Category

Blog

IoT

IoT Poses Risks in Home, But There Are Ways to Remain Secure

By | IoT | No Comments

Imagine: You’re sitting at home on a conference call for work and, unbeknownst to you, hackers have gained access to the files you’re sharing on the call. How did they do this you ask? It’s really quite simple: through your smart home IoT devices. Because IoT devices like smart fridges, garage doors, home alarms, baby monitors and even toasters are connected to the same wireless network used to host your conference call, hackers can hijack those vulnerable, unsecure devices and gain full access to everything happening on your network. Soon enough, you might discover that they’ve gained access to your organization’s customer data, business plans and internal financial reports.

IoT devices are inherently insecure and there are a myriad of real-world examples of this very kind of occurrence. Take the massive denial of service (DDoS) attack on the Internet traffic company Dyn in 2016. The attack affected major Internet platforms and services such as Airbnb, Amazon, Box and PayPal, to name a few. It was later discovered that the attack targeted over 100,000 Internet-connected devices such as IP cameras, printers, residential gateways and baby monitors to install Mirai malware. The Mirai malware then overwhelmed Dyn-hosted sites with traffic so that they were forced to deny service to users.

The Mirai botnet is only one example. Recently, cybersecurity researchers at Black Hat 2017 proved that the mechanical components of an automated car wash could be hacked, including the entrance and exit doors, dangerously trapping the passengers of the vehicle inside. The hack was achieved by gaining access to internet-connected operating system running the car wash parts, which was protected only by a default password, readily accessible on connected device archival networks, such as the Shodan Network.

Despite these examples, only a handful of IoT device manufacturers are taking heed. As more consumers purchase connected devices – an integral part of the smart home – it’s worth taking a few precautionary measures to prevent the device from wreaking real havoc.

  1. Segment IoT Devices: Most people don’t have two wireless connections in the home, which could make segmenting a challenge, but it’s really quite easy and entirely necessary. A lot of recent 5G networks come with a 2.4G or option with a weaker bandwidth, just in case the higher bandwidth has performance issues. If you have two networks, set up the IoT device on the network with the lower bandwidth and keep it there. You could even create a separate network for all of your IoT devices, if you want to be on the safe side. Make sure to create a different password for your IoT device network so that if hackers commandeer the device, they can’t access private information.
  2. Change Default Passwords: This tip should really be the first direction in any IoT device instruction manual, but it rarely is. The moment that you begin the installation process for an IoT device, make sure to change the default password to something that’s hard to guess and not the same as other passwords that you commonly use. Even using your telephone number presents a risk as hackers could somehow access that information. This step is crucial as the passwords of connected devices are available over the Internet (see the car wash example).
  3. Create a Back-Up Plan: If some of the critical systems in your home are connected devices, make sure that you have a back-up plan in place in case they go haywire. This may seem like a silly enough step, but hacker’s goal is often to inflict physical and psychological damage on their targets in order to extract a ransom payment. A go-to strategy would be to disconnect and reset all of the IoT devices if they start acting out of line, but sometimes even those steps can’t remediate the problem. Try to consult with an expert or cybersecurity professional at the point of purchase and ask them about a continuity plan, or data back-up if the device stores information.

IoT devices are quickly becoming the mainstay of home appliances which is why it’s important to know the risks and have strategy in place that will help you recover in case the connected device is compromised. Until IoT device manufacturers are required to integrate security software into their products, make sure you are taking precautions while implementing connected technology.

National Cyber Security Awareness Month (NCSAM) is all about sharing knowledge to promote a safer and more secure internet environment for all users. Inform your peers when you hear of threats to stop them from spreading and always remain wary of what you search, receive and send over the internet. Awareness and education are the best ways to beat hackers!

Stay #CyberAware

Portnox CORE is the Proud Winner of the Computing Security Awards in the NAC Category!

By | Our Technology | No Comments

Portnox is proud to announce that it is the winner of the Computing Security Awards 2017 “Network Access Control Solution of the Year”. Portnox’s on-premise NAC solution, Portnox CORE, was nominated as the best NAC solution of the year through a submission process open to the public, and was selected as the winner by Computing Security Awards’ board of judges. The announcement was made at an event for all of the nominees in London, England on October 12th.

While this is the first Computing Security Award won by Portnox, it is not the first time that Portnox CORE has been recognized as a top NAC solution by industry leaders in 2017. Portnox CORE was recognized with the following awards in 2017: Cybersecurity Excellence Awards, Best of InteropITX in the Security category and the Info Security Product Guide.

Portnox CORE is a leading solution for on-premise NAC that provides complete visibility into the enterprise network, including connected endpoints of various types in various locations, as well as control mechanisms to ensure that security policies are thoroughly enforced. Portnox CORE was one of the first NAC solutions to integrate an Internet of Things visibility radar, which includes the ability to automatically register new MAC addresses, providing enterprise IT teams with a security solution for IoT devices. In addition, Portnox CORE is an agentless solution, making the transition into BYOD and emerging technologies a simple and natural process for the digitally transformative enterprise.

Empowered by the recognition from the Computing Security Awards win, Portnox’s development teams will continue to introduce innovative, demand-driven features into Portnox CORE’s product offering. Portnox’s goal has always been to provide visibility and access control into all endpoints, everywhere, and Portnox CORE as a key role in helping us realize that vision.

Portnox CLEAR, Portnox’s cloud-based NAC product, has also been recognized by a number of industry leaders for taking a leap into the cloud security space ahead of other major NAC and cybersecurity solution vendors

Read more about Portnox CORE, Portnox’s NAC solutions, or request a demo!

How to Discover and Control a Vulnerable Device

By | Our Technology | No Comments

With BYOD, IoT and the growth of the mobile workforce, CISOs and system administrators are faced with mounting challenges in discovering and controlling all of the devices on their network. The proliferation of these technologies makes it easier for hackers to gain access to the network, by gaining control over and access to rogue and vulnerable devices, although they have obvious benefits for business. In this environment, a cloud-based network access control solution like Portnox CLEAR can go a long way in identifying and automatically controlling access for endpoints on the corporate network, both on and off premise.

Watch the following video to find out how easy it is to discover and control vulnerable devices with Portnox CLEAR.

Nominate Portnox & Portnox CLEAR in the 2018 Cybersecurity Excellence Awards

By | Cloud Security | No Comments

Portnox is proud to announce that it has been nominated in two categories for the 2018 Cybersecurity Excellence Awards, in the company category for “Most Innovative Cybersecurity Company” and in the product category, for the second-year in a row, Portnox CLEAR is nominated in the “Cloud Security” category. The Cybersecurity Excellence Awards are an annual competition, produced in partnership with the Information Security Community on LinkedIn, which has over 400K members and recognize companies, products, and individuals that demonstrate excellence, innovation, and leadership in information security.

Portnox CORE was the proud winner of the 2017 Cybersecurity Excellence Awards in the IoT Security Category for its “IoT Visibility Radar” that provides complete visibility into IoT devices on the corporate network. With the IoT Visibility Radar, organizations are able to discover the characteristics and location of IoT devices and set their network access policies. With this feature, organizations gain control over the IoT devices present on their network, to protect against hidden threats and vulnerabilities resulting from a lack of IoT security solutions.

Additionally, Portnox CLEAR was selected as a 2017 Cybersecurity Excellence Awards finalist in the Cloud Security category.

As Portnox continues to innovate the network access control space with its CORE, on-premise, and CLEAR, cloud-based, solutions, vote for us and show your support! Click here to nominate Portnox for “Most Innovative Cybersecurity Company” and here to nominate Portnox CLEAR as the top “Cloud Security” solution for the 2018 Cybersecurity Excellence Awards.

Thank you for your support and best of luck to all of the candidates!

Ransomware and Internet of Things: Partners in Crime

By | Threat Detection and Response | No Comments

If you’ve been reading cybersecurity publications lately, you’re probably aware that ransomware  and Internet of Things (IoT) are now some of the biggest concerns within the cybersecurity community. Besides all of the relevant scenarios and security products that are presented to prepare for or attempt to prevent ransomware attacks or an IoT breach, there is one scenario that isn’t being talked about – ransomware attacks on IoT devices. This blog will attempt to shed some light on how these factors can work together to put your organization, and even human lives, at risk, as well as suggest ways that such an event can be prevented.

At the recent Black Hat conference in Las Vegas, two cybersecurity researchers, Billy Rios and Jonathan Butts demonstrated how the mechanical arm of an automated car washing machine could be hacked to cause damage to a vehicle, and potentially threaten human life. This is not the first time that Rios and Butts have put a connected device to the test; the team has successfully hacked a pacemaker and a smart car to highlight life-threatening vulnerabilities. They are probably not the only team that has made a point of demonstrating the dangers of IoT malware and ransomware, yet still, manufacturers, organizations and consumers continue to produce, purchase and deploy these inherently vulnerable devices. What makes IoT ransomware a grave security flaw?

Let’s start by stating that all connected devices (not just IoT devices) are potential victims of ransomware attacks because they are connected to the Internet. Ransomware attempts to gain access to mission-critical data on the network, then encrypting that data until the organization or individual pays the ransom (usually in a cryptocurrency), at which point they are provided the encryption key to recover the data. While ransomware is well understood when it comes to more “traditional” devices such as computers, phones, and servers, IoT devices are rarely considered as a point-of-entry, and if they are, there’s no way to patch, protect or install anti-virus software. Really, your best hope with an IoT device is that the manufacturer installed firmware and that there are available upgrades that somehow address ransomware risks. In the majority of cases, these firmware updates simply do not exist.

Then there’s the issue of visibility. When organizations and individuals connect IoT devices to their network, the excitement of deploying a new technology resulting in greater efficiency tends to overshadow precautionary measures to ensure the device is secure. There are a number cases in which organizations were attacked via IoT devices that they didn’t have knowledge of. In addition, many of these devices have default passwords that can be easily discovered through the Shodan search engine, Hydra or other IoT search tools and password generators. In most cases, the username is ‘admin’ and well, the password is the same. Oversight of IoT devices on the network greats a gaping hole for hackers to plant ransomware that, while not directly targeting the IoT device, can reach the mission-critical data they are after by gaining access to the network.

Finally, there is the physical aspect of IoT devices. Usually, these devices are deployed to control temperatures in the HVAC room, or as a smart coffee machine, smart TVs and in industry as part of the movement to connect machinery to the Internet (Industry 4.0). That means that unlike most computers and other “traditional” devices, IoT devices are tied to a physical function that could have real, and potentially dangerous consequences. The demonstration of the car wash hack is a good example, but what about IoT door locks that could trap people in a building or prevent entry, or a smart TV that allows for espionage. At the moment, the majority of these are hypothetical scenarios, but as the Mirai botnet incident demonstrated (what’s known as a pivoting attack), the hacking of IoT devices presents a real threat that should be addressed now, rather than later.

At the moment, IoT manufacturers aren’t doing much to make sure these devices are secure, so what should organizations eager to implement IoT devices do to make sure that they aren’t putting their network at risk?

The first thing that should be done is to find out if the IoT devices you’ve deployed have firmware, and if they do, if that firmware can be upgraded. But, as mentioned, not all IoT devices have firmware, which is why the next step should be to secure the IoT network with firewalls or create a network perimeter. With the devices quarantined in a “safe” part of the network, pivot attacks and access to mission-critical data on other devices are (largely) out of the question. Visibility is key for knowing where hidden threats lie on the network, which is why a solution that discovers IoT devices, their location and characteristics should be an essential part of any security stack. If possible, deploy a network access control solution that will allow for authentication of IoT devices to ensure that vulnerable devices can’t enter the network and gain access. Finally, and as previously mentioned, consistently update the default passwords and manage the security certificate lifecycle (if any).

While we haven’t heard of too many IoT ransomware attacks yet, you can bet that they will be in the news soon enough. Beat the black hats to the chase and shore up your network with IoT visibility, discovery and control tools that will protect against malicious exploits, including malware and ransomware.

Find out more about Portnox’s Rapid Ransomware Control & Response Solutions.

How to Avoid the True Cost of Ransomware

How to Avoid the True Cost of Ransomware

By | Threat Detection and Response | No Comments

Recently, ransomware attacks on enterprise were all over the news. From the massive WannaCry attack in May 2017, which affected 300,000 devices worldwide (if not more), and the Petya (also known as NotPetya) attack in June 2017, it seems that there is no rest for the ransomware wicked. More than ever, businesses are aware that they need to have a ransomware game plan, and fast, because if not, they might find themselves in the headlines, having to take on the enormous costs of the attack aftershock, or worse – losing business due to system downtime and outages.

The wide-reaching effects of ransomware attacks on large corporations such as FedEx, Merck, HBO and Maersk are living examples of why it is important to avoid paying the true cost of ransomware remediation. The US pharmaceutical giant Merck was attacked by the Petya strain in June, yet still the organization is struggling to recover all its information and to account for the damages. The attack cost the organization billions in downtime, not to mention the significant funds required to staff around-the-clock IT experts, lawyers and PR reps to get business back on track. Global entertainment giant HBO was presented with a multi-million dollar ransomware demand this August, wasting billions in ad revenues for the company. These are just two examples that highlight the need for a review of remediation procedures, as well as ways to avoid paying the true cost of ransomware.

One of the easiest ways to avoid paying the true cost of dealing with a ransomware attack is simply not to pay the ransom. This may seem to go against organizational, or even your moral principles, but it has been established that paying the ransom seldom pays off. That’s because it’s unlikely that the hackers will release back all the information, upping the PR costs of dealing with potential media backlash, and, despite paying the ransom, showing a willingness to pay might brand your company as an easy target in the hacker community. But more than that, paying the ransom won’t prevent future attacks, because, in most cases, ransomware is distributed at random to any of the non-patched or vulnerable devices that particular strain is targeting. That’s why it’s a better idea to use the money that would go toward paying the ransom to shore up your cyber defenses, authentication tools and network firewalls.

Then there’s the issue of backups. Many organizations create a ransomware response plan that involves storing critical data on a secure server so that they can quickly bounce back from an attack. Yet while it is a good idea to back-up critical data, it’s possible that the back-up won’t recover all the information that’s in hackers’ hands. This presents threats to the stability and safety of your organization, and creates the possibility of a PR mishap (see the HBO example). In addition, the most recent ransomware attacks are targeting network-connected computers that have access to these back-ups, which means that attempts to fully restore systems are largely futile. So while back-ups are a good practice that should remain part of remediation plans, they shouldn’t be too heavily depended upon to get you back on your feet.

The bottom line: You need a multi-pronged approach to remediation.  If there’s one thing that can be said about ransomware, it’s that it doesn’t discriminate, which is why, more than ever, companies need to have the right remediation plan in place to avoid paying the true cost of ransomware attacks. A good place to start is integrating a solution that will allow IT professionals to remotely disconnect corporate devices from the network. This will help prevent the lateral spread of the attack throughout the organization, on both patched and unpatched devices (because the latest NotPetya strain targeted both). In addition, it’s important to have constant awareness of network areas at risk. This can be done by deploying a network access control solution that provides full visibility into devices, assess their level of digital risk to your business, and controls which devices are allowed on the network, and which aren’t.

To avoid paying the true cost of a ransomware attack, i.e. system and employee downtime, PR brand name damage as well as brand equity loss, and legal efforts and recovering data losses, your organization should consider a multi-faceted remediation approach that integrates a network authentication and endpoint control solution, allowing for business continuity with customers and partners.

Find out more about Portnox’s Rapid Ransomware Control & Response Solutions.

Cloud Security Mythbusters – Debunking the Top 5 Cloud Security Myths

By | Cloud Security | No Comments

Whether you’re a fan of digital transformation or not, there’s no denying that the shift to the cloud is engulfing enterprise IT. According to Gartner, over the next five years, over $1 trillion in compounded IT spending will be directly or indirectly impacted by the cloud shift, making cloud computing one of the most disruptive forces of IT spending since the early days of the digital age.

That said, it’s time to debunk some of the most common myths regarding cloud security before an outdated IT stack exposes your organization to emerging digital business risks.

Check out our Top 5 mythbusters Infographic here!

Myth #1 – The Cloud Isn’t Secure

The top concern among C-Suites and IT teams alike is that cloud-based security solutions are more prone to external threats than legacy security solutions.

Debunked: On-premise security appliances require firmware upgrades to protect against known exploits, resulting in a constant need to keep the solutions up-to-date. In addition, configuration changes could expose the network to potential vulnerabilities, requiring tedious maintenance of management procedures and periodic penetration testing. However, cloud-based security solutions are constructed, from the outset, to evolve to address relevant threats in the current cyber security landscape. David Linthicum, a leading cloud analyst and VP at Cloud Technology Partners, explains that the security of the cloud is on par with the security of any external device: “Anything that can be possibly accessed from the outside – whether enterprise or cloud – has equal chances of being attacked, because attacks are opportunistic in nature”.

Myth #2 – The Cloud Is Still Too ‘New’ To Be Trusted

Cloud-based applications and services are relatively new on the IT front. So why trust them?

Debunked: An increasing number of both large and small to medium-sized enterprises across a variety of industries – government, healthcare, ecommerce etc. – are employing cloud-based solutions for everything from human resource management to network security. According to IDG Research, “Cloud technology is becoming a staple to organization’s infrastructure as 70% have at least one application in the cloud”.

Use of Cloud Technology 2011-2016

Reference: “2016 IDG Enterprise Cloud Computing Survey

Myth #3 – The Cloud Is Great for Productivity Apps, But Not for Securing the Network

There is big difference between cloud productivity apps, and performing key security actions, such as Network Access Control (NAC) from the cloud.

Debunked: NAC is a growing concern for CIO/CISOs and IT teams in large to SMEs due to the increased need to gain control over digital business risks. And the stigma of the cloud being less secure isn’t necessarily correct. Gartner reports that by 2018, the 60% of enterprises that implement appropriate cloud visibility and control tools will experience one-third fewer security failures.

Myth #4 – Cloud Solutions Require Re-Educating IT Teams

Training IT teams to deploy a cloud-based security-as-a-service solution would require significant time and resources.

Debunked: Cloud solutions inherently cut time and costs associated with security management in IT teams, freeing them up to carry out more productive and profitable action items. That’s added to the easy and instant deployment associated with cloud-based solutions including automatic system updates, usage demos, access to use cases, and more.

Read our Debunking Cloud Security Myths White Paper for more fun facts!

Myth #5 – Cloud Solutions Can’t Help with Compliance

Cloud solutions are constantly changing – one minute they are a “must have” security tool, and the next they are an imminent source of risk to company information. How can you trust cloud security solutions uphold compliance?

Debunked: Cloud solutions are taking heed and are doing their part to relieve this part of the “IT headache”. Many solutions integrate compliance standards into their product while allowing for modifications to the network policy where necessary. Built-in compliance is a winning strategy for business success, and ensures that there aren’t any loopholes the IT team is missing out on.

As Gartner puts it, “By 2020, a corporate ‘no-cloud’ policy will be as rare as a ‘no-Internet’ policy is today”. While in many cases, hype can have dangerous potential, in the case of cloud security, it’s a win-win situation: a win for digital transformation and a win for the IT team that’s eager to expand their business value proposition.

Portnox CLEAR – Security-as-a-Service Solution: The first completely cloud-based Security-as-a-Service solution for Network Access Control (NAC), CLEAR controls access for all devices and users to wired, wireless and virtual networks, to effectively confront digital business risks and cybersecurity threats.

Try it Now!

Portnox’s Security Solutions Reviewed in 451 Research Report

By | Our Technology | No Comments

The leading information technology research and analyst firm 451 Research Group recently published an impact report that reviewed and commended Portnox’s Network Access Control (NAC) solutions, CORE & CLEAR, entitled “Portnox connects enterprise reality to its risk-based perimeter”. You can read the full report here.

The “451 Take” on Portnox’s solution for on-premise NAC, CORE, and cloud-based NAC, CLEAR, was that, “Portnox is helping redefine the value proposition of NAC, focusing on visibility, access control and flexibility. The company’s sensible risk orientation and the lightweight architecture of its CORE on-prem and CLEAR cloud services appear to be well aligned to help meet enterprise demand for a better NAC experience.”

Download the full report here.

Portnox CEO Ofer Amitai Featured in IoT Agenda

By | Our Technology | No Comments

Portnox’s CEO and Co-Founder Ofer Amitai was featured as a guest contributor in Tech Target’s IoT Agenda with an article entitled “Your security appliance is essentially an IoT device”. You can read the full article here.

The article surveys the similarities between security applications and IoT devices in that they are both “simplistic” devices that run software. Therefore, Amitai concludes, security appliances are susceptible to some of the same vulnerabilities as IoT devices – such as acting as a gateway for network breaches, DDoS, phishing and malware attacks, just to name a few. Read the full article here to find out how to secure security appliances so that they aren’t just another vulnerable IoT device on the network.

Patched or Unpatched? – That is the Question

Patched or Unpatched? – That Is the Question

By | Threat Detection and Response | No Comments

“Ransomware” may now officially be the most searched word on Google. That’s because this month, the alleged hacker group the Shadow Brokers executed yet another global ransomware attack, the ‘Petya’ attack, which manipulated many of the same vulnerabilities as the May WannaCry attack. In light of this new and worrisome wave of ransomware cyber crime, it’s time to discuss an unresolved for so many organizations – patched and unpatched devices.

A major network security pitfall in organizations of all sizes, but mainly large organizations, is that they lack visibility into which devices have been patched for the EternalBlue/EternalRomance vulnerabilities, and which devices are unpatched and are therefore prone to attacks. While Microsoft did what it could to issue the patches in time to prevent the spread of the attack, a number of devices remain unpatched, and in some cases, it is impossible for IT admins to tell if there are devices left to patch or not. There could be two reasons for this oversight: 1. The IT administrators lack appropriate network/endpoint visibility tools with compliance mechanisms such as automated patching or quarantining of rogue devices; or 2. There are unmanaged company devices accessing the network. In the case of the latter, it is impossible to tell if they have been patched or not, unless the admins make the effort of manually installing the patch updates themselves. While there is much to be said for the benefits of network visibility tools, it’s the unmanaged devices that really worry me.

Ransomware2

So how can we prevent a third massive ransomware attack? One could return to the vendor or Point of Sale of said unmanaged device and ask them to manually install the firmware, but this is a manual process and, with all of the ransomware attacks lately, these vendors are probably swamped with requests. The more logical option is to establish an active inventory of the unmanaged devices (such as BYODs) on the network so that, on the eve of an attack or, in light of suspicious activity, these devices can be automatically quarantined or blocked from the network. Another option is to perpetually place these devices in a segmented or firewalled part of the network that will limit their access to the Internet and sensitive company information. Here, it is possible to assign unmanaged devices to a guest or contractor network with limited access capabilities from the start.

Why is this so important, you ask? Because the perpetrators of the ‘Petya’ and WannaCry attacks were able to incur damage on a global scale by infiltrating vulnerabilities on one or two devices, then spreading the ransomware using freeware tools to thousands of others. It’s really the same way that worms work. This lateral movement throughout the organization can put IT admins in disaster mode – and that’s added to the fact that it takes 40% of IT teams at least two to three hours to realize they’ve been attacked!

In order to stop the ransomware bad guys in their tracks, it’s recommended to automate remediation methods to control the extent of the damage. Without this cushioning in place, hackers like the Shadow Brokers have free reign over not just one or two vulnerable devices, but the entire network, including personal devices and information attained in phishing attacks.

Let’s take the right actions this time to ensure that a third global ransomware attack doesn’t happen again anytime soon.