Skip to content

New Cyber Threats & Vulnerabilities Brought on by the Rise of IoT Devices

Diving into Internet of Things Statistics

An Internet of Things (IoT) device simply means a device which can communicate back and forth with a central hub, mainly via WiFi but also using technologies such as SIM cards and radio frequencies. We are living in the age of digital connectivity, if it can have an IP address then you best believe it’ll have one assigned. From Samsung’s AI-powered Family Hub Smart Fridge which tells you what recipes you can make based on the ingredients inside, to Tesla vehicles with over-the-air updates for not only the software but also actual motor components (a 2018 update on the Model 3 to adjust the anti-lock algorithm which helped with braking distance).  

Consumer technologies aren’t alone when it comes to utilizing the Internet of Everything. Industries such as healthcare have their own use case. Internet of Medical Things (IoMT) such as smart sensors for monitoring patients’ vitals are an essential piece of equipment in modern healthcare facilities.  

The statistics back this growth: there are already more active IoT devices (10 billion) than people on earth. It’s expected that there will be over 30 billion total IoT devices by 2025, with the market value projected to reach $875 billion by that time. Every second over 100 new IoT appliances connect to the public internet. It’s so widely adopted that almost a third of the US population own a smartwatch. This sharp increase in devices has a clear effect on the global volume of data being transported, the graph below shows year to year growth.  

Cyber Threats & Vulnerabilities of IoT

As the Internet of Things rapidly grows, the cyber threats and associated risks continue to evolve and become increasingly complex with hackers coming up with new ways to breach devices and networks. Every organization should be aware of their own network attack surface, which is the totality of all vulnerabilities from connected devices and hardware. Each device poses a possible point of entry for an unauthorized user to gain access. Ideally you keep your attack surface as small as possible, making it easier to protect. But for some organizations, this simply isn’t a possibility, as there might be a need for thousands, if not hundreds of thousands of IoT sensors to report on key analytics.  

As mentioned earlier, the healthcare industry has a sizable use case when it comes to IoT devices. An issue with this is the cost associated with these complex pieces of equipment such as MRI scanners and X-ray machines. It simply isn’t feasible for these items to be upgraded regularly, which in turn leads to outdated and unsupported systems still playing a key role in the infrastructure. As an example, Windows 7 support was discontinued in January of 2020 after 10 years in operation, creating an untold number of vulnerabilities for organizations around the globe. According to a report from Palo Alto Networks cybersecurity division Unit 42, 83% of medical imaging devices are running unsupported operating systems.  

IoT devices suffer from a range of other vulnerabilities, including: 
  • Weak/default passwords and settings: Back in 2016, the largest DDoS attack ever at the time was launched against the service provider Dyn using a botnet powered by IoT devices. Hackers used a piece of malware called Mirai, which after initially infecting a computer would continue searching for vulnerable IoT devices and use default usernames and passwords to login. These credentials can be found online easily, and if the network operator doesn’t change them, anyone can gain access. 
  • Poor device security from the manufacturer: When a device communicates in plain text, all information that is being transferred can easily be intercepted via a Man-in-the-Middle attack. 
  • Outdated IoT firmware: A large percentage of IoT devices use third-party libraries for their firmware, these can easily become outdated and with the lack of ability to update the firmware on some devices, this poses an issue. 
  • Protecting your IoT Devices and Network: Network administrators need to realise that with these new devices they need to ensure they are keeping up with the essential security solutions. Strong passwords, firewalls and anti-virus software simply isn’t sufficient. The first step in protecting your IoT devices is to learn and understand what the most likely cyber threats are. Create a threat model which identifies, evaluates, and prioritizes potential vulnerabilities. Having a documented network is essential, a well-maintained network management system with advanced monitoring will massively help identify weak spots in the network.  
Basic IoT network security measures include:
  • VLANs: Placing the IoT devices in their own VLAN with total segregation from the rest of the network. This doesn’t have to be anything overly complicated, just set some simple rules such as trusted and untrusted depending on how much faith you have in the device. E.g. A Nest smoke alarm can be placed in the trusted VLAN and have access to the internet but a cheap Chinese thermometer would go in the untrusted VLAN and not have access to anything else.  
  • Static IPs: If it is possible to assign a static IP, definitely do so. This helps you to keep track of the device and can make troubleshooting a whole lot easier. Another benefit of this is helping with identifying new devices on the network. 
  • MAC Address whitelisting: An easy way of ensuring only authorized devices can access your company network. But it is important to note that these can be easily spoofed. 
Advanced IoT security measures include:
  • Modern Network Access Control (NAC): Traditional NAC solutions don’t scale well when it comes to IoT. Standard IEEE 802.1x security protocols are mostly incompatible with IoT devices. As mentioned above, MAC authentication can be spoofed. With NAC, network administrators are able to configure and enforce security policies and analyze device risk postures. 
  • Automated configuration: Having an automated onboarding system in place for new devices is a smart idea. If your company has a large number of IoT devices, it can be easy for some to slip through the security configuration if done manually.  
  • Device certificates: Using X.509 device certificates to manage the identity and security of devices adds another layer of security. These certificates play a key role in PKI-based security and serve as proof of device authenticity by authentication, encryption, and data integrity. 
  • Secure API connections: APIs are commonly used to transfer data between applications and devices. This can give way to a whole host of cyber threats. It is essential that only authorized systems can communicate with the API. The use of tokens to establish trusted identities and provide access to the appropriate services is highly recommended. 

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

AI in Cybersecurity: Transformation is Now

We live in a world where businesses suffer a ransomware attack every 40 seconds, and total malware infections have been on the rise for the last ten years. Withstanding such a heavy barrage of cyberattacks requires an intelligent and robust approach to cybersecurity. And as cybercriminals continue to sharpen their skills and sophisticate their techniques, safeguarding critical enterprise systems is only becoming more challenging.   

Luckily, artificial intelligence (AI) is increasingly playing a significant role in cybersecurity, offering powerful and efficient threat detection and elimination. And with artificial intelligence in the cybersecurity market expected to reach an eye-watering $46.3 billion by 2027, AI should be part of your strategic IT plan, if not already implemented in some areas.  

With this in mind, let’s look at how AI in cybersecurity is evolving and creating a safer world for businesses today and in the future.  

AI in Cybersecurity – Use Cases and Advantages 

Artificial intelligence and its subsets like machine learning and deep learning are vital to information security today. These technologies can rapidly analyze millions of data sets and uncover a wide variety of cyber threats. This section will dive into how AI is being leveraged in cybersecurity and its advantages.  

Threat Detection 

Perhaps the most significant use case for AI in cybersecurity is threat hunting. Typically, these systems use historical data, machine learning (ML), and statistical modeling of networks to create a baseline of expected network traffic. With the baseline established, the AI can rapidly identify anomalies and alert the relevant security teams of suspicious behavior. Critically, machine learning excels at spotting patterns in data that traditional approaches miss and can find these patterns much faster than human security analysts.  

Network Security 

Leading on from the last section, let’s look at some more specific ways AI is used in networking. Network security encompasses many elements, including network access controls (network authentication and authorization), perimeter security, data privacy, security monitoring, and policy management.   

With so many moving parts, maintaining strong network security can be challenging, but AI helps overcome much of this complexity. Additionally, AI makes enterprise networks more efficient by leveraging data-driven algorithms to identify critical patterns within the organization’s infrastructure. Here are the primary ways AI is changing network security: 

  • Log analysis: AI and ML algorithms can analyze logs from all over the enterprise environment, whether they be routers, switches, WAN optimization devices, or others, to provide real-time network performance insights. Armed with this information, network engineers can respond to problems at lightning speed.  
  • Traffic management and prioritization: Automated, AI-driven tools help manage traffic to optimize performance. AI built into smart switches can analyze Ethernet packets and automatically assign different priority levels to different types of network traffic.  
  • Scanning and patching: Many modern switches rely on AI to automate maintenance tasks, including patching. However, fully autonomous self-patching AI systems are also garnering more attention. These systems use AI to self-scan for vulnerabilities and deploy patches for these vulnerabilities without human involvement 
  • Supporting cloud-managed networks: Network architectures are increasingly moving towards centralized management structures like cloud-managed networks and Software Defined Networking (SND). AI can help fully realize the benefits of these architectures, offering increased ease of management and improved network flexibility 

In summary, AI helps improve network performance and reduce downtime and does this more accurately and quickly than a person ever could.  

Hunting Zero-Day Exploits (Identifying Unknown Threats) 

Defending against zero-day exploits is one of the most challenging aspects of modern cybersecurity. A zero-day exploit is a cyberattack targeting an unknown software vulnerability. Naturally, defending against something you don’t know exists presents significant hurdles. For example, the signature-based tools usually deployed by cybersecurity teams won’t be effective in catching Zero-days.   

AI, ML, and deep learning are increasingly being utilized to find relationships and patterns that human analysts and conventional security tools miss. Rather than using pre-defined criteria to identify anomalies, this type of AI is typically unsupervised and will teach itself what activity is expected within the organization. If it spots something unusual, like exfiltrating data to outsider servers or users visiting websites they have never visited before, it will flag this quickly. In some cases, these attacks will be cybercriminals exploiting Zero-day vulnerabilities to inject malicious software into the network 

Vulnerability Management 

A colossal 28,695 vulnerabilities were disclosed in 2021, a significant rise from the 23,269 disclosed in 20207. And alarmingly, more than 4000 of these flaws are remotely exploitable. But luckily, they’re also patchable. Security teams often struggle to keep up with the influx of new vulnerabilities and decide where to focus their efforts. But with AI scanning user accounts, endpoints, and servers for abnormal behavior, security teams get an in-depth insight into which flaws are most keenly targeted by cybercriminals.  

Threat Prioritization  

Depending on how sensitive an organization’s threat detection system is, security analysts could potentially receive an overwhelming number of threat alerts on any given day. In fact, a survey by Trend Micro found that 51% of IT security professionals said they were overwhelmed by the volume of threat alerts they received. Additionally, 55% of respondents said they weren’t confident in their ability to prioritize and respond to these alerts 

AI can help by leveraging machine learning to triage low-risk alerts, suggest solutions, and call for immediate attention to high-risk alerts. This means security analysts can spend less time manually combing through alerts and more time combating them.  

Reducing Pressure on the Cybersecurity Workforce 

AI reduces or entirely eliminates much of the manual labor involved in many cybersecurity tasks. The main drivers here are automation and AI’s ability to process copious amounts of data in minutes or even seconds.  

Wrapping Up 

While cybercriminals use AI to attack enterprise networks, we can use it to protect them. AI is emerging as a critical technology in the information security space and with good reason. It provides the analysis, speed, and detection needed to protect the dynamic enterprise attack surface. 

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Why Social Engineering Attacks are on the Rise & How to Prevent Them

You can build the tallest walls around your castle and equip it with the most advanced defense technology, but if an insider opens the gates to your enemies, all your efforts will go wasted.

This logic equally applies to cyber security: Even when a business uses state-of-the-art antivirus & malware protection software and implements robust technical security measures, one employee’s mistake of disclosing his login details to an intruder or downloading malware-infected attachments may lead to the compromise of valuable information assets, result in financial loss or disrupt business continuity. 

This is why social engineering attacks are on the rise: Instead of trying to find and exploit system-related vulnerabilities which may require significant resources, cybercriminals increasingly play into exploiting natural human tendencies such as greed, trust, fear, and feeling obliged to reciprocate so that they can easily exfiltrate data. 

In this article, we will talk about: 

  • How do social engineering attacks work? 
  • What are the main types of social engineering attacks? 
  • Rise of social engineering attacks 
  • Why are social engineering attacks on the rise? 
  • How to prevent social engineering attacks

I. How do social engineering attacks work?

Social engineering attacks refer to the use of deceptive techniques and arts by cybercriminals to persuade victims to take specific actions such as disclosure of sensitive information, downloading malware-infected attachments, allowing intruders entry into secure areas, or clicking on a link that directs them to a fake website, which is then used to steal sensitive data such as their login credentials. 

By deceiving employees into taking these actions, malicious parties can infiltrate corporate networks, gain access to valuable information assets, steal credentials of high-level management or even transfer funds to themselves. A successful social engineering attack requires both technical skills such as crafting a phishing email and soft skills such as building trust with the target. 

Overall, a social engineering attack consists of four phases: 

Phase 1: Gathering of information about the victim

In this step, the cybercriminals collect information about the victims from different sources such as publicly available data on social networking sites, online directories, or via special tools such as OSINT.  

Phase 2: Building a relationship with the victim

In this phase, cybercriminals earn the victim’s trust by using the information gathered previously and then applying principles of psychological manipulation to influence the victim into taking a particular action such as disclosing sensitive information like login credentials. 

For instance, people like to reciprocate a favor, they want to be useful to others and they act without diligence when there is an imminent threat. Understanding these basic principles of human instincts helps cybercriminals trick their victims with ease. 

Phase 3: Exploiting the relationship

In this stage, cybercriminals deploy their technical skills to attain results. This may include crafting a spear-phishing email, cloning a legitimate website, or persuading the victim into opening a malware attachment. 

Phase 4: Exit step

This step involves the removal of all evidence that may have been left after the attack so the cybercriminals cannot be identified. Furthermore, concealing that an attack occurred is of critical importance for cybercriminals because it allows them to freely infiltrate the systems without getting caught. 

II. What are the main types of social engineering attacks?

Phishing

Phishing attacks are the most prevalent type of social engineering attacks. In December 2021, APWG observed 316,747 phishing attacks, the highest number since its reporting program began back in 2004. Furthermore, according to Verizon’s Data Breach Investigations Report, phishing attacks were used in 36% of all data breaches surveyed. 

Phishing attacks entail the use of communication tools such as emails, phones, SMS, or social media to deceive users into divulging confidential information, clicking on malicious web links, or downloading malware-infected attachments. 

Spear phishing

Spear phishing is a sophisticated variant of phishing attacks. Unlike traditional phishing attacks where non-personalized bulk communications are sent to thousands, spear-phishing attacks are targeted at specific individuals within an organization. Worldwide, 36% of businesses have faced at least 10 spear-phishing attacks in 2020. 

Business email compromise (BEC)

BEC refers to a type of attack where cyber attackers impersonate trustworthy senior executives via stolen credentials and then convince subordinates to transfer funds to other accounts. According to IBM’s 2021 Cost of Data Breach Report, BEC attacks cost the most to businesses worldwide, 5 million $ on average per attack. 

III. The rise of social engineering attacks

As businesses implemented stronger technical security measures such as more effective anti-virus programs, network filtering, and cloud adoption, the cost of finding and exploiting system vulnerabilities required more resources and became more costly for cybercriminals. Given that the primary motivation for cybercrime is high-margin profits, it is no surprise that cybercriminals are increasingly using social engineering attacks to infiltrate IT networks more easily and in a more cost-effective way. 

In fact, the Human Hacking Report by SlashNext shows that social engineering attacks increased by 270% in 2021. What is more interesting is that 98% of all cyberattacks involve social engineering to some degree. Another interesting trend when it comes to social engineering attacks is the growing use of more sophisticated and manual methods instead of generic and automated communications.  

Traditionally, the use of automated means to send out generic phishing emails and SMS in bulk was the norm. However, cybercriminals now collect more information about their targets, identify the most vulnerable individuals within the target organization and personalize their tactics to deceive their targets more easily. 

This is evidenced by the growing prevalence of spear-phishing attacks: In 2021, 65% of all phishing attacks worldwide were spear-phishing attacks, which entails in-depth research into the target organization and the victims to send more personalized and believable emails, SMS, and calls,   thus maximizing  the success rate. 

IV. Why are social engineering attacks on the rise?

While there are many factors contributing to the rise in social engineering attacks, three factors stand out: 

Social networks

Professionals spend more time on social media networks and are often open to connecting with people they do not know to gain more prominence on social media platforms such as LinkedIn.  This makes most employees potential targets for social engineering attacks because cybercriminals can easily open an account on these networks without ID verification, connect with the targets, earn their trust and then execute the attack. In other words, social media provides another attack vector for cybercriminals to build relationships with victims and exploit their vulnerabilities. 

Access to more data

Social media sites where people share everything about their lives are a goldmine for social engineers: This enables them to profile their targets, identify individuals most likely to fall victim, and craft a more personalized message to them to boost their chances of success.  For example, cybercriminals can set up an unofficial assistance page for a particular bank’s customers on a social media site and then target people following this page. 

For instance, 1 billion LinkedIn users’ data were compromised as a result of two data breaches. This data was then on sale on the dark web. Access to this rich source of personal information has likely fuelled the rise in spearfishing attacks in 2021. 

Social engineering requires fewer resources and technical knowledge

Compared to the exploitation of system vulnerabilities which requires technical expertise and resources, social engineering is an easier way for cyber attackers because all they need is an employee negligent enough to fall prey.  

Social engineering attacks are less likely to get detected

When cybercriminals infiltrate corporate networks by using login credentials obtained via social engineering, this may go undetected for months, giving them the time to compromise troves of data without being detected.  

Another factor that makes it easy for cybercriminals to evade email detection gateways, firewalls, and other detection technologies is that they host malicious URLs on legitimate infrastructures such as AWS and outlook.com. For instance, according to a report by SlashNext, 2.5 out of 14 million malicious websites identified were hosted on reputable infrastructure services such as Azure. 

V. How can organizations prevent social engineering attacks?

Defending against social engineering attacks and minimizing their adverse effects on a business requires a combination of strong security culture, staff training, and implementation of appropriate cyber security measures: 

Provide training to your staff

All staff should be educated on how they can recognize social engineering attacks such as phishing attacks. For email phishing, for instance, employees can be provided with training on the red flags such as incorrect email domain or grammar mistakes they need to watch out for. 

Establish reporting mechanisms and encourage employees to report suspicious calls, emails, and other similar activities

There should be a reporting mechanism in place so that employees can report any suspicious activity to the security team, making it easier to detect and prevent social engineering attacks 

Penetration testing

Carrying out regular penetration testing is useful to discover the vulnerabilities in the human element of IT infrastructure so that weaknesses can be identified and remedied.  

Network access control (NAC)

Implementing network access control technology can provide two distinct benefits: 

  • Preventing unauthorized access to the Network by applying multi-factor authentication: NAC systems enable businesses to restrict access to certain employees with credentials to certain areas of the network. NAC systems usually include multi-factor authentication functionality that is useful to prevent intruders from gaining access to critical IT infrastructure. Gaining account login credentials is one of the primary ways attackers use to infiltrate corporate networks. Multi-factor authentication would enable the recovery of accounts easily and prevent unauthorized access.
  • Post-admission controls can mitigate risks by restricting lateral movement across the network: NAC systems can be used to restrict access to different parts of the network, minimizing the harm an unauthorized attacker can impose. This control can make it less likely that intruder obtains confidential data such as trade secrets and can reduce the number of individuals whose personal data are compromised. Therefore, financial loss because of a data breach would be less severe. 

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

The Truth About MAC Spoofing

The threat behind MAC spoofing

When implementing any insurance policy, you need to start with estimating the level of risk, the probability of that risk, and the potential damage should that risk become a reality.

One of the network risks that is often presented to demonstrate the ineffectiveness of 802.1x solutions is the ease of bypassing modern network access control (NAC) by using MAC spoofing. Usually, this involves spoofing the network printer or other vulnerable device.

Now, let’s put aside the fact that network printers today can support certificate or credential-based authentication, and that certain products have remedies against such attempts even when the authentication is based on MAC.

Let’s consider: is MAC spoofing a legitimate threat or an exaggerated, manageable flaw?

But before I try to analyze this risk, I want to point out the biggest advantage a NAC solution can give an organization to cope with modern cyber security threats: the ability to apply dynamic segmentation based on device type or identity.

Without going into too much detail, NAC is one of the only systems that can help you prevent lateral movement, indirectly allowing you to identify breaches and directly helping you to prevent the compromise of your crown jewels.

The threat landscape

Here are some of the most common adversaries when it comes to MAC spoofing:

  • The employee – a disgruntled current or former employee
  • The guest – a contractor, customer, patient, etc. who physically visits your organization for a period of time
  • The hacker – a malicious person trying to attack your network and steal information, causing harm to your organization

And here are the most common attack surfaces:

  • Wifi
  • Wired, ethernet switches

One caveat: most wifi environments contain managed devices. So, for devices that do not have an 802.1x supplicant, and thus does not support certificate-based authentication (or credentials based), it is easy to setup an isolated segment and significantly lower the risk of attack.

As such, we’ll put our focus on examining wired environments, and how they’re vulnerable to the above adversaries.

Adversaries in-depth

Let’s be clear – MAC spoofing requires some technical knowledge to execute, which the non-technical lay person typically does not possess. Those doing it know what they’re doing, and they know it’s wrong.

With that said, it’s important to point out that a lot of damage is caused by the unintended – i.e. people clicking on a link in an email, deleting the wrong record or file, or even dropping a laptop into a pool.

The employee

Employees should be trustworthy. If they’re not, cyber security is likely not your problem. But, when someone is fired, laid off, or even just mistreated at work, there always exists the potential for them to hold a grudge. It’s human nature.

Disgruntled employees can pose a big risk. If an employee still works for an organization and he/she is determined to do damage, that’s a problem that’s nearly impossible to prevent. The network connection alone is not going to stop he/she from stealing data or worse. This individual likely already has access through other corporate devices and the credentials to access whatever data he/she wants.

At the end of the day, however, this individual’s risk of MAC spoofing can be categorized as “very low” with “low” probability and “low” potential for damage. The reason being is that the potential damage done is not necessarily related to network connection. The first line of defense against a disgruntled current of former employees is physical barriers – i.e. locked doors and other physical security.

The guest

A guest visiting your office might want to connect to your network. Most likely, this guest will not go to great lengths to hack your network if they are initially blocked. By supplying a guest network, such as a guest wifi, you will effectively eliminate that risk all together. Thus, like the employee, this individual’s risk of MAC spoofing can be categorized as “very low” for both probability and damage.

The hacker

A hacker will need physical access to your network in order to do his/her job. Today, spearhead attacks can enable hackers to access your networks from afar. Doing so, however, typically requires some sort of motive.

This motivation is often dependent upon the type of business you operate. If you’re in military and defense, for example, you likely have a higher than average risk of being the target of such an attack. The same going for banking and financial services, healthcare and any other industry with highly sensitive and confidential data.

For most organizations, the threat of physical access hacking is typically low, while the potential for damage could be high. Should a retailer fear physical burglary just because a new device has connected to its network? I think not.

In conclusion

For most organizations, the risk of MAC spoofing is almost non-existent. This is usually fairly easy for an auditor to demonstrate, and would appear as part of a comprehensive security report. So in reality, the perception of the threat is that it’s a much larger problem than it actually is.

You can also prevent MAC spoofing by implementing stronger authentication methods that are fairly common today. One of the major roles of NAC is to provide secure authentication and authorization to the network. Thus, even if authentication is somehow breached, authorization serves as a second layer of defense that can limit access by putting potential individuals of risk in a specific “narrow” segment.

The segmentation of specific types of MAC-based devices is a best practice in NAC. Even if spoofing occurs, such a device won’t be able to access a particularly sensitive VLAN, such as those in Finance or HR, if proper segmentation has been established through your network security policies.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Supply Chain Attacks: What You Need to Know to Protect Against Them

Before 2020, only logistics nerds ever talked about supply chains. Then came the blatantly disruptive supply chain crunch, courtesy of the COVID-19 pandemic. West Coast ports began to choke, and Chicago railyards swelled with traffic impeding the timely shipments of goods. This led topolitical finger-pointing, heavy corporate profits and losses, and disgruntled consumers nationwide.

In 2020, we began hearing much more about supply chains and the issues facing them – but bogged down ports, crowded railways, and delayed shipping times were not the primary issues making headlines. Before all of this, most had never heard of a supply chain attack in the cyber sense until reports of the SolarWinds breach came out that year.

Prior to this expansive cyberattack, asking most folks what a supply chain attack was might conjure images of a Somali pirate heist on a container ship, plotting to resell stolen consumer goods on the black market. From a technological standpoint however, a supply chain attack involves software rather than ships, and is merely analogous to an actual chain of supplies.

A Supply Chain Attack, Defined

The heart of a supply chain attack involves corrupting a trusted application, allowing the attacker to leverage that trust and gain access to any or all users of the corrupted application. The “supply chain” references derive from the fact that modern software build applications comprise a mixture of third-party components, completely new code, and code connecting all the pieces together to solve some problem for the users of the software.

Software developers integrate the various components of the application and build or deploy the software for use. In this type of attack, malware or a “back door” gets inserted into the software itself, either through one of the third-party components, or by getting malware built in as its own component, compromising the application itself.

As an example, if an attacker were able to get into a web browser, then everyone who downloaded the browser would be downloading malware as well. In the case of SolarWinds, the attackers penetrated the corporate network, and after many months of quiet effort, gained access to the software build system of the company’s most popular product.

After that compromised SolarWinds product was installed, the inserted malware notified the attackers that it was inside a corporate network. The attackers could then use the malware to gain access to that network. From their new perch, they could deploy any number of other malware tools to exploit the corporate network.

Now what if you aren’t a software company? Can you simply ignore supply chain attacks? Probably not. Most companies write software—whether for internal use, for partners, or their customers—even if it’s only their corporate website. Any software or website can be infiltrated and used to deliver malware to the ultimate. Consequently, most companies have some inherent vulnerability to supply chain attacks.

Keeping Supply Attacks at Bay

So what should you do to prevent supply chain attackers? The most important factor is to limit access to critical assets that are part of the software development lifecycle. This means identifying which assets are critical to software creation.

The first line of defense is to ensure that they can’t get to your assets in the first place. If these critical assets are in your data center, you should implement network access control (NAC) to ensure that only authorized users on authorized devices have access to your network. For cloud assets, zero-trust network access (ZTNA) serves a similar access control function. Both NAC and ZTNA allow for micro-segmentation of network access so that users can only access required assets because limiting lateral movement can dramatically decrease the impact of any breach.

Additionally, critical assets should be protected by privilege access management (PAM), a tool that acts as a proxy between users and assets. The user logs into the PAM—preferably with multi-factor authentication—and the PAM logs into the asset itself, often auditing all user actions while logged-in.

For network devices, TACACS+ is a similar kind of proxy used for accessing network devices, which are also critical assets in any supply chain. Along the same lines, implementing the principle of least privilege limits what any given account can do in the event of a compromise.

Key Takeaways

A robust vulnerability management program strongly complements access control because it reduces the likelihood that an attacker could leverage an unpatched vulnerability in any of your software to slip past layers of access control. Controlling access, limiting lateral movement, and reducing risk from software vulnerabilities provide considerable protection against the risk of a supply chain attack.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Leading UK Loan Lender Deploys Portnox Cloud-Native NAC Across 75 Sites

Everyday Loans is the UK’s leading independent loan lender, operating dozens of branches across the country and boasting a personal, hands-on approach to lending, uncommon in today’s digitally anonymous financial services industry.

Today, personal lending in the UK has grown to become an industry approaching 24 billion GBP, with recent acceleration due to widespread financial uncertainty and hardship in the wake of the COVID-19 pandemic.

The company’s IT department, led by Head of IT Tony Sheehan, experienced the tangible impact of this market growth as more and more customers walked through the doors of Everyday Loans’ many branches, and as the company increased its employee headcount in response to demand.

With more guests and customers on-site as well as a growing workforce, Sheehan and his team began to assess potential cybersecurity vulnerabilities – beginning with the corporate network.

Sheehan describes the company’s initial network security vulnerabilities: “We have a presence online, but we’re predominantly a face-to-face lender. We have over 75 offices with many new and repeat customers coming in to discuss a loan, as well as part-time staff for cleaning, security and maintenance. As a result, we knew network authentication was an obvious vulnerability.”

Shifting Focus to Network Authentication

Implementing a solution for network authentication was a logical next step for Sheehan’s IT team. Given the increased branch foot traffic, the company needed to ensure it had total device awareness across the network. “This was a concern voiced to our new CTO when he came on board. He agreed, so we went about looking at different tools for network authentication and access control,” said Sheehan.

Another factor driving a focus on NAC was staff turnover. “Like every company, we have staff that leave us, and we need to ensure they can no longer access our network after they’ve departed,” said Sheehan. At that point in time, Everyday Loans knew that it’s usage of a hidden SSID paired with a PSK was not up to snuff from a security standpoint. As Sheehan and his team began to research potential solutions for network authentication and access control, two requirements became apparent:

  • They had no desire to build upon their existing on-prem or virtual footprint; adding maintenance tasks to the laundry list of other IT responsibilities was a non-starter
  • The company wanted a SaaS solution that could support its existing cloud-native hardware – primarily Meraki network devices and ChromeBox endpoints

Considering Network Access Control Options

Sheehan and his team found themselves at a crossroads as they mulled over these requirements. “We were either going to double down and stand-up another datacenter as part of a general infrastructure expansion initiative which would also enable us to deploy network access control on-premises, or we were going to go out and find a cloud-native NAC solution that fit our needs,” Sheehan said.

Portnox CLEAR was the only true cloud-native NAC we could find with the deployment and support model we wanted.

-Tony Sheehan, Head of IT at Everyday Loans

Having considered Microsoft NPS for RADIUS authentication and 802.1X, and Cisco ISE for full network access control, Sheehan and Everyday Loans’ IT team made the executive decision that neither tool was suited to their existing network security needs, internal skillsets, resource bandwidth or networking infrastructure. “We came across Portnox CLEAR fairly quickly thanks to the help of our partner, Haptic Networks,” Sheehan continued. “It was the only true cloudnative NAC we could find with the deployment and support model we wanted. Each of the other vendors had some solutions that were close in functionality, but in the end, they didn’t cover our needs totally – either functionally or operationally in terms of their ease-of-use. Ultimately, we went with Portnox CLEAR since it provided coverage across all our network devices and connected endpoints.” 

Up & Running with Portnox CLEAR

After beginning a proof of concept of Portnox’s cloud-native NAC-as-a-Service, Everyday Loans ruled out competing alternatives. “It worked as expected. After comparing Portnox CLEAR’s robust, easy-to-use functionality to that of the other vendors up for consideration, we soon dismissed alternatives as they did not meet our technical security requirements,” Sheehan said.

The trial continued and Sheehan’s team threw every possible authentication and access control use case they could conjure up at the system to test its durability.

“Anyone with good network experience will pick up Portnox CLEAR with ease – it’s just a case of ensuring how you setup the network hardware and what control you have over employee and guest devices,” Sheehan went on to say.

Anyone with good network experience will pick up Portnox CLEAR with ease – it’s just a case of ensuring how you setup the network hardware and what control you have over employee and guest device.

-Tony Sheehan, Head of IT at Everyday Loans

Everyday Loans was able to deploy Portnox CLEAR across its 75 sites with relative ease, saving the company’s headquarters for last. “Portnox CLEAR has exceeded my expectations. Now that it is fully deployed, the visibility and control we have of users authenticating to the network is unparalleled,” Sheehan concluded.

“It is a huge bonus that the system easily integrates with Azure Active Directory and provides its own certificate authority out-of-the-box. Having multiple methods for authentications helps us ensure all our bases are covered. The solution has been reliable from day one.”

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Cyber Security Essential #3: Antivirus

Why is Antivirus Essential?

Antivirus software helps protect computers against malware and cybercriminals. Antivirus software looks at data – web pages, files, software, applications – traveling over the network to your devices. It searches for known threats and monitors the behavior of all programs, flagging suspicious behavior. It seeks to block or remove malware as quickly as possible.

antivirus and portnox

Antivirus protection is essential, given the array of constantly-emerging cyber threats. If you don’t have protective software installed, you could be at risk of picking up a virus or being targeted by other malicious software that can remain undetected and wreak havoc on your computer and mobile devices.

Necessary Antivirus Capabilities

Real-time Scanning

While all antivirus software is specifically designed to detect the presence of malware, not all of them detect in the same way. Ineffective products force you to run a manual scan to determine if any systems have been affected, while the best forms of software have dynamic scanning features that are repeatedly checking your computer for the presence of malicious entities. Without this feature, it’s much easier for something to infiltrate a device and begin causing damage before you even realize it.

Automatic Updates

Updates are vital for all forms of software, but this is especially true when it comes to antivirus. Because new types of malware are constantly being developed, antivirus software needs frequent updates in order to track and contain new threats that didn’t even exist when it was first installed. If you have to install updates manually, you might miss important new protections and expose your system to infection, so always make sure your antivirus software is capable of installing updates automatically and frequently.

Protection for Multiple Apps

Threats exist across the entire spectrum of applications and services that you rely on for your everyday tasks. From email clients, to your CRM, ERP, and beyond, harmful software can sneak into systems from a variety of different sources. Antivirus programs need to protect multiple vulnerable applications from potential dangers.

Auto-Clean

If the antivirus software immediately detects malicious software, why wouldn’t it delete the code on the spot? Unfortunately, some solutions simply place the malware in a quarantine zone upon detection, waiting for the user to log on and manually delete it. You should choose a program that utilizes an auto-clean feature to rid itself of viruses.

Fights Against All Types of Malware

Between trojans, bots, spyware, viruses, etc., there are many different types of malware that can harm your computer, and antivirus programs are sometimes designed only to target a specific type of software. It’s better to go with a program that can comprehensively detect all forms of malware.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Cyber Security Essential #2: 802.1x Network Access Control

Why is 802.1x Network Access Control Essential?
802.1x network access control is a technology that enables organizations to enact its own unique policy for how and when endpoints (desktops, laptops, smartphones, etc.) can connect to their corporate networks. NAC solutions are typically designed to allow IT security teams to gain visibility of each device trying to access its network, and specifically the type of device and access layer being used (i.e. wifi, wired ports, or VPN).

Today, 802.1x network access control provides a number of powerful features on top of what it was originally designed for years ago. These include security posture assessments for endpoints, which pinpoints any associated endpoint risks, allowing network security administrators to control network access based on their organization’s risk tolerance threshold.

With the rise of cloud computing, remote workforces, bring-your-own-device (BYOD) policies, and the internet of things (IoT), network access control has become a much more critical part of the larger cybersecurity technology stack at most companies. The technology itself has also evolved quite drastically in response to these emerging trends and their impact on networking and ensuring network security.

Key Functionality to Consider When Deploying a NAC Solution
Network Visibility & Device Discovery

A NAC solution discovers and identifies all devices/users in the network before they are granted network access, requiring continuous monitoring of the network and devices connected to it. The system enables the discovery, classification and assessment of every device connected to the network. Configuration and security state of every device is monitored, ensuring that the network and devices are compliant to the organizational security policy.

Full Access Layer Coverage
As today’s networks explode in size and scope, particularly with remote workforces on the rise, it’s imperative that your 802.1x network access control solution can manage access control across all existing access layers. This includes the obvious – wired ports and WiFi. It also must be able to manage the various remote access methods used within your organization. These may include VPN, Teleworker Gateways, and beyond.

Authentication Services
Traditionally, enterprises have enabled network authentication via usernames and passwords. As we now know today, this method of authentication can be easily compromised by bad actors, making it no longer sufficiently secure for enforcing network access control. Any NAC worth its salt should offer several methods for authentication, including: role-based, MAC authentication bypass (MAB), and certificate authority.

Device On-Boarding
Business units and even departments (think Finance & Accounting, for example) often have their own VLANs since they’re dealing with very sensitive, confidential data. The task of setting up such VLANs and onboarding new devices is just one of dozens of tasks overseen by frequently overburdened IT teams. So, if not done correctly at first, it can open the door to potential network vulnerabilities, such as a person gaining access to a part of the network he/she should not have the privileges for. At a small scale, managing access manually is often sufficient. For larger organizations, however, this just isn’t sustainable. As a result, many large organizations that don’t have a secure onboarding process will often compromise on network security hygiene.

Policy Configuration
Network security teams define and activate access control policies to control device access to the corporate network, which is ultimately based on the device authorization state. Once a device is authorized for network access, a network access policy determines which specific virtual LAN (VLAN) that device or user is directed to. On top of that, the policy also defines, for each type of authorization violation, whether to deny entry or whether to quarantine the device by assigning it to a specific VLAN or apply an access control list (ACL).

Endpoint Risk Monitoring
Your corporate network is only as strong as its weakest security link. This means continuous risk posture assessment is paramount. By continually monitoring the network, your network and security teams can stay ahead of cyberattacks with the ability to identify new risks in real-time, react to these risks, and take action. In a world with ever-expanding boundaries and an exponential increase in types of endpoints, continuous risk posture assessment must function no matter location, device type, or the type of data being transferred.

Device Remediation
Having a rapid remediation plan in place will not only help prevent further damage or the lateral spread of attacks but also allow for business continuity. Effective endpoint remediation consists of:

  • Automated Patch Updates Across the Network – Enforce necessary patch, anti-virus, operating system, and application updates across managed and unmanaged endpoints.
  • Immediate Incident Response – Contain ransomware events by remotely disconnecting endpoints from the network without the need for manual intervention.
  • Armed Incident Response Teams – Arm IT professionals and network admins with the ability to remotely take actions on employees’ devices. The proliferation of IoT devices over the last decade has prompted a growing number of network security concerns. With all of these devices – printers, CCTV cameras, ATMs, MRI machines, etc. – now connected to their respective networks, it’s exponentially expanding corporate threat surfaces.

Compliance Enforcement
NAC is used to enforce regulatory policies and maintain compliance across the organization. In practice, this typically means:

  • Understanding how mobile, BYOD, and IoT devices will affect and transform not only the organization but the industry and implementing the right processes and tools control them.
  • Tracking any network related device or program in real-time via a centrally secured platform providing full and actionable visibility.
  • Controlling access to the network and to cloud applications, even based on the geographical locations of users.
  • Ensuring that the business is in compliance with governmental regulations like SOX, PCI DSS, HIPPA, FINRA, FISMA, GLBA among others. Strict compliance will provide legitimacy with clients and partners.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

4 Things You Need to Know Before Upgrading Cisco ISE

1. Plan for Professional Services Fees

Cisco ISE is a large, cumbersome and complex application and it’s unlikely you’ll have the internal resources to throw at an upgrade. You’re not alone. This is why managed service providers exist, after all. Now with that said, you can expect to be quoted anywhere from 40-65 hours of professional services to initiate, test and complete a full Cisco ISE upgrade. Let’s hope it’s for chronological versions, and not for a significant jump if you’ve been running on a single version for years without upgrading.

Depending on the firm you contract for the work, you’ll probably see a range of hourly rates – anywhere from $175-250/hour. So, if we do the math, that’s $7,000 on the low end and $16,250 on the high end. In some cases, ISE customers have even reported paying more for third-party upgrade support. Mind you, Cisco ISE is also a product you’ve already paid for.

2. Set Aside Enough Time

It’s not hard to find the Cisco ISE horror stories on Reddit and other online communities where people have taken to detailing their ISE upgrade experiences. In more tragic cases, some ISE customers have taken to these threads to seek real-time help from strangers. The reality is that you cannot and should not rush an ISE upgrade. 10 times out of 10, those who have lived through it will suggest testing the upgrade in your lab before pushing live to production. This means setting aside the appropriate amount of time conduct the upgrade and minimize the failures (more on that below).

Configuration is complicated, and the 50+ page system upgrade checklists are a testament to that. If you’re going to manage an ISE upgrade in-house, prepare for more than 40 hours – especially if you’re not an ISE expert. And if things go awry, don’t expect prompt support from Cisco TAC.

3. Prepare for Failure

There’s a reason that Cisco provides extensive documentation for potential ISE upgrade failures – it happens a lot – especially if you opted to tackle it head on internally after balking at the above PS costs. Ultimately, planning for failure means planning for service downtime altogether. To minimize the impact on operations from service downtime, you’ll likely need to spend the weekend parsing through pages and pages of ISE upgrade instructions – missing your kid’s soccer game, unable to take your wife out to dinner, and not watching your alma mater play in the big bowl game.

Sometimes, in multi-server deployments, some of your servers in the infrastructure will not upgrade successfully. If that happens, you’ll have to rebuild the server as a new node and re-join the cluster. Sounds fun, right?

4. Be Mindful of Your Subscription

We all like auto-pay and auto-renew for some of our everyday subscriptions. It’s a little different when you’re talking about a large, enterprise application, however. You should be mindful that Cisco ISE subscriptions automatically renew for an additional 12-month term by default unless auto-renewal is deselected at the time of initial order. Three months before the end of the initial term, renewal notices will be sent to you, and you’ll or partner receive an invoice at the start of the new term.

Now, you can cancel a renewal up to 60 days prior to the start date of the new term, but if the subscription is not cancelled 60 days prior to the start of the new term, the subscription will auto-renew. Mid-term cancellations of subscriptions for credit are not allowed. Starting with the release of Cisco ISE 3.0, licenses have changed and you should check carefully to see if you can import your old license or if you need to migrate to the new license method entirely.

There IS an Alternative

With Portnox CLEAR – the first and only cloud-delivered NAC-as-aService – organizations gain actionable network visibility and continuous risk monitoring of all endpoints across all access layers – no matter device type or geo-location. Portnox CLEAR determines device type, location and level of access for every user on the network. Additionally, the platform can identify operating systems, installed applications, services, certificates and more – helping your IT team ensure compliance across the entire workforce.

With access control based on 802.1X protocol, network administrators can block rogue devices, quarantine noncompliant endpoints, limit access to specified resources and more – whatever your internal policy calls for. As a cloud-delivered solution, Portnox CLEAR is simple to configure, deploy and maintain. With built-in integrations to AzureAD, Okta, Microsoft Intune, Palo Alto Networks and more, you can easily mesh your network access control with your existing tech stack and remain as streamlined as ever.

Portnox is SOC-certified, GDPR ready, and can help organizations in preparation for regulatory compliance, such as PCI, HIPAA and more. All customer data is encrypted in-motion or at rest, user credentials never leave the organization, and administrators can be set to use MFA.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

The Best Ways to Secure Device Onboarding in The Enterprise

With the prevalence of digital transformation in the enterprise, there is a clear necessity to balance IoT security issues and BYOD security measures that will prevent suspicious or malicious devices from gaining access to the enterprise’s assets and data centers, while at the same time, making sure that productivity and easy onboarding of devices is maintained. Employees, guests and contractors are bringing all kinds of Wi Fi enabled devices to the enterprise environment and they expect easy and quick network connectivity.

Onboarding is the process in which new devices gain access to the enterprise for the first time. Unfortunately IT departments can sometimes experience additional workloads while endeavoring to get all the devices on the network so as not to hinder business productivity. At the same time, if they are not handling the process with top security standards in mind, they could potentially place users, devices, enterprise data and the network itself at risk. The question arises: how should IT Security teams allow for BYOD, IoT, contractors, guests, etc. to securely and quickly connect to the network without placing any of its components at risk of a breach or ransomware attack? The answer: automation.

By automating the entire onboarding process enterprises can achieve the following benefits:

  • Reducing the costs that are typically associated with manual work (including configuration and support activities).
  • Enhancing productivity – getting team members, contractors and guests connected to work faster.
  • Increasing end-user satisfaction – instead of hassling end-users with onboarding procedures, the whole process can and should be seamless.
  • Decreasing the risks – unmanaged, unpatched, high-risk devices should be blocked or connected from the beginning to a separate segment of the network from where the key corporate assets are stored (the “crown jewels” of the company).

Easy Device Onboarding

Employees, students, contractors, partners and guests should onboard their devices once and then automatically re-authenticate after that, within an environment that continuously monitors all devices on the networks and automatically provides a risk score for every device. This ongoing scoring allows security teams to understand the security posture of the devices and the network as a whole, at any given moment. At the same time, there is no need to have end users repeatedly re-enter credentials on subsequent network connections unless a device is deemed to have a high risk-score. This way the enterprise can easily onboard BYOD devices belonging to employees that are traveling, working remotely or working at a satellite office location. Additionally, this allows onboarding of IoT and smart devices for business such as flat screens, printers and IoT devices, as well as gaming consoles, smart refrigerators and more. These items, of course, must be on a separate segment from where company assets are kept.

Reducing Risks on the Network

A while ago Ofer Amitai, Portnox CEO, wrote about tips for securing endpoint devices on college campuses, institutions that are always desiring a relatively simple onboarding process. He discussed how changes in onboarding and guest access policies could reduce risks and improve network visibility and control. The principals for securing the enterprise require these steps and more. Having a clear onboarding set of policies will allow IT teams to have automated actions applied (see examples in the next section).

After handling the company’s initial network security audit and collecting the security posture of all devices, it is important to make sure that the enterprise authorization policies include conducting automated and continuous security assessments of the network.  This way, every device employs baseline security measures before being allowed to connect.  Additionally, the IT security team should use granular policies to govern the level of access while maintaining full visibility and control over network connected devices with the ability to revoke access at any time.

Automated Device Onboarding & Network Authentication

Having an automated onboarding set of policies can allow for automated actions such as:

  • Immediately allowing Internet access
  • Blocking/ disconnecting
  • Segmenting a device to a separate network section
  • Remediation actions

For example, IoT devices are considered to be easy to hack.  Therefore, once connected to the enterprise network, these devices should be separated from where core assets are located.  Having different segments on the enterprise network is a good solution for that.  Additionally, if a visitor is being connected, the visitor should gain access to the Internet and not to company files, even when plugging the computer to the wired network.

Two important advanced guest network onboarding features are recommended to be included:

  • Easy guest access – allowing for simple and fast connections together with the ability to continuously monitor all devices and ensure security.
  • Agentless access – once the IT administrators have set up the onboarding policy – contractors and guests on protected networks should be able to self-onboard without installing an endpoint agent.

Acquiring Advanced Onboarding Capabilities

One of the technologies that can help with safe onboarding is network access control (NAC).  In the past, companies used only desktops and laptops, connected and authenticated over a wired network, however; nowadays wireless networks and mobile technologies have introduced personal devices (via BYOD policies) and Internet of Things (IoT) to the workplace.  In addition, increasingly stringent compliance standards, such as PCI-DSS, SOX, and ISO standards require companies to openly communicate their security controls to external auditing authorities.  All of these can be achieved via NAC solutions. Network access security should be a priority for all companies moving forward.

Every enterprise today must support a rapidly proliferating world of devices and platforms.  From an operational view point, this shouldn’t pose an obstruction of workflows and productivity. Ideally, the enterprise IT team will automate and secure network onboarding and authentication so that the IT helpdesk doesn’t have to intervene when guests, contractors and IoT devices need to connect. Additionally, an effective plan for secure network onboarding will on one hand improve end-user experience for BYOD, IoT, users and guests and on the other hand improve IT security as part of a layered protection strategy.

Looking to set IT security policies and automate your device onboarding? Portnox CLEAR offers easy onboarding while never compromising on network security across the enterprise.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。