Category

Cloud Security

network access control gartner

NAC is dead? The Resurrection of NAC

By | Cloud Security, Network Access Control, Network Security | No Comments

Some argue that NAC (Network Access Control) is no longer relevant in today’s world of the mobile workforce and distributed (or decentralized) organizations that have moved to using cloud applications for the most part. Adding the fact that many organizations are allowing personal devices to be used in the corporate environment (BYOD) and the fact that IoT devices are used everywhere, some might consider this to be further evidence to the conclusion that NAC is no longer relevant or needed.

In 2004 the first NAC products came on the scene and signaled the start of a new segment in Information Security. At the time, most organizations still had a physical perimeter, desktops were still the main PC to be used at the workplace and laptops were starting to make a wide appearance. BYOD (bring your own device), IoT (Internet of Things) and multi-branch, geo-distributed organizations that rely heavily on cloud services were not prevalent yet. Accordingly, the standards for NAC were very different from what they are today and mainly focused on the wired environment. NAC solutions were then primarily based on using 802.1x pre-connect enforcement with supplicants which were not part of the operating system. Organizations trying to implement NAC solutions only had the option of deploying 802.1x – which ended up with long, complex deployment and implementation, leaving them with a bad taste for NAC.

Over the past 20 years, NAC technologies have evolved exponentially. Vendors introduced control and discovery techniques that have yielded better and faster deployments and ROI. Just as the enterprise network and endpoints have evolved, NAC solutions have evolved from merely allowing or blocking endpoints onto the network into a broader security solution that provides network visibility, endpoint profiling, security posture assessments, risk management and compliance.

Additionally, some solutions have scaled to suit the modern workforce, heterogeneous networks, hybrid cloud and on-prem environments, diverse endpoint environments (such as IoT and BYOD) and globally distributed organizations. This increase in number of devices connecting to the network and change of working environments   has been our reality for the past 10 years and has evoked a new NAC. Hence, the resurrection of NAC continues to be upon us.

Future of NAC
At this point in 2019, over 60% of enterprise data is stored in cloud applications (public cloud, private cloud and a hybrid of both). By 2020, just a year from now, it is predicted that 83% of enterprise workloads will be taking place in the cloud (1). According to IDG, 77% of enterprises have at least one application or a portion of their enterprise computing infrastructure in the cloud. Additionally, more technology-dependent industries including manufacturing, high-tech, and telecom are being led by executive management to become 100% cloud-based. Therefore, it is crucial to make sure that only company owned and secured devices gain access to corporate intelectual property and information in the inner most circles of the enterprise. According to Gartner research , by 2023 80% of enterprises will adopt two or more cloud-based security services. This is no coinsidence. The complexities in the cyber security landscape alongside the increasing shortage in skilled security professionals is leading towards a greater adoption of cloud-based security services and specifically to the adoption of NAC as-a-Service.

Another factor in future solutions is related to increaseing IoT adoption by enterprises and factories. Visibility and monitoring of IoT must be done by an agentless solution. We believe that having agentless solutions that are centrally controlled will be preferred by many organizations in 2019 and the years to come.

Lighter, adaptable and agile solutions will be necessary in the new era. Enterprises will transition into using easier NAC solutions such as centralized NAC, agentless NAC, NAC delivered from the cloud and Software-as-a-Service. These NAC solutions will save time and money on deployment, training and implementation, while at the same time providing the visibility and accuracy needed to handle today’s complex and hybrid networks. Next-gen solutions are able to cope fully with today’s decentralized organizations and the old NAC configurations will no longer suffice as they are perimeter focused.

 

Conclusion

NAC was effective for the problem it was created to solve in the mid-2000s, but subsequent technological advancements in cloud applications and the mass-adoption of mobile computing devices by the mobile workforce, and IoT have introduced new complexities and challenges. The new computing model requires new cyber security solutions, and the new, NAC technologies are uniquely positioned to be among them. Cloud-native solutions will address concerns of lengthy deployments and geo-distribution. Agentless and centralized solutions will shorten and simplify implementations and everyday usage that were once the dread of CISOs and IT security teams in the enterprise.

 

***

You can see the ease of use and the benefits of cloud-delivered NAC by starting your own a free trial of CLEAR (Cloud-delivered solution) today.

Read the following to learn more about the NAC as-a-Service solutions, and how they simplify cloud access control.

You can also schedule a demo for CORE (on-premises solution) and learn more about agentless and centralized NAC as well as regulatory compliance.


  1. LogicMonitor’s Cloud Vision 2020: The Future of the Cloud Study
  2. The State of Network Security in the Cloud Era, Lawrence Orans, 2018 Gartner Security & Risk Management Summit.
  3. 2.9 million according to (ISC)2
dr-logo

The Security Perimeter Is Dead. Long Live the New Endpoint Perimeter.

By | BYOD Security, Cloud Security, Network Security, news | No Comments

The network no longer provides an air gap against external threats, but network access for devices can take up the slack. The fall of the enterprise perimeter is like the falling of a wall. It has created a new security landscape in which each endpoint, no matter from where it connects, has become its own perimeter — a weakness that can give adversaries access to the entire network.

Here you can read about the best practices to implement in the enterprise to handle threats both inside and outside the physical enterprise perimeter, allowing organizations to provide remote branches and “traveling” endpoints the same security as their corporate headquarters.

Published in Darkreading.com

Read the full article here.

Palo Alto Networks and Portnox Join Forces On Cloud-Delivered Threat-Response Solution

Palo Alto Networks and Portnox Join Forces On Cloud-Delivered Threat-Response Solution

By | Cloud Security | 3 Comments

In recent months, Portnox and Palo Alto Networks joined forces to better deal with the current cyber security threat-landscape. Network security teams in the enterprise must cope with several challenges that impact their traditional network infrastructure. Here are some of those challenges.

Lateral Movement.

A significant challenge to network and data security is the lateral movement of cyber security hazards such as malware (or even ransomware) from one compromised endpoint to others.
In recent years, cyber offenders have carried out large-scale attacks targeting organizations by exploiting known vulnerabilities and security gaps on endpoints. WannaCry, NotPetya and Bad Rabbit are malware attacks that used lateral movement to spread in large-scale campaigns during 2017. Using a single entry-point, typically the most vulnerable endpoint detected by the hackers; proliferation via lateral movement can influence an entire organization. In this way, unpatched or unprotected systems can be taken down in no time, leaving an entire organization paralyzed while the offenders achieve their goals.

IoT, BYOD & Unmanaged Endpoints

According to cyber security experts, the majority of harmful attacks exploit well-known vulnerabilities and security gaps on endpoints. Most organizations are unaware of a significant percentage of the endpoints on their network as these are Bring Your Own Device (BYOD), Internet of Things (IoT), guest and other unmanaged endpoints. Additionally, many IoT devices are found to be placed in network segments that are being used by other company devices and IoT endpoints are particularly vulnerable to being breached. These endpoints aren’t transient and typically go undetected by periodic scans. As such, security teams remain unaware of the attack surface on these devices.

Geo-Distribution.

The growing decentralization and de-perimeterisation of worldwide organizations is a crucial factor as well. Once a threat has been identified inside or outside the enterprise perimeter, security teams must be able to handle and contain the threats at HQ and at branch offices anywhere in the world; as well as to be able to secure the devices being used by traveling or telecommuting team members.

Threat Detection.

Today’s threats are evolving rapidly. The current velocity and evasiveness of targeted and sophisticated attacks has never been seen before. These attacks rely on stealth, perseverance and the ability to overcome many cyber security defenses. Oftentimes these attacks use multiple vectors of attack and focus on acquiring crucial personal data, company intellectual property or other insider information. Unfortunately, compromised devices and data breaches can often remain undetected for weeks or months. Detecting advanced threats and infected endpoints will require new and adaptive security controls.

Visibility.

Once a threat is detected, how can one see what kind of device has been compromised? Is it a laptop? A phone? An IoT device? Who is the user behind it? Where is it located on the network?

Threat Investigation.

Today’s security analysts are spending too much time trying to pinpoint the compromised endpoint and figuring out who else in the organization has been affected, especially when lateral movement is such a big risk. Oftentimes data breaches remain undetected for extended periods of time (with more than 80% of breaches undetected, Gartner 2017*). Even when detected, if a threat moved laterally before being shut down, there is a lack of information regarding which other endpoints have been compromised; on or off premise.

Response & Control.

Actions must be taken. Stopping lateral movement and other endpoints from being infected is crucial. Compromised devices must be quarantined or blocked from accessing the network, regardless of how they are connected to the network (wired, wireless, VPN, cloud).

Future Risk Mitigation.

Blocking the current threat and preventing it from infecting other endpoints is a great start, but not enough to maintain optimal network hygiene. Continuously analyzing the security posture of all organizational devices is crucial. This includes the ongoing review of existing threats and Indicators of Compromise (IOC) to determine which endpoints are granted access to the network each time.

With so many challenges to factor-in and the all-time record of the number of vendors offering solutions in the cyber security space, all seemingly overlapping, it is no surprise that security teams have a difficult time sorting through many vendor claims till they finally select the services or products that will best match their security and budget requirements.

The CLEAR App Solution.

In mid-October 2018, the Portnox CLEAR App went live on the Palo Alto Networks Application Framework. This joint solution, between Portnox CLEAR’s cloud-delivered network access control and the Palo Alto Networks firewall, allows security teams to set enforcement policies based on threats detected by the Firewall. The App prevents the lateral spread of malware throughout the organization and effectively isolates the compromised endpoints in real time. The Palo Alto Application Framework is designed from the cloud and therefore this cloud to cloud solution will allow organizations to provide remote branches the same security as at HQ, allowing for a much better handling of threats in and outside of the perimeter.

Security teams can rapidly enable the App without worrying about adding any infrastructure or appliances. Additionally, organizations can create customized policy via CLEAR with the flexibility to assign the right impact on the endpoint’s continuous risk assessment and security posture. This is done by correlating advanced threat categories from the Palo Alto Networks firewall with the organization’s access and risk assessment policies for devices. In essence this will allow the organization to leverage the Palo Alto Network advanced threat detection to better secure the access of all endpoints, including BYOD and IoT devices.

Accelerating the Response to Threats.

The joint solution will accelerate the response to threats by identifying all compromised devices that share the same threat using CLEAR’s unique visibility and data discovery capabilities.

Palo Alto Networks next-gen firewalls identify evasive and sophisticated threats and automatically thwart them through multiple means. The technologies use analysis of all allowed traffic, using multiple advanced threat-detection and prevention technologies.

Continuous Risk Mitigation.

Based on the advanced threat detection data received from the Palo Alto Networks firewall (i.e. detecting malware that is new or has no signature), CLEAR enables the discovery of other endpoints with the same threat. Moreover, CLEAR will provide the user ID, office location, switch location, etc., regarding the compromised endpoints. Once the advanced threat detection alerts are received in the Palo Alto Networks Application Framework, CLEAR quarantines or blocks these compromised endpoints. Automated response actions are customized and tailored by the organization’s requirements. IOCs and vulnerabilities indicated by the Palo Alto Networks firewall are correlated with the risk-score of each endpoint and the appropriate response is issued by CLEAR.

CLEAR continuously monitors and evaluates each endpoint on the network, establishing a risk-score for it over and over again, whether the device is connected on or off premise. This knowledge is used to define access policies and continuous risk-monitoring takes place. Security admins can determine, customize and tailor the access policy based on the organization’s security requirements. If the risk-score is high, CLEAR will not allow access or will allow limited access by quarantining the endpoints to a certain VLAN. If the risk-score is low – CLEAR continues to monitor the endpoint.

The day-to-day operation of the application will enable customers to monitor a network or endpoint threat-indications from the Palo Alto Networks Application Framework, to update the risk score of devices, and to identify all devices that share the same threat.

Cloud Strengths.

The fact that CLEAR is delivered from the cloud as a SaaS solution, has many positive ramifications from every aspect: security, operations, cost efficiency and more. For example, CLEAR is always running the latest version, with seamless upgrades, delivering the most up to date technology advancements to the subscriber. This can save a lot of time and needless worry for the administrators and assures the usage of the best security. Additionally, using a cloud-delivered solution allows for scalability and is geo-distributed across the world, making it a must-have for decentralized and growing enterprises. All of these, contribute greatly to a substantial reduction in the Total Cost to Ownership (TCO).

Additionally, cloud-delivered security solutions allow that managing risks and threats will no longer depend on an IT security team administrator being physically present within the perimeter of the enterprise location. Changes can be made from where the security admin is located at the time, from a central account, allowing for faster hands-on solutions as required. In our ever evolving work spaces, this is a crucial mode of operation.

Conclusion.

With the Portnox CLEAR application on the Palo Alto Networks Application Framework, companies can continuously monitor endpoints on the network and scan for a wide variety of IOCs, for the rapid pinpointing of compromised endpoints, stopping lateral movement and completely avoiding costly data breaches.

onboarding your device

The Best Ways to Secure Device Onboarding in The Enterprise

By | BYOD Security, Cloud Security, Compliance, Network Access Control, Network Security | No Comments

With the prevalence of digital transformation in the enterprise, there is a clear necessity to balance IoT security issues and BYOD security measures that will prevent suspicious or malicious devices from gaining access to the enterprise’s assets and data centers, while at the same time, making sure that productivity and easy onboarding of devices is maintained. Employees, guests and contractors are bringing all kinds of Wi Fi enabled devices to the enterprise environment and they expect easy and quick network connectivity.

Onboarding is the process in which new devices gain access to the enterprise for the first time. Unfortunately IT departments can sometimes experience additional workloads while endeavoring to get all the devices on the network so as not to hinder business productivity. At the same time, if they are not handling the process with top security standards in mind, they could potentially place users, devices, enterprise data and the network itself at risk. The question arises: how should IT Security teams allow for BYOD, IoT, contractors, guests, etc. to securely and quickly connect to the network without placing any of its components at risk of a breach or ransomware attack? The answer: automation.

By automating the entire onboarding process enterprises can achieve the following benefits:

  • Reducing the costs that are typically associated with manual work (including configuration and support activities).
  • Enhancing productivity – getting team members, contractors and guests connected to work faster.
  • Increasing end-user satisfaction – instead of hassling end-users with onboarding procedures, the whole process can and should be seamless.
  • Decreasing the risks – unmanaged, unpatched, high-risk devices should be blocked or connected from the beginning to a separate segment of the network from where the key corporate assets are stored (the “crown jewels” of the company).

Easy Onboarding

Employees, students, contractors, partners and guests should onboard their devices once and then automatically re-authenticate after that, within an environment that continuously monitors all devices on the networks and automatically provides a risk score for every device. This ongoing scoring allows security teams to understand the security posture of the devices and the network as a whole, at any given moment. At the same time, there is no need to have end users repeatedly re-enter credentials on subsequent network connections unless a device is deemed to have a high risk-score. This way the enterprise can easily onboard BYOD devices belonging to employees that are traveling, working remotely or working at a satellite office location. Additionally, this allows onboarding of IoT and smart devices for business such as flat screens, printers and IoT devices, as well as gaming consoles, smart refrigerators and more. These items, of course, must be on a separate segment from where company assets are kept.

Reducing Risks on the Network

A while ago Ofer Amitai, Portnox CEO, wrote about tips for securing endpoint devices on college campuses, institutions that are always desiring a relatively simple onboarding process. He discussed how changes in onboarding and guest access policies could reduce risks and improve network visibility and control. The principals for securing the enterprise require these steps and more. Having a clear onboarding set of policies will allow IT teams to have automated actions applied (see examples in the next section).

After handling the company’s initial network security audit and collecting the security posture of all devices, it is important to make sure that the enterprise authorization policies include conducting automated and continuous security assessments of the network.  This way, every device employs baseline security measures before being allowed to connect.  Additionally, the IT security team should use granular policies to govern the level of access while maintaining full visibility and control over network connected devices with the ability to revoke access at any time.

Automated Device Onboarding and Network Authentication

Having an automated onboarding set of policies can allow for automated actions such as:

  • Immediately allowing Internet access
  • Blocking/ disconnecting
  • Segmenting a device to a separate network section
  • Remediation actions

For example, IoT devices are considered to be easy to hack.  Therefore, once connected to the enterprise network, these devices should be separated from where core assets are located.  Having different segments on the enterprise network is a good solution for that.  Additionally, if a visitor is being connected, the visitor should gain access to the Internet and not to company files, even when plugging the computer to the wired network.

Two important advanced guest network onboarding features are recommended to be included:

  • Easy guest access – allowing for simple and fast connections together with the ability to continuously monitor all devices and ensure security.
  • Agentless access – once the IT administrators have set up the onboarding policy – contractors and guests on protected networks should be able to self-onboard without installing an endpoint agent.

Acquiring Advanced Onboarding Capabilities

One of the technologies that can help with safe onboarding is network access control (NAC).  In the past, companies used only desktops and laptops, connected and authenticated over a wired network, however; nowadays wireless networks and mobile technologies have introduced personal devices (via BYOD policies) and Internet of Things (IoT) to the workplace.  In addition, increasingly stringent compliance standards, such as PCI-DSS, SOX, and ISO standards require companies to openly communicate their security controls to external auditing authorities.  All of these can be achieved via NAC solutions. Network access security should be a priority for all companies moving forward.

###

Every enterprise today must support a rapidly proliferating world of devices and platforms.  From an operational view point, this shouldn’t pose an obstruction of workflows and productivity. Ideally, the enterprise IT team will automate and secure network onboarding and authentication so that the IT helpdesk doesn’t have to intervene when guests, contractors and IoT devices need to connect. Additionally, an effective plan for secure network onboarding will on one hand improve end-user experience for BYOD, IoT, users and guests and on the other hand improve IT security as part of a layered protection strategy.

Looking to set IT security policies and automate your device onboarding?

Portnox CLEAR offers easy onboarding while never compromising on network security across the enterprise.

Sign Up for Your CLEAR 30 Day Trial Now

Handling Network Complexities in Today’s Highly Decentralized Organizations Part 3: 5 Things Your Next 802.1X Authentication Solution Must Do

By | Cloud Security | No Comments

Implementation Issues Solved with 802.1X NAC Delivered from the Cloud

In parts 1 and 2 of this blog series we spoke about the idea that decentralized organizations, where mobility plays an important role in network security functionality and visibility; should seriously consider implementing NAC solutions delivered from the cloud, as-a-Service, due to the fact that endpoint risk assessment, as well as network visibility and control can be obtained for all locations and provide flexibility in terms of growing the coverage as the company grows.
With that in mind, today I will explain the five points that we believe are essential in choosing your next network security solution.

When deploying 802.1X NAC as-a-Service, complaints about lengthy deployments, implementation hassles and limited capabilities do not have to be prevalent any longer. In fact, IT security teams can now succeed where others have failed and be the superheroes of network security projects. NAC doesn’t have to be complicated. With NAC as-a-Service, there is no need for physical deployment or network hardware (unless it already exists, such as RADIUS or Active Directory servers), which significantly cuts the costs and deployment-time that were previously associated with the 802.1X authentication protocol.

Additionally, NAC as-a-Service allows for secure and remote access for the geo-distributed workforce, without the need for localized branch appliance deployments. It also enables business continuity, because if appliances go offline at one of the locations, the rest of the locations and endpoints can continue accessing the network without interruptions and regardless of which type of device is being used (corporate, BYOD, IoT, etc.).

As you can see, the NAC as-a-Service cloud delivery model is a different approach altogether for dot1X authentication in the enterprise, as it solves key security issues with the ease, agility and efficiency of a SaaS solution.

Here are the top 5 items you should look for in selecting your next 802.1X NAC solution.

I. SaaS delivery – With the shift to cloud-based solutions in businesses world-wide, many businesses no longer maintain their own data centers and have come to expect and rely on many solutions to be Software as-a-Service orientated. 802.1X NAC solutions provided from the cloud fit the bill and allow for easier and more cost-effective deployments and implementations.
II. Turn-key solutions with pay-as-you-go options – your next network security solution should have a low TCO – Total Cost to Ownership (both in terms of price and man hours), without forcing you to have so many pieces of equipment, installations and cumbersome access controls. These are the traits of NAC solutions which are not a good fit for decentralized organizations. A simple, pay-as-you-go model will allow you to gradually implement your NAC solution, while maintaining the highest standards for network security. While TCO is a major driver for IT infrastructure management, there is no reason to compromise on a network security project, but rather choose a solution that will provide a full and mature solution from day one.
III. A scalable and adaptive multi-branch solution – with enterprise mobility and multi branch businesses that in some cases span across countries and continents (without always having an IT professional available), your NAC solution should be able to follow your company wherever it goes. Your solution should also be able to adapt to growth in the number of endpoints, locations and ports, no matter where they are and which layer of the network is being utilized (wired, wireless, VPN).
IV. A Holistic approach to cyber security – your 802.1X NAC solution should not be limited just to port security. It is advisable to have a system in place that can provide a full network security vulnerability assessment. Once your solution can provide full visibility of all network access layers as well as all types of devices that are currently connected on the network, your IT managers can maintain tighter controls and set up automated actions.
V. Automated policies and actions – automation is a must-have option, as there are so many challenges to deal with in keeping today’s organizational network secured. Having one simple and consolidated platform that handles all access layers and all potential port security dilemmas, will allow for easier automation, configuration and segmentation (as required) of the endpoints for a connection that is based on group permissions. dot1X port control allows for full end-to-end provisioning, automated deployment, management and troubleshooting tasks.

Taking these top 5 points into consideration before selecting an 802.1X solution will assure that decentralized organizations wind up with an easier deployment process in terms of time and budget, as well as a holistic solution that does not ignore any part of the network.

Portnox CLEAR is the recommended solution for simple 802.1X deployment. Without compromising on security across the enterprise. By using a RADIUS and repository servers from the cloud, dot1X port control is delivered as-a-Service, and admins can embrace the benefits of dot1X authentication by deploying a zero-touch solution that eliminates geo-redundancies. Within weeks, it is easy to see and control every device connected to the network and thanks to automated monitoring, risk assessments and automated actions it isn’t necessary to be glued to the admin console ever again.

To find out how 802.1X authentication delivered from the cloud works, read more in the White Paper, “802.1X Authentication Is Simpler Than You Think“.

Sign Up for Your CLEAR 30 Day Trial Now

Handling Network Security in Today’s Highly Decentralized Organizations – Part 2: Adopting Cloud Solutions

By | Cloud Security | No Comments

The Business of Risk Assessment

Classical port security is not always understood. Originally it involved the equipment and particularly computers within the physical perimeter. At that point, NAC came into play if someone penetrated the network from a physical port, on-premise. This all changed in the last 15 years, when enterprise mobility and digital transformation took over. These required different levels of authentication to fit the different devices, including managed devices (company owned), unmanaged devices (where Bring Your Own Device – BYOD policies are at play) and IoT devices. The homogenous ways of the old made way for the heterogeneous reality of the new, turning device and port security into the business of risk assessment.

Register for the Decentralization Webinar

Risk assessment and full network visibility are the virtual doormen at the party who will allow the organization’s invitees to enter. Instead of naïvely allowing anyone to access the network, there should be a continuous and automated system performing risk-profiling and allowing full visibility of everything on the network. Where traditional, on premise NAC is limited to a few actions and parameters that do not reflect the complexities outlined above and in part 1 of this blog, a robust NAC solution should be able to scan all access layers and all endpoints for all users. Once this is achieved, continuous endpoint risk assessment becomes a reality, providing a wider solution that is required for today’s complex networks and decentralized organizations.

802.1X Network Security Projects

In today’s 24/7 hyper news cycle, we are constantly learning of new data breaches, costly malware attacks and the need to have solid network security solutions. 802.1X, the trusted authentication protocol used for Network Access Control (NAC) solutions, was initially considered a success when implemented on wired networks, within the framework of a traditional, on-premise solution. However, later on, as more companies became decentralized and shifted to wireless networks and VPNs, traditional on-premise 802.1X solutions no longer fit the bill.

Unfortunately , many companies were burnt by these on-prem 802.1X NAC projects. True, the protocol itself is extremely trustworthy, however, with most solutions there seems to be a never-ending patching and configuration job going on. That’s assuming they have completed the labor intensive and expensive deployment that in many cases, includes moving a lot of equipment around. If this is a decentralized organization, such as a multi-national company with many access points, each location will require a way to protect all endpoints and company assets. In some cases, this could become costly and create a lack of cohesiveness within the organization.

To solve these and many of the challenges discussed in part 1, lighter, adaptable and agile solutions have become necessary in the new reality. Organizations must transition into using easier NAC solutions such as NAC delivered from the cloud and Software-as-a-Service. Among other attributes, a SaaS delivery model will save time and money on deployment, training and implementation, while at the same time providing the agility, visibility and accuracy needed to handle today’s complex and multi component networks. Next-gen solutions offered as-a-Service are able to cope fully with today’s decentralized organizations and the on-prem 802.1X solutions can no longer suffice. Thankfully, there is such a solution. While it provides robust coverage, it is easy to implement in a few simple steps, the first of which is an easy software download.

NAC Solutions Delivered as-a-Service from the Cloud

Using a next-gen 802.1X cloud solution will allow organizations of any size and with any number of geo-locations to gain full visibility of all endpoints on the network, regardless of what the access layer is or which type of device is being used (company issued, BYOD, IoT, etc.). 802.1X is one of the most secure ways to authenticate devices connecting to the network because it is based on set protocols and a verified standard. While other authentication methods may simplify the implementation and management, as of now there are very few solutions that can match the security and strength of 802.1X authentication on all VPNs, wired and wireless networks.

For those concerned with the notion of having security provided from the cloud, it should be noted that according to Gartner’s research, “by 2023, 80% of enterprises will adopt two or more cloud-based security services”. As more companies become decentralized, we believe that more of them will adopt security services delivered from the cloud.

***Tune in next week for part 3: The 5 “must-haves” in your 802.1X NAC solution. ***

Looking for an easier NAC project?
Now, there is another way. Portnox CLEAR offers a solution that allows for simple deployment, without compromising on security across the enterprise.

Sign Up for Your CLEAR 30 Day Trial Now

Handling Network Security in Today’s Highly Decentralized Organizations – Part 1: The Challenges

By | Cloud Security | No Comments

The Perimeter is Dead

We know that our businesses are becoming more digital and connected every minute, of every hour, of every day. This is a global trend and the foundation for increased delivery speeds, efficiency and productivity in all organizations. Organizations these days are no longer limited to their physical office premises as they once were. In many cases, team members are allowed the flexibility of working remotely, telecommuting and working in different branches across different countries, sometimes working in shared co-work offices with other remote employees and business owners. That said, IT Security Officers have their work cut out for them, whether they are handling a large multi-national organization or a small-to-medium business. We all know and feel the incredible threats looming on our networks and the constant care that must be taken to assure the security and integrity of our organization’s assets, whether they are physical or intellectual. In this, first post of a series of three, we’ll review a few challenges with network security and then consider some solutions in parts 2 and 3 of this blog.

Register for the Decentralization Webinar

We Adore Our Mobility

There is a lot of satisfaction that comes with the increased productivity, flexibility and mobility offered by digital transformation. Is there anyone out there who would like to trade their smartphone back to a flip phone? Their laptop for a desktop? The answer is clear: obviously – no. We all adore our mobility and digital advancements. So much so, that IDC predicts that within the next two years there will be close to 200 billion Internet connected devices.

If you are reading this article, there is an excellent chance that you use 5-6 connected devices, including your smartphone, a wearable of some sort, a laptop or two and a tablet or two. Perhaps you have a few IP cameras monitoring your home and office while you are away. And that’s just you. Now think of all the people bringing their own devices to the enterprise these days.

Next, let’s think of the IoT (Internet of Things) devices that are increasing their presence everywhere, according to IDC, there will be 80 billion connected IoT devices by 2025, enhancing a security concern stemming from the fact that IoT devices are almost invisible on many enterprise networks. Additionally, employees are accessing any kind of application under the sun (or florescent light), on their own devices and via the Internet on their company managed computer. These applications and websites are used for both personal and work-related purposes, placing the organizations’ assets at risk.

Network Complexity

In today’s decentralized enterprises there are multiple access layers at play, including the use of wired, wireless and VPN connections. This is one of the core security issues with complex networks in decentralized organizations with locations in different states and countries. Multinational organizations suffer from increased risk due to their IT security loopholes and the abundance of access ports and end-users. It is no wonder then that many IT departments have settled for half-promises of asset security and network controls. They must work within the constant cyber threats that seem to be spreading faster and everywhere these days. Unfortunately, one of these half-promises leads to uncompleted NAC implementations (Network Access Control) and to lengthy and unsuccessful projects.

Security Vendor Fragmentation

Vendor fragmentation is an incredible headache that must be handled. It seems like there is a solution for every inch on the network, as long as you are willing to work with five different vendors.  Implementation is labor intensive and expensive. Moreover, IT leadership struggles when selecting vendor software because the solutions are diverse with no single vendor able to meet all requirements and use cases, especially with decentralized organizations.

Safely On-boarding All Devices

On-boarding devices onto the network in a distributed organization is not hassle-free, often slowing productivity down. Additionally, compliance must be enforced across the organizational network, no matter which location around the world or which device is being used. At the same time, if one of your team members lost their computer, there should be a clear path to prevent that device from on-boarding the network.

Cybersecurity Posture

Many CIOs and CISOs have the constant burden of dealing with and maintaining the organization’s cybersecurity posture while potentially being targeted for cyber-attacks. With cyber-attacks being on the rise and in the news every week, it is no longer a question of if, but rather a question of when one’s organization will be under attack. And so the question arises – are we as prepared as we could and should be?

The network complexities outlined here may be preventing many from establishing optimal solutions and procedures for their organization, especially those that allow full visibility and risk management, not even imagining how serious the threats are till it is too late. Is it really going to take a complete data breach before we do anything about it? Can’t we just learn from other organizations’ mistakes and misfortunes? (Note the 2017 WannaCry attacks for example). Still, once IT departments have been burnt by unsuccessful NAC projects, they might be slow and cautious before initiating the implementation of a new and ideally – better – technology.

Looking for an easier NAC project?

Now, there is another way. Portnox CLEAR offers a solution that allows for simple deployment, without compromising on security across the enterprise.

Sign up for your FREE 30 DAY TRIAL with PORTNOX CLEAR NOW.

Using Blockchain to Solve IoT Security – PART #1

By | Cloud Security, IoT Security | No Comments

In his recent thought-provoking lecture at InfoSec Europe 2018 and in his recent article, Ofer Amitai, CEO and co-founder of Portnox Security, explained that in the future blockchain technology could play a significant role in achieving increased security for IoT (Internet of Things) devices and machines due to its decentralized ledger and peer to peer communications that suit IoT machines communicating amongst themselves without human intervention. He outlined a few futuristic scenarios which he believes will become a part of our normal life routine within 5-10 years and that it will be crucial to have outstanding and solid trust-protocols to be set in place so that this future can operate seamlessly and securely. The recent lecture and article have brought up a few questions that have been posed to Mr. Amitai, and in his answers he continues to outline notions regarding our global technological future.

Q: Regarding blockchain tech being “tamper-evident” – If the goal is to use an IoT device to start a DDoS attack, criminal theft, etc., couldn’t the cyber offenders still get away with what they wanted to do?

Amitai: “I believe hackers could check which devices do not have the latest software and security updates, according to the ledger and those potentially might be a target via the identity of the device. In a situation where an IoT machine has verification of the latest update, then it is less likely to be hacked.

The blockchain will create a new data base of IoT devices: it doesn’t mean that you can locate the device, but just by looking at the ledger you can map the devices that are not updated, and hackers could potentially use that for their advantage, knowing which machines don’t have the latest security patches, updates, etc. Then again, if the IoT security programmers are using that ledger to create a trust score, then it wouldn’t help hackers because those devices would have a low trust score and ideally, they wouldn’t be able to transact with most other machines. There would be a race here between the IoT devices to become updated, and cyber offenders wishing to hack and get into the devices.

The Identity on the ledger should uniquely identify the machine, but still keep it safe and anonymous on the ledger – so you wouldn’t know how to communicate with that device just by looking at the blockchain, or be able to pin point it physically, so they have some level of anonymity. You won’t be able to use it like Shodan to hack IoT devices and machines.”

Q: In your lecture at InfoSec Europe you mentioned that within 5-10 years IoT connected devices and machines will be performing transactions on our behalf. Where else do you see this happening? In which industries? Where in the world?

Amitai: “I believe we will see it in the area of virtual assistants, so you’ll have a lot of machine to man transactions, and also machine to machine, such as ‘please book a hotel for me online’; ‘get me a taxi please’, and the taxi is an autonomous car, and so the virtual assistant communicating with the autonomous taxi would be machine to machine communications; tourism and booking trips; transportation; hospitality. Did you see the new Google virtual assistant launch? Well in the future the conversations will be between machines.

IoT household machines for example – the fridge in your home orders items from the grocery store that will deliver everything, without humans being involved. And it will be interesting to see logistically how those deliveries take place, what types of physical infrastructure will have to be in place for that to happen.

Predictive maintenance is where a machine will order components like a battery that will arrive there, in order for the machine to fix itself! In other words, machines will notice when their battery isn’t going to recharge anymore and take actions to order a new one. So machines will be able to fix themselves.

Pizza delivery – if I have a lot of connective points with IoT cars and smart city traffic lights I know how fast the pizza will arrive – the more data points I have, the more I can predict how fast the deliveries will reach any point in the city.

It is interesting to see what happens with big shipping like ZIM containers in the future. Companies are already working on autonomous ships. Typically, you have a whole crew of people manning supply ships. It’s a big operation and those ships and crews are in danger of being kidnapped… then ransom is demanded, and if ships are working autonomously, then sure, people could still try to steal them or goods from them, but then you don’t have to worry about human lives, you can hookup security cameras all over the ships, and if someone comes to steal anything you could deploy law enforcement but at least human beings wouldn’t be in harm’s way. So potentially this type of piracy would disappear from the world.

Think about parking lots. In the future, your car could drop you off at work, and then go find a parking space on its own. If the car has a good trust score it will be granted access without an issue. Then it could come back to pick you up at the end of your work day.

In the end we want to have automation of processes and have less interaction as humans with machines, especially in supply chain and manufacturing, where there are areas of friction with humans. The less people are involved – the smoother it will be.”

We will continue our exciting conversation with Ofer Amitai in part 2, in which Ofer will discuss examples of machine to machine communications that are already in use today; policy setting and the need to be prepared for the new security risks of tomorrow.

How Can IT Safely Embrace Digital Transformation?

By | Cloud Security, news | No Comments

The digital transformation of business gives employees flexibility and choice, which can increase productivity, enterprise revenues and job satisfaction. Moreover, it allows companies to expand to more cities and countries, growing their direct markets, but at the same time, it opens up a whole new batch of cyber threats. Portnox’s CEO and Co-Founder, Ofer Amitai, looks at how IT should safely embrace the benefits of digital transformation and explains why CIOs and CISOs need to implement strategies that meet the ever-changing needs of the company and allow for flexibility, scalability and agility of the mobile and digitally transforming enterprise.

Published in Business.com.

Read the full article here.

Employees Working All Over The World? Learn How to Protect Your Network from the Cloud

By | Cloud Security, Portnox Technology | No Comments

Every enterprise has a different pain point when it comes to security, whether it employs a large remote workforce or the company operates at a global scale. According to a survey by Gallup, 37% of U.S. workers have worked from home, which is up from 9% in 1995. This trend in an agile employee base allows companies to be competitive with one another when hiring talent, but it is leaving back doors and heightened risks to your network. With the right technology, companies can control access to its networks in any region and from any device.

Here are two use cases where NAC as-a-Service helps organizations control its network security. You can read more in the NAC-as-a-Service eBook.

Enterprises with Remote Workforces

As companies adopt work from home policies, it is raising security concerns for IT departments. Remote workers and co-working spaces aren’t just for startup entrepreneurs anymore. In fact, Fortune 500 companies like GM, GE, IBM and Microsoft all rent office spaces from WeWork. According to Gallup, the average U.S. employee works remotely at least two days a month. 9% of those polled work from a remote location for at least ten days a month, whether that is from their home office or a more public location.

Remote employees often connect to wireless networks that are also being accessed by other individuals whether the employee is at a coffee shop or traveling using their hotel’s guest Wi-Fi. Many companies require remote employees to authenticate their devices via a virtual private network, but enforcing VPN policies can be difficult. Using these connections may leave back doors open for hackers into the enterprise’s network.

With NAC-as-a-Service, IT departments gain visibility into their network endpoints from the cloud, giving network administrators the contextual knowledge to be confident their data and networks are secure. With strong authentication credentials, NAC as-a-Service prevents unauthorized access.

Global Companies Looking to Minimize Risk

With the growth of BYOD, IoT and companies scaling their business globally, the need to control network endpoints and streamline security practices for the network is higher than ever.  Managing global networks with multiple regional offices can be daunting. With global corporations like GE, IBM, and Microsoft encouraging co-working spaces more IT departments are sitting down to minimize the potential risks to their network. If a vulnerable device is attempting to join the network at a regional office or a shared office space like WeWork, it may put the entire global network at risk. Many traditional NAC solutions are on-premise and some regional offices may have differences in their security policies. Streamlining these policies are crucial, and with a cloud NAC solution there is no requirement for any hardware or complex installation, and can, therefore, be streamlined across a global network from the cloud.

Whether you are managing regional offices or your IT department is authenticating your work at home employees, with NAC-as-a-Service small businesses and large enterprises can monitor their risks and secure entire networks with ease. Portnox CLEAR works to put IT department’s minds at ease with NAC via the cloud whether your company works at a global scale or you are retaining a large remote workforce.

Interested in reading more about the next generation of NAC? Read our NAC-as-a-Service eBook.