Category

Blog

Cloud Security Mythbusters – Debunking the Top 5 Cloud Security Myths

By | Cloud Security | No Comments

Whether you’re a fan of digital transformation or not, there’s no denying that the shift to the cloud is engulfing enterprise IT. According to Gartner, over the next five years, over $1 trillion in compounded IT spending will be directly or indirectly impacted by the cloud shift, making cloud computing one of the most disruptive forces of IT spending since the early days of the digital age.

That said, it’s time to debunk some of the most common myths regarding cloud security before an outdated IT stack exposes your organization to emerging digital business risks.

Check out our Top 5 mythbusters Infographic here!

Myth #1 – The Cloud Isn’t Secure

The top concern among C-Suites and IT teams alike is that cloud-based security solutions are more prone to external threats than legacy security solutions.

Debunked: On-premise security appliances require firmware upgrades to protect against known exploits, resulting in a constant need to keep the solutions up-to-date. In addition, configuration changes could expose the network to potential vulnerabilities, requiring tedious maintenance of management procedures and periodic penetration testing. However, cloud-based security solutions are constructed, from the outset, to evolve to address relevant threats in the current cyber security landscape. David Linthicum, a leading cloud analyst and VP at Cloud Technology Partners, explains that the security of the cloud is on par with the security of any external device: “Anything that can be possibly accessed from the outside – whether enterprise or cloud – has equal chances of being attacked, because attacks are opportunistic in nature”.

Myth #2 – The Cloud Is Still Too ‘New’ To Be Trusted

Cloud-based applications and services are relatively new on the IT front. So why trust them?

Debunked: An increasing number of both large and small to medium-sized enterprises across a variety of industries – government, healthcare, ecommerce etc. – are employing cloud-based solutions for everything from human resource management to network security. According to IDG Research, “Cloud technology is becoming a staple to organization’s infrastructure as 70% have at least one application in the cloud”.

Use of Cloud Technology 2011-2016

Reference: “2016 IDG Enterprise Cloud Computing Survey

Myth #3 – The Cloud Is Great for Productivity Apps, But Not for Securing the Network

There is big difference between cloud productivity apps, and performing key security actions, such as Network Access Control (NAC) from the cloud.

Debunked: NAC is a growing concern for CIO/CISOs and IT teams in large to SMEs due to the increased need to gain control over digital business risks. And the stigma of the cloud being less secure isn’t necessarily correct. Gartner reports that by 2018, the 60% of enterprises that implement appropriate cloud visibility and control tools will experience one-third fewer security failures.

Myth #4 – Cloud Solutions Require Re-Educating IT Teams

Training IT teams to deploy a cloud-based security-as-a-service solution would require significant time and resources.

Debunked: Cloud solutions inherently cut time and costs associated with security management in IT teams, freeing them up to carry out more productive and profitable action items. That’s added to the easy and instant deployment associated with cloud-based solutions including automatic system updates, usage demos, access to use cases, and more.

Read our Debunking Cloud Security Myths White Paper for more fun facts!

Myth #5 – Cloud Solutions Can’t Help with Compliance

Cloud solutions are constantly changing – one minute they are a “must have” security tool, and the next they are an imminent source of risk to company information. How can you trust cloud security solutions uphold compliance?

Debunked: Cloud solutions are taking heed and are doing their part to relieve this part of the “IT headache”. Many solutions integrate compliance standards into their product while allowing for modifications to the network policy where necessary. Built-in compliance is a winning strategy for business success, and ensures that there aren’t any loopholes the IT team is missing out on.

As Gartner puts it, “By 2020, a corporate ‘no-cloud’ policy will be as rare as a ‘no-Internet’ policy is today”. While in many cases, hype can have dangerous potential, in the case of cloud security, it’s a win-win situation: a win for digital transformation and a win for the IT team that’s eager to expand their business value proposition.

Portnox CLEAR – Security-as-a-Service Solution: The first completely cloud-based Security-as-a-Service solution for Network Access Control (NAC), CLEAR controls access for all devices and users to wired, wireless and virtual networks, to effectively confront digital business risks and cybersecurity threats.

Try it Now!

Portnox’s Security Solutions Reviewed in 451 Research Report

By | Our Technology | No Comments

The leading information technology research and analyst firm 451 Research Group recently published an impact report that reviewed and commended Portnox’s Network Access Control (NAC) solutions, CORE & CLEAR, entitled “Portnox connects enterprise reality to its risk-based perimeter”. You can read the full report here.

The “451 Take” on Portnox’s solution for on-premise NAC, CORE, and cloud-based NAC, CLEAR, was that, “Portnox is helping redefine the value proposition of NAC, focusing on visibility, access control and flexibility. The company’s sensible risk orientation and the lightweight architecture of its CORE on-prem and CLEAR cloud services appear to be well aligned to help meet enterprise demand for a better NAC experience.”

Download the full report here.

Portnox CEO Ofer Amitai Featured in IoT Agenda

By | Our Technology | No Comments

Portnox’s CEO and Co-Founder Ofer Amitai was featured as a guest contributor in Tech Target’s IoT Agenda with an article entitled “Your security appliance is essentially an IoT device”. You can read the full article here.

The article surveys the similarities between security applications and IoT devices in that they are both “simplistic” devices that run software. Therefore, Amitai concludes, security appliances are susceptible to some of the same vulnerabilities as IoT devices – such as acting as a gateway for network breaches, DDoS, phishing and malware attacks, just to name a few. Read the full article here to find out how to secure security appliances so that they aren’t just another vulnerable IoT device on the network.

Patched or Unpatched? – That is the Question

Patched or Unpatched? – That Is the Question

By | Threat Detection and Response | No Comments

“Ransomware” may now officially be the most searched word on Google. That’s because this month, the alleged hacker group the Shadow Brokers executed yet another global ransomware attack, the ‘Petya’ attack, which manipulated many of the same vulnerabilities as the May WannaCry attack. In light of this new and worrisome wave of ransomware cyber crime, it’s time to discuss an unresolved for so many organizations – patched and unpatched devices.

A major network security pitfall in organizations of all sizes, but mainly large organizations, is that they lack visibility into which devices have been patched for the EternalBlue/EternalRomance vulnerabilities, and which devices are unpatched and are therefore prone to attacks. While Microsoft did what it could to issue the patches in time to prevent the spread of the attack, a number of devices remain unpatched, and in some cases, it is impossible for IT admins to tell if there are devices left to patch or not. There could be two reasons for this oversight: 1. The IT administrators lack appropriate network/endpoint visibility tools with compliance mechanisms such as automated patching or quarantining of rogue devices; or 2. There are unmanaged company devices accessing the network. In the case of the latter, it is impossible to tell if they have been patched or not, unless the admins make the effort of manually installing the patch updates themselves. While there is much to be said for the benefits of network visibility tools, it’s the unmanaged devices that really worry me.

Ransomware2

So how can we prevent a third massive ransomware attack? One could return to the vendor or Point of Sale of said unmanaged device and ask them to manually install the firmware, but this is a manual process and, with all of the ransomware attacks lately, these vendors are probably swamped with requests. The more logical option is to establish an active inventory of the unmanaged devices (such as BYODs) on the network so that, on the eve of an attack or, in light of suspicious activity, these devices can be automatically quarantined or blocked from the network. Another option is to perpetually place these devices in a segmented or firewalled part of the network that will limit their access to the Internet and sensitive company information. Here, it is possible to assign unmanaged devices to a guest or contractor network with limited access capabilities from the start.

Why is this so important, you ask? Because the perpetrators of the ‘Petya’ and WannaCry attacks were able to incur damage on a global scale by infiltrating vulnerabilities on one or two devices, then spreading the ransomware using freeware tools to thousands of others. It’s really the same way that worms work. This lateral movement throughout the organization can put IT admins in disaster mode – and that’s added to the fact that it takes 40% of IT teams at least two to three hours to realize they’ve been attacked!

In order to stop the ransomware bad guys in their tracks, it’s recommended to automate remediation methods to control the extent of the damage. Without this cushioning in place, hackers like the Shadow Brokers have free reign over not just one or two vulnerable devices, but the entire network, including personal devices and information attained in phishing attacks.

Let’s take the right actions this time to ensure that a third global ransomware attack doesn’t happen again anytime soon.

Compliance is a Strategy for Success

Compliance is a Strategy for Success

By | Network Security | No Comments

As the nature of compliance grows increasingly complex, it becomes more difficult for companies to understand what applies to their business and how to build and implement protocols. Furthermore, as cyber threats grow exponentially, companies are facing problems like potential governmental fines and financial theft, breach of sensitive data and loss of clientele. Author of the bestseller “Security Risk Assessment Handbook” and cybersecurity expert, Douglas Landoll, recently stated that, “Non-compliance with information security regulations remains one of the top mistakes made by companies in their current data security approach.” Don’t say we didn’t warn you.

We have mapped out the four steps that you should follow for your business to become compliant and ready to counter growing cyber instability.

 Step 1 – The tight relationship between compliance and cyber security

Once upon a time, organizing cyber defense fell under the domain of the IT guys, but over time, the cybersecurity tent has broadened to encompass CCOs and CISOs. According to a recent survey conducted by BAE Systems, the majority of IT staff want C-Suites at the front and center of cybersecurity decision making. One can have the best technology on the market, but without a clear process and defined roles, it will be exceedingly difficult to prevent attacks.

The New England Chief Audit Executives group conducted a roundtable discussion, which concluded that without a comprehensive strategy of processes in place, your tools are more or less useless. Simply put, having great technology without a compliance program will likely result in failure. We saw this very clearly in the Yahoo hacks between 2013-2015, which compromised one billion accounts and caused the company tremendous damage both financially and to its reputation.

The creation of an efficient cybersecurity compliance program involves many factors like auditing, understanding all relevant stakeholders, understanding country specific regulatory laws and the adoption of the right security technology to meet these needs.

Step 2 – Know your country

Cybersecurity regulations can vary from country to country or region to region. For instance, the EU is 12 months away from implementing its General Data Protection Regulation (GDPR), which covers a wide range of security issues like data security, management, and transparency. It is worth noting that fines can reach up to 20 million euros. This past October at the UK CISO Summit, participants discussed the implications of the new regulations, in that companies will be forced to devise new approaches to storing, protecting, monitoring data, and staff and resources involved in order to be in compliance with GDPR.

In fact, in March, Democrats in the United States Congress began demanding that the Federal Communications Commission (FCC) create new regulations for cybersecurity for cellular networks. However, the FCC claims that cybersecurity is not under its purview and thus they will not act on the issue. This comes on the heels of an executive order by President Trump calling for an extensive review of US cyber vulnerabilities and capabilities. Considering that the United States is a gigantic bureaucratic web, and executive orders are usually short lived, it will take time for the US to get its act together. Other countries like Japan and Brazil are also in the process of developing their own regulations for transparency, consistent access and authentication for various types of data. Countries around the world are recognizing the importance of digital compliance and standards and are making steps toward ensuring the safety of their citizens’ and businesses’ data.

Step 3 – Timelines and shareholders

When first building your compliance structure, start with timelines. Governmental agencies often put time constraints on companies to come into compliance. For example, the new standards for the NY State Department of Financial Services. The agency is giving companies until March 1, 2018 to provide a risk assessment report, but an additional six months to implement the programs that result from the report’s findings. Business and organizations should push lawmakers to prevent a situation where the global marketplace becomes fragmented by regulations, due to rapidly changing technologies and threats. This would lead to the crippling of competition and innovation and subsequent the strengthening of cybercrime.

It is furthermore important that all stakeholders, including directors, management, security staff, and vendor partners be connected via a shared platform. This will allow them to collaborate within a defined framework. The platform should incorporate governmental regulations like FINRA, HIPAA, FERPA to better connect directors with technological experts, track progress or changes, and allow for effective oversight. However, it is becoming increasingly clear that the bulk of the responsibility for heavy decision making is shifting from IT personnel to the board of directors. This is a natural response to increased demands from organizations like the SEC and FTC. However, it is imperative for communication between the board and all stakeholders to remain strong. It should be noted that compliance is critical in order to prevent theft and mishaps similar to what happened at Bangladesh Central Bank.

Step 4 – Compliance starts at the CORE

Once your organization fully understands the regulatory policies it is subject to, it must then learn how to see and profile all network devices, remediate any security issues and automate actions that have traditionally been conducted manually.

There are four segments to this process:

  • Understanding how mobile, BYOD and IoT devices will affect and transform not only the organization, but the industry and implementing the right processes and tools control them.
  • Tracking any network related device or program in real time via a centrally secured platform providing full and actionable visibility.
  • Addressing cloud security is paramount, because everything today is going through the cloud. It is important to strictly control access to the network and to cloud applications, even based on the geographical locations of users.
  • Ensure that your business is in compliance with governmental regulations like SOX, PCI DSS, HIPPA, FINRA, FISMA, GLBA among others. Strict compliance will provide legitimacy with clients and partners.

Once your organization understands that without full and actionable visibility on the network it will be impossible to control devices or maintain compliance standards, the next step is finding the right tools. Portnox’s advanced system allows network operators to see and control any device, at any time, and from anywhere, making compliance a more straightforward and smooth process. Portnox continues to lead the way with its innovative technology that will allow you to tackle risk challenges in a simple and straightforward manner.

Check out our “Compliance as a Strategy for Business Success eBook” to learn more on how to become complaint with security regulations and grow a successful business.

Cyberattacks ≠ Compliance

Cyber Attacks ≠ Compliance

By | Network Security | No Comments

In our recent “Cyber Threats Cannot Compete with Strong Compliance” blog, we covered cyberattacks in the financial and retail industries and the importance of visibility, network access and control, and risk management to achieve strong compliance, defend against cyberattacks, and grow a successful and secure business. In this blog, we take a quick look at the attacks that hit government and medical industries, the regulations these verticals face and how to build a strong compliance foundation. A deep dive into each of these verticals can be found in “The Compliance as a Strategy for Business Success eBook”.

The DNC Got Phished

How did Russian hackers gain access to the email correspondences of the Democratic National Convention throughout the recent US election? The answer is by using the oldest trick in the book: phishing emails. In one case, John Podesta, chairman of Hillary Clinton’s campaign received a phishing email, which was in fact correctly identified as such by an aide. The problem was that the aide accidentally made a note calling the email “legitimate” instead of “illegitimate”, leading Podesta to open the email. This single mistake placed over 60,000 highly sensitive emails in the hands of the Kremlin, which went on to distribute the information to websites like WikiLeaks.

Even after the FBI sent a special agent to warn to the DNC of the phishing emails, their IT did not respond to the warnings because computer logs did not reveal any intrusion. Podesta should not have required an aide to manually mark the email as illegitimate. Had the DNC incorporated an agentless solution into their network, they could have automatically monitored, identified, tagged, or blocked a potential attack.

The Dark Web Over the Medical Industry

Since 2010, the number of attacks against healthcare providers has risen by over 125% and risk levels in the industry are now at the highest ever. In fact, just last year, cyber criminals hacked over half a million patient records and began selling them over the Dark Web for profit of approximately $365 per record. That is about one-third more costly than selling stolen financial records – no wonder that this form of theft is growing at a dizzying speed. Part of the big issue is that hospitals, private clinics, vendors and insurance companies all share digital information, which of course creates the perfect conditions for cyber-criminal activity.

There is no doubt that the medical industry is struggling to uphold HIPAA regulations regarding privacy, security and enforcement. As medical connected devices continue to grow, a solution that is scalable across a wide range of institutions is a must. It is crucial that every institution sharing this data implements a solution that enables security teams to have complete visibility of all connected devices in real time, including switches, wireless controllers, VPN gateways, and routers.

A Boardroom, Samsung and the CIA

Among the 7,800 CIA records released via WikiLeaks, it was revealed how the CIA has been taking advantage of devices like Samsung’s smart TVs to spy on people across the United States.  Under the codename “Weeping Angel”, the CIA used malware that makes the television act like a bug and send recordings back to them.

Samsung had already warned within its privacy policy that the voice recordings are uploaded to servers and can be passed on to third parties. However, while it is possible for the user to shut off the microphone completely, the CIA found a simple way to circumvent that. As such, organizations need to check the state of their equipment, whether it be a smartphone, laptop or a TV screen. Any device that can record and has access to the internet is susceptible to hacking. Companies must safeguard their equipment and implement practices like device lock-down, micro-visibility, and risk monitoring.

Whether you run a financial, governmental, retail or healthcare organization, it is essential to see, control and automate your network. Without full network visibility, it is impossible to control devices or maintain compliance standards. The challenge for many is how to maintain a level of security (even large companies struggle to attain compliance) often with limited resources and budgets. Portnox’s advanced technology – available both on-premise and in the cloud – gives security officers and network operators the tools they need to see and control any device, at any time, from any place. With these tools, Portnox makes compliance a more straightforward and smooth process, setting your business up for success.

Download our new eBook on “Compliance as a Strategy for Business Success and learn how you can stop cyberattacks by maintaining strong compliance and visibility over your network.

Cyber Threats Cannot Compete with Strong Compliance

Cyber Threats Cannot Compete with Strong Compliance

By | Network Security | No Comments

2016 saw several high profile cyber-attacks, which resulted in costly breaches and damages to reputable companies and corporations. There have been several discussions in how to effectively preempt such cyber-attacks with solutions ranging from firewalls, endpoint device security, to network access management solutions.

Mindful that many industries maintain tough regulatory standards, companies are now required to implement automated systems to keep up with reporting, while also preventing breaches. The “Compliance as a Strategy for Business Success eBook” covers the key points that need to be considered when trying to achieve security compliance for regulations like SOX, HIPAA, PCI-DSS, FISMA, and GLBA. For instance, any company that stores, processes, or transmits cardholder data, must be PCI-DSS compliant. Compliance includes restricting access by what businesses need to know, creating processes to provide user access to system components, initialization of audit blogs, and more. However, these processes come with significant cyber risk.

If the cyber-assaulted companies had stronger foundations for compliance, they would not have needed to devise new and expensive technologies.

The Importance of Visibility to Achieve Compliance

When Yahoo Got Stuffed

Yahoo is no stranger to breaches. This past year it came to light that nearly 1 billion Yahoo accounts had been compromised between 2013-2015. How did this happen and what could have been done to mitigate or even prevent the hacks all together?

This was a type of mass-scale brute force attack called “cyber stuffing” which took advantage of previously hacked credentials by inserting them into random websites via automation until they found a match. Automation allowed this attack to be conducted quickly and more often than not, completely anonymously. Shuman Ghosemajumder, CTO of Shape Security, found that credential stuffing is successful in 0.1-2% of attempts and considering that many people reuse passwords across a range of websites, it can be damaging. This is especially concerning because as a publicly tradable company Yahoo is subject to SOX compliance, which was designed to protect data integrity via compliance.

If Yahoo had implemented an intelligence engine to provide admins with wider and deeper visibility of their network in real time, they would have better understood the warning signs presented in 2008 by Carnegie Mellon University’s Software Engineering Institute. The institute urged Yahoo to replace their encryption technology, MD5, which was considered cryptographically broken. Despite years of warning before the major hacks of 2013-15, Yahoo never brought the encryption up to date, because they lacked visibility and oversight.

The Ghost of Bangladesh Central Bank

 In February of 2016, $81million disappeared from Bangladesh Central Bank and was subsequently laundered in casinos throughout the Philippines. Cyber criminals used bank employees’ stolen Society for Worldwide Interbank Financial Telecommunication (SWIFT) credentials to send dozens of fake money transfer requests to the NY Federal Reserve, requesting a total of a $1 billion to be transferred to various bank accounts that had been set up a year earlier in Asia. While most the requests were blocked, $81 million was released in four transfers of about $20 million each. So how was the heist pulled off and what could have been done to stop it?

The hackers implanted malware on end-point devices on the bank’s network, which prevented the automatic printing of SWIFT transactions. This undoubtedly, brought the bank into conflict with GLBA, which demands financial institutions to protect data. Both the bank and the Federal Authorities are playing the blame game. The Feds claim they followed protocol which permitted several transfers, while blocking dozens of others. There is no doubt that lack of end-point visibility and virus protection were massive issues here. The theft could have been avoided if both the bank and the Feds had total control over all network infrastructure.

To become security compliant and run the business successfully, companies need visibility on what is happening on the network. In other words, what devices are connected to the network, when they connected, what OS, applications and services they are running, who has access to what data, and proof that mechanisms to secure private data are operational. Without visibility into what is on the network, it’s impossible to control the network and ensure compliance. Check out our “Compliance as a Strategy for Business Success eBook” to grow a successful and secure business.

Don’t Let your Network Become Hostage to WannaCry

By | Threat Detection and Response | No Comments

The WannaCry cyber attack has reached 150 countries (and still counting), which will leave its mark for months and years to come. As the damage is still being sorted out, one story is most prominent –  the story of unpatched devices being connected and having access to the corporate networks.

To think that with one simple action of patching a well-known “Eternal Blue” vulnerability by Hot-Fix released by Microsoft two months ago, organizations were able to delay dramatically the spread of the malware and to a degree even stop the ransomware worm from end-point to end-point.

It’s such a shame that even today, after so many cyber-attacks have hit organizations, they still fail to adopt a very simple but powerful approach to control the risk of devices connecting to the corporate network and especially via remote, VPN access.  Not making intelligent, threat and risk oriented access decisions leads to finding a huge exploit in the backyard of organizations. One simple decision, based on one click, that defines access policy – “do not let in unpatched devices” will make the difference between being cyber-breached and humiliated and being safe and undisrupted.

How can organizations address these critical steps of devices entering the network? One example of a solution that can make the difference without additional configurations, rules or signatures, is Portnox CLEAR. CLEAR is a cloud-based, Security-as-a-Service, which allows organizations to monitor, detect and manage device risks and vulnerabilities along with managing end-point access to corporate networks by remote or local access.

Powered by machine learning, CLEAR constantly analyzes hundreds of different endpoint parameters, including the state of patches for the operating system and for multiple applications installed on a device. In the case of detecting an unpatched system, “Eternal Blue” missing patch, as an example, CLEAR will immediately, in real-time, notify the security officer or IT manager about the high level of risk. If needed, it will even block access for such a device to the network. This will be done in default, no changes to the configuration, and without any additional cost (CLEAR is a SaaS system) to the organization. With Portnox CLEAR, there is an immediate benefit of detecting and removing from the network vulnerable devices that could make your organization potential ransomware victims.

It is clear that ransomware is a complex problem with many different aspects of cyber defense, which requires a wide coalition of multiple products and technologies to fight a kill chain of a cyber-attack. End-point risk and access management should be the center and front of this cyber defense effort.

Take these steps now to remain safe and not allow attacks such as WannaCry to get to your network!

 

 

The Internet of Things & Network Security: A Desperate Need for Standards

By | IoT | No Comments

Just about everything is connected: from cell phones and wearable devices to cars, refrigerators and industrial equipment. IT experts have long recognized this global connectivity will only continue to skyrocket. Gartner has predicted that more than 26 billion devices will be connected globally by 2020, and other experts have put that number in the 50-to-100 billion range.

Connectivity adds convenience to our jobs. It is almost expected that employees will use BYOD devices such as laptops, smart phones and tablets to communicate. But a tremendous challenge for IT professionals is network security. Not knowing what is connected to your enterprise’s network is dangerous. How does your IT staff protect sensitive information from hackers if you and they can’t account for risks such from invisible connected infiltrators?

Well, it sometimes takes a village to be vigilant. There’s currently a rush to create universal standards for IoT that will cover a wide expanse of areas, including security. Setting global standards for IoT security management will certainly help your IT staff keep questionable devices from wreaking havoc on your network.

Avoid the 5 Pitfalls of NAC – Get our Free Whitepaper Today! 

Industry and Professional Standards

Several standards groups — including those led by tech giants like Google, Intel and Qualcomm — have put their hats into the ring of devising universal IoT standards. These groups are reviewing areas such as IoT architecture, interoperability, privacy and security, but none have prevailed. Liken it to the infamous battle between VHS and Betamax — may the best ideas win. Most countries have been working on developing individual IoT standards, but ideas on how to do that differ.

Some recent signs of progress have probably caught the eye of your IT manager:
The International Telecommunication Union Standardisation Sector (ITU-T) Study Group recently met in Singapore and came up with two new global recommendations for IOT. One of those recommendations identifies common parameters for security management, remote activation, diagnostics and software upgrades. Industry standards on these issues would lessen the stress of your IT manager, who would have an easier and more efficient way to manage IoT applications and devices.

The Industrial Internet Consortium is devising guidelines for security, connectivity and interoperability. It’s backed by large enterprises such as AT&T, Cisco, GE, IBM and Intel.
Business Insider predicts that more than $6 trillion will be spent on IoT solutions over the next five years, hastening the work of these two and other IoT industry alliances as they try to formalize universal expectations on how connected products should communicate, function and provide an accepted level of security that won’t bring down networks and businesses.

Avoid the 5 Pitfalls of NAC – Get our Free Whitepaper Today!

How Enterprises Should Address IoT

Still, although universal IoT standards will certainly help get everyone on the same page, enterprises don’t have time to wait for them to take shape.

The solution to managing IoT for businesses is strong network access control. Network access control (NAC) allows organizations to control not only who accesses the LAN, but the activities they can do once connected, such as which servers and data they can access, and which applications they can use.

In our next post we will be introducing Portnox CLEAR, our Security-as-a-Service network access platform, that delivers continuous risk monitoring of all your endpoints, even when they leave your premises. Your IT staff can assess threat levels in real time — from anywhere, on any device. Network access control becomes automatic and seamless, boosting security and saving time. Receive device-specific, customized risk profiles each day. It is stress free.

CLEAR also offers offense, not defense, from continuous endpoint risk profiling; fully automated or manual risk-based controls and actions; and access across all device layers. It’s all in the cloud, meaning CLEAR is quick and easy to use – kind of like IoT devices themselves.

Stay tuned for more next week.

Avoid the 5 Pitfalls of NAC – Get our Free Whitepaper Today! 

Don’t trust that TV in your boardroom

By | IoT | No Comments

With the recent hacking developments, we are constantly reminded how dangerous IoT devices can be in a corporate environment. No IoT device is off the table for hackers, considering the massive set of DDoS attacks that utilized compromised surveillance IP cameras to generate a huge amount of traffic that crippled many websites and the recent WikiLeaks news, threatening that your Samsung TV could be spying on you.

The leaked documents from WikiLeaks reveal that the CIA developed an exploit that perhaps utilize some unknown, “zero-day” vulnerability to breach and take control of TVs. This malware puts the TV on a “dissipation mode” which misleads the owner to believe the device is turned off, when in fact the TV is still on and recording conversations.
Is it possible to protect your business from being yet another victim of an IoT-based breach? If so, what can we do?
In order to keep your network secure and compliant, organizations should follow best practices for IoT security. This includes rapidly adopting software systems to help implement and enforce threat prevention and security management of IoT devices.

These best practices include 4 major areas:

1. “Lock-Down” – Implement a device lock-down, hardening policy, or procedure. Vendors of IoT devices don’t always provide the best security configuration and correct security posture. Instead, adopt systems and processes that automatically reconfigure the IoT system and constantly institute a lock-down policy with respect to best practices, known vulnerabilities and threat intelligences. Minimal complexity of passwords, open ports, running unused services and always-on peripheral devices such as microphones are all part of a wide attack surface that must be reduced by fully-automated hardening of IoT devices. Automated hardening solutions provide the ability to restrict device features and services, allowed control of incoming and outgoing traffic, and even force patch updates for device software.

2. “Micro-visibility and Risk Monitoring” – Adopt systems that provide pervasive inside monitoring on all aspects of IoT devices on your network, from running processes to firmware changes and more. These systems discover and deeply understand the nature of any IoT device on corporate networks, and consciously monitor and present all possible risk factors introduced by a device. Such a security system must collect and analyze hundreds of different parameters from IoT devices. The system then can analyze and correlate collected data against known vulnerabilities and threats, and detect behavioral anomalies or post-breach activities on the device.

3. “Untrusted by Default” – Do not allow unauthorized devices to plug into your network. Implement secure access and governance flow of how to on-board new devices. Each device that is connected to your network, whether wired or wirelessly, must be authenticated, authorized, and assessed. Determine each device’s risk level prior to entering the corporate environment.

4. “Discover the invisible” – Adopt network-wide actionable visibility on all devices connected to the corporate network, and constantly discover new and unknown IoT devices. Act on each device that has been discovered by such network visibility systems to ensure the device is known, authorized and properly configured.
Protecting against IoT attacks begins with visibility, followed by detection and then reaction.
Portnox CORE provides an additional layer of device visibility and offers full capabilities for device discovery, authentication, and compliance enforcement. It provides a cutting-edge approach to network security that allows you to see any device on the corporate network, manage its risk and react upon automatically and in real time.

Use these best practices listed above to ensure your network is secure, and then nobody will be able to record your meeting discussions without consent via that TV in the boardroom.

Contact us to learn more about how Portnox CORE can help your organization secure its network.