Category

Blog

IoT ip camera

Why is It So Easy to Hack an IP Security Camera and Any IoT Device?

By | IoT | No Comments

A home or office that has connected IoT (Internet of Things) devices or machines is actually full of possible weak spots for hackers, and, ironic as it may be, security cameras are often at the top of that list. It is up to us, the end-users, to reduce the threat. While cameras are storing security video to prevent crime or corporate espionage, hackers are quietly able to brute-force their way into many devices and turn them into an army of attack soldiers, as was the case in the October 2016 massive Dyn Cyberattacks that affected large chunks of the United States and Europe.

Security cameras are connected to the Internet so as to allow users remote access, along with anyone else they need to let in. This feature lets users check in on security cameras when no one is at home or at the business, and allows manufacturers to update device software without having to make house calls. The convenience and brilliant simplicity notwithstanding, this very feature that is the essence of all IoT devices is actually a cyber-bug. IoT devices are easy to connect to remotely by just about anyone, and unfortunately, not just by the people one would wish to share access with.

Yes, it really is that easy.

All Internet connected devices have IP addresses and therefore can easily be found on search engines such as Google and Shodan (a searchable registry of IP addresses with information about connected devices). Hackers can find thousands of hackable devices such as cameras just by entering a few search terms, and armed with this information they move to the actual breaking in.

Additionally, IoT devices typically come with default passwords, and many users, even after the 2016 Dyn Cyberattacks, stay with the default settings and do not bother to set a unique username and password. Hackers can find lists of vulnerable devices and try out default passwords. If those have never been changed – they are in. Even if the passwords have been changed, hackers can use SSH and telnet services that unfortunately allow hackers to force their way into devices, since changing a device’s web app password typically does not guarantee that the password coded into the device has been updated.

According to Flashpoint (a cybersecurity company), in the 2016 Dyn attacks, hackers inserted Mirai, malicious malware that allowed the use of at least 100,000 IoT devices as soldiers in a botnet (zombie army), including printers, IP cameras, residential gateways and baby monitors. This botnet was used to send thousands of junk requests to Dyn, a company that manages web traffic for many prominent websites such as Twitter, Amazon, Netflix, and Reddit, who were knocked offline by the attack. Dyn couldn’t separate the legitimate requests from the junk, and consequently internet users in the US were cut off from these websites, which is the definition of a DDoS attack (Distributed Denial of Service). This example, though extreme, shows the potential vulnerabilities that unknown and unmanaged IoT devices can cause a network.

Securing IoT devices in two steps:

Step 1: Visibility

With the number of IoT devices entering the enterprise network, it is challenging to keep track of them. Without network visibility, it is impossible to see, manage, control and secure the network, and the risk for breaches increases. Clearly the first step in securing IoT devices is making sure that they are seen and acknowledged as existing on the network. IoT devices in the enterprise could include time-attendance clocks, smart TVs, temperature gauges, coffee makers and the above mentioned IP cameras. To minimize the risks, once identified on the network, there should be a centralized control mechanism that would enforce updates of the latest patches in security software.

Step 2: Network Segmentation

Once an organization has established complete visibility and centralized management across the network, it is crucial to segment all valuable enterprise data and establish controls to protect the expanding IoT surface. IoT devices should be on a separate network segment from the organization’s mission critical systems or data, including segmentation from devices such as laptops, PCs, tablets and smartphones containing enterprise data. Segmenting into secured network zones should be automated and then firewalls must be deployed between these segments to prevent IoT devices from reaching enterprise assets. With intelligent and automated segmentation, the enterprise increases ROI from its existing detection technology, making it more accurate and effective. Thus, even if IoT devices are breached, it shouldn’t expose enterprise assets along with them.

Conclusion – Using Intelligent Network Access Controls (NAC)

For the foreseeable future, it appears that cyber offenders will continue to take advantage of IoT vulnerabilities, but there is no reason for today’s enterprise to sit back and do nothing. All of the steps mentioned above and more can be achieved by using Portnox NAC solutions. Having full network visibility to identify devices on the network, followed by a layered and automated approach will allow the enterprise to secure these devices and respond to any potential breach, keeping important assets protected.

Want to see just how easy it is to hack an IP camera?
There are just a few steps required to perform a live hack of an IoT device, and without proper network segmentation, the consequences could be disastrous.
Once you have seen just how easy it is, check out more information on integrating connected devices into your network in the optimal way for security as well as ease of use purposes.

throwing money away

Stop Tossing Money Out of the Window and Start Investing in NAC as-a-Service from the Cloud

By | Our Technology | No Comments

Tired of bleeding waterfalls of money with your old on-premises NAC solution (Network Access Control)? At the end of the quarter, it is hard to ignore that the indirect and hidden fees that some companies charge make up a big chunk of change in the expenditure associated with old legacy solutions.

When was the last time you bought an on-prem (on-premises) application for your organization? Most CIOs and CISOs have seen their share of large-scale on-prem technology implementations, maintenance and software upgrades with (typically) a high overhead for the enterprise. Most will testify that the strategy of using technologies delivered from the Cloud has had significant cost-savings and operational efficiencies. So now that you have decided that your company should apply a NAC solution ASAP (always a responsible idea), you should consider the cost savings with NAC delivered from the Cloud and as-a-Service Vs. the higher expenses with most older on-prem NACs.

When reviewing the total cost of ownership required for on-prem NAC technologies (based on published methods of calculating them), one finds that with on-prem NAC there are typically large capital outlays to:

  • Purchase servers
  • Data-centers
  • Hardware
  • Software
  • Appliances
  • Implementation fees
  • Training fees
  • Labor (you need an IT staff to be able to manage an on-prem solution)
  • Customer support
  • Software updates and upgrades

This unfortunately places a strain on company finances and cash-flow, as well as taking away from other more mission critical initiatives. In a Cloud environment the cost is typically an OPEX (Operating Expense) amount paid and expensed monthly. This category of business expense is easier on the company’s pocket book and allows cash reserves to be used for more critical business initiatives and investments, while at the same time there is not a long term commitment required to get started.

UsinNAV saving Calcg NAC as-a-Service Cloud solution eliminates many CAPEX costs (Capital Expenditures) as well as substantially reducing the monthly operational costs. The NAC as-a-Service option will also shorten the lead-time required to roll out the technology, providing yet another avenue of cost savings as your time and your team’s time is worth money. Additionally, your team members will be focused on more value-added projects thus increasing the company’s efficiency and bottom line profits. Altogether avoidance of the costs attributed to the hardware, the floor space, heating and cooling, the equipment and the staff required to support and maintain on-prem NAC could be enough right there to decide to use NAC as-a-Service from the Cloud.

And the best part? Your CIO and/or CISO does not have to spend a lot of time and effort on due diligence or planning a strategy. He/she can pick a small pilot and go. There is nothing to lose and everything to gain. Did we mention that the company can cancel and walk away at any time?

Don’t take anybody’s word for it – check the cost-savings out for yourself via this easy to use cost- savings calculator. The benefits are tremendous, and in the end, your easy step forward into NAC as-a-Service from the Cloud will be well worth it.

Network Security Audit

Conducting Network Security Audits in a Few Simple Steps

By | Network Security, Threat Detection and Response | No Comments

What are the steps necessary to defend your organization’s assets in an optimal framework, while cutting costs at the same time?

If you have spent five minutes on our website or blog, you are probably well-versed on the notion that conducting automated and continuous security assessments of your network is the way to go, where pro-active and preventative security measures are concerned, so as to protect any company’s assets. Still, when new clients get started with one of the Portnox solutions, it is advantageous to kick things off with a simple, yet crucial, security audit. When undertaking an initial security audit, it is important to use the most up-to-date compliance requirements to uphold security protocols. This clearly defines what CISOs should be looking at, and helps in shaping and setting up the future of your automated security monitoring and assessments.

 

Step 1: The Scope of the Security Perimeter

The first step in the auditing process is to clearly define the scope of the audit. For most companies and organizations this will include both managed and unmanaged devices and machines. Managed devices will encompass a list of computers, machines, devices and data bases that belong to the company directly, which contain sensitive company and customer data. Additionally, in a world that includes BYOD policies and IoT connected devices and machines, as well as contractors and visiting guests, the unmanaged segment of the audit should be positioned to continuously update visibility of all connected endpoints. Without clear visibility, it is impossible to create segmentation and remediation procedures. Thirdly, the security perimeter must include definitions relating to software that is allowed and not allowed so as to define a software perimeter as well. Finally, the scope should include all access layers: wired, wireless and VPN connections. In this manner, the scope of the audit will ultimately include all software and devices, in all locations, so as to ultimately define the security perimeter for the company.

 

Step 2: Defining the Threats

The next step is to list potential threats to the security perimeter. Common threats to include in this step would be:

  • Malware – worms, Trojan horses, spyware and ransomware – the most popular form of threats to any organization in the last few years.
  • Employee exposure – making sure that employees in all locations change their passwords periodically and use a certain level of sophistication; (especially with sensitive company accounts) as well as protection against phishing attacks and scams.
  • Malicious Insiders – once onboarding has taken place- employees, contractors and guests – there is the risk of theft or misuse of sensitive information.
  • DDoS Attacks – Distributed Denial of Service attacks happen when multiple systems flood a targeted system such as a web server, overload it and destroy its functionality.
  • BYOD, IoT – these devices tend to be somewhat easier to hack and therefore must be completely visible on the network.
  • Physical breaches, natural disasters – less common but extremely harmful when they occur.

 

Step 3: Prioritizing and Risk Scoring

There are many factors that go into creating the priorities and risk scoring.

  • Cyber security trends – working with a network access control system in place that factors in the most common and current threats along with the less frequent, could save you and your CISOs a lot of time and cut costs, while at the same time defending the organization in an optimal framework.
  • Compliance – includes the kind of data that is to be handled, whether the company stores/transmits sensitive financial or personal information, who specifically has access to which systems.
  • Organization history – If the organization has experienced a data breach or cyber-attack in the past.
  • Industry trends – understanding the types of breeches, hacks and attacks within your specific industry should be factored in when creating your scoring system.

 

Step 4: Assessing the Current Security Posture

At this point you should start to have an initial security posture available for each item included in your initial scope definition. Ideally, with the right access control systems in place, no internal biases affect your initial audit or any continuous risk assessments performed automatically later on. Additionally, making sure that all connected devices have the latest security patches, firewall and malware protection will assure more accuracy in your ongoing assessments.

 

Step 5: Formulating Automated Responses and Remediation Action

Establishing a corresponding set of processes designed to eliminate the risks discussed in step 2 includes a few solutions that should be included in this step:

  • Network monitoring – establishing continuous automated monitoring and creating automated risk assessments will lead to improved risk management. Cyber offenders are typically working to gain access to networks. Activating software that automatically takes notice of new devices, software updates/changes, security patches, firewall installments and malware protection is the best way for any organization to protect itself. Ideally your CISOs should be alerted to any questionable device, software, activity, unknown access attempts, and more, so as to be a step ahead of any harmful activity whether it is maliciously done or not. Network Access Controls such as the solutions offered by Portnox offer 24/7 risk control and risk management and use machine learning to identify cyber offenders, while at the same time cutting costs oIoT Ip Cameran employee hours and replacing expensive systems with cloud distributed software, pay-as-you-go and scalable options.
  • Software Updates – Making sure that everyone on the network has the latest software updates and patches, firewalls etc. It is highly recommended to take advantage of this built-in feature in Network Access Control Software that alerts you when those are required.
  • Data backups and data segmentation – relatively simple but crucial steps, because obviously consistent and frequent data back-ups along with segmentation will ensure minimal damage should your organization ever fall to malware or physical cyber-attacks.
  • Employee education and awareness – training for new employees and continuous security updates for all employees to make sure best practices are implemented company-wide, such as how to spot phishing campaigns, increasing password complexity, two-factor authentication and more.

 

Conclusion

If you have completed these simple but crucial steps, you have finished your first internal security audit! Now you can proceed to establishing your ongoing automated risk assessment, management and controls to secure your company’s assets for the short, medium and long terms. Your first security audit, when done properly will serve you well as a touchstone for future risk assessments and self-audits. Monitoring all devices and machines as well as software over time is the best way to control the risks within your device and software security perimeter. The continuous fine-tuning of your controls and processes will maintain ongoing visibility as well as the ability to properly assess your overall preparedness for cyber-threats along with the ability to manage risks and remediate attacks.

Due to the proliferation of wireless networks and mobile devices, through BYOD and IoT, the workplace has become, on the one hand, a more agile and flexible environment, increasing productivity and employee satisfaction, and on the other, a breeding ground for vulnerabilities and cyber risk. As NAC solutions address the needed steps to audit your organization’s security while also providing intelligence into network behavior through various integrations and methods for achieving compliance, they are well suited to help meet and address these risks. For these reasons, NAC, today, is a must-have part of a robust self-auditing security mechanism. By controlling access to the network with a NAC solution, organizations control their exposure to a wide array of emerging digital business risks, keeping their organizational network healthy and secure.

Now that you have completed your initial network security audit, you can focus your attention on keeping your network safe.
A core factor in achieving that is to have full visibility and control of all devices connecting to the network in real time.

Request a Demo

blockchain of things

Blockchain of Things – Here We Come!

By | IoT | No Comments

Welcome to the future of IoT! Imagine this futuristic scenario. An electric and autonomous Taxi or Uber car pulls up at a charging station on the side of the road. In order to receive the charge, the car is required to communicate and pay the station, while the station “needs” to “trust” that indeed it will be paid for the electricity before it starts charging. The two machines need to communicate and transact with each other. In this future, how will authentication, authorization and trust between Internet connected machines be established? One could think of a machine having a “credit history” and a “trust score” of some sort, based on past performance that is auto-communicated between these IoT machines.

 

The “trust score” could be affected by a few things. If a machine’s computer hasn’t been updated with the latest security patches, firewall and malware protection, other machines won’t process transactions with it. Or if its processor or other parts have a sketchy supply chain record that are not trusted that would lower the score. Perhaps having skipped a payment somewhere could lower the score as well. In these cases, the charge station would most likely not provide the electricity for the charge. Or, in a worse scenario, if this autonomous uber car has been compromised as far as security, and is allowed to perform the transaction – there could be potential challenges starting with the service station not being paid, all the way to attacks where viruses and malware are being spread and even leading the way to DDoS attacks, such as the Dyn Attack on October 21, 2016 that affected large sections in Eastern USA and Europe.

 

IoT includes all hardware devices that are connected to the Internet. We have seen tremendous growth in the IoT sector in the last few years. Gartner research estimates that there will be roughly 20.4 billion IoT connected devices by the year 2020. That’s around the corner. An influx of smart devices could pose both security and reliability issues, particularly with devices that thus far have not been connected to the network. In the last year or so there has been more talk about using Blockchain technology to secure IoT devices and machines, and there is even a school of thought called Blockchain of Things emphasizing this potential solution.

 

Blockchain is considered to be one of the most promising technologies for the future. It is essentially a decentralized distributed ledger (a data base or record book), that provides a way to record and transfer data in a way that is transparent, safe, auditable, and resistant to outages. The data is stored on computers and business servers around the world, and in the future it could be used to record many different types of data.  Currently the main use-case for Blockchain is in the realm of cryptocurrency. The technology was first rolled out in January 2009 as the underlying tech for Bitcoin and has since been used for other cryptocurrencies such as Ethereum.

 

On the blockchain system, all computers/ end-nodes confirm that a transaction took place and is therefore an authorized occurrence, confirming that everything about the transaction is legitimate before giving the transaction an approval. Every copy of the record must match up for all end-nodes. It is as if we are all standing around watching the electric autonomous Uber or Taxi pull up to that electricity charging station and connect with the charging station’s communications, all agreeing that the money went from the car owner to the charge station, as well as other data such as the car came to this specific geo-location and that the correct amount was logged.

 

With each day going by, it is becoming clear that blockchain technology could play a role in achieving increased security, reliability and trust in IoT networks. We believe that these scenarios are going to be part of our normal routine within the next 5-10 years. A routine control of risk will be as important as ever when machines are performing the transactions and communications amongst themselves, without us humans, (although they will be communicating in essence on our behalf) and outstanding trust protocols will have to be set in place so that this future can work seamlessly and securely.

Employees Working All Over The World? Learn How to Protect Your Network from the Cloud

By | Cloud Security, Our Technology | No Comments

Every enterprise has a different pain point when it comes to security, whether it employs a large remote workforce or the company operates at a global scale. According to a survey by Gallup, 37% of U.S. workers have worked from home, which is up from 9% in 1995. This trend in an agile employee base allows companies to be competitive with one another when hiring talent, but it is leaving back doors and heightened risks to your network. With the right technology, companies can control access to its networks in any region and from any device.

Here are two use cases where NAC as-a-Service helps organizations control its network security. You can read more in the NAC-as-a-Service eBook.

Enterprises with Remote Workforces

As companies adopt work from home policies, it is raising security concerns for IT departments. Remote workers and co-working spaces aren’t just for startup entrepreneurs anymore. In fact, Fortune 500 companies like GM, GE, IBM and Microsoft all rent office spaces from WeWork. According to Gallup, the average U.S. employee works remotely at least two days a month. 9% of those polled work from a remote location for at least ten days a month, whether that is from their home office or a more public location.

Remote employees often connect to wireless networks that are also being accessed by other individuals whether the employee is at a coffee shop or traveling using their hotel’s guest Wi-Fi. Many companies require remote employees to authenticate their devices via a virtual private network, but enforcing VPN policies can be difficult. Using these connections may leave back doors open for hackers into the enterprise’s network.

With NAC-as-a-Service, IT departments gain visibility into their network endpoints from the cloud, giving network administrators the contextual knowledge to be confident their data and networks are secure. With strong authentication credentials, NAC as-a-Service prevents unauthorized access.

Global Companies Looking to Minimize Risk

With the growth of BYOD, IoT and companies scaling their business globally, the need to control network endpoints and streamline security practices for the network is higher than ever.  Managing global networks with multiple regional offices can be daunting. With global corporations like GE, IBM, and Microsoft encouraging co-working spaces more IT departments are sitting down to minimize the potential risks to their network. If a vulnerable device is attempting to join the network at a regional office or a shared office space like WeWork, it may put the entire global network at risk. Many traditional NAC solutions are on-premise and some regional offices may have differences in their security policies. Streamlining these policies are crucial, and with a cloud NAC solution there is no requirement for any hardware or complex installation, and can, therefore, be streamlined across a global network from the cloud.

Whether you are managing regional offices or your IT department is authenticating your work at home employees, with NAC-as-a-Service small businesses and large enterprises can monitor their risks and secure entire networks with ease. Portnox CLEAR works to put IT department’s minds at ease with NAC via the cloud whether your company works at a global scale or you are retaining a large remote workforce.

Interested in reading more about the next generation of NAC? Read our NAC-as-a-Service eBook.

What is NAC-as-a-Service and Why Do You Need It?

By | Cloud Security | No Comments

Network access control (NAC) solutions have been around since the early 2000s, serving the important purpose of authenticating and authorizing access to the corporate network. NAC solutions are historically reliable when it comes to authenticating and authorizing access based on device credentials, but with the onset of digital transformation, including, Bring-Your-Own-Device (BYOD), the Internet of Things (IoT), and a growing mobile workforce, NAC solutions need to adapt to the modern enterprise landscape.

Our new eBook introduces NAC-as-a-Service, offering traditional NAC capabilities including authentication, authorization, and endpoint security assessments from the cloud as-a-Service.

What’s new about NAC-as-a-Service?

  • Pricing: Traditional NAC solutions run on port-based pricing and one-time fees, but NAC as-a-Service serves as subscription-based models
  • Location: On-premise NAC offerings typically control only on-site devices, whereas NAC as-a-Service monitors and control all devices on a network regardless of location
  • Easy 802.1x – A NAC as-a-Service solution allows for simple deployment of 802.1x authentication, without compromising on security across the enterprise and allowing admins to embrace the trustworthy method of authenticating devices on the corporate network
  • Automated control: Instead of manually tracking managed endpoints, NAC as-a-Service offers automated controls based on a device’s risk level
  • Customized Policies: System admins can set up access policies, restricting devices based on qualifications, for example, setting geographical control over where the corporate network can be accessed from or restricting access from a certain operating system

Why your organization needs NAC-as-a-Service?

If you’re looking to adopt digital transformation trends while keeping your network secure, NAC as-a-Service is right for you. IT professionals often want to encourage their employees to use technology and reap the financial benefits that result but are concerned about the digital risks they can expose the organization to. When adopting digital transformation trends like BYOD, IoT and the mobile workforce, visibility and access controls are more important than ever. NAC as-a-Service offers network administrations visibility into all endpoints without the use of an agent, and automatically limits or restricts access if an endpoint appears to put the network at risk. With a cloud service, network access control is easier than ever.

Portnox CLEAR is a cloud -based solution that simplifies the management of emerging cyber risks in the organization, offering all the benefits of a SaaS solution paired with robust access control and network visibility capabilities.

Find out more about how NAC-as-a-Service solution addresses today’s security needs in our  NAC-as-a-Service eBook.

nac as a service webinar

NAC as-a-Service: What it means and how it works? – Webinar

By | Our Technology | No Comments

Watch our webinar to find out what NAC as-a-Service is, how it works and how your company can benefit from it.

As we all know, NAC has been around for a while, but NAC as-a-Service, offered from the Cloud, is the new word in the market. It is true that NAC as-a-Service is still just starting out, but with the demand for current solutions, like our Cloud NAC solution, Portnox CLEAR, it’s clear that organizations are ready to take the leap and start securing access to their networks with an agile cloud-based solution.

So what is NAC-as-a-Service?

NAC-as-a-Service offers all of the same features and capabilities of an on-premise or appliance-based NAC solution with the agility, flexibility and ‘always-on’ benefits of a cloud service. This means that deployment and integration with the corporate network is a seamless zero-touch process, similar to accessing other cloud services, and the pricing model is subscription and use-based – you only pay for the endpoints you need to secure.

That is not all. NAC-as-a-Service is a one-of-a-kind offering in that it enables the strength of what used to be considered the impossibly complex 802.1X authentication protocol, from the cloud as-a-Service. By enabling 802.1X from the cloud, everything is already pre-set up and so organizations can extend strong authentication across their risk-based perimeter and to every location – on and off premise – even at the beach! It is that easy!

With NAC-as-a-Service, controlled access inherently means controlling organizational exposure to digital business risks.

Check out our webinar to learn more about NAC-as-a-Service solution and how your organization can benefit from it.

Try Portnox CLEAR Now!

Portnox Wins Two Cybersecurity Excellence Awards

By | Cloud Security, Network Access Management, Network Security, Our Technology | No Comments

We’re excited to share that Portnox won the Cyber Security Excellence Award in two categories, including:

  • Silver Winner for Most Innovative Cybersecurity Company: Portnox
  • Bronze Winner for Cloud Security category: Portnox CLEAR

“Congratulations to Portnox for being recognized as a winner in the Most Innovative Cybersecurity Company and Cloud Security categories of the 2018 Cybersecurity Excellence Awards,” said Holger Schulze, CEO of Cybersecurity Insiders and founder of the 400,000-member Information Security Community on LinkedIn that organizes the awards program. “With over 400 entries in more than 70 categories, the 2018 awards are highly competitive and all winners truly reflect the very best in today’s cybersecurity industry.”

The 2018 Cybersecurity Excellence Awards are an annual program that recognizes products, companies and individuals that exhibit innovation, excellence and noteworthy leadership in the information security space, based on the strength of their nomination and the popular vote from members of the Information Security Community.  You can find Portnox listed among the winners here.

Read more about Portnox CLEAR, Cloud NAC solution or simply Try it Now!

2018 Top Cybersecurity Events Not to Be Missed!

By | Cloud Security, IoT, Network Access Management, Network Security, Our Technology, Threat Detection and Response | No Comments

You want to stay ahead of the game? The following list of cybersecurity events will help … and they are fun too!

Whether you are a security professional, software developer, security administrator, or any other role in the IT security fields, attending a conference is a great way to network with other professionals and learn about the hottest market trends, new developments, improvements, innovation and information.

Plenty of great cybersecurity conferences are coming up in the months ahead and the Portnox team will attend several of these. We’ve identified these top cybersecurity events that should be on your list. Check them out and update your calendar!

Cybertech Israel

January 29- 31, 2018
Tel Aviv, Israel

The event is positioned as a global meeting place, featuring representatives from organizations of all sizes, from multinational corporations to emerging startups. There will be a special pavilion for startups, as well as a competition in which entrepreneurs will present their ideas to a panel of international judges. Topics under discussion during the conference include the Internet of Things (IoT), big data and Finsec New in 2018 is a sister conference and exhibition, AutoTech, focusing on the future of smart mobility and the automotive.

Oracle CloudWorld

February 16, 2018
New York City, USA

Oracle Cloud World brings together forward-looking professionals responsible for finance, operations, supply chain, human resource, sales, marketing, customer service and IT. Learn how leading companies are leveraging the cloud for competitive advantage. Experience what works, what doesn’t, and identify solutions and approaches to accelerate your innovation.

Gartner Identity & Access Management Summit

March 5- 6, 2018
London, UK

The Gartner Identity and Access Management (IAM) Summit will focus on some of the hottest topics for the coming year, including the role of identity management in securing cloud and mobile apps, the IoT and the importance of privileged access management. For those preparing for the General Data Protection Regulation (GDPR), there is also a focus on the role of IAM as it applies to the privacy regulation.

Infosec World 2018

March 19 -21, 2018
Florida, USA

InfoSec World 2018 Conference & Expo is bringing together CISOs, CIOs, CTOs and other security practitioners who will share hands-on and practical advice on a wide range of security topics. From understanding your adversary to learning about the 0-day exploit market to bridging the gap between the technical and business aspects of security, InfoSec World 2018 will offer a chance for security professionals to learn something new and analyze ideas with peers.

Cloud Security Expo

March 21 -22, 2018
London, UK

Cloud Security Expo is the fastest growing section of the Cloud Expo Europe event series attracting a record-breaking 19,926 Enterprise IT & Security Buyers and Specialists in March this year! Cloud Expo Europe Keynote Theatre hosts foremost international technology leaders, including internationally acclaimed and top-rated visionaries, senior industry speakers and executives driving a global transformative shift towards cloud computing and other disruptive technologies. Speakers will deliver their outlook on the future, plus leading CIOs and senior IT professionals will be sharing their roadmaps to digital transformation, where cloud lives in the heart of the engine room. Cloud Security Expo provides the tools, training & techniques to ensure companies are compliant and secure as they transition their business assets to the cloud.

To register for the event, click here.

RSA
April 16-20, 2018
San Francisco, CA, USA

The largest cybersecurity event in the world today. The RSA Conference USA 2018 is dedicated to information security topics including data breaches, Cyber threats, compliance, social engineering, cloud security, risk management, application security, mobile security, governance, data security, legislation and policy, law, cryptography and identity management. It brings together information security professionals from across the globe working in industries such as Computer Software Development Finance, Banking, Healthcare, Government, Pharmaceuticals, and Manufacturing. Hear from world-class speakers on topics such as “The Most Dangerous New Attack Techniques, and What’s Coming Next”.

Interop ITX
April 30 – May 4, 2018
Las Vegas, NV, USA

Interop ITX combines a trusted Conference program with a vendor-neutral Business Hall and lots of networking events. The event is entering its 32nd year serving the IT community and it is an opportunity to learn about technologies and solutionsץ You may not realize how much the show has evolved during that time, growing from a plugfest ensuring network interoperability to an industry-oriented trade show to its current model: a week-long event centered around its conference program, including educational sessions, long-form tutorials, mainstage keynotes, sponsored content and a business hall showcasing technology.

Our CEO is Speaking! Sign up for his hands-on IoT workshop here.

Gartner Security & Risk Management Summit
June 4- 7, 2018
National Harbor, MD, USA

The Gartner Security & Risk Management Summit 2018 will focus on practices and strategies that will provide cost-effective security and risk programs in order to support digital business and drive the success of your business or organization.

Among the exhibiting companies are IBM, Thales, Cylance, Varonis, Symantec, HP enterprise, Verizon, Sentinel, AT&T.

InfoSec Europe
June 5-7, 2018
London, UK

Infosecurity Europe (Infosec) is the region’s number one information security event featuring Europe’s largest and most comprehensive conference programme and over 400 exhibitors showcasing the most relevant information security solutions and products to over 19,500 information security professionals. Each year this conference features many sessions on NAC. Watch this space!

BlackHat USA
August 4 – 9, 2018
Las Vegas, NV, USA

Black Hat is the most technical and relevant global information security event series in the world. For more than 18 years, Black Hat has provided attendees with the very latest in information security research, development, and trends in a strictly vendor-neutral environment. These high-profile global events and training are driven by the needs of the security community, striving to bring together the best minds in the industry. Black Hat inspires professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors.

Contact us to schedule private product demos (Portnox CORE for on-Premise NAC and Portnox CLEAR for cloud-based NAC) at one of these shows. We look forward to seeing you there and beginning a conversation with you around network security!

 

How NAC Achieves CIS’s Top Security Controls

By | Cloud Security, Network Access Management | No Comments

The value proposition of network access control (NAC) solutions has shifted in recent years due to the onset of wireless networks, coupled with technological advancements in mobile and Internet of Things devices. Together with growing demands for the implementation compliance standards across a number of industries, companies are now required to openly communicate information about their security controls to external auditing authorities.

NAC is well positioned to provide an answer to these concerns by directly addressing the Center for Internet Security’s Top 5 Security Controls, which are a prioritized set of actions to protect organizations and data from cyber threats. NAC solutions address: collecting the inventory of authorized/unauthorized devices and software (including applications); ensuring secure configurations of hardware and software; carrying out continuous vulnerability assessments and remediation measures; and allowing for the controlled use of administrative privileges through role-based access.

Find out how NAC solutions address these security controls in our infographic and “The Importance of a NAC Solution” White Paper!