Skip to content

Cybersecurity Essential #1: The Firewall

The Firewall is Here to Stay

A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. Firewalls have been a first line of defense in network security for decades. They establish a barrier between secured and controlled internal networks that can be trusted and untrusted outside networks, such as the Internet. 

Firewalls have evolved beyond simple packet filtering and stateful inspection. Most companies are deploying next-generation firewalls to block modern threats such as advanced malware and application-layer attacks. Next-generation firewalls (NGFW) are more sophisticated than packet-filtering and stateful inspection firewalls. Why? They have more levels of security, going beyond standard packet-filtering to inspect a packet in its entirety. That means inspecting not just the packet header, but also a packet’s contents and source. NGFW are able to block more sophisticated and evolving security threats like advanced malware.

Necessary Capabilities

Advanced Threat Protection

Most traditional firewalls integrate with a separate intrusion prevention system (IPS) to gain additional security features. Next generation firewalls have IPS capabilities built in to protect against a wide variety of threats, such as DDoS attacks, malware and spyware. Further integration with threat intelligence systems like SIEM provide advanced layers of protection to defend against the modern threat landscape. 

SSL Inspection

Malicious threats can be hidden within encrypted web traffic. In order to filter out malicious content, the NGFW intercepts encrypted web activity to filter out malicious activity through a “man in the middle” approach. The NGFW will first decrypt the incoming web traffic and then scan for threats like malware or viruses. After its examination, the traffic will be encrypted and forwarded to the user so that the user can access the data as originally intended. 

Application Control

The users on your network use several tools on their devices, such as email, social media and other vendor applications. Some of these web applications can be malicious and lead to open backdoors that can be exploited to enter your network. Application control allows organizations to create policies that either allow, deny or restrict access to applications. This not only protects organizations by blocking risky applications but also helps them manage their application traffic to ensure availability for business-critical resources. 

User Identity Awareness

User identity awareness allows organizations to enforce policies that govern access to applications and other online resources to specific groups or individuals. The NGFW integrates with your authentication protocols (such as LDAP or Active Directory) so that access is governed by user identity as opposed to IP address. User identity awareness not only helps organizations control the types of traffic allowed to enter and exit their network but also manage their users.

Deep Packet Inspection

Deep packet inspection inspects data to identify and filter out malware and unwanted traffic. By inspecting the content of a data packet, the NGFW can intelligently determine which applications are being used or the type of data being transmitted. This allows the firewall to block advanced network threats (such as DDoS attacks, trojans, spyware and SQL injections) and evasion techniques used by threat actors. 

Centralized Management

Firewalls need proper security management to ensure that they meet the security needs of the organizations that need protection. Firewall capabilities need to be updated and firewall rules need to ensure they are being properly enforced. Centralized management of your firewall(s) is crucial in gaining on overall view of your firewall configurations. Organizations need to ensure they can scale their firewall to ensure that their organization has maximum protection to fit their growth needs.

Reporting & Insights

Firewalls generate logs that detail information about security and network traffic that security administrators review to understand the overall activity. This information provides organizations with useful insights to help them prioritize application traffic and understand their network security and monitor user activity.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

5 Best Practices To Protect Your Network

As with everything else in life: so many network security options, so little budget. How do you know which one will best protect your network, users and devices? No need to agonize over endless hours of research, we’ve shortlisted the five critical elements of cyber security: firewalls, NAC, anti-virus software, proxy servers, and endpoint security.

Firewalls

Filtering out malware that might otherwise bury itself so deeply into the network that it cannot be removed is a pure gain for your network security. That is what a firewall is for. How can you be sure you have a firewall suited to your network? Test it for stability under tough traffic conditions.  According to NSS Labs you should subject your firewall to traffic from several protocol randomizers and mutation tools. And at a maximum of 350Mbps and 60,000 packets per second. Another test is to see if your firewall blocks a constant stream of attacks over time, while allowing most of the legitimate traffic and alerting the admin to the attack.

On the downside, employees pressured to get their jobs done, might turn a firewall off as if it slows down their computers.  Only regular employee training  and raising awareness to the importance of the firewall will help here.

Network Access Control

Network Access Control (NAC – sometimes AKA Network Administration Control), provides visibility and control for any user and any device in the corporate network. Utilizing its agentless technology, it can detect and profile any device on the corporate network in real time across all network layers; wired and wireless network, VPN, Virtual and Cloud.

It also employs an access-control policy that matches users and permissions. This policy also defines endpoint security via wired or wireless networks. NAC enables you to set a policy for every user or group of users. This means that once a NAC solution is deployed, your cyber security team have a much easier time controlling access to the network (denying access if necessary), thus protecting it. Some of the NAC solutions are deployed in a central location (on premise / cloud) and can see all of the network locations – whether headquarter or a remote branch.

The 802.1x NAC protocol is not always the most viable option. Next generation NAC sets out to resolve all the issues that have made NAC deployment complex. With NG-NAC, you control who accesses the network and what activities they can take once they have entered it. NG-NAC also copes with smartphones and IoT devices by separating them for core components/ layers of the network. Cloud based solutions such as Portnox CLEAR, make deployment even simpler as they easily integrate with other existing security solutions and offer pre set-up infrastructure for easy deployment. Portnox CLEAR also delivers continuous risk monitoring as well as Risk Adaptive Access over the VPN utilizing its two factor authentication approach, enabling access not only by the user strong identity but also based on the device risk score when accessing through VPN.

Anti-Virus

The best “anti-virus program” is to get network users to be aware of how easily viruses can attack their computers, laptops and smartphones every day. Employees tend to remove the anti-virus applications from their devices because they often consume a lot of resources during scans.  After the firewall, the anti-virus software is the second level of protection, detecting malware on the hard drive. A good anti-virus software should also protect your network from viruses, spam, spyware, Trojan worms and identity theft. Automated updates are essential for optimal protection.

Proxy Servers

Deciding what you  want to use a proxy server for is the first step of the equation.
Will it be used  solely for the purpose of forwarding requests for internet access, or also as a replacement for IP addresses? Proxy servers can thus save expenses of providing routable addresses to access many systems. In this mode they also obscure the location of the client but it is still advised to use a firewall.

Proxy servers can also increase performance by acting as caching servers. But look out! The high quality of the cache system might well mean that your secured data is being viewed by the proxy service provider. You can place filters and anti-virus programs on the proxy. This is however not foolproof as not all data is scanned. A proxy server can simplify access to blocked websites. This however is not always good news. Hackers create proxies to achieve high level access to networks, using them for repeated attacks.

Endpoint Device Security

Endpoint devices come in all shapes and sizes and are probably today’s biggest security loophole. For example, no security application is known to completely stop someone from attaching a USB drive to a computer (and stealing confidential data in large volumes). Endpoint devices are also used to initiate a malware attack.

Securing the endpoint devices directly is usually limited to a specific device and sometimes to a specific version (no updates for more advanced devices). Unfortunately, Network Administrators cannot ensure all network users are using permitted and secured endpoint devices. The biggest culprit is the USB stick. According to Hendon Publishing, most frequently, the vast majority of sloppy endpoint practices are the result of employees trying to get things done quickly. Once again training and awareness play a key role to your ability to implement a successful network security program.

The Optimal Solution for Enterprise Network Security

Of all of these methods, next generation NAC is the best all-around type of protection. It is more comprehensive than just anti-virus, end point security, firewalls or proxy servers. NG-NAC controls access to the network and provides full visibility to activities within it. It thus stops one of today’s most prevalent network threats, namely illegitimate mobile devices used to access corporate information.

Training and awareness are important, but you do not want to depend on others when securing your network. Only NAC is dynamic enough to provide you with peace of mind.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

We’ve Entered an Age of Cyber Security Crisis

Cyber Security Crisis: An Origin Story

The 2020s are quickly being defined as a decade of globalism driven by digital connectivity, technological innovation and the questioning of socioeconomic norms that have persisted since the early 20th century. If the 1970s gave rise to the “me” generation, the 2020s can only be described as the “now” generation. Information at unprecedented scale is available at our fingertips – anywhere, anytime, in nearly any format. This has changed the expectations of the average consumer and the military-industrial complex alike. We communicate online, we work online, we wage war online.

In this new digitally connected age, data has become the world’s most valuable resource. Data means power. Those that hold it have the edge. This applies to individuals, businesses and governments alike. With data at such a premium, it’s no wonder a market for data theft has flourished – after all, it’s human nature. For every good deed, a bad deed lays in wait. 

The hacker represents the modern day boogie man – lurking out in the digital ether, unseen…but we know he’s there. It’s a delicate balance, especially at the corporate level. Companies play digital defense because they possess the data, whether it be financial, legal, personal or otherwise. Hackers innovate, finding new ways into corporate networks, devices and applications. This continuum has in turn created the cyber security market, where vendors strive to make a quick buck by plugging the latest hole in corporate infrastructure. But it’s been a losing battle thus far because security solutions that come to market are reactionary to problems their customers are already facing. The black hats have the element of surprise, and companies typically don’t know what hit them until it’s too late. 

This new digital dystopia is here to stay. And while it might make you want to shield your eyes like an episode of Black Mirror, the outlook for data protection and cyber security is not as bleak as it may seem. The first step to resolution (or general improvement), is to acknowledge that a cyber security crisis exists, and to identify our current challenges and shortcomings in order to pave a path forward.

Today, corporate networks are expanding and evolving in true Darwinistic fashion thanks to architectural advancements, new networking protocol standards, device proliferation, hybrid work policies…you could write a dissertation on this topic alone. The point is: the corporate network now extends to wherever authorized devices can connect to gain access to company resources.

More, More, More: Exacerbating the Cyber Security Crisis

All of this proprietary, confidential or merely sensitive data being accessed across these parts of the network is no longer safe behind your castle walls. The physical headquarters still exists, but it’s basically just a “fat” branch like any other satellite office or employee working from home. 

This complexity has driven cyber risks and costs to dangerous new heights. The number of significant cyberattacks globally is increasing and includes devastating ransomware attacks that are breaching even the most secure networks. But are we really surprised? Cyber defense (and offense) is the national security priority for every developed country on Earth. We’ll never know the global investment made into clandestine black hat innovation for the sole purpose of destabilizing the digital footprints of nations perceived to be threats. We may not want to. Ignorance here really can be bliss.

The Bad News

There were on average 270 attacks per company over the year, a 31% increase over 2020. Third-party risk continues to dominate: successful breaches to the organization through the supply chain have increased from 44% to 61%. (Accenture)

As they’ve adopted these new extortion approaches, ransomware gangs have become greedier. The average ransom demand was $5.3 million. That’s up 518% from the 2020 average of $847,000. (Palo Alto)

32% of organizations say security is not part of the cloud discussion from the outset and they’re trying to catch up. Reasons preventing take-up of the cloud revolve around security issues: about one-third of all respondents say poor governance and compliance is a problem, that cloud security is too complex and that they do not have the internal skills to structure a proper cloud security framework. (Accenture)

The Good News

82% of IT executives say their budgets have increased in the last year. IT security budgets are now up to 15% of all IT spending, 5 percentage points higher than reported in 2020. (Accenture)

49% of IT executives said their top security priority is the protection of sensitive data. (IDG)

The global median dwell time – the duration between the start of a security intrusion and when it’s identified – has dropped to below a month for the first time, standing at 24 days in 2021. That means incidents are being identified twice as quickly as they were year-over-year. (ZDNet)

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

The 3 Key Areas in Cyber Security Today

Cyber security is a market plagued by acronyms, especially on the networking side. This doesn’t simplify matters. The real problem is that the security technology landscape, like its lingo, is too complex. How can anyone with their back against the wall make sense of the options presented to them in the Cyberscape? The reality is that we need to get back to basics. What businesses large and small need to be asking is: what’s essential to maintain business continuity safely and securely? 

Don’t let the Cyberscape fool you. When it all boils down, cyber security can be fundamentally bucketed into three areas:

  1. Network Security
  2. Endpoint Security
  3. Application Security

While security software vendors have made the subcategorization of these areas into a cottage industry, this overarching security trilogy is pretty straightforward. In essence, companies should seek to secure their networks, the devices in use across those networks, and the business applications in use across those devices.

Network Security

Simply put, network security is a set of rules and configurations designed to protect computer networks and the data in transit across them via software and hardware. Organizations large and small require a degree of network security to protect it from the proliferation of cyber threats we covered earlier.

Network security typically consists of three different controls: physical, technical and administrative. Physical security controls are designed to prevent unauthorized personnel from gaining physical access to network components such as routers, wiring closets and so on. 

Technical security controls protect data that is stored on the network or which is in transit across, into or out of the network. Protection is twofold: it needs to protect data and systems from unauthorized personnel, and it also needs to protect against malicious activities from employees, contractors and guests on the network. 

Administrative security controls consist of security policies and processes that control user behavior, including how users are authenticated, their level of access and also how the IT department can implement changes to the infrastructure.

Endpoint Security

Endpoint security is the practice of protecting enterprise networks against threats originating from on-premises or remote devices. An endpoint is any device that provides an entry point to corporate assets and applications and represents a potential cyber security vulnerability. Examples include desktops, laptops, servers, workstations, smartphones and tablets.

Historically, most organizations have relied on tools such as firewalls, VPNs, and antivirus programs to safeguard sensitive information, prevent unauthorized access to critical applications and IT systems, and protect against malicious software and other vulnerabilities. 

As we’ve touched on, however, companies are increasingly adopting mobile applications and cloud services that erode the once well-defined enterprise network perimeter. Many enterprises are now taking a defense-in-depth approach to endpoint protection, instituting a wider range of security controls to protect against a broader array of threats.

Application Security

Application security is the discipline of processes, tools and practices aiming to protect applications from threats – both internal and external to an organization. Cyber threat actors exploit vulnerabilities in enterprise applications to capture data, intellectual property, and more – often with impunity. Application security can help organizations protect all kinds of applications (such as legacy, desktop, web, mobile, etc.) used by corporate stakeholders including customers, business partners and employees.

Most successful breaches target vulnerabilities that reside in the application layer, such as the recent log4j vulnerability. As a result, IT teams must be extra vigilant about application security. To further compound the problem, the number and complexity of applications is growing, as is the number of devices and device types running them.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

What Can Lean IT Teams Do to Strengthen Network Security?

Even a decade ago, the operations, systems and digital footprints of most medium to large companies had become overwhelmingly complex. Over the last ten years, these digital corporate footprints have expanded to reach and capture growth from previously untapped corners of the world. More recently, the business imperatives of the COVID-19 pandemic spurred faster adoption of enterprise software solutions – particularly Software-as-a-Service (SaaS) – that pushed data beyond the organization’s physical perimeter. This has all added significant pressure to already lean IT teams.

The truth is that lean IT teams have to reassess and realign their priorities. This means leveraging technical security essentials in a way that eases the burden on them. In practice, the first step is to begin adopting network security solutions that accommodate today’s most common networking hardware; provide out-of-the-box integrations with critical security tools such as InTune, MFA, and popular SIEM solutions; and work in conjunction with firewalls and endpoint security solutions.

Securing Networks is Only Getting Harder

Events like the recently exploited Log4j vulnerability continue to keep IT security teams on their toes. Little can be done to plan for, let alone prevent, such wide-reaching software flaws – hundreds of Cisco, VMWare, IBM and Oracle products were affected in this instance, including more than 120 different configurations of Cisco Identity Services Engine (ISE). The unfortunate reality is that these events ultimately mean lost weekends patching systems, as well as assessing the damage done to the network and the devices. In many cases, it means bringing in more skilled professionals to investigate, diagnose, and implement – a costly endeavour you likely would not have budgeted for. Other on-going IT priorities are also inevitably pushed to the side with mitigation underway.

Such exploits and subsequent critical system fixes are particularly hard felt by the mid-market. This segment is often considered the backbone of the economy, yet they’re underserved when it comes to having purpose-built network security essentials, including network access control technologies. 

Lean IT Should Maximize Value

For resource-strapped IT teams, these unpredictable security incidents can seem insurmountable, especially when the onus is on the customer to patch their own software. Constant fire drills lead to stress, burnout and turnover – something many organizations simply can’t afford. Instead of helping alleviate stress on lean IT teams, traditional on-premise network security vendors make the problem worse. Their solutions require extensive, ongoing integration and maintenance. Complicating matters further, specialized point solutions don’t mesh easily to provide a holistic view of the network. 

This then brings us to the question of value. Wouldn’t it be more valuable to bring in IT security essentials that can reduce this stress and anxiety by eliminating the need for heavy systems maintenance? Wouldn’t it be valuable to free up that time spent putting out fires and use it to modernize your IT security stack? In practice, this means adopting and deploying network security solutions that deliver the essential functionality and capabilities we laid out earlier. It also means turning to SaaS for security. And for network security, it means choosing the right cloud-native NAC.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Cyber Threats: Rise In Prevalence, Rise In Costs

Threat Surfaces Are Expanding

The proliferation of devices requesting access to the network, driven largely by the adoption of BYOD policies and utilization of IoT devices, has forced network security teams to be more diligent about setting and enforcing effective access control policies. Despite best efforts, attempts to address this evolving problem are akin to putting a finger in the dike – rogue devices inevitably slip through the cracks, leaving corporate networks vulnerable to ransomware and countless other cyber threats.

What’s more, network complexity complicates the issue. Today, networks consist of an ever-increasing number of WANs, LANs, VLANS, SD-WANs, MPLS, VPNs, employees’ homes, coffee shops, hotels, airports – wherever authorized devices can connect to gain access to company resources. As if the industry needed another acronym – some are calling it Bring Your Own Network (BYON). Regardless of how we define the trend, access to everything (from everywhere) has changed the security dynamic.

The impact on corporate bottom lines is tangible. The risks and costs associated with network breaches are growing larger by the year. It seems as if every day a new Fortune 500 company is reporting a costly cyberattack. Data breaches from January through September 30, 2021 (9 months), exceeded the total number of events in the entire year of 2020 by 17% (1,291 breaches in 2021 compared to 1,108 breaches in 2020). Adding to the challenge, threat actors are becoming more sophisticated and prevalent, leaving organizations on their heels fighting to catch-up.

A New Age of Cyber Threats

Cyber threats have become alarmingly prevalent, with malware increasing 358% overall and ransomware increasing 435% in 2021 compared with 2019. All threats, from phishing to attacks on Internet of Things (IoT) devices and supply-chains, have grown exponentially. Attacks on IoT devices tripled in the first half of 2019 and supply chain attacks were up 78%.

Costs have escalated in tandem. The average ransomware payment rose 33% in 2020 over 2019, to $111,605. The total cost of cybercrime for each company increased 12% from $11.7 million in 2017 to $13.0 million in 2018. Data breaches cost enterprises an average of $3.92 million annually.

In an attempt to mitigate these costly risks, many companies have opted to deploy niche solutions and tools such as network and host intrusion detection, various threat intelligence feeds, and mobile device management. While useful in isolation, these disparate tools (e.g., Network Performance Management, SIEM, XDR, SOAR, etc.) create many different panes of glass, leaving gaps in network security and complicating IT infrastructures.  All this means extra work for already thinly-stretched IT teams. In this sense, less really is more.

Essential Areas of Cybersecurity

The cybersecurity software market is oversaturated with tools that have been designed for very siloed tasks. Many of these have been developed in direct response to new threats, and require a certain focus and sophistication that doesn’t lend itself to the average IT professional’s chaotic daily life. Instead, companies need to develop a simple, yet solid security foundation that consists of three essentials:

  1. Firewalls to monitor incoming and outgoing network traffic
  2. Network access control to enforce access policies, assess connected device risk and remediate non-compliant devices
  3. Endpoint protection like antivirus to prevent, scan, detect and eliminate malware and other viruses from devices

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Winning the War Against Hackers in the Face Of Device Proliferation

Expanding Network Edges & Device Proliferation

With the advent of COVID-19, an enormous push to hybrid work changed the threat landscape. Many more activities have become remote, and therefore more reliant on and demanding of secure remote network connections. As more organizations expand their hybrid workforce models, the network edge continues to push out and the number of potential entry points for attackers increases. Device proliferation – specifically BYOD – is exacerbating this trend. As of 2021, 67% of employees use personal devices at work, and 59% of organizations have adopted BYOD

IoT device proliferation is also broadening the threat surface, adding to the list of endpoints not only in the office, but also in the operating room, the factory floor and the shipping warehouse. There may be some 21.5 billion IoT devices by 2025 – a number that keeps IT security professionals up at night. From security cameras to connected multifunction copiers, IoT devices open the real potential for breaches. 

The Role of Network Access Control

With so many diverse, dispersed devices requesting network access, security teams must be more diligent about setting and enforcing access control policies. To maintain vigilance, security teams need to focus their efforts on network access control (NAC). In a perfect world, this means deploying a NAC that offers cloud RADIUS services, a variety of authentication methods, as well as 24/7 endpoint risk assessment and remediation across all prominent access layers – wired, wireless and VPN. Simple, yet powerful – a NAC that’s easy to use while providing the extensive security coverage needed to confront these challenges head-on is required.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Passwords: Necessary, but Insufficient for Network Security

The First Form of Security

In the beginning – or at least near the beginning – there was the password. This rudimentary method of security pre-dated computers by at least two millennia, and was commonly utilized by militaries like the Roman Legion to maintain secure access to bases, resources and other high-ranking officers across a wide swath of newly conquered territory.  

As we fast forward to the 20th Century and the advent of the computer, passwords became the primary method of personal identification and access to systems, applications, networks…you name it. As computers became increasingly integrated into the daily lives of people both at work and at home, passwords became even more prevalent and served as the de facto method of security. 

Password Management Today

Today, much to our chagrin, we all juggle passwords across our laptops, tablets and phones in work and personal lives. Remembering the multitude of passwords needed to access different areas of our digital existence has become an onerous, often screen-punching task. It has also become a task rife with security vulnerabilities – particularly at the corporate level. Everyone is now required to remember so many passwords that they resort to insecure practices like writing them down, using easy-to-guess passwords, or using the same password over and over again. 

Most security experts see passwords as one of the weakest links in the security system, but many of the procedures that IT teams undertake with the intent of improving security – like requiring frequent password changes – makes the problem worse. If a hacker guesses a password or gains access to a password from one breach, they can try it again across other applications. Such tactics became household names in IT. For example, inputting a bunch of common passwords is known as “password spraying,” and reusing previously breached passwords is known as “credential stuffing.” 

Password-focused attacks are extremely common. For instance, in the well-publicized campaign of attacks on SolarWinds and many other vendors in 2019, the US  Cybersecurity and Infrastructure Security Agency (CISA) noted that “incident response investigations have identified that initial access in some cases was obtained by password guessing, password spraying…” 

The Move to Single Sign-On (SSO)

As corporate employees found themselves needing to log into more and more different devices, applications and network types, IT teams began leveraging SSO technology to help simplify the process and eliminate the need for people to remember every single password use. At its core, SSO intended to allow employees to have one password that provided them access to all necessary corporate resources.   

For several few years, while most applications still resided inside of a local IT datacenter, many organizations turned to tools like Microsoft’s Active Directory (AD) to manage user identity and access policies. The rise of AD adoption pushed other application vendors to support AD, further supplanting SSO as the then go-to method for password management and access security. 

Then along came Software as a Service (SaaS), and the game changed. SaaS apps went from novel to common incredibly quickly thanks to the simplicity, efficiency and cost effectiveness they promised. As cloud services like Amazon Web Services (AWS) and Microsoft Azure made it easier to build SaaS apps, these tools went from common to ubiquitous. Today, most companies have so many SaaS applications in use that their IT teams need to subscribe to other SaaS apps to help them discover and manage their active SaaS app portfolio.  

Every one of these new SaaS apps now in use utilized passwords. While early on some of these apps supported MS AD or its successor, Microsoft Azure AD (Azure AD), most did not at first. A such, it quickly became clear that successfully rolling out SSO universally was a daunting undertaking for most mid-sized businesses with complex IT environments and limited internal IT resources. After all, a company-wide password manager doesn’t eliminate the proliferation of passwords, and compromised SaaS apps can serve as gateways into the larger corporate network. 

The Rise of Multi-Factor Authentication (MFA)

The explosion of passwords and password-based attacks has created a market for password management software. There are a plethora of vendors who deal solely with simple passwords (e.g., LastPass, Keeper Security, Dashlane), SSO (e.g., Okta, SailPoint, One Identity), or the third and most recent phase in the evolution of the password: MFA (e.g., Cisco Duo).   

Out of SSO emerged MFA, which compliments and strengthens password management and network security efforts by introducing another means of identity verification on top of a person’s username and password. Most MFA vendors today provide mobile-based authentication, which can include methods such as push-based, QR code-based, and one-time password authentication (event-based or time-based), as well as SMS-based verification.  

MFA, like SSO, has its own shortcomings. Mobile-based authentication is particularly vulnerable as mobile devices can be cloned, and apps often run simultaneously across several mobile devices. Advanced hackers can, in theory, intercept an MFA code sent via SMS or email. While this added layer of security raises the necessary skill level to execute a successful attack against a company’s network, critical vulnerabilities still exist. 

The Gold Standard: Network Access Control (NAC)

With enterprise SaaS adoption and corporate networking eco-systems expanding and becoming more complex, MFA alone simply isn’t equipped to provide the secure access and authentication functionality needed to maintain an effective network security posture. 

As we enter a period of unprecedented device proliferation, network expansion, and increased threat sophistication, NAC has emerged as the gold standard for establishing secure access and authentication to corporate networks, applications and other internal resources. NAC, for lack of a better word, has raised the bar and left hackers with their work cut out for them.  

NAC systems evaluate whether a user and their device should be allowed onto a network, based on a series of security checks, MFA included. NAC combines MFA with other unique data points, such as the location of the device or the MAC address of the device to either grant or block their access to the network. Once connected, a NAC goes a step further by continuously measuring the security posture of each device, taking steps to either quarantine or boot the device off the network should it surpass the organization’s desired risk threshold. Additionally, a NAC can control which segment of the network a device can access, further limiting any impact of an intrusion.  

As such, a NAC is a strong addition to tighter password management and MFA because its security controls are complimentary rather than overlapping. NACs were once thought to be powerful, yet complex and hard to manage. With the advent of cloud-native NAC such as Portnox CLEAR NAC-as-a-Service, however, companies can access that power without the hassle. 

The Future of Password Management

While there are efforts to eliminate the need for passwords altogether, most business software will continue to require a username and password to gain access. Therefore, businesses must do more to secure their environments in the face of so many passwords.  

No combination of security controls can guarantee protection, but if an organization operates with a limited IT budget and staff, a combination of password management, MFA, and cloud-native NAC will substantially reduce its risk of cyberattacks. 

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Network Authentication is Just One Piece of the Network Security Puzzle

Establishing an Effective Network Security Posture Requires the Unification of Access Control, Risk Mitigation & Endpoint Remediation Capabilities

There’s a movement underway in cybersecurity today to adopt tools for enterprise network authentication. This trend makes sense. After all, authentication is just a fancy way of saying identity verification. Proving one’s identity has been a way of granting one’s access to something since time immemorial. From the secret passwords used to enter Chicago’s famed speakeasies to the retinal scanners used to clear you through airport security today – proving identity ensures trustworthiness and minimizes risk. 

Today, there are three primary methods that organizations rely on for network and application authentication: 

  • Password-Based Authentication – Passwords are the most common methods of authentication. Passwords can be in the form of a string of letters, numbers, or special characters. To protect yourself you need to create strong passwords that include a combination of all possible options. Of course, humans are lazy and tend to stick to what they know…meaning the same password gets used almost universally 
  • Multi-Factor Authentication –  MFA authentication methods and technologies increase the confidence of users by adding multiple layers of security. MFA may be a good defense against most account hacks, but it has its own pitfalls. 
  • Certificate-Based Authentication –  Certificate-based authentication technologies identify users or devices by using digital certificates. A digital certificate is an electronic document based on the idea of a driver’s license or a passport. This is perhaps the strongest means of authentication. 

Now,  Mission Impossible fans might say  hey, wait a minute, biometric authentication is missing off this list.  They’re not wrong, but frankly we’re not really focused on physically breaching CIA headquarters at Langley to get our hands on the coveted NOC list here. Rather, let’s focus on the day-to-day use of authentication techniques adopted by employees during business hours. 

I’m On the Network: Great, Now What?

The efficacy of the network authentication methods above can be debated to no end. That’s not why we’re here. Once a person’s device is authenticated to a corporate network, there are several security considerations that pure-play authentication tools can’t address. 

For example: 

  • Is the connected user an employee, guest, or contractor? 
  • What’s the user’s role within the organization (i.e. seniority or department)? 
  • What can the user access on the network? 
  • What’s stopping the user from accessing resources that shouldn’t be available to them? 
  • How do you monitor the risk posture of the connected device? 
  • How do you know if that user’s device becomes infected with malware? 
  • Can you prevent that infected device from moving across the network? 
  • Is there a way to return a non-compliant device back to a healthy state? 

Inside that medley of questions are a grab bag of other more detailed and technically intricate considerations that network security administrators may worry about. The point is this: once a user authenticates their device to the network, how can you prevent that device from posing a risk to the organization, even if unintentional? If you’re solely relying on authentication methods for network security, the answer is: you can’t. 

Closing the Gap on Network Security Blind Spots

The list of considerations above boils down to needing three primary capabilities on top of network authentication when it comes to network security. Without these, you’re essentially flying blind, unable to determine the true security posture of your network.  

These capabilities include: 

  • Access Control –  If authentication is the first step, employing access control is the second. Here, you’re aiming to dictate who can access what across your network. For example, you may not want Marketing to access Accounting’s VLAN. Why? Because Accounting’s VLAN holds sensitive financial information that has no bearing or relevancy to the day-to-day operations of Marketing. 
  • Endpoint Risk Posture Assessment –  The ability to continually monitor the risk threshold of each endpoint connected to your network means knowing how vulnerable you are to compromise. N etwork administrators will typically define a risk assessment policy, which assigns a risk score to each device. This score will indicate the level of risk posed by the device, taking into consideration the status of the device’s firewall, antivirus, applications in use and more. 
  • Proactive Device Remediation –  In some instances, the network security team may define a series of remediation policies. Essentially, a remediation policy consists of unattended corrective and preventive actions (CAPA), automatically applied to devices upon every transmission or on a recurring basis. A remediation policy can be used to reduce devices’ risk scores and increase compliance levels for network access. 

Unifying these Security Essentials With NAC

There is only one type of cybersecurity technology that brings together network authentication, access control, risk monitoring and remediation. That’s network access contro l (NAC). NAC, such as  Portnox CLEAR NAC-as-a-Service , unifies these network and endpoint security essentials in a single platform, and helps you fill in these critical gaps that an authentication-only approach fails to cover: 

  • Device profiling for contextual understanding 
  • Role-based and location-based access control 
  • Segmentation through dynamic VLAN assignment upon authorization 
  • Risk mitigation through device posture monitoring 
  • Device quarantining based on risk score policies 
  • Automated device remediation of non-compliant devices 
  • …the list goes on… 

Ultimately, anything less than complete network security coverage enforced through a NAC system that brings together these essential capabilities isn’t “network security” – it’s holding on to a hope and a prayer. Rely on standalone authentication tools at your own peril – we’ll just have to say we told you so.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

How to Protect Your Network Against a Ransomware Attack

Cyberattacks against mid-market and enterprise organizations are on the rise. From man in the middle (MitM), distributed denial-of-service (DDoS) and SQL injections, to zero-day exploits and phishing, cyberthreats are getting more sophisticated, more prevalent and more costly. But one type of cybercrime reigns supreme: ransomware.

Not-so-fun facts about ransomware today:

  • Ransomware cost the world $20 billion in 2021. That number is expected to rise to $265 billion by 2031.
  • In 2021, 37% of all businesses and organizations were hit by ransomware.
  • Recovering from a ransomware attack cost businesses $1.85 million on average in 2021.
  • Out of all ransomware victims, 32% pay the ransom, but they only get 65 percent of their data back.
  • Only 57% of businesses are successful in recovering their data using a backup. Source: Cloudwards

COVID-19 is not the only pandemic to emerge and gain a global stronghold as we push on into the 2020s. Ransomware has its tentacles everywhere. No network – corporate or personal – is immune. The financial damage being inflicted, especially at the corporate level, is only getting more and more severe. It has the potential to bring some institutions to their knees and send ripples through the global economy, eventually impacting the everyday consumer.

If we’re to right the ship, the castle walls around our ever-expanding networks must become stronger, more dynamic and more intelligent. It also requires vulnerable entities to step into the realm of psychology. What’s motivating these threat actors? What do we as an organization have that they want?

Stopping Ransomware Just as we wear masks and get vaccinated to protect ourselves from the threat of contracting COVID-19, we must take the proper precautions to limit or eliminate the possibility of a ransomware attack.

Know Your Enemy For most companies, the enemy (or hacker) just wants money. More rarely, they’re after corporate data for some personal gain – again, that could be to sell it or leverage it for other malicious initiatives that could be politically or ideologically motivated. Even more rarely, they’re just looking to tarnish your brand’s reputation.

Regardless of their intent, however, there is one simple commonality: they want to breach your network through clandestine means. The emphasis is on the network even if that network is not physical. Today, it doesn’t need to be. In 2022, your network is merely where your corporate endpoints are in use, and ultimately where data accessed via those devices is stored.

The attempt to understand the enemy has given rise to threat intelligence services that can help you profile your attackers. Such tools can determine whether these individuals have a hold on your network, endpoints and/or users. But threat intelligence alone isn’t enough – organizations need to know themselves, which requires a unified stack of security technologies and tactics that when deployed in conjunction with one another can thwart even the most sophisticated ransomware attack.

Know Your Organization Corporate endpoints serve as the initial entry points to any corporate network. These devices store proprietary, sensitive data – the hostage in this hostage taking scenario. To effectively secure the network requires instituting a bevy of endpoint security measures as part of a larger security posture strategy. Frameworks such as the CIS Critical Security Controls outline these best practices.

Ultimately, however, organizations can start with these basics:

  • Use Multi-Factor Authentication (MFA) when possible; discourage the use of corporate applications that do not allow for MFA activation; use a password manager when MFA is not available.
  • Have a mechanism to isolate any infected machine in use across your network to prevent lateral movement and further spread. Network access control (NAC) solutions have been purpose-built to do just this.
  • Employ an email content inspection software that proactively inspects all links and attachments within incoming emails; this aids in stopping malware via phishing attempts.
  • Deploy an Endpoint Detection & Response (EDR) program on all machines – managed devices, BYOD & IoT / OT – that runs 24/7 with automatic system updates.
  • Ensure you’ve instituted proactive device remediation for all connected endpoints that can automatically update firewalls, antivirus and VPN services in use. NAC also incorporates this functionality.

If you follow those principles, you can win every battle. As legendary military strategist Sun Tzu wrote in his classic work, The Art of War: “If you know the enemy and know yourself; you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。