Category: Axis Security

[By Jaye Tillson, Field CTO at Axis Security]

In the vast expanse of cyberspace, few threats cast a darker shadow more than ransomware. This digital desperado wreaks havoc on individuals and businesses alike, holding precious data hostage for a hefty ransom. But this villain’s tale stretches back further than you might think, with its roots tangled in the Cold War and its impact resulting in billions lost today. Let’s explore the shadowy origins of ransomware, unfurl its nefarious forms, and discover how Zero Trust plays the role of cyber sheriff, standing guard against this modern-day scourge.

From Academic Experiment to Global Plague

In the 1980s, the world of computing witnessed a curious experiment. Joe Popp devised a rudimentary “AIDS Trojan” that encrypted files and demanded payment for their release. Though intended as a social commentary on online trust, the seeds of a much wider threat were sown. Fast forward to 2023, and ransomware has evolved into a multi-billion dollar industry, leaving a trail of crippled businesses, compromised data, and shattered confidence in its wake. According to Cybersecurity Ventures, ransomware costs are projected to reach a staggering $265 billion by 2031, a grim testament to the reach and power of this digital outlaw. 

A Trio of Terror

Ransomware isn’t a monolith; it comes in various guises, each with its own chilling modus operandi. Let’s meet the infamous three:

  1. Crypto-Ransomware: This classic scoundrel encrypts your files, rendering them inaccessible until you cough up the ransom. Imagine your cherished family photos, work documents, and irreplaceable memories locked away in a digital vault, accessible only through the villain’s cruel terms. Sophos reports in 2023 alone that the average ransom demand reached $1.54 million, a steep price to pay for digital freedom.
  2. Locker Ransomware: Forget encrypted files; this brute force bully slams the door shut on your entire system. Think of being locked out of your own house, unable to access even the most basic functions. In 2022, according to AAG IT Support, 47% of ransomware attacks targeted organizations in the United States, highlighting the widespread reach of this digital siege.
  3. Doxware: This double-barreled bandit not only encrypts your data, but it also threatens to leak it publicly unless you pay up. Imagine facing the humiliation and potential legal repercussions of your private information plastered across the digital landscape. In 2023, the Cybersecurity & Infrastructure Security Agency (CISA) reported a 136% increase in data exfiltration incidents, a chilling trend directly linked to the rise of doxware.

Counting the Cost of Digital Mayhem

The impact of ransomware extends far beyond the initial ransom demand. Studies by the Ponemon Institute reveal that average costs associated with a ransomware attack include:

  • Recovery Costs: $761,650
  • Business Disruption: $1,270,000
  • Reputational Damage: $1,648,500

These figures paint a stark picture of the financial and reputational devastation wreaked by ransomware. Not only do businesses lose vital data and incur downtime, but they also face the erosion of trust from customers and clients, a blow that can be even more difficult to recover from.

Enter Zero Trust, the Cyber Sheriff

Traditional network security, like a rickety wooden gate, relies on trust and perimeter defenses. But in the Wild West of cyberspace, trust is easily breached, and perimeter walls crumble under the relentless pressure of sophisticated attacks. Zero Trust, however, operates like a vigilant cyber sheriff, constantly verifying every digital entity attempting to enter the digital town.

Here’s how Zero Trust stands guard against ransomware:

  • Multi-Factor Authentication: Consider it an extra lock on the digital door, demanding not just a password but an additional layer of verification (biometric scan, phone code) before granting access.
  • Network Segmentation: Instead of a single, vulnerable town square, Zero Trust divides the network into secure zones, limiting the spread of ransomware if it manages to breach one perimeter.
  • Least Privilege Access: Forget everyone having a master key; Zero Trust grants only the minimum level of access needed for each user and device, minimizing the potential damage a compromised entity can inflict.

In today’s Wild West, these measures, combined with ongoing security awareness training and robust data backups, form a formidable defense against the digital outlaws of the 21st century.

Conclusion

The fight against ransomware is a continuous journey, but understanding its origins, recognizing its diverse forms, and wielding the tools of Zero Trust empowers us to ride into the digital sunset with confidence. While the shadow of ransomware may loom large, knowledge is our six-shooter, vigilance our loyal steed, and Zero Trust is the fortified town walls safeguarding our valuable data.

By remaining informed, adopting proactive security measures, and embracing a culture of cybersecurity awareness, we can keep the outlaws at bay and maintain control of our digital frontier. Remember, in the Wild West of cyberspace, preparedness is our strongest weapon, and together, we can ensure that ransomware remains a relic of the past, not a threat of the future.

The post Ransomware: From Origins to Defense – How Zero Trust Holds the Key appeared first on Cybersecurity Insiders.

[By John Spiegel, Director of Strategy & Field CTO, Axis Security]

In 2022, 66% of businesses worldwide were impacted by Ransomware in some form.  This may be breach, a 3rd party they depend on was hacked or sensitive data was leaked by another impacted entity.  And according to the most recent Version Breach report, no sector was spared.  Manufacturing, finance, retail, government to hospitals.  All impacted by this plague of cybersecurity.  Worse, the time to compromise (dwell time) is now less than a day!  The motivations are clear.  Grab sensitive data and then hold it hostage until payment arrives.  If payment is not provided, expose the data on the Internet which is either incriminating or will significantly impact a revenue stream the business is counting on.

Why is this happening?  Outside of the motivations for the attackers (which are covered in lurid details elsewhere), the problem is a mismatch of the intent of the business vs the legacy thinking of security.  The business has decided it cannot live within the four walls of its operations.  Rather, it has embraced Cloud, SaaS, PaaS and now remote work in the name of productivity and profits.  Result, data and employees are everywhere.  Security, on the other hand, still lives in the pre-Cloud era.  Even while new frameworks to secure the enterprise are available, security still relies on old methodologies even in an era of Cloud and AI.

In fact, security often rebuilds solutions of the past to protect our future.  Case in point, the enterprise firewall.  Born in the pre-Cloud timeframe (2005), it, in the majority of cases, the enterprise firewall is the security tool the company relies on.  Much like the famed Maginot Line built to protect France post WWI from the Germans, the firewall provides a clear demarcation between civilization and the barbarians. In firewall parlance, you are either behind the firewall (trusted) or outside the firewall (untrusted).  While the enterprise firewall can get granular about the policies to allow or disallow traffic, the ugly truth is, at a certain point the firewall rule base becomes overly complex and therefore risky to change.  Result?  While the focal point for security, this tool results in complexity which creates gaps in the lines of protection and thus businesses are exploited like the Germans did to the French in 1940.

How do we move beyond?

To make a meaningful impact on the scourge of ransomware, we need to realize we are in a new era.  The period of static defense is over.  Applications, data and employees are now distributed.  Additionally, businesses now rely on 3rd parties for critical business functions.   Thus business and security need to align by embracing two frameworks.  The first framework we need to move to is zero trust.

Framework One – Zero Trust

Coined by John Kindervag and Chase Cunningham, zero trust starts by assuming breach.  The concept is to build a resilient security strategy based on protecting the assets which matter most to the company.  It calls for segmentation of virtual and physical systems into series “air tight” compartments based on business function (called protect surfaces).  For instance, the key financial systems are to be segmented off with only need to access availability.  Doing so, reduces the blast zone of a compromise.  If an attacker breaches the website, the impact does not extend to the warehouse system, the customer relationship application or the credit card payment mechanism. The ability to move laterally within a company and explore the network for treasure becomes highly challenging.  Zero trust also calls for constant monitoring of the protect surfaces. It’s not enough to create a series of barriers and call it good.  Rather, you need to insert a feedback loop to understand if the mechanism is working or needs to be improved.  While Zero Trust has gained a lot of attention lately, adoption has been slow.  A recent report stated 61% of companies are still defining their Zero Trust initiative and only 35% say they will implement one “soon”.

Framework Two – SSE

The second framework to consider is the Security Service Edge (SSE).  SSE is a solution coined by the analyst firm Gartner in 2019 as part of the larger umbrella, Secure Access Service Edge (SASE).  What SSE looks to do is extend security services to where they matter.  Services to meet the employee, the data or the application where they live.  It starts by creating a security fabric using what are called Points of Presence (PoPs) where services such as secure web filtering, SaaS and data controls along with risk-based authentication measures are leveraged.  In the past, many of these services resided in the private data center as point products, separate and not integrated.  With SSE, these same services are improved and transitions to a Cloud delivered security service which operates as a cohesive, unified platform extended across the globe as opposed to living in a central corporate data center.  With SSE, traffic is routed to a global network where it can be both optimized and secured to provide both speed and security.  SSE can also leverage the concepts of zero trust to provide employees and 3rd parties access to only the applications and data they require to conduct their role in the business.  Ok, all sounds amazing and great, right? But how does Zero Trust and SSE help defend the business from Ransomware?

Bringing together – Aligning Security for the Modern Era

First, they work together to eliminate the “attack surface”.  Only authorized resources who pass a series of “risk-based authentication” controls (going beyond password and MFA) are allowed to access the specific applications assigned to them.  This greatly reduces the number of discoverable systems to a hacker as well as “cloaks” the rest of the systems off from lateral movement for reconnaissance and compromise.  Second, with SSE, traffic can be inspected for indicators of compromise.  As SSE leverages the power of the Cloud, encrypted packets can be decrypted at scale.  You are not limited to the size of a firewall ASIC where you need to decide what traffic to inspect vs pass through the system.  Additionally, you can apply treatments such as data loss prevention technologies to check whether sensitive files containing social security numbers are being downloaded from O365 and sent to Dropbox. Lastly, you can control the IT landscape of applications with an SSE based Cloud Access Security Broker.  This allows for granular controls over SaaS based applications as well as provides visibility into unsanctioned cloud applications and software (a vector of compromise).

It’s time to retire the static defenses of the past and align the business with security. While the enterprise firewall will remain as a tool in the toolbox for security, making the move to zero trust and SSE will provide the active defense required in today’s threat landscape (one defined by Ransomware).  The business requires Cloud and remote work.  Distributed IT is here to stay.  It’s now security’s time to step up their game!  Start making the move to Zero Trust and SSE today.

The post Getting Real About Ransomware appeared first on Cybersecurity Insiders.

[By Jaye Tillson, Field CTO at Axis Security]

In today’s technology-driven world, cyber-attacks have become an ever-increasing threat to organizations across all industries. If that’s not bad enough. these threats are becoming more sophisticated while continuing to escalate in number. Often when we talk about the impact of these cyber threats, we inevitably focus on the wallet as well as how they can tarnish a business’s reputation. But there is another result that is reshaping the corporate landscape and in doing so altering the distribution of power within the C-suite.

Here I’ll explain why. Traditionally, the Chief Information Officer (CIO) and their team were responsible for managing an organization’s information technology infrastructure. However, the escalating frequency and severity of cyber-attacks have shaken things up and in doing so are driving the need for dedicated expertise and resources to fight back. As a result, we are witnessing the beginnings of a shift in power from the CIO to the Chief Information Security Officer (CISO) and the wider security team.

Let’s look at some of the key reasons behind this shift and how the rise in cyber attacks has enabled the CISO to gain more power, resources, and budget.

Evolving Cyber Threat Landscape

Over the past decade, the cyber threat landscape has evolved significantly. Attack vectors have become more sophisticated, encompassing various tactics such as ransomware, social engineering, and advanced persistent threats. The impact of attacks can be severe operational, reputational, and financial damage to an organization. In fact, Cybersecurity Ventures estimates that the cost of cybercrime will jump from $3 trillion in 2015 to a projected $10.5 trillion in 2025. Numbers like this are why, over the last few years, more and more businesses have committed to establishing a more dedicated cybersecurity focus which in turn has, led to the emergence of the CISO role.

The Need for Specialized Expertise

Combatting modern cyber threats requires specialized knowledge and expertise. CIOs do possess a broad understanding of technology and its integration within the organization. But, cybersecurity demands a more targeted and in-depth approach to protect against cyber threats. CISOs and their teams bring the specialized skill set required. This includes knowledge of threat intelligence, risk assessment, incident response, and security frameworks. As cyber-attacks have grown in complexity, organizations have recognized the importance of having a dedicated CISO to navigate the ever-changing cybersecurity landscape. This importance will continue to grow in 2024 with CISOs upgrading cloud security investments, deploying new API securities, upping their commitment to Zero Trust architecture, and much more.

Board-Level Accountability

High-profile cyber attacks and data breaches have placed cybersecurity on the radar of boardrooms worldwide. Executives and board members are increasingly held accountable for the security posture of their organizations. Consequently, the CISO’s role has gained prominence that extends beyond the C-Suite to boards who are seeking direct access to their expertise and insights. In fact, CISOs have gained a position at the table which has enabled them to influence key decisions related to cybersecurity strategy, resource allocation, and budget. Looking forward it will be essential that CISOs effectively communicate clearly and help ensure that businesses make the right decisions.

Regulatory Compliance and Legal Requirements

The regulatory landscape has witnessed a surge in measures aimed at protecting consumer data and ensuring critical infrastructure security. Legislation such as the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) have heightened the need for robust data protection measures and a failure to comply can be costly. In the case of GDPR, an infringement that’s considered serious could result in a fine as high as €20 million. The CISO plays a vital role in ensuring compliance with these regulations, mitigating potential legal risks, and safeguarding the organization’s reputation.

Impact on the Bottom Line

The financial implications of cyber attacks have amplified the urgency of investing in cybersecurity measures. The costs associated with recovering from a cyber attack, including incident response, remediation, and reputational damage control, can be astronomical. Executives and boards recognize that allocating adequate resources to cybersecurity is a proactive approach to protecting the organization’s financial stability. Consequently, CISOs have gained greater leverage in budget discussions, as their expertise is essential for minimizing financial risks associated with cyber threats.

To conclude, the rise in cyber attacks has disrupted the traditional power dynamics within organizations, shifting influence from the CIO to the CISO. The evolving threat landscape, specialized expertise requirements, board-level accountability, regulatory compliance, and financial implications have all contributed to this shift.

As organizations recognize the criticality of robust cybersecurity measures, the CISO has emerged as a vital figure with access to increased resources and budget allocations. Embracing this shift in power and providing CISOs with the necessary support is essential to fortify organizational defenses and safeguard against the growing menace of cyber attacks.

Jaye Tillson, Security Director, Axis Security

Jaye Tillson is a Director of Strategy at Axis Security and has 20+ years of experience implementing strategic global technology programs, helping organizations achieve digital transformation, and guiding businesses through their zero-trust journey. Jaye is passionate about working with large enterprises on their strategic journey towards zero trust, where he can bring forth real-world experience on issues and problems.

The post The Shift in Power from CIO to CISO: The Rise in Cyber Attacks Enables Greater Resources and Budget Allocation appeared first on Cybersecurity Insiders.

As organizations pivot toward more distributed and fragmented models of work, cybersecurity measures must adapt to keep pace with the evolving threat landscape and expanding attack surface.

In an in-depth interview with Chris Hines, VP of Strategy and Global Marketing at Axis Security, a recent acquisition by HPE, we explored the evolution of unified SASE as the next step in adaptive, integrated security solutions that address today’s complex challenges.

The Evolving Landscape of Remote and Hybrid Work

The COVID-19 pandemic, coupled with technological progress, has reshaped modern work environments. As organizations grapple with the change toward fragmented and dynamic work environments, the threat landscape and attack surface have expanded alongside, emphasizing the need for nimble and adaptive cybersecurity solutions that can address risks that originate both internally and externally: from malicious admins, end users, devices and threat actors aiming to exploit any weakness.

In this rapidly evolving landscape, traditional security architectures are no longer sufficient. Secure Access Service Edge (SASE) has emerged as a strategic imperative for businesses aiming to cope with new challenges and thrive in this new world. Notably, unified SASE offers an effective, streamlined approach to achieving robust security and efficient networking. This article explores the core aspects of unified SASE, why it’s essential for modern cybersecurity and how to get started on the SASE journey.

From Siloed Solutions to Unified Platforms

Historically, cybersecurity technologies such as Cloud Access Security Broker (CASB), Secure Web Gateway (SWG), and Zero Trust Network Access (ZTNA) were implemented to address distinct challenges. But as both IT environments and cybersecurity threats grow in complexity, there’s a clear shift towards integrated solutions.

Chris Hines underscores this transition, highlighting the complexity, cost and security challenges businesses face when managing multiple solutions, especially in a remote and hybrid work era. Moreover, vulnerabilities and user experience issues associated with traditional remote access technologies such as VPNs further exacerbate these challenges.

“There are three key factors driving the need for SASE adoption today: ineffective legacy security, unnecessarily complex networks, and obsolete solutions,” notes Chris Hines.

Enter Unified SASE

Introduced by Gartner in 2019, Secure Access Service Edge (SASE) emerged as a groundbreaking concept. It blends networking and security functionalities into a holistic policy-based platform, facilitating seamless collaboration between networking and security teams. Gartner predicts that “by 2025, 50% of new SD-WAN purchases will be part of a single-vendor SASE offering, up from 10% in 2022.”

Unified SASE converges the functions of network and security into a single, cloud-native platform, significantly reducing the complexities and inefficiencies associated with disjointed point solutions. It is based on two core technology sets:

  1. WAN Edge Services (SD-WAN): Software-Defined Wide Area Networking offers robust, flexible network connectivity. It automates the routing of network traffic to improve application performance and deliver a better user experience.
  2. Security Service Edge: Includes Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), and Digital Experience Monitoring (DEM). This provides a comprehensive security layer by governing user access, filtering web content, managing cloud application use, and monitoring end-user experience.

Benefits of Unified SASE

By integrating WAN Edge Services and Security Service Edge into a single-vendor solution, unified SASE offers numerous advantages:

  • Enhanced Security Posture: Universal security policies paired with centralized access controls heighten threat detection and response capabilities.
  • Operational Efficiency: Merging networking and security functionalities minimizes complexities, promoting cross-functional collaboration.
  • Improved User and Admin Experience: With automatic routing of traffic and enforcement of Zero Trust policies, both user and administrator experiences are optimized without compromise to security.
  • Cost-Efficiency: A unified model inherently reduces capital and operational expenses, scaling seamlessly with evolving business requirements.

How to Begin Your Unified SASE Journey

Though implementing a unified SASE framework may seem daunting, with the right strategy and a reliable partner, you can make the transition to SASE smoothly and securely without disrupting existing operations.

Here are five key steps Chris Hines outlines that successful SASE implementations follow:

Step 1: Establish SASE Goals and Requirements

Determine your organization’s specific goals, needs, and criteria for a SASE framework. Evaluate your existing network and security infrastructure to identify any gaps, challenges, and available resources.

Step 2: Choose a Single-Vendor SASE Solution

Compare and assess different SASE vendors based on factors such as capabilities, coverage, performance metrics, scalability, reliability, customer support, and cost structure. Choose a well-architected, single-vendor SASE solution that is integrated, unified and easy to use.

Step 3: Formulate Your SASE Implementation Strategy

Collaborate with your chosen SASE provider to outline your network topology, security policies, user groups, app profiles, and connectivity options based on best practices. This step should be a joint effort with your SASE provider to ensure success.

Step 4: Initiate SASE Deployment in Phases

Start SASE implementation by deploying essential elements like agents, connectors, SD-WAN devices, or private PoPs via a central management dashboard. Migrate users, devices, physical locations, and applications to your new SASE architecture in a phased or batched manner. SASE’s flexibility allows it to work alongside existing solutions, offering you the pace of deployment that suits your team’s readiness.

Step 5: Unlock the Full Potential of SASE

As the deployment progresses, utilize the tools and dashboards provided by your SASE provider to gain operational insights and real-time visibility. This will allow you to fine-tune your SASE implementation and even discover new areas where SASE could add more value to your business.

By following these steps, you’ll be well on your way to leveraging the full potential of unified SASE, thereby strengthening your security posture and improving network performance.

Conclusion – Two Paths to Unified SASE

If you’re in the market for a powerful, single-vendor SASE solution that delivers both enhanced security and reliable connectivity from any location, you should consider the newly expanded offerings from HPE Aruba Networking, enhanced by its recent acquisition of Axis Security.

Already a leader in SD-WAN, the addition of Security Service Edge (SSE) to HPE Aruba Networking capabilities now provides the foundation for an even more comprehensive, unified approach to SASE suitable for today’s dispersed and dynamic business environments.

The acquisition of Axis Security amplifies HPE’s commitment to integrated network and security solutions. Axis Security’s expertise in Zero Trust Network Access (ZTNA) further enriches HPE Aruba Networking’s SASE capabilities through Adaptive Trust, adding advanced, granular access controls, superior threat detection, and real-time adaptive responses.

IT teams can now implement WAN and cloud security measures directly at the network edge through HPE Aruba Networking EdgeConnect SD-WAN, while also benefiting from Axis Security’s advanced ZTNA functionalities. This ensures that robust Zero Trust security controls can be extended to all users and devices, regardless of location.

Choosing a unified SASE solution from a single vendor can accelerate this digital transformation. The only remaining question is: How will you begin your SASE journey?

Two Entry Points for Your SASE Strategy

  1. Initiating with SSE and ZTNA: The recent Axis Security acquisition fortifies HPE Aruba Networking’s already robust security If ZTNA is your starting point, consider replacing your VPN with ZTNA from HPE Aruba Networking to enable additional layers of security for your private applications, whether they reside in a data center, the cloud, or in between.
  2. Starting with SD-WAN: If you prefer to begin your SASE journey by focusing on SD-WAN and completing your secure edge portfolio, then the full array of options powered by HPE Aruba Networking EdgeConnect SD-WAN is available.

According to a 2023 Ponemon Institute report, about 46% of organizations are expected to have a SASE architecture in place within a year. SASE is not just a fleeting tech trend; it’s a strategic imperative for any enterprise looking to thrive in the digital age. Adopting a unified SASE framework not only improves your organization’s security posture but also enhances operational efficiency and cost-effectiveness for the future.

For more information and to take a test drive of HPE Aruba Networking unified SASE, visit https://www.arubanetworks.com/connect-and-protect/.

The post Unlocking the Full Potential of Unified SASE: An Interview with HPE’s Chris Hines appeared first on Cybersecurity Insiders.

John Siegel, Director of Strategy, Field CTO, Axis Security

Was it me, or did 2023 roll by fast? It feels like it was a blur to me. The end of the year is here and it’s time to pause, take stock, and then gear up for 2024.  While I will not help you with the first two, I’ll provide perspective on the last item, what are the trends and areas to consider investing your time and resources on in the coming year.

Cutting Through the AI Hype

Let’s start with the hottest topic in IT.  Sorry, it’s not Taylor Swift, but close!  Artificial Intelligence. Despite the hype from the marketing departments of the major network vendors, AI won’t solve all your problems in 2024.  We are too early in the journey but not too early to investigate. So, over the next 12 months, how should you be thinking about AI?

I recommend looking for opportunities where AI can help you lower your operational burden.  Are there areas where you can leverage AI to reduce your requirements for highly compensated network security engineers to maintain and support your networks?  Are there use cases for AI to provide operational intelligence to your frontline NOC and operations teams to resolve tickets without escalations?  Look for AI-enabled “digital co-pilots,” leverage natural language with “chatbot” interfaces to help your network and operations teams troubleshoot network and security events.  Vendors are now beginning to deliver them. Doing so will reduce your “keep the lights on” load and allow your high-end talent to focus on key projects that generate new revenue or reduce business risk.

Trust No One

The second topic that must be on your radar for 2024 is zero-trust networking (ZTN).  While much maligned by marketers in the network and security industry, you need to wade through the messaging to get to the outcomes for your business.  The days of “trusted and untrusted” networks are gone. Cloud started the trend, and the rise of the remote workforce in 2020 was the nail in the coffin. To be successful in this decade of distributed IT where islands of data are strung out across the vast ocean of the Internet, zero trust must be at the center of your security strategy.

For security networking, you must be thinking holistically.  How do I apply this framework to my remote employees, my campus networks, my branch networks, and my WAN networks?  I don’t recommend running out and making 2024 the year of zero trust and trying to accomplish all of the above . However, I strongly urge you to pause and think strategically about how you can revise your network and security systems in this model over a three-five year period.

Start by asking your primary vendors about their roadmaps and determine if they align with your future plans.  Next, map out your priorities in six- month increments.  And then sync up with your finance teams to ensure your plan is in alignment with theirs.  This means getting ahead of the budget/depreciation conversations. Lastly, see if there are any small or medium-sized projects you can get your team involved in that can serve as the starting point of the ZTN transition.

Start Living on the (Security Service) Edge

Which brings me to the third area to invest in for 2024. Security Service Edge or SSE.  If you are going to start the journey to Zero Trust Networking, SSE is a great first step. According to Forbes, securing remote work remains a top challenge for CxOs.  Another top-of-mind issue is retaining top talent. SSE can help with both. Instead of using legacy VPN technology with a series of point solutions for remote access, SSE dissolves and reconstitutes these hardware solutions as software delivered from the Cloud in a SaaS-like format. The result is speed and security for your remote workforce.

Additionally, as your workforce leverages the system, they will share insights into their application experience.  If you can understand their experiences, you can make their work experience which will help as you retain top talent. As for where to start, I recommend a 3rd party or contractor use case. The majority of companies these days are using a VPN to grant access to their “trusted” network.  Due to the nature of the cyber threats and the distributed landscape of IT, this is no longer recommended.  It is too much of a risk.  Alternatively, you can use an agentless version of SSE’s ZTNA technology to limit access to only the applications or systems required based on their identity (and other factors).  The outcome is you never place a 3rd party or contractor on your network. This greatly reduces your attack surface, and business risk and if done correctly, can lower costs. Consider a project like this to start the SSE and Zero Trust Network path.

I hope you enjoyed my recommendations for 2024.  Here is to a great year in front of you!

The post It’s Never Too Soon to Begin Thinking About Your 2024 Cybersecurity Journey appeared first on Cybersecurity Insiders.

Jaye Tillson, Field CTO at Axis Security

In an era where cyber threats are evolving at an alarming pace, the role of a Chief Information Security Officer (CISO) has never been more critical. Today, CISOs are the guardians of an organization’s digital assets, and in this role are facing a very daunting task–they are being called to protect sensitive data, maintain customer trust, and ensure business continuity. With an ever-expanding threat landscape, the ability to deliver on these three fronts has never been more challenging. As a result, it’s essential for CISOs to establish clear priorities to navigate these turbulent waters successfully.

In my role, I have the opportunity to meet regularly with security professionals from a variety of businesses all over the globe. Over the past six months in particular, that includes some extremely informative discussions with a sizeable group of CISOs. In this article, I wanted to share what I believe are the top three priorities that are at the forefront of their agenda.

Cyber Resilience

Today we are all operating in an interconnected world and many of the CISOs I spoke to believe that it’s not a matter of ‘if’ but ‘when’ a cyberattack will occur. It’s hard to argue with their view. Taking that viewpoint into account, their focus was on building cyber resilience within their organizations. For them, this meant preparing for, responding to, and recovering from cyber incidents effectively. Here are some key strategies that they are considering:

  • Incident Response Plan: Develop and regularly update a comprehensive incident response plan. Once this has been shared throughout the organization, make sure that all employees are aware of their roles and responsibilities during a cyber incident. From there, it’s imperative to put this plan to the test. This includes conducting regular drills and simulations to gauge the plan’s effectiveness and, if necessary, adjusting it as needed.
  • Data Backups and Recovery: Even with the best plan, data loss is always a possibility, especially since it is no longer housed in a single, central location. These CISO’s touched on the need to implement a robust data backup and recovery processes to minimize any data loss in case of a breach. This includes verifying the integrity of backups regularly and storing them securely offline to prevent ransomware attacks.
  • Threat Intelligence: Invest in threat intelligence tools and services to stay informed about emerging threats and vulnerabilities. These CISOs widely agreed that having regular access to this information would help them proactively defend against attacks.
  • Employee Training: No matter how many solutions you invest in and the simulations you conduct, human error still remains a significant factor in security breaches. In fact,  Verizon’s 2022 Data Breaches Investigations Report (DBIR) found that 82 percent of data breaches involve a human element. According to the DBIR, this includes incidents “in which employees expose information directly (for example, by misconfiguring databases) or by making a mistake that enables cyber criminals to access the organization’s systems.” Findings like this reinforce why these CISOs state it’s essential to conduct regular cybersecurity awareness training for all employees. The goal of these efforts is simple–ensure that everyone across the businesses fully understands the importance of security best practices.

Zero Trust

Many of the CISOs felt that the traditional perimeter-based security model is no longer sufficient to protect their business against modern threats. These solutions were effective when their we focused on protecting everyone within a castle and moat (i.e., the corporate office)/ But we don’t work in castles anymore.

For this group there is widespread agreement that the answer is to adopt a Zero Trust approach to secure their organization’s digital assets. Zero Trust operates on the principle of “never trust, always verify,” and it requires a fundamental shift in how security is implemented. Their priorities were:

  • Identity and Access Management (IAM): Implement strict IAM policies to ensure that users and devices are authenticated and authorized before accessing any resources. This includes the use multi-factor authentication (MFA) wherever possible.
  • Micro-Segmentation: Divide the network into micro-segments to limit lateral movement for potential attackers. With micro-segmentation, each individual segment should have its own access controls and monitoring mechanisms.
  • Continuous Monitoring: Because security threats never sleep, businesses must employ continuous monitoring solutions that track user and device behavior, detect anomalies, and trigger alerts for suspicious activities in near real-time.
  • Application Security: Ensure that all applications, whether on-premises or in the cloud, are secure by design. In addition, regularly assess and update the business’s security posture to mitigate vulnerabilities.

Regulatory Compliance

As data privacy regulations continue to evolve worldwide, compliance is a significant concern for many of the CISOs, and with good reason. Non-compliance often leads to hefty fines and reputational damage. Just ask Amazon which in 2021 incurred an $877 million fine for breaches of the GDPR.  To address this priority, the CISOs intended to:

  • Stay Informed: Stay up-to-date with the latest data privacy regulations, such as GDPR, CCPA, NIS2, or any other relevant laws based on their organization’s geographic footprint and industry.
  • Data Protection: Implement robust data protection measures, including encryption, access controls, and data retention policies, to ensure compliance with regulatory requirements.
  • Third-party Risk Management: Evaluate and monitor the security practices of third-party vendors and partners to ensure they meet compliance standards, as their actions can impact their organization’s compliance status.
  • Documentation and Reporting: Maintain thorough records of security measures, audits, and compliance activities and be prepared to provide documentation to regulatory authorities if required.

Conclusion

As the digital landscape becomes increasingly complex and volatile, these CISOs knew they would be facing the formidable challenge of safeguarding their organizations against a barrage of cyber threats.  What was clear through my conversations is they all felt that by prioritizing cyber resilience, adopting Zero Trust, and ensuring regulatory compliance, they could build a robust security posture that not only protects their organization’s sensitive data but also strengthens customer trust and ensures business continuity in an ever-changing cybersecurity landscape. They also acknowledged that their role was seen as pivotal in the modern business world and that these top priorities should be their guide in securing the digital frontier.

Image by gpointstudio on Freepik

The post Top 3 Priorities for Today’s CISO: Safeguarding the Digital Frontier appeared first on Cybersecurity Insiders.

Jaye Tillson, Field CTO at Axis Security

Amidst the ever-evolving terrain of modern information technology, the domain of higher education has emerged as a focal point for malicious activities. Consequently, ensuring the safety and security of students, educators, and intellectual property assets has become a top priority at all levels.

Educational institutions find themselves in the crosshairs of escalating cyberattacks. The aftermath of these attacks, characterized by data breaches, has yielded not only the compromise of sensitive information but also the disruption of the smooth continuum of academic pursuits.

In response, the emergence of Secure Access Service Edge (SASE) has surfaced as an indispensable solution capable of fortifying the security resiliency of higher education establishments.

Understanding Secure Access Service Edge (SASE)

Secure Access Service Edge (SASE) represents a holistic security framework that seamlessly integrates security with wide area networking (WAN) capabilities within a single cloud-based service. SASE strategically relocates security services to the cloud’s edge, thus positioning security protocols closer to users, devices, and data.

This dynamic approach, in contrast to traditional centralized security models, effectively curbs latency, enhances performance, and extends robust protection. Such attributes render SASE impeccably suited for the dynamic and widespread landscape of higher education institutions.

Challenges Confronting Higher Education

Higher education institutions confront an array of unique security challenges due to their intricate IT ecosystems and diverse user demographics. Among these, prominent challenges encompass:

  • Remote Learning and the BYOD Culture: The advent of remote learning accelerated by the pandemic has fostered a “Bring Your Own Device” (BYOD) culture. This transition has broadened the attack surface, underscoring the need to secure a diverse spectrum of devices and endpoints.
  • Guarding Sensitive Data: Higher education institutions harbor an extensive trove of sensitive data encompassing personal information and proprietary resources. The imperative to safeguard this data is twofold, protecting both individuals and institutional repute.
  • Preserving Intellectual Property and Research: Academic research is a precious asset, consequently rendering universities attractive targets for intellectual property theft. Cybercriminals often set their sights on research data, with motives ranging from financial gains to competitive advantages.
  • Navigating Compliance and Regulations: Educational institutions find themselves obligated to adhere to an array of data protection regulations such as the Family Educational Rights and Privacy Act (FERPA) and the General Data Protection Regulation (GDPR). It becomes even more complex for research universities involved in projects funded by the federal government. This layer of complexity adds nuance to their security strategies.
  • Resource Constraints: Budget limitations and constrained IT resources can potentially impede the establishment of robust security measures.

Benefits of Secure Access Service Edge in Higher Education

The integration of SASE can effectively tackle these challenges and confer numerous advantages to higher education institutions:

  • Elevated Data Protection: SASE takes a data-centric approach to security, ensuring that data remains encrypted and secure at every stage. Through this comprehensive approach, universities can safeguard sensitive information both in transit and at rest, thwarting unauthorized access.
  • Scalability and Flexibility: The cloud-based nature of SASE empowers institutions to calibrate security services in alignment with their evolving requirements. Whether accommodating a sudden influx of remote learners or adapting to ever-changing threat landscapes, SASE provides flexibility without compromising security.
  • Mitigated Latency: By situating security services proximate to the edge, SASE diminishes latency and optimizes the performance of applications. This facet proves pivotal for real-time collaboration tools and virtual learning environments.
  • Holistic Threat Management: SASE introduces a unified paradigm for threat management, seamlessly encompassing features like firewalls, intrusion detection and prevention, anti-malware tools, and data loss prevention. This unified security suite minimizes vulnerabilities and simplifies management.
  • Enhanced Compliance: SASE’s capacity for meticulous control over user access and data handling translates into enhanced compliance with diverse regulations. This capability enables institutions to effectively demonstrate their dedication to safeguarding the privacy of students and staff.
  • Cost-Efficiency: The adoption of cloud-based SASE negates the necessity for on-premises hardware, facilitating the embrace of a subscription-based model. This pragmatic shift can effectively curtail capital expenditures and provide cost predictability.

Secure Access Service Edge emerges as a transformative force for higher education institutions seeking to fortify their security stance within an environment characterized by evolving technological landscapes and mounting security challenges. Through the adoption of an edge-centric security approach, universities and colleges can adeptly safeguard their students, educators, and invaluable intellectual assets.

The combination of reduced latency, heightened data protection, scalability, and compliance adherence makes SASE a strategic investment for higher education establishments. It is my conviction that the embrace of Secure Access Service Edge represents a proactive stride toward establishing a robust security bedrock for the future of education.

The post Enhancing Higher Education Security: The Role of Security Service Edge appeared first on Cybersecurity Insiders.

By Jaye Tillson, Director of Strategy, Axis Security

Over the past few years, our world has evolved at a rapid pace. This rapid evolution has given rise to innovative networking and security architectures such as SD-WAN, SASE, SSE, and Zero Trust. These are relatively new architectures (excluding SD-WAN) and I often get asked what are the differences between them and what are their key features so in this article, I will cover my definition of each, and highlight what I believe to be the key features.

SD-WAN (Software-Defined Wide Area Network)

SD-WAN, or Software-Defined Wide Area Network, is a technology that is designed to simplify the management and optimization of wide area networks (WANs). Traditional WANs often struggled to provide reliable connectivity, low latency, and efficient traffic routing across geographically dispersed locations. SD-WAN was designed to address these challenges by using software to dynamically manage and route network traffic based on real-time conditions. It enables organizations to leverage multiple network connections, such as MPLS, broadband, and cellular, while ensuring optimal performance and cost-effectiveness.

Key Features:

  • Dynamic path selection: Traffic is directed along the most suitable path based on application requirements and network conditions.
  • Centralized management: Network policies can be easily configured, monitored, and managed from a centralized console.
  • Application-aware routing: SD-WAN can prioritize critical applications, ensuring their performance even in congested network conditions.
  • Cost optimization: By utilizing multiple network links, organizations can reduce reliance on expensive dedicated lines.

SASE (Secure Access Service Edge)

SASE, or Secure Access Service Edge, envisioned by Gartner in 2019, is a holistic networking and security architecture that merges network connectivity (SD-WAN) and security services (SSE) into a single cloud-based solution. The core concept of SASE is to provide secure access to applications and data regardless of user location. By converging network and security functions, SASE aims to simplify management, improve user experience, and enhance overall security posture.

Key Features:

  • Cloud-native architecture: SASE operates from the cloud, allowing for scalability, flexibility, and easy updates.
  • Zero Trust security model: SASE assumes zero trust, requiring strict verification for users and devices before granting access.
  • WAN optimization: SASE optimizes traffic routing to ensure fast and reliable application performance.
  • Integrated security services: SASE combines features like firewalling, secure web gateways, data loss prevention, and more.

SSE (Secure Service Edge)

SSE, or Secure Service Edge, released by Gartner in 2021 places a strong emphasis on ensuring security at the service level. At its core is the concept of Zero Trust. In an SSE architecture, security is embedded directly into the service infrastructure, reducing the need for external security tools. This approach enhances protection for services and data, fostering a secure-by-design environment.

Key Features:

Service-level security: Security measures are integrated at the service layer, safeguarding data and applications.

Decentralized security controls: Each service has its security controls, reducing the potential impact of a breach.

Agility and scalability: SSE supports rapid deployment and scaling of services without compromising security.

Automated threat response: SSE platforms can autonomously respond to security threats based on predefined policies.

Zero Trust

Zero Trust is a security framework that challenges the traditional perimeter-based security model. It operates under the assumption that threats can originate from both internal and external sources. Instead of trusting entities based on their location (inside or outside the network perimeter), Zero Trust requires verification of all users, devices, and applications before granting access to resources.

Key Principles:

  • Verify before trust: Users and devices must be authenticated and authorized before accessing any resources.
  • Least privilege access: Access rights are granted based on the principle of least privilege, limiting potential damage.
  • Micro-segmentation: Networks are divided into smaller segments, reducing the lateral movement of threats.
  • Continuous monitoring: Ongoing monitoring ensures that security policies are consistently enforced.

The post Unveiling Network and Security Architectures: SD-WAN, SASE, SSE, and Zero Trust appeared first on Cybersecurity Insiders.

By Jaye Tillson, Director of Strategy, Axis Security

Organizations today face the constant challenge of securing their networks and connecting their distributed workforce seamlessly. Introducing Secure Access Service Edge (SASE), an innovative network and security framework that combines wide-area networking (WAN) capabilities with comprehensive security features.

SASE represents a paradigm shift, converging network and security services into a single cloud-native architecture.

I often get asked about the use cases for SASE, so I will explore the top three use cases for SASE and how it revolutionizes network security and connectivity for modern businesses.

Secure Remote Access and Workforce Mobility:

Organizations require reliable and secure remote access solutions due to the rise of remote work and the proliferation of mobile devices. SASE offers a compelling use case by providing secure remote access for employees, regardless of their location or the devices they use. By consolidating networking and security functions into a unified cloud-based platform, SASE ensures remote workers can access corporate resources securely and seamlessly. SASE’s Zero Trust Network Access (ZTNA) capabilities verify user identities, device posture, and contextual factors before granting access, minimizing the risk of unauthorized access or data breaches. This use case empowers organizations to embrace flexible work arrangements while maintaining a robust security posture.

Cloud Adoption and Application Performance:

As businesses migrate their applications and data to the cloud, ensuring optimal performance and security becomes increasingly important. SASE’s architecture, which leverages local network egress points to optimize application performance and reduce latency, is built on a global network of Points of Presence (PoPs). As a result, traffic can be directed efficiently, resulting in shorter distances between users and applications. Further, SASE’s integrated security capabilities, such as secure web gateways (SWG) and cloud access security brokers (CASB), provide granular visibility and control over cloud-bound traffic, safeguarding sensitive data and mitigating attacks. SASE’s ability to enhance cloud connectivity and security make it an indispensable tool for businesses embracing digital transformation.

Branch Office Transformation and Simplified Network Management:

Networking and security infrastructure management across multiple locations has historically been a challenge for organizations with distributed branch offices. A cloud-native architecture replaces traditional MPLS (Multiprotocol Label Switching) networks with an ideal solution, SASE. By consolidating networking and security functions in the cloud, SASE simplifies network management, reduces operational costs, and increases agility. Branch offices connect securely to the SASE architecture via software-defined wide-area networking (SD-WAN) capabilities, ensuring optimal performance, and providing unified threat protection. SASE’s approach eliminates the need for separate appliances at each branch, streamlines network provisioning, and delivers consistent security policies across the organization’s entire network infrastructure.

To conclude, Secure Access Service Edge (SASE) has emerged as a transformative framework, redefining network security and connectivity for modern businesses. Its top three use cases, secure remote access, cloud adoption, and application performance, and branch office transformation, underscore SASE’s versatility and value to organizations.

By consolidating networking and security functions into a cloud-native architecture, SASE empowers organizations to embrace digital transformation, enhance productivity, and fortify their security posture. As businesses continue to evolve in a dynamic landscape, SASE offers a compelling solution to meet the ever-growing demands of network security and connectivity.

The post Unveiling the Top Three Use Cases for SASE: Revolutionizing Network Security and Connectivity appeared first on Cybersecurity Insiders.

by John Spiegel, Director of Strategy, Axis Security

Gartner just released the 2023 version of their “Magic Quadrant” for Secure Service Edge or SSE. Cheers are being heard from the companies who scored upper righthand and jeers being shouted for those companies who did not enjoy where they landed on Gartner’s matrix. Over the next few months, there will be a lot of noise coming from all the vendors. Some are useful, and some just distracting. Overall, SSE now has a place in the industry. This is good. As you read the news, cyber-attacks are still on the rise and now we’ve drifted into national security concerns with the leaks about the war in Ukraine by a junior-level, 21-year-old Massachutures National Guard airman. SSE provides a framework to finally bring together networking and security in a modern manner to secure our future in a truly least privileged way.

While the Gartner MQ provides a plethora of helpful information to the network and security leader, one area I found needing improvement was how these solutions are architected. As Winston Churchhill famously said, “We shape our buildings: thereafter they shape us.” Or said another way, “architecture matters”. More importantly, you need to understand how a particular solution deploys its network “points of presence” or PoP. To paraphrase a well-known movie from 2002, “SSE, it’s all about the PoPs.”

The fundamental concept of both SSE and its bigger brother Secure Access Service Edge (SASE) is to place network and security functions close to the employee and endpoint device. This is critical in overcoming the dilemma of selecting either network performance or security scanning. The PoPs are where the action happens. Through centralized policy, security treatments like malware scanning, web filtering, and data leakage protection, occur close to the employee, 3rd party, or device. These PoPs can be placed in the SSE providers owned regional data centers, and telecom hotels, as well as in several of the “Cloud Giants” (AWS, Azure, Google Cloud). The closer you place the PoPs to the employee and their device, the better the performance and security of a given application. How these PoPs are created, deployed, and managed also needs to be understood as they impact a given solution’s resiliency.

Before we dive into this critical topic, let’s take a step back and level set. Why should you care, and why are all PoPs not created equal? In the past, the WAN network, which both SASE and SSE are replacements for, was constructed on a private network owned by a large telecom vendor who would provide service level agreements. Performance was consistent and when there was an outage, the service vendor was on the hook for resolution. That was when applications lived in the private data center. Cloud changed the game in the 2010s and led the enterprise to move to an “internet as the WAN” for connectivity. Why? Gartner provides several statistics to help us understand the reason:

· Gartner surveys in 2020 showed 80% of enterprises using IaaS are multi-cloud
· In 2024, 60% of IT spending on application software will be directed at Cloud technologies.
· By 2026, SaaS workloads will dominate the enterprise software market.

As the internet is now the onramp for Cloud and SaaS-based applications/services, SSE and SASE will be the means to access them. Therefore, it brings up the question of resiliency and how you should build out your SSE/SASE platform as downtime is, in this day and age, not acceptable.

In another recent research paper, Gartner analysts Evan Zeng and Jonathan Forest called this out. The paper was titled “Leverage Cloud Connect Infrastructure to Improve Connectivity Experience for Cloud Workloads for SASE Solutions”. If you have access to a Gartner license, give it a read. If not, the cliff notes are – as applications become Cloud dominant, Secure Access Security Edge (SASE) product leaders must consider how to architect their WANs. Meaning, it is enough to purchase the service from either a vendor or a telecom and call it good? Application performance and security must be accounted for. As an example, if my company leverages Azure for PaaS services, is it good enough that my SSE/SASE vendor only runs on Google Cloud? Is it OK if my SASE vendor built out their PoPs in their own data centers? If so, I need to account for this and the result may be that I need to add my own interconnects into Azure or similar services. This costs money, adds complexity, and also increases the “keep the lights on” (KTLO) burden. It also, most importantly, causes the network/security engineer back into the performance vs security dilemma. Not ideal.

To address this, a few vendors in the space have taken a different path. One which puts the network/security engineer back in the driver’s seat. Instead of a “take or leave it approach” to the PoP that harkens back to the big telco days for WAN services, the engineer can select the best placement of a PoP to realize the value of SSE/SASE, and application performance with security. As an example, consider this option. Start with the Cloud Giants as a massive network underlay. Use all of them. AWS, Google Cloud, Azure, and Oracle Cloud. The result is this. You don’t need to transit from Google Cloud to access services in Azure. The SSE/SASE platform does the work for you. It also provides resiliency. If AWS suffers an unfortunate outage, PoP services can be handled by Azure, Google Cloud, or Oracle Cloud. Additionally, vendors are also offering a local edge option that can be installed in an on-prem data center. This is a smaller scale version of the standard PoP running in the traditional data center providing the full suite of services, Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP) and Zero Trust Network Access(ZTNA). Then take it a step further. What if you are in an area where there is no option for a local edge and the closest Cloud Giant data center is 800 miles away? Are you in what is called a “PoP desert” and you have a latency-sensitive application? Can the SSE/SASE provider spin up a PoP as a colocation facility to extend their services closer to you?

Choice in how you construct, create resiliency, and provide performance with security must be at the core of how you evaluate the various SSE/SASE solutions on the market. While the Gartner MQ is a good first pass, it is critical to dive into the architecture of each of the solutions listed in the MQ and not included. Ask the critical questions. Ask about the location of a vendor’s PoPs. How quickly can they build a PoP? How can they increase capacity rapidly to meet your demands? How resilient is their network of PoPs. Are all services provided in each PoP. If their answer is one size fits all, think really hard before continuing the conversation. If their answer is fully redundant, ask how. Dive deep. Much like you would architect your data center network and power systems or your WAN, these answers matter. Ask them. You are the enterprise engineer on the front lines. Don’t be pigeonholed into a solution that is flawed or results in compromises and puts you right back into complexity with limited resiliency. Downtime and its cousin, the slow, insecure application is no longer acceptable.

The post Architecture Matters When it Comes to SSE appeared first on Cybersecurity Insiders.