox CEO, Ofer Amitai. “We knew that mid-market companies and large enterprises alike – particularly in the U.S. and U.K – would begin to demand cloud-delivered solutions for network access control. We’ve seen this prediction prove itself out over the last year or so, and we’re excited to help more and more organizations properly secure their network in the cloud and sleep well at night.”

Portnox CLEAR is the first cloud-delivered NAC-as-a-cloud-service solution that controls access using continuous risk-scoring of each endpoint; including mobile, BYOD and IoT, connecting from anywhere in the world. It is purpose-built to simplify the complexities associated with implementing NAC, while ensuring organizations have the necessary network visibility and access control mechanisms to protect against non-compliant and rogue devices that can introduce security risks.

In nearly every corner of the globe and across every sector and area of tech, cloud adoption is thriving – from SMBs all the way to large enterprises. In the U.S., 84% of enterprises have implemented a multi-cloud strategy, and spending on cloud services as grown 24% since 2018. In the U.K., cloud adoption among organizations has risen nearly 20% in less than five years. These figures shine a light on a massive transition off of on-premise software solutions to SaaS subscription models. As this new revenue stream grows, many vendors are shifting their focus to developing new cloud offerings, leaving fewer and fewer resources for legacy product innovation.

Earlier this year, Portnox was named Best Network Access Control Solution in Cyber Defense Magazine’s 2019 InfoSec Awards at the RSA Conference in San Francisco, CA. Portnox will return to the RSA Conference in February 2020. More recently, Portnox received the award for Most Valuable Vendor for MSPs (managed service providers) at MSPWorld 2019 in Las Vegas, NV. Since the start of 2019, Portnox has expanded its market focus beyond traditional business-to-business – now offering a comprehensive self-service, multi-tenant portal for MSPs to manage network security for their full portfolio of clients.

portnox pr logo

Portnox Joins MSPAlliance, Signifying Continued Commitment to Delivering Enterprise-Grade Wifi Security & Network Access Control Solutions via Managed Service Providers

By | press releases | No Comments

With MSPAlliance membership, Portnox aims to strengthen cyber security for businesses via MSPs, & to further democratize cloud-delivered, enterprise-grade wifi security & NAC-as-a-Service solutions

NEW YORK–Portnox, a market leader for enterprise-grade wifi security, network visibility, access control and device risk management solutions, today announced that it has joined MSPAlliance. With more than 30,000 cloud computing and managed service provider (MSP) corporate members, MSPAlliance has grown to become the largest industry association and certification body for cloud computing and managed service professionals.

As a member of MSPAlliance, Portnox seeks to help MSPs deliver simplified enterprise-grade network security solutions to their clients in the cloud – solutions that, until now, were often too complicated to deploy, too difficult to manage and not worth the financial investment. With Portnox CLEAR, the market-leading NAC-as-a-service solution, Portnox is enabling companies to tighten network access control, gain complete visibility into the devices connected to their networks, eliminate network threats in real-time and more.

“With cyber security threats on the rise globally, we believe every company deserves enterprise-grade solutions for wifi security and network access control without having to jump through the hoops associated with complicated configurations and prolonged deployments. We’re confident that in joining MSPAlliance, we will enable many of today’s leading organizations in Financial Services, Healthcare, Manufacturing and beyond to effectively secure their networks and eliminate significant losses – both data and financial – that occur as a result of insecure corporate networks each year,” says Portnox CEO Ofer Amitai.

Today, many organizations both large and small still rely on pre-shared passkeys to access their wifi networks. As such, MSPs are typically called up to update passkeys when employees from their clients’ companies leave. Portnox CLEAR provides a superior grade of security based on the 802.1X standard. With CLEAR, MSPs and their clients alike don’t need to endure complicated and expensive deployment processes. Rather, MSPs can now offer their customers affordable identity-based or certificate-based device authentication and network access through Portnox’s seamless multi-tenant MSP client portal.

MSPAlliance holds its annual MSPWorld Conference and Expo in Las Vegas, Nevada from October 9-11, 2019, where Portnox will serve as a sponsor alongside Citrix, Dell, Leonovus and more. For more information about Portnox’s sponsorship at MSPWorld, or to meet on-site with a Portnox representative, please visit Portnox’s website.

4 tips to safely onboard IoT devices onto your Wi-Fi network by Ofer Amitai – as posted on TechTarget’s IoT Agenda

By | news | No Comments

Catch up on what our CEO, Ofer Amitai, has to say about keeping your IoT and WiFi secured. In this article Ofer discusses the fact that enterprise IoT and Wi-Fi security are not always carefully planned and monitored and that as with BYOD, organizations are oftentimes dealing with IoT without even knowing it. As IoT endpoints are being added to many organizational Wi-Fi networks, the end-goal should be to incorporate enterprise-grade Wi-Fi security to avoid network breaches. Furthermore, Ofer elaborates on the importance of using WPA2-Enterprise authentication to turn the business Wi-Fi into a safer IoT network.

Read all about it here.

Portnox CLEAR – Keeping Your IoT and WiFi Secured

CLEAR is a SaaS, cloud-delivered, WiFi access control solution that allows you to secure your WiFi based on WPA2/3-Enterprise, using personal identities or digital certificates. CLEAR supports a wide range of authentication providers, from on-premises AD through cloud providers such as GSuite and Azure AD. CLEAR comes with a cloud-RADIUS, therefore there is no overhead, as there is no equipment to install or maintain. It requires no training or skilled personal to deploy and operate. In less than 10 minutes, large and small companies are deploying CLEAR’s enterprise-grade Wi-Fi security.

See a Demo of CLEAR – Please fill out this form:

What Kind of WiFi Protected Access Should You Use to Secure Your Enterprise?

By | Network Security | No Comments

When examining WiFi security, the first layer of defense is the method being used to authenticate to the network. The most widely used methods of authentication are Open authentication, WPA2-PSK (Pre-Shared Key) and WPA2-Enterprise (read more about WPA protocols below).

authenication typesOther authentication methods such as WEP (Wired Equivalent Privacy) and WPA-PSK (without the 2, also referred to as WPA-Personal) are used as well, but they are relatively easy to hack, and therefore are not really worth mentioning, besides making a general note here – to utterly avoid them.

Open Authentication

As the name implies, an open authentication network allows access to all, and users are not required to authenticate at the association level. It is important to know that open networks are not encrypted, and so everything transmitted can be seen by anyone in its vicinity.

The best security practice is to completely avoid connecting to open networks. If there is an immediate need to connect, it is best not to allow devices to connect automatically but rather to select the network manually in the device settings. Open networks are easily forged, and hacking tools such as Pineapple use the fact that mobile devices are constantly searching to connect automatically to an open network. These tools perform Man-in-the-middle attacks to steal data such as passwords, credit cards, etc.

wifi networks


WPA stands for WiFi Protected Access. This authentication method uses different encryption algorithms to encrypt the transport. Therefore, this type of network cannot be forged easily, unlike open networks, and users get privacy. Today, WPA2 is probably the most commonly used method to secure WiFi networks.

Sadly, WPA and WPA2 protocols have been hacked and are considered to be less secure. Performing a WPA2 hack requires a lot of time and is somewhat theoretical. Slowly, we are noticing a move to the WPA3 method, but for that to happen, different infrastructure is needed to support that protocol.


WPA2-PSK (and WPA3-PSK) is WiFi Protected Access (WPA) with a Pre-Shared Key. In simple terms, it is a shared password to access the WiFi network. This method is commonly used for home and small office WiFi networks. Even in a small office setting, using this method is problematic, because each time an employee leaves the company, the password must be replaced; otherwise, the former employee could still connect to the company WiFi.

Furthermore, employees tend to share the password with guests, visitors and contractors in the building, and you shouldn’t have the whole building connecting to the internet at your expense, risking the security of your data and assets in the process.


This method, also referred to as WPA-802.1X mode, authenticates to WiFi by using different identities instead of a single password. An identity can be credentials (user + password) or it can be a digital certificate.

This authentication method is better suited for enterprise networks and provides much better security for wireless networks. It typically requires a RADIUS authentication server as well as a configuration process to different repositories, enabling the organization to authenticate different types of endpoints.

The underlying protocols to secure the authentication vary between different Extensible Authentication Protocols such as EAP-TTLS / EAP-TLS, EAP-PEAP, each one representing a different type of authentication method and level of security.

With WPA2-Enterprise one can use advanced features such as assigning each endpoint after authentication to a specific VLAN or assigning ACLs (Access Control Lists) to specific sections. Additionally, enterprises can audit the connection with additional details. These features are important as they allow enterprises to properly secure their wireless networks and to make sure that they are compliant with security best practices.

Portnox CLEAR

CLEAR is a SaaS, cloud-delivered, WiFi access control solution that allows you to secure your WiFi based on WPA2/3-Enterprise, using personal identities or digital certificates. CLEAR supports a wide range of authentication providers, from on-premises AD through cloud providers such as GSuite and Azure AD. CLEAR comes with a cloud-RADIUS, therefore there is no overhead, as there is no equipment to install or maintain. It requires no training or skilled personal to deploy and operate. In less than 10 minutes, large and small companies are deploying CLEAR’s enterprise-grade Wi-Fi security.

See a Demo of CLEAR – Please fill out this form:

Secure WiFi

Securing Your WiFi Network: The Case for Implementing Enterprise-Grade WiFi Security Now, and Why Shared Passkeys Should Be a Historical Bygone

By | Network Security | No Comments

Are you using a pre-shared passkey to allow access to the organization’s WiFi?

Securing WiFi access in businesses has been historically weak. Oftentimes, companies protect their Wi-Fi access with a pre-shared password, sometimes posting it on whiteboards within the company or placing it for all to use at the reception desk to enable easy access. This is primarily for modern convenience purposes, as businesses would like to enable productivity and collaboration with contractors and guests, as well as allow for staff mobility within the premises of the enterprise.

What’s the problem? And why should I care?

The problem with this practice is that this is a “home style” level of security that places the company’s data and assets (whether intellectual or physical) at risk of being damaged or stolen. If an outsider successfully connects to the company’s WiFi, they could bypass the Firewall and all traditional cyber security mechanisms applied by most companies today. Once inside, they could damage the organization’s reputation by accessing illegal web sites, or company data, whether it resides on premises or in the cloud. Accessing these items is easy, and there are many automated network tools that can enable “non-techies” to do the work. Additionally, this type of hack could easily be achieved via simple social engineering. Another reason to be worried about the use of passkeys is that WiFi hacks and damages do not require being physically present at the organization. These simple actions could be taken from a nearby public space such as the parking lot and would leave no trace. Trying to track who accessed the enterprise WiFi by using a shared password is almost impossible.

Click here to watch a video demonstrating CLEAR’s easy set up

Internal players – disgruntled and former employees

One of the scariest scenarios are the hacks performed by disgruntled employees that can use their remaining access to perform nefarious activities, including damaging, sabotaging or stealing company data, resources and assets. Roughly one out of five organizations has experienced a data breach by a former employee. The Gartner analysis of criminal insiders found that 29 percent of employees stole information after quitting or being fired for future gains, while 9 percent were motivated by simple sabotage.

Attacks by disgruntled employees who commit deliberate sabotage or intellectual property theft are considered to be among the costliest risks to an organization. For example, one of our customers, a food manufacturer in the United States, fired an employee. The disgruntled employee decided to get even. Using the organization’s Wi-Fi password, he connected to the network from the parking lot and changed the temperature setting for the refrigerators. The result was the destruction of food inventory to the tune of hundreds of thousands of dollars.

Bottom line?  Former employees, even those who left amicably, should no longer have access to any part of the network.

Removing employees’ access to all accounts immediately after leaving the company is the best practice to use; however, typically it is not possible to revoke all access due to shared passwords for certain systems and services. In some cases, these systems do not require a password at all, such as printers and Point of Sale devices. For certain organizations, such as law firms and medical facilities, these represent the crown jewels in terms of company data and therefore should be highly secured.

Do I have important assets on the network that I should be protecting?

With the growing numbers of Wi-Fi connected IoT devices (IP cameras, printers, etc.) in the enterprise, each network has a lot of devices that could be compromised and thereby causing data leaks, denial of service attacks or severe damage to the organization. Therefore, ensuring that IoT endpoints are segmented into separate sections of the network and cannot be accessed by outsiders is crucial.

What is the alternative to PSK?

Using enterprise-grade authentication & access services is a good idea.
The best security practice would be to have digital certificates, but at the very least, it is recommended to establish a personal identity-based authentication solution. It would enforce network access via unique user credentials, thereby dramatically reducing the chances of unauthorized access to the organization’s Wi-Fi network, and it would ensure a much better security standard over the shared password practice. Traditionally, this was difficult, as setting up such services required high levels of technological knowledge, as well as extensive maintenance and long and complicated deployments.

This is exactly where Portnox CLEAR can help.

Portnox CLEAR

CLEAR is a cloud-delivered, WiFi access control solution that among other benefits provides a cloud-RADIUS, therefore requiring no training or skilled personal to deploy and operate. There is no overhead, as there is no equipment to install or maintain, and the service is inexpensive and based on the number of devices in the enterprise. Additionally, there is no need to manage a WiFi password as authentication is based on user accounts or digital certificates (customer’s choice), and therefore all passwords are unique. In less than 10 minutes, companies are deploying CLEAR’s enterprise-grade Wi-Fi security, providing the highest level of security to any enterprise, large or small.

See a Demo of CLEAR – Please fill out this form:

portnox pr logo

Portnox CLEAR’s Secure WiFi Access, Powered by Microsoft Azure, Delivers Enterprise-Grade WiFi Security to Businesses of All Sizes, as a Service.

By | press releases | No Comments

Mid-market and enterprise customers can now authenticate to their wireless network, based on identities, with Portnox CLEAR’s 802.1X seamless solution, delivered from the cloud

NEW YORK–Portnox, a market leader for network visibility, access control and device risk management solutions, today announced that its cloud-based solution Portnox CLEAR, powered by Microsoft Azure, is now available for Microsoft sales teams, enabling organizations to protect their network infrastructures with the Portnox CLEAR platform.

Enterprises and SMBs are facing a growing challenge protecting their networks from different cybersecurity threats, specifically their wireless infrastructure. More than 60% of all data breaches target small and medium businesses and yet, most are still using a pre-shared passkey to enable employee access to their organization’s Wi-Fi. This is particularly troubling as 40% of those attacks, involve the compromise of employee passwords.

To address these challenges and risks, Portnox CLEAR, a cloud-delivered, enterprise-grade network access control solution, provides individual authentication and access policy enforcement. With its built-in Azure Active Directory or Windows Server Active Directory plug-ins, Portnox CLEAR provides 802.1X network authentication services to the mid-market and enterprise customers within minutes. Additionally, CLEAR offers organizations visibility, control and pervasive risk assessment capabilities to better protect their networks in real time. Users can automate network access, certificate enrollments and onboarding scenarios for employees, contractors, guests and non-corporate machines, on or off premises. Key features include 802.1X based authentication and authorization, expanded threat management, breach remediation, dynamic network access control policies, and automated implementation of compliance protocols.

“Microsoft customers are a strategic business avenue for Portnox,” said Ofer Amitai, CEO, Portnox. “Portnox CLEAR allows organizations to secure their Wi-Fi in a matter of minutes by applying the highest security standards with a simple method, anywhere in the world. As a SaaS solution, CLEAR is pre-setup, always running the latest version, latest security and latest features with seamless upgrades, while requiring close to zero maintenance from IT and security teams.”

Portnox CLEAR is a cloud-delivered NAC-as-a-service solution that enables organizations to secure their entire network, including their Wi-Fi. Ultimately, the organization can control all network access by using continuous risk-scoring for each endpoint, including mobile, BYOD, and IoT, connecting from anywhere in the world. Built to simplify the complexities associated with implementing NAC, CLEAR delivers the necessary network visibility and access control mechanisms to protect against non-compliant and rogue devices that introduce security threats.

CLEAR is built as a multi-tenant and geo-distributed service due to the fact that it runs on top of Azure as a PaaS service. It utilizes many Azure cloud components and therefore CLEAR customers benefit from the conveniences of a SaaS solution while implementing the highest standards in information security.

“In today’s environment where BYOD, IoT and mobile workforces are the norm, our mutual customers rely on our solution to help monitor and secure all their devices, regardless of location,” said Avi Binya, VP One Commercial Partner at Microsoft. “The integration of Portnox CLEAR with Microsoft Azure Active Directory brings visibility and network access control to customers, allowing them to embrace the new market trends in a simple way.”

IOTagenda post

Top 5 proactive solutions to IoT security challenges

By | news | No Comments

In his latest article, published IoT Agenda, Portnox CEO, Ofer Amitai, discusses the best practices to overcome the security vulnerabilities in IoT devices.

“There are so many vulnerabilities in IoT, and hacking IoT devices is so easy that we must proactively seek security mechanisms now rather than wait for more disasters or emergency situations to force reactive responses. The solutions mentioned here will go a long way in preventing some of the disastrous breaches we have witnessed in recent years.”


Now available via IoT Agenda.

Read the full article here.