Category

Network Security

Cyberattacks ≠ Compliance

Cyber Attacks ≠ Compliance

By | Network Security | 433 Comments

In our recent “Cyber Threats Cannot Compete with Strong Compliance” blog, we covered cyberattacks in the financial and retail industries and the importance of visibility, network access and control, and risk management to achieve strong compliance, defend against cyberattacks, and grow a successful and secure business. In this blog, we take a quick look at the attacks that hit government and medical industries, the regulations these verticals face and how to build a strong compliance foundation. A deep dive into each of these verticals can be found in “The Compliance as a Strategy for Business Success eBook”.

The DNC Got Phished

How did Russian hackers gain access to the email correspondences of the Democratic National Convention throughout the recent US election? The answer is by using the oldest trick in the book: phishing emails. In one case, John Podesta, chairman of Hillary Clinton’s campaign received a phishing email, which was in fact correctly identified as such by an aide. The problem was that the aide accidentally made a note calling the email “legitimate” instead of “illegitimate”, leading Podesta to open the email. This single mistake placed over 60,000 highly sensitive emails in the hands of the Kremlin, which went on to distribute the information to websites like WikiLeaks.

Even after the FBI sent a special agent to warn to the DNC of the phishing emails, their IT did not respond to the warnings because computer logs did not reveal any intrusion. Podesta should not have required an aide to manually mark the email as illegitimate. Had the DNC incorporated an agentless solution into their network, they could have automatically monitored, identified, tagged, or blocked a potential attack.

The Dark Web Over the Medical Industry

Since 2010, the number of attacks against healthcare providers has risen by over 125% and risk levels in the industry are now at the highest ever. In fact, just last year, cyber criminals hacked over half a million patient records and began selling them over the Dark Web for profit of approximately $365 per record. That is about one-third more costly than selling stolen financial records – no wonder that this form of theft is growing at a dizzying speed. Part of the big issue is that hospitals, private clinics, vendors and insurance companies all share digital information, which of course creates the perfect conditions for cyber-criminal activity.

There is no doubt that the medical industry is struggling to uphold HIPAA regulations regarding privacy, security and enforcement. As medical connected devices continue to grow, a solution that is scalable across a wide range of institutions is a must. It is crucial that every institution sharing this data implements a solution that enables security teams to have complete visibility of all connected devices in real time, including switches, wireless controllers, VPN gateways, and routers.

A Boardroom, Samsung and the CIA

Among the 7,800 CIA records released via WikiLeaks, it was revealed how the CIA has been taking advantage of devices like Samsung’s smart TVs to spy on people across the United States.  Under the codename “Weeping Angel”, the CIA used malware that makes the television act like a bug and send recordings back to them.

Samsung had already warned within its privacy policy that the voice recordings are uploaded to servers and can be passed on to third parties. However, while it is possible for the user to shut off the microphone completely, the CIA found a simple way to circumvent that. As such, organizations need to check the state of their equipment, whether it be a smartphone, laptop or a TV screen. Any device that can record and has access to the internet is susceptible to hacking. Companies must safeguard their equipment and implement practices like device lock-down, micro-visibility, and risk monitoring.

Whether you run a financial, governmental, retail or healthcare organization, it is essential to see, control and automate your network. Without full network visibility, it is impossible to control devices or maintain compliance standards. The challenge for many is how to maintain a level of security (even large companies struggle to attain compliance) often with limited resources and budgets. Portnox’s advanced technology – available both on-premise and in the cloud – gives security officers and network operators the tools they need to see and control any device, at any time, from any place. With these tools, Portnox makes compliance a more straightforward and smooth process, setting your business up for success.

Download our new eBook on “Compliance as a Strategy for Business Success and learn how you can stop cyberattacks by maintaining strong compliance and visibility over your network.

Cyber Threats Cannot Compete with Strong Compliance

Cyber Threats Cannot Compete with Strong Compliance

By | Network Security | No Comments

2016 saw several high profile cyber-attacks, which resulted in costly breaches and damages to reputable companies and corporations. There have been several discussions in how to effectively preempt such cyber-attacks with solutions ranging from firewalls, endpoint device security, to network access management solutions.

Mindful that many industries maintain tough regulatory standards, companies are now required to implement automated systems to keep up with reporting, while also preventing breaches. The “Compliance as a Strategy for Business Success eBook” covers the key points that need to be considered when trying to achieve security compliance for regulations like SOX, HIPAA, PCI-DSS, FISMA, and GLBA. For instance, any company that stores, processes, or transmits cardholder data, must be PCI-DSS compliant. Compliance includes restricting access by what businesses need to know, creating processes to provide user access to system components, initialization of audit blogs, and more. However, these processes come with significant cyber risk.

If the cyber-assaulted companies had stronger foundations for compliance, they would not have needed to devise new and expensive technologies.

The Importance of Visibility to Achieve Compliance

When Yahoo Got Stuffed

Yahoo is no stranger to breaches. This past year it came to light that nearly 1 billion Yahoo accounts had been compromised between 2013-2015. How did this happen and what could have been done to mitigate or even prevent the hacks all together?

This was a type of mass-scale brute force attack called “cyber stuffing” which took advantage of previously hacked credentials by inserting them into random websites via automation until they found a match. Automation allowed this attack to be conducted quickly and more often than not, completely anonymously. Shuman Ghosemajumder, CTO of Shape Security, found that credential stuffing is successful in 0.1-2% of attempts and considering that many people reuse passwords across a range of websites, it can be damaging. This is especially concerning because as a publicly tradable company Yahoo is subject to SOX compliance, which was designed to protect data integrity via compliance.

If Yahoo had implemented an intelligence engine to provide admins with wider and deeper visibility of their network in real time, they would have better understood the warning signs presented in 2008 by Carnegie Mellon University’s Software Engineering Institute. The institute urged Yahoo to replace their encryption technology, MD5, which was considered cryptographically broken. Despite years of warning before the major hacks of 2013-15, Yahoo never brought the encryption up to date, because they lacked visibility and oversight.

The Ghost of Bangladesh Central Bank

 In February of 2016, $81million disappeared from Bangladesh Central Bank and was subsequently laundered in casinos throughout the Philippines. Cyber criminals used bank employees’ stolen Society for Worldwide Interbank Financial Telecommunication (SWIFT) credentials to send dozens of fake money transfer requests to the NY Federal Reserve, requesting a total of a $1 billion to be transferred to various bank accounts that had been set up a year earlier in Asia. While most the requests were blocked, $81 million was released in four transfers of about $20 million each. So how was the heist pulled off and what could have been done to stop it?

The hackers implanted malware on end-point devices on the bank’s network, which prevented the automatic printing of SWIFT transactions. This undoubtedly, brought the bank into conflict with GLBA, which demands financial institutions to protect data. Both the bank and the Federal Authorities are playing the blame game. The Feds claim they followed protocol which permitted several transfers, while blocking dozens of others. There is no doubt that lack of end-point visibility and virus protection were massive issues here. The theft could have been avoided if both the bank and the Feds had total control over all network infrastructure.

To become security compliant and run the business successfully, companies need visibility on what is happening on the network. In other words, what devices are connected to the network, when they connected, what OS, applications and services they are running, who has access to what data, and proof that mechanisms to secure private data are operational. Without visibility into what is on the network, it’s impossible to control the network and ensure compliance. Check out our “Compliance as a Strategy for Business Success eBook” to grow a successful and secure business.

Back to the Basics with Your Network Protection

By | Network Security | No Comments

Old-time marathon winner and runner Bill Rodgers once made the comment that, “Every race is totally different.” And if this is true in the relatively predictable world of marathon running, it is even more accurate in the race against cyberterrorism, where – whether we like it or not – each day brings with it unforeseen challenges that threaten the integrity of the network.

The question is how best to approach network protection successfully despite the ongoing development of unexpected threats. The truth is that throughout 2016, we’ve had more than ample opportunity to consider this question. From the involvement of hackers in the U.S. elections to the IoT DDoS attacks of October 21, last year saw some shocking stories of breaches. With all of that behind us, 2017 is not a moment too early to take stock, explore the options – and perhaps, go back to the basics and adopt some old-new security strategies that provide greater visibility, improved resilience, increased automation, and better security.

An Unfortunate Side of “Things”

The distributed infrastructures of today’s networks make businesses more vulnerable to attacks, with IoT and BYOD adding a huge degree of complexity. The threat is simply greater – so much so that, according to Gartner (as quoted on TechCrunch here), the security market is predicted to grow to the whopping size of $120 billion by 2020.
As pointed out in the eBook, The Top 5 Misconception of IoT Network and Device Security, IoT devices represent the weakest link of today’s corporate network. To make matters worse, because most users are unaware of the threat, most devices are not even set up securely. (to learn more, read the eBook preview here.)

Because Seeing is Believing

Part of why IoT and BYOD have changed the situation so drastically is that new devices (both managed and unmanaged) are constantly being connected. Any device connected to the network can potentially function as a gateway into your infrastructure.

It has become all too common for there to be a “disconnect” between the number of devices the average IT administrator thinks is attached to the network, and how many devices are actually there. Shockingly, it is not unusual for the disparity to be as high as 20-30 percent.

In approaching the protection of any network, visibility is key – because you cannot protect what you cannot see.

An Innovative Approach to Today’s Security Challenges

A Next-Gen network visibility and access control management solution such as Portnox CLEAR continues to provide ongoing and comprehensive protection against hackers. With Portnox CLEAR, an organization can be hermetically covered, and IT and CISOs regain the visibility and continuous risk assessment they need.
Portnox CLEAR gives you 100% visibility of all devices, including managed and unmanaged devices. With this comes greater control and security, and the ability to develop new strategies – particularly, segmentation of IoT devices, so that they only access a limited part of the network.

The Need for Speed

Portnox CLEAR handles the complexity of today’s networks through Continuous Risk Analysis (CRA), which provides more flexibility than the approach of a one-time “grant or deny.” CRA is built to provide protection in a reality that involves a broad range of devices as well as “anytime, anywhere” connectivity.
CRA is a response to the need to act fast in the geo-distributed mobile workforce of BYOD and IoT. Replacing the old tactic of periodically scanning, CRA provides a real-time approach to network admission control that allows you to continually assess endpoint risks to the network.

Putting It All in Context

Portnox CLEAR also offers an unprecedented degree of context awareness, monitoring changes in hundreds of parameters and correlating multiple context attributes. This provides an adaptive and more analytic approach to risk determination, and facilitates the development of security assessments that are much more comprehensive – taking into account considerations such as time, network location, user identity, and scenario.
Context awareness is particularly significant to today’s cybersecurity because it facilitates the discovery of anomalies – both as relate to device behavior, and as relate to the status of the network.

100% Visibility and Real-Time Access Control

Portnox CLEAR offers ongoing network visibility and access management control so that you can keep your network safe, with real-time risk assessment that mitigates the cybersecurity threats.
As a cloud-based endpoint security management solution with context-aware security assessment capabilities, Portnox CLEAR is up to the challenge of optimally protecting the security of your network.

5 Best Practices To Protect Your Network

By | Network Security | No Comments

As with everything else in life: so many network security options, so little budget. How do you know which one will best protect your network, users and devices? No need to agonize over endless hours of research, we’ve shortlisted the five critical elements of cyber security: firewalls, NAC, anti-virus software, proxy servers, and endpoint security.

Read More

Hot Cyber Security Events You Simply Cannot Afford To Miss in 2017

By | Network Security | No Comments

Want to stay ahead of the game? The following list of cybersecurity events will help … and they are fun too..

Cybertech Israel  

Jan. 30 – Feb. 1, 2017

Tel Aviv, Israel

Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. This conference, which explores many different vertical market applications, will cover many topics of interest including the following: Cyber solutions for heavy industry; IoT Advanced security solutions; and Finsec – cybersecurity for fintech.
Speakers include leading figures in the politics and cybersecurity industries, such as PM Benyamin Netanyahu, Gov. Rick Synder, Yossi Vardi, David Jones, Dr. Orna Berry and more.

RSA  

Feb. 13-17, 2017

San Francisco, CA, USA

As if this conference needs an introduction. The annual RSA exhibition has dedicated conference paths that provide sessions targeted at different cybersecurity specialities, for example, the ‘Technology Infrastructure & Operations’ and ‘Mobile & IoT Security’ tracks caught our eye. Some additional new highlights for 2017 include a larger campus, options to pre-book sessions and more. Sessions that we are particularly looking forward to are “Securing the Converged Cloud” and “Survival Guide in IoThreats Era”.

InfoSec World Conference USA

April 3-5, 2017

Championsgate, FL, USA

Hear from world class speakers on topics such as:

  • IoT Security and its Impact on Your Job
  • Your Data was Breached, Now What? An Interactive Incident Response Tabletop Experience
  • Launch, Detect, Evolve: The Mutation of Malware

The event also hosts an expo featuring world class companies and products, tech update sessions and exclusive book launches with author meet-and-greets. There is an option to buy an ‘expo only’ ticket that permits you access to some sessions as well as the trade show.

Get Your Free IoT Security Risk Assessment With Portnox

FS-ISAC USA

April 30 – May 3, 2017

Lake Buena Vista, FL, USA

A cybersecurity event that targets 90% of the largest financial institutions across banking, brokerage, insurance, card companies and payments processors. It boasts an attendee list of top information security executives within the financial services industry. The agenda for this year’s summit has not yet been released, past events have included sessions on topics such as, new wave destructive malware; DDoS insights; incident response; protecting your BYOD enterprise and convergence of physical and cyber security. FS-ISAC is your go-to source event in financial security.
FYI – this show has a European version (see information below: FS-ISAC Europe  – Nov. 6-9, 2017, Barcelona, Spain) and another taking place in Singapore. FS-ISAC APAC – April 3-4, 2017.

Interop

May 15 – 19, 2017

Las Vegas, NV, USA

2017 will be the 31st year of this conference that will explore ‘a year’s worth of tech insights and education in 5 days’. Don’t forget to check out the 6 specialist tracks to make sure you get the more out of this event.

Exhibitors include 100 + leading and emerging technology companies. Interop is sponsored by VMware, Cylance, Watchguard, AT&T, IBM Maas360, Zoom and more, so you know there is going to be plenty to see.  If that’s not enough, attendees are encouraged to attend happy hours and block parties.

The IoT Summit  

May 16 – 18, 2017

Santa Clara, CA, USA

The goal of this summit is to bring together leading C-level executives, analysts and solutions providers to discuss and discover the latest IoT business and technology trends. Session take various formats like round-tables and focus groups led by speakers from leading technology companies (such as HP, Nokia, Cisco, Intel and more).

Topics covered explore IoT applications and services, IoT enabling technologies, IoT architecture and standards, such as:
NFV and SDN – Building the Network of the Future
Environmental Impacts of Circuits Everywhere
Planning for a Multi Cloud Future
The Evolution of the Private Cloud

InfoSec World Conference Europe

June 5-8, 2017

London, UK

Infosecurity Europe is expecting over 13,500 visitors this year and although the 2017 agenda hasn’t yet been posted, we know that each year this conference features many sessions on NAC. Watch this space!

Get Your Free IoT Security Risk Assessment With Portnox

Gartner Security & Risk Management Summit

June 15 – 17, 2017

National Harbor, MD, USA

The Gartner Security & Risk Management Summit 2017 is targeted at attendees in top CIO and CSO roles. The agenda for this year’s summit has not yet been published but we recommend taking a look at last year’s timetable, to help you prepare. We believe the format will be the same, so do not forget to check out the specialized tracks: CISO program, IT security, security architecture, BCM, risk management and compliance and the security marketplace. We are looking forward to hearing from Gartner’s top management and leading analysts.
Among the exhibiting companies are IBM, Thales, Cylance, Varonis, Symantec, HP enterprise, Verizon, Sentinel, AT&T.
BlackHat
July 22 – 27, 2017
Las Vegas, NV
While full information isn’t yet available on BlackHat USA 2017, you can watch presentations from past shows here. We particular recommend this video on Forensics in cloud computing, an interesting view on the possibilities of virtual machines on the cloud. For more than 18 years, Black Hat has provided attendees with the very latest in information security research, development, and trends in a strictly vendor-neutral environment.
FS-ISAC Europe
Nov. 6-9, 2017
Barcelona, Spain
The European version of FS-ISAC, only second to the United States, has published a thumbnail of its agenda. Take a peak at:
Reducing Your Attack Surface: Detect and Manage Web Components,Third-Party Software and Shadow IT
Phishing Mitigation – No Size Fits All
How a DDoS Attack Catapulted ING Bank’s Threat Intel Capabilities – A Case Study
Session descriptions can be found here.

Demo CLEAR today!

Portnox will have a presence at the leading cybersecurity events throughout 2017. Contact us to schedule a meeting with Portnox at one of these shows to discuss your network access control needs. We look forward to seeing you there!

Continuous risk assessment of endpoints or a one-time audit?

By | Network Security | No Comments

Are you up to speed with your cybersecurity?

Do you really know, in real-time, who is hooked onto your network? Do you have full control of the entire network and all its components, as well as all the devices that need to connect to it? Are all the users keeping their devices secure and free of ransomware?

In a world of hyper-fast services, cloud computing, a geo-distributed mobile workforce, BYOD, and IoT, it is truly a daunting task to control the network and all its endpoints with a key element of success being speed. Therefore, the only solution for the IT security officer is to adopt a new approach; Continuous Risk Assessment (CRA) is a real-time approach to network admission control, an approach that recognizes the need to speedily and continually assess the endpoint risks to the network.

Your network is only as strong as its weakest security link – therefore CRA calls for constant monitoring of the endpoints. The traditional auditing approach of periodical scanning simply lacks the crucial element of speed, which enables network and security teams to stay ahead of cyber attackers by discovering new risks in real-time, acquiring decision supporting data, reacting to changes and anomalies and delivering protection on a continuous basis.

Avoid the 5 Pitfalls of NAC – Get our Free Whitepaper Today! 

The benefits of Continuous Risk Assessment (CRA)

The National Institute of Standards and Technology (NIST) defines Information Security Continuous Monitoring (ISCM) as:
“Maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.”

According to NIST, risk assessment is to be conducted in a frequency that supports a risk-based security decision system and enables adequate protection of the organization’s data.

Furthermore, NIST experts specify that ISCM should be:
“…sufficient to ensure and assure effectiveness of security controls related to systems, networks, and cyberspace, … in accordance with organizational risk tolerance – and within a reporting structure designed to make real-time, data-driven risk management decisions“.

The above recommendations are easier to understand when continuous monitoring is reviewed in light of the major benefits, which a top notch CRA solution should entail. These benefits are:

Proactivity – Real-time CRA must provide organizations with immediate visibility of the security state of the network and all the devices connected to it, reporting their potential vulnerabilities. This enables organizations to address potential issues before they become security breaches. Organizations using CRA are taking a proactive approach to avoiding breaches, instead of investing an ever growing effort in detecting breaches that have already occurred. This approach entails effective management of high-risk devices, proactively preventing future threats.

Updated Context-awareness– The traditional audit approach is based on using pre-defined compliance parameters to determine a risk to the network at the time of the scan/audit. The CRA new approach depends on real-time and continuous update of varied risk factors by:

  • Monitoring changes in hundreds of parameters
  • Analyzing and correlating to multiple context attributes
  • Taking historical records into account

Continuous monitoring brings an analytic and adaptive approach to risk determination. It does so by correlating hundreds of parameters and keeping the security policy updated at all times. Security status analysis is context-aware (time, network location, user identity, and scenario are all considered), identifying anomalies in the network security status and/or in device behavior.

Anywhere, anytime functionality – In a world with no boundaries and a high diversity of endpoint types, CRA must provide capabilities for monitoring devices  in any location, no matter what type they are and what type of data is being transferred, or where they are connecting from.

Continuous monitoring must keep the network secure even if employees take their corporate laptops home or connect their phones from a hotel during a business trip. Alternatively, the network needs to remain secure even when staff connect their personal smartphones at the office. CRA must function on and off the corporate network and remain relevant for all current types of devices and OS’s.

Complete Integration – A silo solution cannot work in today’s complex IT scenarios. Stand-alone vulnerability scanners will be abandoned, simply because they are not an integrated part of the entire network operation.
Continuous monitoring procedures must be integrated into the organization’s network infrastructure.

One approach towards achieving this goal is a tight binding of risk assessment with access scenarios, in particular with the network admission (NAC) solution. In the ideal approach, CRA ultimately becomes a natural and deeply integrated part of admission, starting from device on-boarding and continuing with device authentication and re-validation before permitting access to the network.

Automated Action – The desired solution must offer an actionable, preferably fully-automated processes to already determined risk factors.  A report of problematic issues is only useful when it is also clear what protective actions need to be taken. For example, quarantine of a risky device or an adaptive approach to VPN authentication related to device risk levels. CRA helps assess potential risks, prioritize resolutions and initiate protective actions.

Portnox CLEAR –  on/off premises continuous risk assessment solution

Portnox CLEAR is a cloud-based network access control (NAC) and endpoint security management solution, offering a cohesive approach to Continuous Risk Assessment. As opposed to stand-alone vulnerability scanning tools or NAC solutions with a naïve approach to endpoint stateless posture, Portnox CLEAR delivers ultimate control over users and devices, which can access your network anywhere, anytime. It does this through various access layers, while continuously, pervasively monitoring and understanding endpoint risk in its real-time context.

Portnox CLEAR enables real-time risk assessment of devices – on and off customer premise networks. We know how to take smart actions and proactive access decisions, based on the risk from devices attempting to access your network. Device profiling reports are continuously updated, for complete integration and automation.

With Portnox CLEAR, network and security teams enjoy the full benefits of the CRA approach to network access control. They will  really know, in real-time, who is hooked onto the system; to have full control of the entire network and all its components, as well as all the devices that need to connect to it, knowing they are all compliant with NAC policy.  The answer to the concerns, which opened this post is a resounding YES with the Portnox CLEAR solution to CRA from Portnox.

Your VPN is Only as Strong as Its Least Secure Endpoint

By | Network Security | No Comments

If you are like most companies, your corporate VPN is a critical part of your infrastructure—and it’s getting a heck of a workout. Thirty-seven percent of all workers in the U.S. now telecommute. Even if your workers are in a more traditional office, many of your employees will be traveling at any given moment. You might even have remote offices in other countries. With so many remote workers taking up bandwidth on your VPN, how do you audit their devices?

The concept of BYOD is busily colliding with the concept of VPN. Seventy-four percent of companies now incorporate BYOD policies—and yes, BYOD absolutely makes VPNs less secure. Sure, you have trust in your VPN and some level of safety in knowing only those set-up to use your VPN are actually connecting. As for the devices that your users are using to connect, however, it’s impossible to know if their configuration makes them insecure.

Download: The 802.1x Sting Whitepaper Now!

Let’s face it—once a corporate or BYOD endpoint leaves the security and control of your network, it is no longer available for you to scan, health check, validate or update. You don’t know where it has been, who it’s been with and most importantly how it might have changed. Yet, you welcome it to rejoin your company network at any time from anywhere via your VPN—after all, you trust the user and they have the authorization to use the company VPN, what could go wrong?

A Compromised VPN Could Be a Ticket to Your Worst Nightmare

Here’s a doomsday scenario: you could lose millions of dollars. Not from customer lawsuits (as in the case of most data breaches), or in reputational damage. You could have money stolen from you directly. This was the case when hackers used malware known as the Carberp Trojan to steal over a billion dollars from various banks over a three-year period.

Essentially, the attackers were able to use their malware in order to compromise the computers of trusted bank clerks. This malicious software allowed the attackers to remotely control computers in a manner similar to helpdesk software such as Teamviewer or LogMeIn. Because the clerks’ computers were already logged into the bank’s trusted network, the attackers had no difficulty rooting around and transferring billions of dollars into their own accounts.

You Can’t Trust Users with the Security of Their Own Devices

Did the Carberp attackers have much difficulty compromising administrators at those big banks? They did not—they used simple phishing attacks, which one in every three users will fall for, according to the 2016 Verizon DBIR. Even if you’re relatively confident that your users won’t be fooled, Murphy’s Law will go after you in any way it can.

Maybe your users disabled their firewalls. Maybe while traveling the anti-virus has not been updated. Maybe device encryption was disabled. Any number of things could change at a device level that would make the device a risk to your company. Any of these vulnerabilities leave the endpoint vulnerable to takeover, and could allow attackers to spread malware or intercept communications over your private network.

Choose an Intelligent Gatekeeper for Your VPN

Portnox CLEAR picks up when a device is no longer in the grasp and control of your company network and tools. An easy-to-deploy cloud solution, Portnox CLEAR maintains continuous real-time awareness of a device whether it’s on or off your network. CLEAR is always aware of the current risk posture of a device, and keeps constant tabs on the firewall, antivirus, patch level, and more.

Most importantly, CLEAR is not just aware—it’s active. VPN access is only permitted to devices who have a sufficiently low risk profile, based on the monitoring above. It’s no longer okay for any device that has VPN access to connect—with CLEAR you now have the added security knowing the device connecting is still in compliance. What’s more, CLEAR can prevent lost or stolen devices from accessing the private network by implementing two-factor authentication for VPN connections at no additional cost.

With CLEAR, you can let your devices travel, let them work from home, visit Starbucks, and attend seminars—and let them connect back via your VPN with the security, trust, and awareness Portnox CLEAR provides.

Start your CLEAR Free Trial Now!

Wireless Guest Network in Less Than 10 Seconds

By | Network Security | No Comments

We’re happy to announce the production readiness of our new and innovative capabilities: a cloud-based Guest Network with a highly customizable CLEAR Captive Portal.

Portnox CLEAR customers who added guest subscription can now offer their corporate visitors, contractors, students and customers Wi-Fi connectivity following less than 10 seconds (!!!) of configuration, without having to install any on-prem component and without compromising the security of the corporate network.

Portnox CLEAR offers the entire infrastructure stack for a guest network as a SaaS service which includes a Cloud RADIUS, a CLEAR Captive Portal web app, and a management system for configuring and monitoring guest network activity. At a single click in the CLEAR Portal, the entire infrastructure is immediately activated for your visitors, BYOD-owners and students who will use a branded, web-browser login to connect to the guest WI-FI. No agents or on-prem components are required, merely a wireless access point and a CLEAR account.

Find out more about Portnox CLEAR

The Portnox CLEAR Captive Portal offers the following authentication methods for accessing the guest WiFi:

1. “Lobby administrator” mode – enables granular and centralized control over who can access your guest network and when. In this mode, the administrator defines the CLEAR Guest Account prior to the guest visit and can control various parameters of this account, including expiration time. CLEAR also provides a special administrative Guest Admin role, which provides only guest management permissions in the CLEAR Portal without any ability to see or change other aspects of Portnox CLEAR configuration.

2. No authentication (disclaimer only) mode – The guest merely needs to acknowledge a disclaimer. The disclaimer (“acceptable use” statement) is customizable; a CLEAR Portal administrator can define both the text and the formatting of the disclaimer.

3. “Sponsored” guest mode – A guest is required to provide a sponsor’s email upon registration in the Captive Portal. Sponsors, usually administrators or people defined as sponsors inside the organization, automically receive an email with a request to Grant or Deny guest access. If access is granted, the guest receives an email with access credentials. This authorization workflow is fully-automated, does not require access to the CLEAR Management system, and requires only email.

The Portnox CLEAR architecture enables you to configure Wireless security and Guest Networks in a way that both fits your corporate needs and requires the lowest investment of administrator time.

Start your CLEAR Free Trial Now!

Network Admins: How Many of These 5 Morning Rituals Do You Follow?

By | Network Security | No Comments

Mornings can be rough. If you’re a network administrator, the beginning of a day can be particularly difficult.
You come into work not only wondering how your company’s systems fared in the eight hours or so since you slept and last checked statuses, but you also dread dealing with the many new issues that will arise during the day. And that’s on top of your longstanding list of pressing projects, which keeps getting longer.

After speaking with a number of our customers, we’ve written this quick list of  recommended steps to a smoother morning and day. By following these five rituals every a.m., your job as a network admin will become a lot more predictable, less stressful and hopefully easier.

Check Alerts

A disruption in network traffic will cripple business operations, so you want to stay on top of any potential problems. Your company probably relies on a network monitoring system to keep track of the large volume of network activities. Make checking the monitoring system’s alerts the first thing you do every morning, without fail. Although your other tasks are undoubtedly important, business simply can’t function if the network fails.

Avoid the 5 Pitfalls of NAC – Get our Free Whitepaper Today! 

When traffic utilization exceeds your defined threshold settings, the network monitoring system will produce alerts. Alert profiles will let you see what’s up, down and somewhat in between within your thresholds and allow you to react accordingly before a link goes down or flow is about stop.

Read Reports

Daily reports can include: uptime checks for each host, log summaries (or raw logs: dmesg, maillog, secure, messages), hard disk (storage volume) free space and errors, backup status, and performance metrics such as CPU utilization. While monitoring the same systems day after day might seem mundane, it helps plan capacity. You have to know when to upgrade, replace equipment and order new services. Monitoring and reading reports are essential.

Check the WAN  and the Internet link

A workforce without Internet access is a grumpy and somewhat limited workforce. Staying on top of your Wireless Wide Area Networks (WAN) and internet links keeps everybody working….or happy on Facebook. Check the bandwidth allocation of your networks so that all can continue to download and upload large files and effectively use the web. Bandwidth issues can also reduce data-transfer speed between the main office and branch offices. Don’t forget about those distant employees.

Stay on Top of Help Desk Requests

Technology doesn’t always cooperate. Employees who aren’t tech savvy or who actually want to comply with IT rules will submit help desk requests, hoping that IT can respond as soon as possible. Even though some requests may seem frustrating (the printer is jammed, again!) answering them as soon as possible will keep operations flowing and engender a respect for IT protocols. In other words, if you’re there for employees, they’ll be there for you and will think twice about downloading an app without permission. Review the latest help desk requests each morning and prioritize when you can answer them.

Avoid the 5 Pitfalls of NAC – Get our Free Whitepaper Today! 

Commit/Save Network Equipment Changes

It’s a common practice not to save changes in network equipment right after doing them. So if you made changes last night, but forgot to save them, make sure you remember to save the changes in the morning! Make a note or create a reminder on your smartphone.

Network Visibility: How Can You Protect What You Don’t Know Exists?

By | Network Security | No Comments

This is the third post in the series about Network Access Control (NAC) is and why it is a central element to keeping enterprise environments protected.

Network visibility or endpoint visibility, is the essence of cybersecurity. How can you protect something that you don’t know exists? How can you identify the weakest links in your network when you don’t know what they are?

I’m borrowing a cliché from San Tzu’s the Art of War to emphasize the importance of network visibility:  “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” Clearly San Tzu believed in “knowing” yourself.

Regardless of whether you relate to war anecdotes old and new, knowledge, as always, is key.

In a recent lecture, Rob Joyce, NSA TAO Chief (NSA attack team), explained the first step to prevent the NSA from infiltrating your network: “…if you really want to protect your network, you really have to know your network[1]”.Knowing your network means you need to know the following information, at least:

  1. Which endpoints are connected or exist in your network (including those you don’t manage – BYOD, A/C controllers, etc.)
  2. The connected endpoint operating system and version.
  3. Where each endpoint is connected (physical port / access point / VPN) and in which segment (VLAN / SSID).

Download: The 802.1x Sting Whitepaper Now!

Once you have this basic information, firstly you’ll you’ll be surprised by your findings. Importantly, you’ll be able to map your weakest link and come up with a plan for mitigation.

Tip: The most common mitigation for older non-supported endpoints (such as the old non-supported Windows XP), is to upgrade the endpoints and replace them with a newer version. When this is not feasible, use segmentation, enhanced monitoring and auditing for changes.

Network visibility is even more important in the age of IoT. In order to be in control of your enterprise network, you need to know who connected, what is connected and where. Then you can come up with a plan – a new SSID for all mobile phones for example, or another SSID for printers that support only a WPA shared key.

Tip: Segmentation of wireless devices is usually conducted on two levels. The first level is spanning a new SSID with its own authentication and encryption level based on the type of devices that it will connect to. The second level is the wired network level, limiting the access of the SSID to only certain network segments / servers.

And another Tip (because sharing is caring ;): Some wireless access points allow you to span a number of  VLANs on the same SSID. This is not a standard feature and varies between vendors.

SAN adopted the CIS 20 Critical Security Controls as best practice for the industry in order to build an effective security plan.

The following two controls combined enable network visibility:

Critical Security Control #1: Inventory of authorized and unauthorized devices

Critical Security Control #2: Inventory of authorized and unauthorized software

There is a good reason why they are the first and should form the basis for every security plan.

Download: The 802.1x Sting Whitepaper Now!

You can easily find products that cover either network endpoint or endpoint discovery, but there are also products e such as Portnox NAC which can do both for you. Portnox NAC also provides real time (event based) security posture assessment rather than time based scanners. Scanners will leave you with black spots in your visibility and real time products will give you 100% visibility of all that really exist in your network.