Category

Blog

Using Blockchain to Solve IoT Security – PART #2

By | IoT | No Comments

In his recent thought-provoking lecture at InfoSec Europe 2018 and in his recent article, Ofer Amitai explained that in the future blockchain technology could play a significant role in achieving increased security for IoT (Internet of Things) devices and machines due to its decentralized ledger and peer to peer communications that suit IoT machines communicating amongst themselves without human intervention. He outlined a few futuristic scenarios which he believes will become a part of our normal life routine within 5-10 years and that it will be crucial to have outstanding and solid trust-protocols to be set in place so that this future can operate seamlessly and securely. The recent lecture and article had brought up a few questions that were posed to Mr. Amitai, and in part 1 of our conversation Ofer discussed the benefits of the centralized ledger for IoT device security and privacy, as well as other forms of machine to machine communications that will be at play in the near future.

Q: Some peer to peer communications is already happening today, correct?

Amitai: “The best example at the present is Space X landings that are happening via communications between machines – the rocket returning to earth communicates directly with the raft it needs to land on, whether at sea or on land, and it happens without human intervention.
Peer to peer communications is available also within the field of consumer services. For example, I can request Alexa to play a song on Spotify. If I tell Alexa to call my phone there are two electronic components communicating.

The more we fill our spaces with physical IoT devices and machines we will see more peer to peer communications. Still, at the end of the day it is always a person who consumes a service of some sort. IoT and all of these things are designed to serve a human requirement, even if in a remote or roundabout way.”

Q: When speaking about eliminating the ‘men in the middle’, there arises a concern that along with AI these technologies could, at some point in the future, supersede humans making the decisions as far as policy making. Most people would prefer that humans be setting policy. How can we make sure that AI/IoT remain technologies in our service and not the other way around?

Amitai: “That issue is more prevalent with AI, but IoT decision-making would have moral issues as with AIs. There is a philosophical and moral dilemma there related to decision making. For example: if there is an autonomous car that is about to be in an accident, and the computer sees someone is crossing the street but that around the corner, if it avoids one person it would hit the other – the machine needs to calculate what to do, who should it hit?
With autonomous IoT we could have moral dilemmas such as who makes these decisions? Whose life is worth more? Will they calculate age?

The challenge exists also with issues that are not life and death. An autonomous car could decide to fill up on its electricity charge before picking me up from work for example, calculating that it is more important so that I don’t have to wait in the car while it is happening, but then picking me up later from work.

The potential future complaint with IoT might be that machines could eliminate jobs that are currently filled by people. So if I have a chlorine meter in municipal pools in the city, then it could eliminate a job that in the past was filled by a person who went from pool to pool and measured acidity levels.
I believe that the issue in general will be the anticipated reduction in the number of available jobs, the question is – can we create new jobs in their place? Or perhaps humanity’s future is to enjoy all the good and have machines do the work.”

Q: You speak of having a “trust score” that would allow IoT devices and machines to assert if they should allow transactions. Who would be the people or organizations to create this trust score? Would it operate on a country-wide scale? On a global scale? What currency should be used?

Amitai: “Generally speaking, I believe that cryptocurrencies and normal credit cards could be used – each country will have its own cryptocurrency – like a crypto-dollar, a digital dollar, and the future will go to cryptographic coins – country currency will allow countries to continue regulating what goes on in their country, allowing everybody to do transactions without ‘men in the middle’. That is the greatness of the blockchain and the advantage of cryptocurrencies in general, the country would still control and regulate for governance purposes.
We can imagine many government applications with blockchain technology but I believe that most of the applications for government will be half-centralized – as there will still be central governance; for example a ledger for land – when people agree that the data should be kept on a decentralized ledger – someone needs to manage the protocols and write the program – just as Bitcoin manages its protocols and writing the programs – these parts I believe will remain centralized- the government will be responsible for writing the program, and setting the rules of the game; and the good part here is that I do not require a government office to handle the back and forth transactions and communications, as with credit cards, approvals, bank personal identification numbers, authorization points, etc.”

Q: Will there be any connection between what you do at Portnox and Blockchain-of-things technology in the future?

Amitai: “Probably not. Our interest is at the level of thought-leadership and we do actually provide network security for IoT devices. While Portnox does have solutions for monitoring and managing network security for IoT devices, I doubt that we will be researching blockchain solutions at the moment.

In the end of the day, As IoT devices and machines become more integrated in our day-to-day lives and are incorporated in our working environments, there is an increasing risk that individuals and organizations would try to take over those devices and machines and we need to be prepared. There is a fear there that could potentially hold back technological advancements, and that’s not the answer either. Solutions must be found to work through the challenges. That’s what we do. There are always solutions. For example, some people are concerned about being seen involuntarily through their webcam in their laptop, so there is a small plastic cover for that, it looks like a little window. Soon, this window will be a built-in component in laptops as part of their manufacturing process. This is a real concern that consumers have, and there will be creative solutions that will be embedded into all technologies.”

Using Blockchain to Solve IoT Security – PART #1

By | Cloud Security, IoT | No Comments

In his recent thought-provoking lecture at InfoSec Europe 2018 and in his recent article, Ofer Amitai, CEO and co-founder of Portnox Security, explained that in the future blockchain technology could play a significant role in achieving increased security for IoT (Internet of Things) devices and machines due to its decentralized ledger and peer to peer communications that suit IoT machines communicating amongst themselves without human intervention. He outlined a few futuristic scenarios which he believes will become a part of our normal life routine within 5-10 years and that it will be crucial to have outstanding and solid trust-protocols to be set in place so that this future can operate seamlessly and securely. The recent lecture and article have brought up a few questions that have been posed to Mr. Amitai, and in his answers he continues to outline notions regarding our global technological future.

Q: Regarding blockchain tech being “tamper-evident” – If the goal is to use an IoT device to start a DDoS attack, criminal theft, etc., couldn’t the cyber offenders still get away with what they wanted to do?

Amitai: “I believe hackers could check which devices do not have the latest software and security updates, according to the ledger and those potentially might be a target via the identity of the device. In a situation where an IoT machine has verification of the latest update, then it is less likely to be hacked.

The blockchain will create a new data base of IoT devices: it doesn’t mean that you can locate the device, but just by looking at the ledger you can map the devices that are not updated, and hackers could potentially use that for their advantage, knowing which machines don’t have the latest security patches, updates, etc. Then again, if the IoT security programmers are using that ledger to create a trust score, then it wouldn’t help hackers because those devices would have a low trust score and ideally, they wouldn’t be able to transact with most other machines. There would be a race here between the IoT devices to become updated, and cyber offenders wishing to hack and get into the devices.

The Identity on the ledger should uniquely identify the machine, but still keep it safe and anonymous on the ledger – so you wouldn’t know how to communicate with that device just by looking at the blockchain, or be able to pin point it physically, so they have some level of anonymity. You won’t be able to use it like Shodan to hack IoT devices and machines.”

Q: In your lecture at InfoSec Europe you mentioned that within 5-10 years IoT connected devices and machines will be performing transactions on our behalf. Where else do you see this happening? In which industries? Where in the world?

Amitai: “I believe we will see it in the area of virtual assistants, so you’ll have a lot of machine to man transactions, and also machine to machine, such as ‘please book a hotel for me online’; ‘get me a taxi please’, and the taxi is an autonomous car, and so the virtual assistant communicating with the autonomous taxi would be machine to machine communications; tourism and booking trips; transportation; hospitality. Did you see the new Google virtual assistant launch? Well in the future the conversations will be between machines.

IoT household machines for example – the fridge in your home orders items from the grocery store that will deliver everything, without humans being involved. And it will be interesting to see logistically how those deliveries take place, what types of physical infrastructure will have to be in place for that to happen.

Predictive maintenance is where a machine will order components like a battery that will arrive there, in order for the machine to fix itself! In other words, machines will notice when their battery isn’t going to recharge anymore and take actions to order a new one. So machines will be able to fix themselves.

Pizza delivery – if I have a lot of connective points with IoT cars and smart city traffic lights I know how fast the pizza will arrive – the more data points I have, the more I can predict how fast the deliveries will reach any point in the city.

It is interesting to see what happens with big shipping like ZIM containers in the future. Companies are already working on autonomous ships. Typically, you have a whole crew of people manning supply ships. It’s a big operation and those ships and crews are in danger of being kidnapped… then ransom is demanded, and if ships are working autonomously, then sure, people could still try to steal them or goods from them, but then you don’t have to worry about human lives, you can hookup security cameras all over the ships, and if someone comes to steal anything you could deploy law enforcement but at least human beings wouldn’t be in harm’s way. So potentially this type of piracy would disappear from the world.

Think about parking lots. In the future, your car could drop you off at work, and then go find a parking space on its own. If the car has a good trust score it will be granted access without an issue. Then it could come back to pick you up at the end of your work day.

In the end we want to have automation of processes and have less interaction as humans with machines, especially in supply chain and manufacturing, where there are areas of friction with humans. The less people are involved – the smoother it will be.”

We will continue our exciting conversation with Ofer Amitai in part 2, in which Ofer will discuss examples of machine to machine communications that are already in use today; policy setting and the need to be prepared for the new security risks of tomorrow.

IoT ip camera

Why is It So Easy to Hack an IP Security Camera and Any IoT Device?

By | IoT | One Comment

A home or office that has connected IoT (Internet of Things) devices or machines is actually full of possible weak spots for hackers, and, ironic as it may be, security cameras are often at the top of that list. It is up to us, the end-users, to reduce the threat. While cameras are storing security video to prevent crime or corporate espionage, hackers are quietly able to brute-force their way into many devices and turn them into an army of attack soldiers, as was the case in the October 2016 massive Dyn Cyberattacks that affected large chunks of the United States and Europe.

Security cameras are connected to the Internet so as to allow users remote access, along with anyone else they need to let in. This feature lets users check in on security cameras when no one is at home or at the business, and allows manufacturers to update device software without having to make house calls. The convenience and brilliant simplicity notwithstanding, this very feature that is the essence of all IoT devices is actually a cyber-bug. IoT devices are easy to connect to remotely by just about anyone, and unfortunately, not just by the people one would wish to share access with.

Yes, it really is that easy.

All Internet connected devices have IP addresses and therefore can easily be found on search engines such as Google and Shodan (a searchable registry of IP addresses with information about connected devices). Hackers can find thousands of hackable devices such as cameras just by entering a few search terms, and armed with this information they move to the actual breaking in.

Additionally, IoT devices typically come with default passwords, and many users, even after the 2016 Dyn Cyberattacks, stay with the default settings and do not bother to set a unique username and password. Hackers can find lists of vulnerable devices and try out default passwords. If those have never been changed – they are in. Even if the passwords have been changed, hackers can use SSH and telnet services that unfortunately allow hackers to force their way into devices, since changing a device’s web app password typically does not guarantee that the password coded into the device has been updated.

According to Flashpoint (a cybersecurity company), in the 2016 Dyn attacks, hackers inserted Mirai, malicious malware that allowed the use of at least 100,000 IoT devices as soldiers in a botnet (zombie army), including printers, IP cameras, residential gateways and baby monitors. This botnet was used to send thousands of junk requests to Dyn, a company that manages web traffic for many prominent websites such as Twitter, Amazon, Netflix, and Reddit, who were knocked offline by the attack. Dyn couldn’t separate the legitimate requests from the junk, and consequently internet users in the US were cut off from these websites, which is the definition of a DDoS attack (Distributed Denial of Service). This example, though extreme, shows the potential vulnerabilities that unknown and unmanaged IoT devices can cause a network.

Securing IoT devices in two steps:

Step 1: Visibility

With the number of IoT devices entering the enterprise network, it is challenging to keep track of them. Without network visibility, it is impossible to see, manage, control and secure the network, and the risk for breaches increases. Clearly the first step in securing IoT devices is making sure that they are seen and acknowledged as existing on the network. IoT devices in the enterprise could include time-attendance clocks, smart TVs, temperature gauges, coffee makers and the above mentioned IP cameras. To minimize the risks, once identified on the network, there should be a centralized control mechanism that would enforce updates of the latest patches in security software.

Step 2: Network Segmentation

Once an organization has established complete visibility and centralized management across the network, it is crucial to segment all valuable enterprise data and establish controls to protect the expanding IoT surface. IoT devices should be on a separate network segment from the organization’s mission critical systems or data, including segmentation from devices such as laptops, PCs, tablets and smartphones containing enterprise data. Segmenting into secured network zones should be automated and then firewalls must be deployed between these segments to prevent IoT devices from reaching enterprise assets. With intelligent and automated segmentation, the enterprise increases ROI from its existing detection technology, making it more accurate and effective. Thus, even if IoT devices are breached, it shouldn’t expose enterprise assets along with them.

Conclusion – Using Intelligent Network Access Controls (NAC)

For the foreseeable future, it appears that cyber offenders will continue to take advantage of IoT vulnerabilities, but there is no reason for today’s enterprise to sit back and do nothing. All of the steps mentioned above and more can be achieved by using Portnox NAC solutions. Having full network visibility to identify devices on the network, followed by a layered and automated approach will allow the enterprise to secure these devices and respond to any potential breach, keeping important assets protected.

Want to see just how easy it is to hack an IP camera?
There are just a few steps required to perform a live hack of an IoT device, and without proper network segmentation, the consequences could be disastrous.
Once you have seen just how easy it is, check out more information on integrating connected devices into your network in the optimal way for security as well as ease of use purposes.

throwing money away

Stop Tossing Money Out of the Window and Start Investing in NAC as-a-Service from the Cloud

By | Our Technology | No Comments

Tired of bleeding waterfalls of money with your old on-premises NAC solution (Network Access Control)? At the end of the quarter, it is hard to ignore that the indirect and hidden fees that some companies charge make up a big chunk of change in the expenditure associated with old legacy solutions.

When was the last time you bought an on-prem (on-premises) application for your organization? Most CIOs and CISOs have seen their share of large-scale on-prem technology implementations, maintenance and software upgrades with (typically) a high overhead for the enterprise. Most will testify that the strategy of using technologies delivered from the Cloud has had significant cost-savings and operational efficiencies. So now that you have decided that your company should apply a NAC solution ASAP (always a responsible idea), you should consider the cost savings with NAC delivered from the Cloud and as-a-Service Vs. the higher expenses with most older on-prem NACs.

When reviewing the total cost of ownership required for on-prem NAC technologies (based on published methods of calculating them), one finds that with on-prem NAC there are typically large capital outlays to:

  • Purchase servers
  • Data-centers
  • Hardware
  • Software
  • Appliances
  • Implementation fees
  • Training fees
  • Labor (you need an IT staff to be able to manage an on-prem solution)
  • Customer support
  • Software updates and upgrades

This unfortunately places a strain on company finances and cash-flow, as well as taking away from other more mission critical initiatives. In a Cloud environment the cost is typically an OPEX (Operating Expense) amount paid and expensed monthly. This category of business expense is easier on the company’s pocket book and allows cash reserves to be used for more critical business initiatives and investments, while at the same time there is not a long term commitment required to get started.

UsinNAV saving Calcg NAC as-a-Service Cloud solution eliminates many CAPEX costs (Capital Expenditures) as well as substantially reducing the monthly operational costs. The NAC as-a-Service option will also shorten the lead-time required to roll out the technology, providing yet another avenue of cost savings as your time and your team’s time is worth money. Additionally, your team members will be focused on more value-added projects thus increasing the company’s efficiency and bottom line profits. Altogether avoidance of the costs attributed to the hardware, the floor space, heating and cooling, the equipment and the staff required to support and maintain on-prem NAC could be enough right there to decide to use NAC as-a-Service from the Cloud.

And the best part? Your CIO and/or CISO does not have to spend a lot of time and effort on due diligence or planning a strategy. He/she can pick a small pilot and go. There is nothing to lose and everything to gain. Did we mention that the company can cancel and walk away at any time?

Don’t take anybody’s word for it – check the cost-savings out for yourself via this easy to use cost- savings calculator. The benefits are tremendous, and in the end, your easy step forward into NAC as-a-Service from the Cloud will be well worth it.

Network Security Audit

Conducting Network Security Audits in a Few Simple Steps

By | Network Security, Threat Detection and Response | No Comments

What are the steps necessary to defend your organization’s assets in an optimal framework, while cutting costs at the same time?

If you have spent five minutes on our website or blog, you are probably well-versed on the notion that conducting automated and continuous security assessments of your network is the way to go, where pro-active and preventative security measures are concerned, so as to protect any company’s assets. Still, when new clients get started with one of the Portnox solutions, it is advantageous to kick things off with a simple, yet crucial, security audit. When undertaking an initial security audit, it is important to use the most up-to-date compliance requirements to uphold security protocols. This clearly defines what CISOs should be looking at, and helps in shaping and setting up the future of your automated security monitoring and assessments.

 

Step 1: The Scope of the Security Perimeter

The first step in the auditing process is to clearly define the scope of the audit. For most companies and organizations this will include both managed and unmanaged devices and machines. Managed devices will encompass a list of computers, machines, devices and data bases that belong to the company directly, which contain sensitive company and customer data. Additionally, in a world that includes BYOD policies and IoT connected devices and machines, as well as contractors and visiting guests, the unmanaged segment of the audit should be positioned to continuously update visibility of all connected endpoints. Without clear visibility, it is impossible to create segmentation and remediation procedures. Thirdly, the security perimeter must include definitions relating to software that is allowed and not allowed so as to define a software perimeter as well. Finally, the scope should include all access layers: wired, wireless and VPN connections. In this manner, the scope of the audit will ultimately include all software and devices, in all locations, so as to ultimately define the security perimeter for the company.

 

Step 2: Defining the Threats

The next step is to list potential threats to the security perimeter. Common threats to include in this step would be:

  • Malware – worms, Trojan horses, spyware and ransomware – the most popular form of threats to any organization in the last few years.
  • Employee exposure – making sure that employees in all locations change their passwords periodically and use a certain level of sophistication; (especially with sensitive company accounts) as well as protection against phishing attacks and scams.
  • Malicious Insiders – once onboarding has taken place- employees, contractors and guests – there is the risk of theft or misuse of sensitive information.
  • DDoS Attacks – Distributed Denial of Service attacks happen when multiple systems flood a targeted system such as a web server, overload it and destroy its functionality.
  • BYOD, IoT – these devices tend to be somewhat easier to hack and therefore must be completely visible on the network.
  • Physical breaches, natural disasters – less common but extremely harmful when they occur.

 

Step 3: Prioritizing and Risk Scoring

There are many factors that go into creating the priorities and risk scoring.

  • Cyber security trends – working with a network access control system in place that factors in the most common and current threats along with the less frequent, could save you and your CISOs a lot of time and cut costs, while at the same time defending the organization in an optimal framework.
  • Compliance – includes the kind of data that is to be handled, whether the company stores/transmits sensitive financial or personal information, who specifically has access to which systems.
  • Organization history – If the organization has experienced a data breach or cyber-attack in the past.
  • Industry trends – understanding the types of breeches, hacks and attacks within your specific industry should be factored in when creating your scoring system.

 

Step 4: Assessing the Current Security Posture

At this point you should start to have an initial security posture available for each item included in your initial scope definition. Ideally, with the right access control systems in place, no internal biases affect your initial audit or any continuous risk assessments performed automatically later on. Additionally, making sure that all connected devices have the latest security patches, firewall and malware protection will assure more accuracy in your ongoing assessments.

 

Step 5: Formulating Automated Responses and Remediation Action

Establishing a corresponding set of processes designed to eliminate the risks discussed in step 2 includes a few solutions that should be included in this step:

  • Network monitoring – establishing continuous automated monitoring and creating automated risk assessments will lead to improved risk management. Cyber offenders are typically working to gain access to networks. Activating software that automatically takes notice of new devices, software updates/changes, security patches, firewall installments and malware protection is the best way for any organization to protect itself. Ideally your CISOs should be alerted to any questionable device, software, activity, unknown access attempts, and more, so as to be a step ahead of any harmful activity whether it is maliciously done or not. Network Access Controls such as the solutions offered by Portnox offer 24/7 risk control and risk management and use machine learning to identify cyber offenders, while at the same time cutting costs oIoT Ip Cameran employee hours and replacing expensive systems with cloud distributed software, pay-as-you-go and scalable options.
  • Software Updates – Making sure that everyone on the network has the latest software updates and patches, firewalls etc. It is highly recommended to take advantage of this built-in feature in Network Access Control Software that alerts you when those are required.
  • Data backups and data segmentation – relatively simple but crucial steps, because obviously consistent and frequent data back-ups along with segmentation will ensure minimal damage should your organization ever fall to malware or physical cyber-attacks.
  • Employee education and awareness – training for new employees and continuous security updates for all employees to make sure best practices are implemented company-wide, such as how to spot phishing campaigns, increasing password complexity, two-factor authentication and more.

 

Conclusion

If you have completed these simple but crucial steps, you have finished your first internal security audit! Now you can proceed to establishing your ongoing automated risk assessment, management and controls to secure your company’s assets for the short, medium and long terms. Your first security audit, when done properly will serve you well as a touchstone for future risk assessments and self-audits. Monitoring all devices and machines as well as software over time is the best way to control the risks within your device and software security perimeter. The continuous fine-tuning of your controls and processes will maintain ongoing visibility as well as the ability to properly assess your overall preparedness for cyber-threats along with the ability to manage risks and remediate attacks.

Due to the proliferation of wireless networks and mobile devices, through BYOD and IoT, the workplace has become, on the one hand, a more agile and flexible environment, increasing productivity and employee satisfaction, and on the other, a breeding ground for vulnerabilities and cyber risk. As NAC solutions address the needed steps to audit your organization’s security while also providing intelligence into network behavior through various integrations and methods for achieving compliance, they are well suited to help meet and address these risks. For these reasons, NAC, today, is a must-have part of a robust self-auditing security mechanism. By controlling access to the network with a NAC solution, organizations control their exposure to a wide array of emerging digital business risks, keeping their organizational network healthy and secure.

Now that you have completed your initial network security audit, you can focus your attention on keeping your network safe.
A core factor in achieving that is to have full visibility and control of all devices connecting to the network in real time.

Implementing Network Access Control solutions addresses top security concerns and therefore is a crucial step in preparing your network for security audits.
Find out more here:
The Importance of a NAC Solution White Paper

blockchain of things

Blockchain of Things – Here We Come!

By | IoT | No Comments

Welcome to the future of IoT! Imagine this futuristic scenario. An electric and autonomous Taxi or Uber car pulls up at a charging station on the side of the road. In order to receive the charge, the car is required to communicate and pay the station, while the station “needs” to “trust” that indeed it will be paid for the electricity before it starts charging. The two machines need to communicate and transact with each other. In this future, how will authentication, authorization and trust between Internet connected machines be established? One could think of a machine having a “credit history” and a “trust score” of some sort, based on past performance that is auto-communicated between these IoT machines.

 

The “trust score” could be affected by a few things. If a machine’s computer hasn’t been updated with the latest security patches, firewall and malware protection, other machines won’t process transactions with it. Or if its processor or other parts have a sketchy supply chain record that are not trusted that would lower the score. Perhaps having skipped a payment somewhere could lower the score as well. In these cases, the charge station would most likely not provide the electricity for the charge. Or, in a worse scenario, if this autonomous uber car has been compromised as far as security, and is allowed to perform the transaction – there could be potential challenges starting with the service station not being paid, all the way to attacks where viruses and malware are being spread and even leading the way to DDoS attacks, such as the Dyn Attack on October 21, 2016 that affected large sections in Eastern USA and Europe.

 

IoT includes all hardware devices that are connected to the Internet. We have seen tremendous growth in the IoT sector in the last few years. Gartner research estimates that there will be roughly 20.4 billion IoT connected devices by the year 2020. That’s around the corner. An influx of smart devices could pose both security and reliability issues, particularly with devices that thus far have not been connected to the network. In the last year or so there has been more talk about using Blockchain technology to secure IoT devices and machines, and there is even a school of thought called Blockchain of Things emphasizing this potential solution.

 

Blockchain is considered to be one of the most promising technologies for the future. It is essentially a decentralized distributed ledger (a data base or record book), that provides a way to record and transfer data in a way that is transparent, safe, auditable, and resistant to outages. The data is stored on computers and business servers around the world, and in the future it could be used to record many different types of data.  Currently the main use-case for Blockchain is in the realm of cryptocurrency. The technology was first rolled out in January 2009 as the underlying tech for Bitcoin and has since been used for other cryptocurrencies such as Ethereum.

 

On the blockchain system, all computers/ end-nodes confirm that a transaction took place and is therefore an authorized occurrence, confirming that everything about the transaction is legitimate before giving the transaction an approval. Every copy of the record must match up for all end-nodes. It is as if we are all standing around watching the electric autonomous Uber or Taxi pull up to that electricity charging station and connect with the charging station’s communications, all agreeing that the money went from the car owner to the charge station, as well as other data such as the car came to this specific geo-location and that the correct amount was logged.

 

With each day going by, it is becoming clear that blockchain technology could play a role in achieving increased security, reliability and trust in IoT networks. We believe that these scenarios are going to be part of our normal routine within the next 5-10 years. A routine control of risk will be as important as ever when machines are performing the transactions and communications amongst themselves, without us humans, (although they will be communicating in essence on our behalf) and outstanding trust protocols will have to be set in place so that this future can work seamlessly and securely.

Employees Working All Over The World? Learn How to Protect Your Network from the Cloud

By | Cloud Security, Our Technology | No Comments

Every enterprise has a different pain point when it comes to security, whether it employs a large remote workforce or the company operates at a global scale. According to a survey by Gallup, 37% of U.S. workers have worked from home, which is up from 9% in 1995. This trend in an agile employee base allows companies to be competitive with one another when hiring talent, but it is leaving back doors and heightened risks to your network. With the right technology, companies can control access to its networks in any region and from any device.

Here are two use cases where NAC as-a-Service helps organizations control its network security. You can read more in the NAC-as-a-Service eBook.

Enterprises with Remote Workforces

As companies adopt work from home policies, it is raising security concerns for IT departments. Remote workers and co-working spaces aren’t just for startup entrepreneurs anymore. In fact, Fortune 500 companies like GM, GE, IBM and Microsoft all rent office spaces from WeWork. According to Gallup, the average U.S. employee works remotely at least two days a month. 9% of those polled work from a remote location for at least ten days a month, whether that is from their home office or a more public location.

Remote employees often connect to wireless networks that are also being accessed by other individuals whether the employee is at a coffee shop or traveling using their hotel’s guest Wi-Fi. Many companies require remote employees to authenticate their devices via a virtual private network, but enforcing VPN policies can be difficult. Using these connections may leave back doors open for hackers into the enterprise’s network.

With NAC-as-a-Service, IT departments gain visibility into their network endpoints from the cloud, giving network administrators the contextual knowledge to be confident their data and networks are secure. With strong authentication credentials, NAC as-a-Service prevents unauthorized access.

Global Companies Looking to Minimize Risk

With the growth of BYOD, IoT and companies scaling their business globally, the need to control network endpoints and streamline security practices for the network is higher than ever.  Managing global networks with multiple regional offices can be daunting. With global corporations like GE, IBM, and Microsoft encouraging co-working spaces more IT departments are sitting down to minimize the potential risks to their network. If a vulnerable device is attempting to join the network at a regional office or a shared office space like WeWork, it may put the entire global network at risk. Many traditional NAC solutions are on-premise and some regional offices may have differences in their security policies. Streamlining these policies are crucial, and with a cloud NAC solution there is no requirement for any hardware or complex installation, and can, therefore, be streamlined across a global network from the cloud.

Whether you are managing regional offices or your IT department is authenticating your work at home employees, with NAC-as-a-Service small businesses and large enterprises can monitor their risks and secure entire networks with ease. Portnox CLEAR works to put IT department’s minds at ease with NAC via the cloud whether your company works at a global scale or you are retaining a large remote workforce.

Interested in reading more about the next generation of NAC? Read our NAC-as-a-Service eBook.

What is NAC-as-a-Service and Why Do You Need It?

By | Cloud Security | No Comments

Network access control (NAC) solutions have been around since the early 2000s, serving the important purpose of authenticating and authorizing access to the corporate network. NAC solutions are historically reliable when it comes to authenticating and authorizing access based on device credentials, but with the onset of digital transformation, including, Bring-Your-Own-Device (BYOD), the Internet of Things (IoT), and a growing mobile workforce, NAC solutions need to adapt to the modern enterprise landscape.

Our new eBook introduces NAC-as-a-Service, offering traditional NAC capabilities including authentication, authorization, and endpoint security assessments from the cloud as-a-Service.

What’s new about NAC-as-a-Service?

  • Pricing: Traditional NAC solutions run on port-based pricing and one-time fees, but NAC as-a-Service serves as subscription-based models
  • Location: On-premise NAC offerings typically control only on-site devices, whereas NAC as-a-Service monitors and control all devices on a network regardless of location
  • Easy 802.1x – A NAC as-a-Service solution allows for simple deployment of 802.1x authentication, without compromising on security across the enterprise and allowing admins to embrace the trustworthy method of authenticating devices on the corporate network
  • Automated control: Instead of manually tracking managed endpoints, NAC as-a-Service offers automated controls based on a device’s risk level
  • Customized Policies: System admins can set up access policies, restricting devices based on qualifications, for example, setting geographical control over where the corporate network can be accessed from or restricting access from a certain operating system

Why your organization needs NAC-as-a-Service?

If you’re looking to adopt digital transformation trends while keeping your network secure, NAC as-a-Service is right for you. IT professionals often want to encourage their employees to use technology and reap the financial benefits that result but are concerned about the digital risks they can expose the organization to. When adopting digital transformation trends like BYOD, IoT and the mobile workforce, visibility and access controls are more important than ever. NAC as-a-Service offers network administrations visibility into all endpoints without the use of an agent, and automatically limits or restricts access if an endpoint appears to put the network at risk. With a cloud service, network access control is easier than ever.

Portnox CLEAR is a cloud -based solution that simplifies the management of emerging cyber risks in the organization, offering all the benefits of a SaaS solution paired with robust access control and network visibility capabilities.

Find out more about how NAC-as-a-Service solution addresses today’s security needs in our  NAC-as-a-Service eBook.

nac as a service webinar

NAC as-a-Service: What it means and how it works? – Webinar

By | Our Technology | No Comments

Watch our webinar to find out what NAC as-a-Service is, how it works and how your company can benefit from it.

As we all know, NAC has been around for a while, but NAC as-a-Service, offered from the Cloud, is the new word in the market. It is true that NAC as-a-Service is still just starting out, but with the demand for current solutions, like our Cloud NAC solution, Portnox CLEAR, it’s clear that organizations are ready to take the leap and start securing access to their networks with an agile cloud-based solution.

So what is NAC-as-a-Service?

NAC-as-a-Service offers all of the same features and capabilities of an on-premise or appliance-based NAC solution with the agility, flexibility and ‘always-on’ benefits of a cloud service. This means that deployment and integration with the corporate network is a seamless zero-touch process, similar to accessing other cloud services, and the pricing model is subscription and use-based – you only pay for the endpoints you need to secure.

That is not all. NAC-as-a-Service is a one-of-a-kind offering in that it enables the strength of what used to be considered the impossibly complex 802.1X authentication protocol, from the cloud as-a-Service. By enabling 802.1X from the cloud, everything is already pre-set up and so organizations can extend strong authentication across their risk-based perimeter and to every location – on and off premise – even at the beach! It is that easy!

With NAC-as-a-Service, controlled access inherently means controlling organizational exposure to digital business risks.

Check out our webinar to learn more about NAC-as-a-Service solution and how your organization can benefit from it.

Try Portnox CLEAR Now!

Portnox Wins Two Cybersecurity Excellence Awards

By | Cloud Security, Network Access Management, Network Security, Our Technology | No Comments

We’re excited to share that Portnox won the Cyber Security Excellence Award in two categories, including:

  • Silver Winner for Most Innovative Cybersecurity Company: Portnox
  • Bronze Winner for Cloud Security category: Portnox CLEAR

“Congratulations to Portnox for being recognized as a winner in the Most Innovative Cybersecurity Company and Cloud Security categories of the 2018 Cybersecurity Excellence Awards,” said Holger Schulze, CEO of Cybersecurity Insiders and founder of the 400,000-member Information Security Community on LinkedIn that organizes the awards program. “With over 400 entries in more than 70 categories, the 2018 awards are highly competitive and all winners truly reflect the very best in today’s cybersecurity industry.”

The 2018 Cybersecurity Excellence Awards are an annual program that recognizes products, companies and individuals that exhibit innovation, excellence and noteworthy leadership in the information security space, based on the strength of their nomination and the popular vote from members of the Information Security Community.  You can find Portnox listed among the winners here.

Read more about Portnox CLEAR, Cloud NAC solution or simply Try it Now!