Author: Jane Devry

Code Responsibly: Developers’ Blueprint for Secure Coding

Software is more important than ever – our connected world’s beating heart is made of it. Unfortunately, as the importance of software increases, so does the activity of cybercriminals and other bad actors trying to make a profit at the developers’ expense. The Department of Homeland Security has long claimed that 90% of security incidents are a consequence of defects in the design or code of software. Many developers are unarmed against this onslaught – the number of new vulnerabilities discovered in software has been steadily going up each year since 2016 and this trend is showing no signs of slowing down. If anything, the process is accelerating at a worrying rate. But this doesn’t mean the situation is hopeless – far from it! Many of these security problems have been known for a long time and we have a long list of industry best practices to help deal with them. In this eBook we introduce our six rules of secure software development that present the most important things you can do right now to stem the tide.

1. Shift left

The rule of ʻshift left’ has turned into a bit of a buzzword in the last 7-8 years. Like the rest of these six rules, this is not a great revelation or a closely-held secret – in fact, the concept of shift-left testing was originally coined in 2001 in a Dr. Dobb’s article by Larry Smith. Back then, ʻshift left’ referred to testing early and often to nd defects as early in the SDLC as possible – literally shifting activities to the left in the V-model of software development.

So, what does this have to do with security?

The idea is simple: move security considerations earlier in the software development lifecycle. Obviously, the earlier a security issue is discovered, the cheaper it is to x it. Programmers shouldn’t just rely on security experts to “do security stuff” a few weeks before shipping the code, but each team member should be actively involved with preventing, finding, and eliminating potential vulnerabilities during development. Of course, this only works if developers actually have the necessary security expertise! This makes understanding the potential threats and best practices (and thus, secure coding) absolutely critical for everyone: all architects, developers, testers and ops folks, not just a few chosen security champions.

This makes understanding the potential threats and best practices (and thus, secure coding) absolutely critical for everyone: all architects, developers, testers and ops folks, not just a few chosen security champions.

2. Adopt a secure development lifecycle approach

It is tempting to deal with software security as an ʻadd-on’ to the process: a brief penetration test just before release, or maybe a two-week security review at the end of a project. But as discussed before in the context of shifting left, the later we deal with a security issue, the more expensive it gets. And, unfortunately, a lot of security issues stem from decisions made at an early stage of development such as design or even requirements specification!

We can solve this conundrum by building security in: instead of just ‘doing security’ at a certain point in the development Lifecycle, we introduce security activities throughout the entire software development lifecycle (SDLC). This is an established best practice popularized within Microsoft via the MS SOL (Security Development Lifecycle) as well as security experts via the BSIMM (Build Security In Maturity Model) or the OWASP SAMM (Security Assurance Maturity Model):

We can solve this conundrum by building security in: instead of just ʻdoing security’ at a certain point in the development lifecycle, we introduce security activities throughout the entire software development lifecycle (SDLC). This is an established best practice popularized within Microsoft via the MS SDL  (Security Development Lifecycle) as well as security experts via the BSIMM (Build Security In Maturity Model) or the OWASP SAMM (Security Assurance Maturity Model):

  • MS SDL is the most prescriptive of the three – which makes sense, considering it was a process that Microsoft originally developed for internal use in the early 2000s. Its 12 main practices cover security training of all stakeholders, the creation and maintenance of security requirements, threat modeling via data flow diagrams (DFD), secure use of cryptography, managing the risk of third-party components, heavy use of automated tools (SAST, DAST, SCA) and incident response.
  • BSIMM, on the other hand, is a descriptive model. It is released every year, containing data about what companies are doing these days to improve their security and provides a scorecard to measure your company’s security posture. Then you can figure out which of those activities are most reasonable to implement in your specific context. The activities are grouped into 4 domains: Governance (managing a software security initiative with training as one of its three pillars) Intelligence (threat modeling and proactive security guidance), SSDL touchpoints (building security into development via design and code reviews as well as security testing), and Deployment (secure configuration and maintenance).
  • OWASP SAMM is also a prescriptive model, giving concrete guidance in various categories, depending on what maturity level (1to3) the company is aiming for in the area of Governance (improving security at the organizational level-via education and guidance among others), Design (security requirements, secure design and threat modeling), Implementation (secure build and deployment including vulnerability management), Verification (manual and automated security testing and reviews), and Operations (incident response, hardening and patch management).

As for validating the real-world use of these models: the longitudinal analysis in BSIMM 14 (2023) shows that companies are steadily improving their security posture. In particular, after adopting BSIMM, companies tend to implement a secure SDLC, scale it with the development of security champions, create (and enforce) a security policy, and manage the risk of third-party components. The two priorities after these are threat modeling and security training for engineering teams. As a matter of fact, training engineers on security is emphasized in all of the above models: it is the very first practice in SDL and is part of Governance in both BSIMM and SAMM.

As a final note, penetration testing is often brought up as a one-size-fits-all solution. It is true that a quick and focused test to identify vulnerabilities in the system is useful as an ‘acid test’ before release. But over-reliance on penetration testing is quite dangerous, and it is not a real substitute for secure software development! On the other hand, training developers in security is included in each of these secure SDLC models, with good reason.

3. Cover your entire IT ecosystem

When we’re talking about securing code, we don’t just mean the code specifically written by you – but also all third-party code that’s included in the application. What are weak links in the npm supply chain? Zahan et al (2022) points out that 80% of all code in modern software comes from third-party packages! That is a massive attack surface, and ultimately the hackers don’t care where the weak point in the system is and how it got there. If a third-party component is vulnerable, they’ll exploit it just the same -as it happened with the Log4Shell vulnerability at the end of 2021 that impacted almost every Java application – and thus, Java developer – in the world.

Not to mention that it is also lucrative for attackers to perform supply chain attacks: injecting malicious code into one of the open-source packages (or replacing them entirely). This can be difficult to notice if the package in question is, maybe, a forgotten dependency-of-a-dependency-of-a-dependency somewhere. The attack trends support this as well: according to the paper, supply chain attacks against applications (not just talking about npm here!) have increased 650% in 2021 alone. The SolarWinds supply chain attack against the United States government was so impactful it has shaped the country’s cybersecurity strategy as a whole.

These issues are exacerbated in the container world – for example, the ‘Red Kangaroo’ study has found that at the end of 2020, 80% of all images on Docker Hub were found to contain at least one known vulnerability, with 51 % of all images containing critical vulnerabilities!

We like to say that

“vulnerabilities in third-party code are not your fault, but they will definitely become your problem”.

You definitely need to have vulnerability management processes in place to identify, assess, and deal with vulnerabilities discovered in any of the program’s dependencies – and a strategy on how to release security patches and even hotfixes if the situation calls for it.

4. Move from reaction to prevention

Discussing code security goes hand in hand with robustness and resilience. Resilience implies a system that is not significantly impacted by failures (limiting the amount of damage they can do, and making it possible to recover from them), while robustness implies a system that anticipates failures and prevents them from happening in the first place. Even though both of these are important, preventing an incident is always better than reacting to an incident after the fact!

There are two philosophies to ensure robustness and resilience that are sometimes said to be opposites of each other: design by contract and defensive programming.

  • Design by Contract (DbC) defines so-called contracts for functions to declare expected preconditions, postconditions and invariants – and works under the assumption that these contracts will not be broken. These contracts are frequently implemented via asserts (not present in production code) and in case there is a failure at runtime, they are typically handled via exceptions. In type-safe languages, DbC may be a built-in feature of the language itself that won’t even allow compilation if the contracts can be violated. Rust is a good example for this.
  • Defensive programming assumes that any interaction with the system may be incorrect, erroneous, or even malicious. To this end, the developer should explicitly implement input validation in functions that process user input of any kind. Input validation means the implementation of checks that verify that the received input corresponds to the developer’s expectations. This should happen in the context of the specific function, “there and then”, right before the input is to be used. If the input fails these checks, it is rejected, so that no piece of code will be executed with unexpected inputs it is not prepared to handle.

Design by contract seems to be better for code efficiency and maintainability – after all, implementing defensive programming techniques requires writing additional code, which adds complexity and is itself a potential source of bugs. But when we look at code security, the goal is to reduce the attack surface and thus guard against intentional misuse, which is exactly what defensive programming provides. Furthermore, reacting to a bad input after it’s already been processed is much more dangerous than proactive input validation that can catch it beforehand. This is recognized by many secure coding standards (see e.g. MISRA C:2023 Directive 4.14)

Just to reiterate: in security, preventing an error is always better than catching the error after it has already happened!

As an example, consider processing an XML document describing a money transfer. Following DbC, we can define a ‘contract’ (an XML schema) and make sure the input conforms to it. This prevents many different attacks (e.g. the attacker duplicating tags, or specifying a negative value for the money transfer). But not every kind of bad in put can be covered by a schema. Just a few examples: the attacker can send us a document that references a nonexistent user, performs XXE, contains an invalid transaction date (e.g. 2 years in the future), or performs a cross-site scripting attack against the recipient by specifying a comment like <script>alert(‘hacked’)</script>.

This doesn’t mean that design by contract is bad – in fact, those techniques are very useful, but they need to be combined with defensive programming techniques to effectively protect against vulnerabilities. Whenever code security is concerned, input validation is perhaps the single most critical thing you can do according to experts – it’s the first category in the Seven Pernicious Kingdoms and its improper use comprise the root cause of many other vulnerability types; it is #5 on the OWASP Proactive Controls (OPC) list, and also has its own cheat sheet on OWASP! Even redundancy isn’t necessarily a dirty word here – in fact, validating the same input multiple times (in different parts of the code) is an example of defense in depth, which is an essential protection principle. For example, even if the XML schema ensures that the money transfer value isn’t negative, the function doing the transfer should still have a sanity check on the value to be transferred. We should simply accept that everyone makes mistakes, and the code should be always prepared for that.

5. Mindset matters more than tech

If you ask anyone “what do you do to prevent cyberattacks?”, it is likely the answer will be “firewalls and IDS”. It’s true that web application firewalls and intrusion detection systems are important (see A9 in the OWASP Top Ten 2021!), but they won’t solve the problem of vulnerable code. They may mitigate the effects of already existing vulnerabilities and make exploitation of these vulnerabilities more difficult, but even in that arena the attackers are constantly coming up with new ways to get around perimeter defenses (e.g. Server-side Request Forgery aka SSRF) and evade WAF filters to deliver their payload.

As a matter of fact, no firewall could stop the exploitation of zero-days like Heartbleed or Log4Shell before it was already too late.

But how do we deal with vulnerable code, especially in codebases that have been around for decades?

The sheer amount of code that developers must deal with is increasing rapidly. Source graph’s The Emergence of Big Code (2020) shows that developers have to work with remarkably more code than ever before: 51 % of participants claimed the amount of code at a company has increased by a factor of 100 compared to the previous 10 years, and over 90% of them said coding velocity and the value of the code itself has also increased drastically. In order to find, fix, and prevent vulnerabilities, developers need to be responsible for them and take ownership of the code in question -that can be a challenge by itself in these massive code bases.

And then there is legacy code…

Some companies are looking at Al to solve this problem by automatically identifying vulnerabilities or just making sure all code is secure. Putting aside the nascent and vulnerable nature of machine learning applications, this ultimately relies on these AIs being able to write secure code by default. But right now, that goal is far out of reach. Let’s face it: we’re still light-years away from achieving flawless Al-generated code. Consider that the models are mainly trained on the ‘wisdom of the masses’: open-source projects and popular third-party Q&A sites such as Stack Overflow. Such sources have been hotbeds of vulnerable code exam pies in the past (see Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security Fischer et al, 2017).

As always: garbage in means garbage out.

On the other hand, it doesn’t help to put the responsibility for security on developers’ shoulders while failing to give them the necessary resources and support for it.

Bruce Schneier pointed out in 2019 that even though 68% of security professionals believe it’s a programmer’s job to write secure code, they also think less than half of them can actually spot security holes.

Gitlab’s yearly Global Developer Report from 2022 underscored this as well: as DevOps transforms into DevSecOps, security is becoming the #1 concern. More importantly, now that 43% of “Sec” teams are fully responsible for security, despite the vast variety of tools at their disposal they feel much less optimistic and confident about this responsibility than the “Dev” and “Ops” part of the triad (56% vs 76%!). Automation is not going to solve the problem by itself. It isn’t a coincidence that DevSecOps folks sometimes call SAST tools “False Positives as a Service’.

Tools are handy and valuable, but there is no substitute for human expertise.

6. Invest in secure coding training

As we’ve seen so far, there are two challenges in cybersecurity today: how to deal with issues from the past (unknown vulnerabilities in existing code, legacy code, and third-party code) and how to deal with issues in the future (vulnerabilities in all code written by the developers from this point on).

For the first question, we have lots of answers: various code analyzers, testing tools, and vulnerability management. However, for the second question, the only realistic answer is writing code that is free of such vulnerabilities. And that’s not something a tool can do for us.

The only solution is education: making developers aware of these security problems in all phases of the SDLC and giving them the necessary mindset and skills so they will be able to avoid them (and spot them in existing code).

This is also well reflected in real-world numbers. Is Secure Coding Education in the Industry Needed? An Investigation Through a Large Scale Survey (Gasiba et al, 2021) indicates that over half of developers are not aware of secure coding guidelines and issues-furthermore, developers overestimate their awareness of security issues, leading to a false sense of security.

The best method to address this discrepancy is through secure coding education supported with hands-on exercises. Developers need to see vulnerable code in action, see the (often devastating) consequences of vulnerability exploitation, and then actually fix the vulnerable code themselves. Only this way will they acquire the needed skills and fully understand and retain knowledge about these vulnerabilities.

CTF – Capture the flag

Capture the ag (CTF) events and platforms are popping up as a popular alternative in this area. CTFs are popular when it comes to improving the offensive skills of cyber security experts: they are fun (and gamified out-of-the-box), they provide realistic hacking scenarios, and they help establish the ʻhacker mindset’. But when it comes to defensive best practices and establishing company-wide secure coding initiatives, they have pretty clear deficiencies compared to real training: a relative inability to cater to developers without prior experience in security, weak (or even negative) motivation for developers less interested in competition, and poor coverage of ʻless cool’ (but still critically important) security issues. 

Sometimes microlearning is also brought up as a possible solution: teaching about security issues in small bite-sized (even just 5- or -minute) videos or brief activities that programmers can check when they first encounter such an issue or just during their free time (if such a thing exists at all). But secure coding is one of the areas where this doesn’t really work. As per Amy Fox’s 2016 article Microlearning for Effective Performance Management:

“Microlearning is not a panacea for every training need. If an employee is learning something for the first time, particularly a complex skill, individual coaching or another form of more intensive training may be best. Microlearning often is best used for reinforcement to help learning stick and to build up employees’ skills.”

In the context of secure coding, microlearning can be effective only as a reinforcement technique once developers already know about vulnerabilities and best practices – in other words, once they have already taken part in an in-depth training course.

And that’s exactly what we believe in: with blended learning, developers should first establish a deep foundation for secure coding in their programming language(s) of choice via an instructor-led training course. And once this is achieved, they can follow it up with regular monthly ‘bite-sized’ e-learning modules to keep their skills sharp and up to date.

Finally, a note about gamified capture the flag (CTF) events and platforms. CTFs are popular when it comes to improving the skills of cyber security experts: they are fun (and gamified out-of-the-box), they provide realistic hacking scenarios, and they help establish the ‘hacker mindset’. But when it comes to learning about secure coding, they have pretty clear deficiencies compared to blended learning: they tend to focus on ‘fun’ attack scenarios and thus ignore many common vulnerability types, they aren’t adaptive to the needs of individual participants, and their competitive aspects can actually have a negative effect on motivation. On the other hand, blended learning also drives high engagement without having to lose the benefits of gamification. If you’re interested in the details, we have analyzed these limitations in a separate article: CTF in secure coding education – a critical look.

About Cydrill

Established in 2019 and recognized by Enterprise Security in 2021 as one of the top companies shaping the cybersecurity landscape, Cydrill is on a mission to tackle the root cause of poor cyberdefense: inadequate coding practices.

Cydrill’s blended learning journey provides training in proactive and effective secure coding for developers from Fortune 500 companies all over the world. By combining instructor-led training, e-learning, hands-on labs, and gamification, Cydrill provides a novel and effective approach to learning how to code securely.

Learn more about our courses and learning environment.

The post The six rules of secure software development appeared first on Cybersecurity Insiders.

Historically, the utility industry has been thought of as reliable, slow moving, and heavily regulated. People want to know that their lights will turn on and water will run, and by prioritizing that consistency, the general public and regulators have not pushed the industry to be particularly innovative. However, in recent years, the utility industry has transformed to become modern, innovative and technology-centric with cutting edge automation and controls. With the increased reliance on technology, the need to invest in cybersecurity has pushed utility companies to the cutting-edge of cybersecurity innovation. 

With technology driving utility operations, a cyberattack against critical infrastructure, including the power grid and water systems, has the potential to cause catastrophic consequences. Even a data breach that doesn’t directly impact critical infrastructure can become extremely costly. In fact, according to IBM, the average cost of a data breach hit a worldwide record high in 2022, reaching $4.72 million in the energy sector

Government Regulation as a Force for Change

In the utility industry, cybersecurity serves as the fortress within the organization. Just as you secure your home against potential intruders, cybersecurity protects utility organizations from technology breaches that impact the intricate systems managing power plants, grids and overall business operations. Common regulations such as the North American Energy Reliability Corporation’s (NERC) Critical Infrastructure Protection (CIP) standards were created to keep the fortress secure. Regulations impose stringent requirements on utilities, ensuring that only authorized personnel and trusted advisors can operate within the highly secured environment. As another impact of these regulations, utility organizations have been compelled to collaborate with government agencies in an ongoing effort to identify, manage and communicate emerging vulnerabilities and risks. This proactive approach has positioned the industry to embrace new technologies as they come to market, rather than relying on periodic updates every few years.

The Role of AI

As automation, AI and machine learning take over the digital landscape, utility companies are using these technologies to fortify their organizations against threats. For example, automation streamlines routine security tasks, such as threat detection and response, enabling utilities to detect and mitigate cyber threats in real-time. AI and machine learning solutions can continuously analyze data to identify shadow data, monitor for abnormalities and alert cybersecurity professionals about potential threats. 

One major application of AI in utilities cybersecurity stems from the ability of artificial intelligence to spot threats faster than humans and monitor a range of potential cyber issues. The rise of AI and automated cybersecurity technologies has also allowed the utility industry to decrease human error as professionals try to keep up with the increased volume of attacks.

Barriers to Implementation

When adopting new cybersecurity solutions, utility companies will often encounter the most significant hurdles during the implementation stage. Despite an organization’s desire to incorporate new technology and processes, the industry is challenged by limited availability and experience in resources needed for new implementations. Technology and cybersecurity skill levels can be critical bottlenecks in the process as even the most advanced systems require human oversight and intervention for effective operation. 

Cybersecurity education is critical during this implementation phase. Imagine a home with the best alarm system and security cameras. This technology is effective in both deterring bad actors and detecting suspicious activity, yet, if the front door of the home is left open, the protection offered by the technology doesn’t matter. Employee education is a necessary part of a cybersecurity strategy for this reason. The protection the technology offers won’t matter if a bad actor gains access to critical systems through a malicious URL or guesses the password on an unattended laptop at a coffee shop. 

Measuring the ROI

Even when an implementation is successful, many organizations overlook the importance of assessing the technology’s long-term value. It can be challenging to evaluate the return on investment, especially when that evaluation requires additional time and resources. However, neglecting this post-implementation value assessment means missing insights into the effectiveness of new cybersecurity measures. It’s incredibly valuable to measure how many threats or attempted breaches the technology prevented, and to extrapolate the potential cost of each incident. This comprehensive understanding will enable organizations to allocate resources efficiently in the future. 

Looking forward, the utility industry will continue to be a pioneering force in adopting innovative cybersecurity technologies to protect its data and evolving technology solutions, which serve as a blueprint for other industries to follow. Through the industry’s strict regulations and investment in new technologies, the utilities sector continues to forge the path forward to a secure digital future. 

 

The post Cybersecurity in Utilities: How the Utility Industry has Become a Pioneering Force in Cybersecurity Tech appeared first on Cybersecurity Insiders.

Cybereason, the leader in future-ready attack protection, today announced the availability of Cybereason Mobile Threat Defense, powered by Zimperium. This is in response to the continued growth towards mobile-powered business and also sophisticated security risks that are on the increase, including spyware, phishing, and ransomware.

Brandon Rochat, Cybereason regional sales director for Africa, says with the explosive growth in mobile devices and apps comes an ever-evolving attack surface. Research shows 60% of endpoints accessing enterprise assets are through mobile devices, so threats to the attack surface aren’t slowing down.

The research study titled ‘Global Mobile Threat Report 2023, Zimperium’  found an 187% year-over-year increase in the number of devices detected as compromised that were fully exploited, not jailbroken or rooted.

“Organisations must increase mobile security measures to reduce the attack surface and improve visibility whilst protecting sensitive organisational data and the data security of employees,” he says.

Secure Your Mobile Endpoints 

As technology evolves to address new business challenges and needs, the modern mobile era demands more from security teams to help combat current threats and maintain user productivity.

Rochat says Cybereason Mobile Threat Defense (MTD), is a privacy-first solution that provides comprehensive mobile security for all organisations. “It’s designed to protect users and data when working on corporate-owned and/or BYO (bring-your-own) devices.”

Cybereason MTD’s dynamic on-device detection is capable of evaluating the risk posture of a user’s device, securing the enterprise against even the most advanced threats. With a privacy-by-design approach, Cybereason MTD provides users with a transparent experience by delivering customisable user settings and insight into what data is collected and used for threat intelligence.

Built with advanced threat security in mind, Cybereason MTD meets the mobile security needs of enterprises protecting the four main mobile threat vectors – Phishing attacks, Network attacks, Malicious Apps & Device attacks.

  • Phishing attacks – Cybereason MTD will alert users of phishing attempts from email, SMS, or browsers, and enables the administrator to allow or block specific sites or categories on a selected device group.
  • Network Attacks – On-device scan identifies man-in-the-middle attacks, SSL stripping, and other network related vectors providing remediation guidance such as fixing vulnerabilities.
  • Malicious Apps – Continuous scanning for malicious malware, viruses, trojans, and side-loaded apps. Threat detection is alerted in real-time with on-device remediation even when not connected to a network.
  •  Device Attacks – Continuous evaluation of user and device risk posture with the ability to prevent jailbroken devices, those with outdated OS, and risky device considerations from accessing the network.

With comprehensive device attestation, organisations are able to incorporate users’ mobile devices into a Zero-Trust architecture from an identity and data access perspective.

Improve visibility & compliance of all endpoints

With Cybereason MTD, Cybereason customers can improve visibility and compliance of all endpoints across the organisation beyond the Windows, MacOS and Linux devices, to iOS, Android and ChromeOS devices, ensuring the overall reduction of risk from modern-day security threats and associated vulnerabilities.

With granular policy-based on-device remediation and UEM driven compliance actions, enterprises can act quickly to reduce risks.

Enable user productivity & protection

Built with a privacy-by-design approach, Cybereason MTD provides users with a transparent experience, enabling users to work on any device in any location safely, whilst protecting the organisation’s infrastructure and private data from risky apps and jailbreaks.

Early Adopter Secures Mobile Endpoints and Patients’ Data

The need to safeguard patient data in the field whilst allowing the use of personal apps on mobile devices during downtime, meant a regional emergency medical services organisation became an early adopter of Cybereason MTD.

By addressing the challenges of critical cybersecurity vulnerabilities through mobile, they secured patient data accessed by first responders on their iPads, improved employee wellbeing whilst ensuring efficient and effective patient care.

“With more and more users accessing business critical applications and data through mobile devices and these devices playing a bigger role in users’ personal and corporate identities, it is critical for organisations to gain visibility of their mobile device attack surface”, said Eric Gan, CEO Cybereason.

“The release of Cybereason Mobile Threat Defense will allow organisations to regain visibility of their Mobile attack surface and minimise the increasing risk of mobile-related cyberattacks, whilst protecting the privacy of Defenders”.

For more information on Cybereason Mobile Threat Defense, click here.

The post Cybereason announces the availability of Cybereason Mobile Threat Defense appeared first on Cybersecurity Insiders.

Logicalis, the global technology service provider delivering next-generation digital managed services, has today announced the launch of Intelligent Security, a blueprint approach to its global security portfolio designed to deliver proactive advanced security for customers worldwide. 

Intelligent Security has been designed by Logicalis’ worldwide team of security specialists to give customers the most comprehensive observability and protection available. It is based on tracking and analysing cyber threats and knowledge of the latest prevention methods deployed across its customer base. 

Logicalis’ tenth annual CIO report surveyed 1,000 CIOs globally and found that of the 83% of CIOs who experienced cyber-attacks in the last 12 months, only 43% feel prepared for another breach. Designed to help CIOs manage these pressures, Intelligent Security will leverage Logicalis’s security capabilities as well as its relationships with global partners such as Cisco and Microsoft, where it has the highest levels of security accreditations. 

Logicalis CTO Toby Alock said:

“Many organisations focus on one area of the security fabric; we recognise in today’s cyber security landscape there are no silos; organisations must look across the entire footprint, from secure connectivity, securing the cloud, securing the hybrid worker and weaving secure operations across the entire organisation”. 

The Intelligent Security global portfolio delivers a concise and comprehensive proposition for customers, including:

  • Advisory: Providing customers with a range of advisory services dedicated to helping them understand their security needs and identify the right solutions for their business.
  • Secure workplace: Securing worker communications and devices as remote working continues to impact the workplace security landscape.
  • Secure connectivity: Enforcing zero trust security from edge-to-edge, ensuring networks are robust enough to enable safe IoT, 5G and edge computing.
  • Secure hybrid cloud: Safeguarding cloud environments to ensure data, applications, and IT resources are safe.
  • Secure Operations: Providing 24/7/365 best practice proactive threat detection and incident response, across three global security regions, using AI and automation to identify and triage.

In addition to the Intelligent Security global portfolio, the company is announcing several key investments in cyber skills and capabilities to bolster its position as a global leader in security services. 

  • Expanding the Managed Security (SOC) team in Portugal, which currently serves customers across EMEA, including the UK, Ireland and Germany
  • Partnering with Cisco to develop a Cyber Academy and a pipeline of qualified cybersecurity graduates into the EMEA Security team
  • Partnering with local universities in Portugal to develop an Intern program, which helps develop cybersecurity skills to serve the EMEA region and beyond.

Logicalis continues to prove its robust security offer by achieving Microsoft-verified Managed Extended Detection and Response (MXDR) Partner Status, launching Cisco Powered Intelligent Connectivity, built on zero-trust security, and being one of only six partners globally working with Cisco to develop an XDR proposition and enhance its Cisco security capabilities. 

Intelligent Security will be underpinned by Logicalis’ Digital Fabric Platform, providing CIOs with deeper-level insights and recommendations to enhance the performance of their entire digital ecosystem.

Toby Alock concludes, “We are at a pivotal point as security threats grow in scale and sophistication. CIOs and IT leaders are rethinking security in the era of AI and considering whether they have the in-house skills necessary to operate safely. Logicalis has seen a 300% surge in demand globally for Managed Security services in the past 12 months. Our customers are looking for a holistic, proactive approach to navigating security; we believe our simplified portfolio, our partnerships, and our investments in cyber talent for the next generation will deliver customers what they need: AI ready Managed Security with governance and SOC Protection wherever they are in the world”. 

For more information please contact:

Logicalis Team at Another Word 

Email: logicalis@anotherword.com

Tel: 020 3176 0014

About Logicalis 

We are Architects of Change™. We help organisations succeed in a digital-first world. At Logicalis, we harness our collective technology expertise to help our clients build a blueprint for success, so they can deliver sustainable outcomes that matter.

Our lifecycle services across cloud, connectivity, collaboration and security are designed to help optimise operations, reduce risk and empower employees.

As a global technology service provider, we deliver next-generation digital managed services, to provide our clients with real-time visibility and actionable insights across the performance of their digital ecosystem including; availability, user experience, security, economic performance and sustainability.

Our 7000+ ‘Architects of Change’ are based in 30 territories around the globe, helping our 10,000+ clients across a range of industry sectors create sustainable outcomes through technology.

Logicalis has annualised revenues of $1.7 billion, from operations in Europe, North America, Latin America, Asia Pacific, and Africa.

It is a division of Datatec Limited, listed on the Johannesburg Stock Exchange, with revenues of over $5.1 billion.

Contact

Katie Fraser

ANOTHER WORD

katie.fraser@anotherword.com

07908229152

The post Logicalis enhances global security services with the launch of Intelligent Security appeared first on Cybersecurity Insiders.

Today’s distributed and cloud-centric work environment has triggered a shift in access methods from traditional virtual private networks (VPNs) to more robust security frameworks like zero trust. Traditionally, VPNs provided essential remote access capabilities to connect users or entire office sites. However, the growing sophistication of cyberthreats alongside the expansion of remote workforces and cloud technologies have exposed significant vulnerabilities in VPNs. Due to their legacy architecture, VPNs grant overly broad network access once credentials are verified, significantly increasing the risk of cyberattacks if those credentials are compromised.

Recent high-profile exploits of VPN appliances have highlighted critical vulnerabilities (notably CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893) affecting essential sectors, including US defense. These vulnerabilities enable attackers to bypass authentication, execute commands with elevated privileges, and maintain persistence after device resets. In response, the US Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to federal agencies to immediately disconnect affected VPN devices due to substantial security risks.

Through Executive Order 14028, the US government now mandates the adoption of zero trust architectures to enhance cybersecurity, moving away from traditional VPNs. This directive, part of a comprehensive strategy to fortify national cybersecurity, instructs federal agencies to implement zero trust, which verifies every access request irrespective of origin. The Office of Management and Budget (OMB) further supports this initiative with a detailed Federal Zero Trust Strategy, underscoring the shift from VPN-based implicit trust within network perimeters to continuous verification of any and all access requests. These directives and recommendations reflect a consensus within the cybersecurity community that zero trust provides a more robust defense against complex and evolving cyberthreats, a necessity underscored by the recent vulnerabilities and exploits related to traditional VPNs.

As a result, organizations are rapidly adopting zero trust models, which do not inherently trust any user or device inside or outside the network perimeter and require granular verification for every access request. This model is particularly effective in preventing lateral movement within networks—an exploit that attackers often use to deepen their intrusion after gaining initial access.

Based on a survey of 647 IT professionals and cybersecurity experts, this report explores the multifaceted security and user experience challenges of VPNs to reveal the complexity of today’s access management, vulnerabilities to various cyberattacks, and their potential to impair organizations’ broader security posture. The report also outlines more advanced security models, particularly zero trust, which has firmly established itself as a robust and future-proof framework to secure and accelerate digital transformation.

“Over the past year, numerous critical VPN vulnerabilities have served as successful entry points for attacks on large enterprises and federal entities. Considering these repeated outcomes, it’s crucial for enterprises to anticipate that threat actors will increasingly exploit these legacy, internet-exposed assets—appliances and virtual—that enable them to easily navigate laterally across traditional flat networks. It is essential to transition to Zero Trust architecture, which significantly reduces the attack surface by eliminating legacy technologies like VPNs and firewalls, enforce consistent security controls with TLS inspection, and limits the blast radius with segmentation and deception, preventing damaging breaches.” —DEEPEN DESAI, CHIEF SECURITY OFFICER, ZSCALER

Key Survey Findings

VPN attacks are on the rise – 56% of organizations experienced one or more VPN-related cyberattacks in the last year—up from 45% the year before— highlighting the growing frequency and sophistication of attacks targeting VPNs.

The vast majority are shifting to zero trust – 78% of organizations plan to implement zero trust strategies in the next 12 months. Meanwhile, 62% of enterprises agree that VPNs are anti-zero trust.

Most have doubts about VPN security – 91% of respondents expressed concerns about VPNs compromising their IT security environment, with recent breaches illustrating the risks of maintaining outdated or unpatched VPN infrastructures.

VPNs are no match for ransomware, malware, and DDoS – Respondents identified ransomware (42%), malware (35%), and DDoS attacks (30%) as the top threats exploiting VPN vulnerabilities, underscoring the breadth of risks organizations face due to inherent weaknesses in traditional VPN architectures.

The risk of lateral movement can’t be ignored – 53% of enterprises breached via VPN vulnerabilities say threat actors moved laterally, demonstrating containment failures at the initial point of compromise that underscore the risks of traditional, flat networks.

VPN Attacks on the Rise

The frequency and severity of attacks exploiting VPN vulnerabilities highlight the ineffectiveness of conventional cybersecurity measures and underscore the persistent risks posed by network exposure. Our survey reveals that 56% of organizations experienced cyberattacks in the last year that took advantage of VPN vulnerabilities, a significant increase from 45% the year before. Alarmingly, 41% of organizations reported suffering two or more VPN-related attacks, indicating severe security gaps.

Recent trends confirm that attacks on VPNs are becoming not only more frequent, but also more sophisticated. For instance, more cases of ransomware exploiting VPN flaws—particularly in the aftermath of publicly disclosed vulnerabilities—highlight the critical weaknesses inherent in traditional VPNs. Such vulnerabilities give attackers easy entry points to infiltrate networks and facilitate lateral movement, leading to substantial data breaches and operational disruption.

Major VPN Vulnerabilities in the Past Year

Amid the recent string of high-severity CVEs impacting VPN products, it’s no surprise that enterprises are reporting more attacks that exploit these kinds of vulnerabilities. Of course, no single vendor or any particular technology can be immune from software vulnerabilities. In the case of VPN, the challenge for enterprises is that each CVE can represent a single security point of failure for the enterprise: a beachhead that allows attackers to compromise a VPN asset, establish persistence, move laterally across the network, and steal data. As VPN CVEs continue to be disclosed at this pace, they will be a persistent risk for enterprises that use VPNs for remote connectivity.

Navigating VPN Security Concerns

The survey results reflect deep-seated concerns about VPNs compromising security environments, echoing ongoing trends and increasing vulnerabilities in VPN technologies. An overwhelming majority of respondents (91%, up from 88% in 2023) express concerns about VPNs jeopardizing their IT security, underscoring heightened awareness of VPN-related risks among organizations.

This concern is justified by recent exploits targeting Ivanti VPNs, where attackers leveraged severe vulnerabilities to infiltrate networks and exfiltrate sensitive data. These incidents, involving vulnerabilities like CVE-2024-21888 and CVE-2024-21893, highlight the risks of maintaining and securing outdated or unpatched VPN infrastructures. Moreover, the inherent architecture of VPNs poses significant security risks in today’s perimeter-less digital landscape. As businesses increasingly adopt cloud services and as remote work models evolve, VPNs face new security challenges, including managing broad access rights and securing an expanding attack surface.

These vulnerabilities and architectural limitations underscore a pivotal shift in perceptions toward VPN security, aligning with broader cybersecurity trends that advocate for more dynamic and resilient frameworks such as zero trust.

Forward-looking organizations transition toward zero trust architectures to gain more granular control and significantly reduce the attack surface by never conferring implicit trust, whether inside or outside a network perimeter. Adopting such a strategy addresses the immediate vulnerabilities of traditional VPNs and aligns with a proactive cybersecurity approach, essential for adapting to the evolving threat landscape.

Key Scenarios for Secure Access

Understanding why organizations use VPNs is essential as it highlights how they prioritize secure access across various business scenarios. It also reveals which networking use cases are most exposed to security risks, indicating areas that require more robust and innovative access security strategies.

A significant 70% of organizations use VPNs primarily to secure access for remote employees. This widespread use makes remote access a prime target for cyberattacks. Following this, 33% use VPNs to connect multiple sites, presenting substantial risks as these connections can serve as vectors for cyberattacks if not properly secured. Next, 26% of organizations noted access

for third parties, which further complicates security due to the varying security postures of different external stakeholders and lack of control over security policies. Additionally, 20% of organizations use VPNs for on-campus access, and 19% use them for IoT/OT device connectivity.

VPNs no longer provide adequate security for critical access use cases in today’s evolving cyberthreat landscape because they operate on outdated trust models that grant extensive network access upon simple user authentication. This broad access exposes organizations to significant risks by allowing potential attackers to exploit a single point of entry to navigate and extract sensitive data across the network.

Challenges in VPN Management

In addition to inherent security risks, managing VPN infrastructures presents significant challenges for IT teams as the requirements for robust access solutions intensify in dispersed, cloud-centric work environments. The primary management challenge for IT professionals is the balancing act between VPN performance and user experience (19%). This issue is crucial because it directly impacts productivity: if the VPN slows down the network or proves too cumbersome to use, it can lead to lower employee satisfaction and slow, inefficient business processes.

The next most common concern, cited by 17% of respondents, is constant troubleshooting of VPN connectivity and stability issues. These problems are not only time-consuming for IT staff, but also cause frustrating disruptions for users. Other notable challenges include VPNs’ lack of compatibility with a diverse range of devices, operating systems, and applications, which about 16% of IT professionals find burdensome. Additionally, 13% of respondents struggle with the complexity and labor-intensive nature of scaling VPN infrastructure, a critical issue as organizations grow and their needs increase amid a severe shortage of skilled cybersecurity professionals.

These insights underscore the need for organizations to explore more agile, userfriendly, and less resource-intensive alternatives, such as zero trust network access (ZTNA) models. ZTNA provides more granular control, enhanced scalability, and reduced management overhead, making it a superior choice to traditional VPN in today’s dynamic cybersecurity landscape.

Common VPN User Challenges

The most frequent user complaint about VPN use, as noted by 26% of respondents, is slow connection speeds. This highlights a critical user productivity and satisfaction issue as slow speeds can significantly reduce the efficiency of routine tasks and access to cloud-based resources, especially in work-from-home environments.

VPN connection drops represent the second-most common issue, cited by 19% of respondents. This problem can disrupt ongoing tasks and communications, significantly affecting user experience and operational continuity. Inconsistent user experiences across different devices and platforms, reported by 12% of users, point to a need for more uniform access performance.

To address these concerns, organizations should consider adopting network access solutions that offer more stability and consistency across various platforms. Implementing a zero trust architecture can be particularly effective, as it enhances security without introducing performance bottlenecks. Zero trust networks ensure that connection issues do not compromise security and that access control is both strict and adaptable to different user environments.

VPN Vulnerability Exploits

The variety of cyberattacks that exploit VPN weaknesses highlights the breadth of risks organizations face. The survey reveals that 42% of respondents identify ransomware attacks as most likely to exploit VPN vulnerabilities, highlighting significant impact and frequent occurrences. This is followed by malware infections, reported by 35% of respondents, and DDoS attacks—noted by 30%—which compromise availability as well as the confidentiality and integrity of systems.

To counter these vulnerabilities, organizations should adopt proactive security measures like a zero trust model. Zero trust enforces stringent access controls and continuous verification of all network connections, regardless of their origin. This strategy effectively mitigates the risks posed by a wide array of attacks that exploit VPN weaknesses, limiting lateral movement and reinforcing robust access controls.

Third-Party VPN Risk

The survey underscores significant concern around third-party VPN access as a network security vulnerability. A notable 92% of respondents express apprehension about this risk, marking a slight increase from 90% in 2023. This growing recognition highlights the potential for third-party access to serve as an entry point for cyberthreats.

New insights into VPN vulnerabilities and breaches have further validated these concerns. Traditional VPNs typically provide extensive network access post-credential validation, posing risks if third-party vendors’ security measures are compromised.

Organizations should expedite their transition from traditional VPNs to zero trust architectures. This shift involves implementing systems that rigorously verify access requests based on identity and context, limiting third-party vendors to specific resources essential for their tasks.

Overconfidence in VPN Security

The recent surge in VPN breaches highlights a disconnect between perceived security and actual risk. Recent high-severity exploits in VPN products underscore that even well-prepared organizations might be underestimating the capabilities of cyber adversaries exploiting vulnerabilities inherent in VPN technology. A significant 65% of survey respondents cited high confidence in their organization’s ability to handle VPN vulnerabilities, which may not fully align with the escalating threat landscape where sophisticated actors exploit even minor weaknesses very quickly. Overconfidence can be particularly risky given the complexity and persistence of recent VPN exploits, as shown by incidents involving state-sponsored groups and cybercriminal gangs targeting unpatched systems for prolonged periods.

Organizations must recalibrate their security stance by incorporating rigorous vulnerability assessments, frequent updates, and comprehensive security awareness training. Adopting a layered security approach that does not overly rely on VPNs for comprehensive protection is advisable. This approach should include advanced monitoring, anomaly detection, and the integration of zero trust principles.

Ransomware Attack Vectors

The survey clearly identifies vulnerabilities in externally exposed assets as the most concerning potential attack vector of ransomware, noted by 33% of respondents. This points to widespread recognition of the risks associated with exposed network services or web applications, which are often the first point of entry for ransomware attacks.

Stolen identities follow closely at 26%, underscoring the role compromised credentials play in enabling attackers to bypass security measures and gain access to deliver ransomware payloads. Concerns about vulnerabilities in virtual desktop infrastructures (VDI) and nation-state attacks, at 14% and 12% respectively, highlight the diverse origins of ransomware threats that organizations must defend against. Scattered Spider (a cybercriminal group that uses sophisticated social engineering tactics, including phishing, multifactor authentication fatigue attacks, and SIM swapping), concerns 11% of participants.

Organizations should enhance their defenses and identity management protocols. Implementing comprehensive vulnerability management processes and adopting a zero-trust security model can effectively reduce the risk of ransomware attacks by denying access to network resources and lateral spread.

Ransomware Concerns

The survey results show 52% of respondents are very or extremely concerned about the threat of ransomware due to unpatched vulnerabilities. This is justified since unpatched vulnerabilities remain a primary attack vector for ransomware. Recent analyses show that a substantial portion of ransomware attacks exploit these vulnerabilities, with notably severe impact compared to other types of cyberattacks.

Ransomware groups are growing more sophisticated, with many now using advanced tactics that can quickly exploit newly discovered vulnerabilities before organizations can patch them. This rapid exploitation cycle greatly shortens the window for responding to critical vulnerabilities, highlighting the urgent need for advanced security measures that reduce the attack surface.

Lateral Movement in VPN Attacks

Most respondents (53%) report that more than 25% of VPN-related attacks involved lateral movement, demonstrating significant containment failures at the initial point of compromise. Nearly one-third (32%) experienced lateral movements in more than half of attacks, indicating major challenges in controlling threat spread once adversaries breach network defenses.

Lateral movement is a significant risk with VPNs, as attackers can obtain broad network access similar to that of an authenticated user. This enables them to stealthily move across the network and target sensitive areas.

In this way, VPNs can compound risks and expand the scope of an attack beyond its initial entry point. Resolving this necessitates stringent segmentation, ideally with user-to-application traffic via a zero trust architecture, and continuous monitoring. This substantially reduces the blast radius of lateral movement by enabling granular access to a smaller set of applications for each individual user, while the rest are rendered invisible.

The rising sophistication of attacks exploiting VPN vulnerabilities underscores the need for a shift toward a zero trust framework. By enforcing strict access controls and continuous verification, zero trust limits unauthorized lateral movements and enhances security across expanding digital landscapes.

VPN Security Concerns After M&A

Concerns around the impact of mergers and acquisitions (M&A) on existing VPN infrastructure spotlight the potential vulnerabilities that arise from organizational changes and the integration of disparate networks.

A substantial 69% of respondents express apprehension about cyberattacks post-M&A, highlighting widespread concern over the security risks associated with these corporate transformations. This sentiment reflects a clear understanding that M&A activities can destabilize existing security frameworks, heightening exposure to cyberthreats.

Transition periods during M&A present unique opportunities for organizations to phase out antiquated, vulnerable VPN technologies in favor of zero trust frameworks. Specifically, zero trust architectures enhance security by providing comprehensive segmentation of the environment between users and applications, workloads and workloads, branch locations, and devices, whether managed devices, unmanaged devices, IoT, or OT systems. This approach significantly bolsters security during and after a transition through rigorous verification of all users and devices, comprehensive segmentation, and strict enforcement of least-privileged access controls.

Progress in Enterprise Zero Trust Adoption

The survey reflects a strong trend toward adopting zero trust security frameworks, underscoring the growing recognition of their importance in enhancing organizational cybersecurity. A significant 31% of respondents are already implementing zero trust (up from 27% in 2023), indicating a growing proactive effort to better protect network resources.

Additionally, 27% of organizations plan to implement a zero trust strategy within the next six months (up from 18% in 2023), and another 20% of organizations plan to make the shift within the next 12 months, demonstrating a widespread commitment to transitioning to zero trust in the near future. This confirms that more than three-quarters of survey respondents (78%) recognize the urgency and benefits of zero trust.

However, 17% of respondents are still considering a zero trust strategy without a specific timeline (down from 23% in 2023), highlighting some hesitancy or potential challenges in planning or initiating the transition. Only a small fraction (5%) report no plans to adopt zero trust (down from 8% in 2023), possibly due to a lack of resources.

An analysis by company size indicates that larger organizations in our survey, particularly those with over 20,000 employees, are more likely and faster to adopt zero trust strategies, with 33% already implementing them. In contrast, smaller companies with 1,000-5,000 employees show a slightly lower adoption rate at 29%, suggesting that scale and resource availability may influence the pace and scope of zero trust integration.

Organizations still on the fence or planning to adopt zero trust should start by assessing their current security posture and network architecture to identify specific needs and potential challenges

No Zero Trust Security Through VPN

The survey results reflect a significant divide in beliefs about the compatibility of VPNs with zero trust security frameworks. Most (62%) believe that VPNs are fundamentally “anti-zero trust,” confirming that traditional VPN architectures do not align with the principles of zero trust. Conversely, 38% of respondents view VPNs, especially cloud-based platforms, as compatible with zero trust architectures.

While this perspective may stem from VPN vendors claiming that their cloud-based solutions align with zero trust principles, it’s important to scrutinize these assertions critically. Simply hosting a VPN service in the cloud, for example, does not automatically confer zero trust attributes. Zero trust security requires more than just a secure hosting environment; it mandates a fundamental shift from perimeter-based defenses to a model where security is dynamic, granular, and context-based.

True zero trust security involves continuously validating all users and devices, applying least-privileged access, and segmenting traffic to prevent lateral movement—features that traditional VPNs, even cloud-based ones, do not provide. Therefore, organizations must confirm that any claimed “zero trust” VPN actually incorporates these core principles, rather than relying solely on marketing promises.

Advancing from VPN to Zero Trust Network Access

The survey results show that most organizations are making a strategic shift, with 53% of respondents citing plans to replace their existing VPN solutions with ZTNA solutions in the near future. ZTNA offers a more flexible and secure approach by enforcing policies based on user context, location, and device security, without assuming trust based on network location. This contrasts with traditional VPNs, which generally grant broad access to a network, creating security vulnerabilities.

For the 53% of organizations moving toward ZTNA, it is crucial to ensure a smooth transition by planning comprehensive risk assessments, updating access policies, and educating users about new protocols. Meanwhile, the 47% not yet planning to switch should evaluate their current security challenges and consider whether ZTNA could address these more effectively than VPN.

Why Zero Trust is More Secure Than VPN

Architecturally, zero trust and ZTNA are more secure than traditional VPNs for several reasons, primarily due to a robust security framework that never inherently places trust in any single connection. Traditional VPN-based architectures are susceptible to a single point of failure. When a VPN or device is compromised (such as through a new CVE), threat actors can exploit the trust inherent in a flat network to gain access to the entire network, move laterally, steal data, and deploy ransomware. This is why security practitioners are increasingly concerned about the security risks of VPN.

On-premises and cloud-delivered VPNs present similar security vulnerabilities. Additionally, VPNs introduce complexity, resulting in unnecessary overhead and time-consuming tasks like user provisioning, routing table management, connectivity troubleshooting, patching, monitoring, and performance optimization.

In a zero trust architecture, no single connection is ever trusted. Users connect directly to applications—never to the underlying network. Moreover, every connection is automatically terminated, regardless of origin, before being verified by seven layers of zero trust security controls. Zero trust architecture allows organizations to comprehensively segment their environments with granular access—from users to applications, from workloads to workloads, between branch locations, and between devices, including IoT and OT devices.

Key Differences and Advantages Between Zero Trust and VPN

Significantly Reduced Attack Surface – A zero trust architecture enables inside-out connectivity that hides critical assets, applications, servers, and more from the public internet while removing the need for vulnerable assets like VPNs and firewalls. This allows enterprises to provide hybrid connectivity for their workforces while greatly shrinking their attack surface. In contrast, VPN- and firewall-based architectures require enterprises to expand the attack surface to accommodate increased connectivity.

Continuous Verification – Zero trust models enforce continuous security verification of credentials and security posture before granting access to resources, making it much more difficult for unauthorized entities to gain and maintain access to sensitive information and systems. Meanwhile, with VPNs, the user or device often has extensive access to network resources once access is granted.

Least-Privileged Access – Zero trust principles enforce least-privileged access policies, ensuring that users and devices only have access to the resources necessary for their specific roles. This minimizes the risk of internal threats and lateral movement within a network, which are common vulnerabilities in VPN setups.

Granular Access and Segmentation – By dividing network resources into separate segments— between users and apps, between workloads, between devices—zero trust isolates potential breaches to smaller zones, greatly reducing the impact of an attack. While organizations often try to segment their network environments, it’s an operationally complex and costly process that, in practice, often remains incomplete, requires hundreds of discrete firewall rules, and exposes broader network areas to authenticated users.

Empowering Today’s Hybrid Workforce – Zero trust makes it possible to easily extend lightning fast access to private applications across remote users in addition to HQ, branch offices, and third party partners.

Improved User Experience and Reduced Complexity – Zero trust enhances user experiences by eliminating the need for all remote traffic to route through a central network point, a common performance bottleneck with VPN. This architecture is better able to handle the scaling requirements of modern networks that include IoT and BYOD policies. Additionally, zero trust reduces management overhead by automating security controls and simplifying the enforcement of security policies across the network.

These architectural advantages make zero trust a compelling alternative to traditional VPNs, particularly in today’s increasingly sophisticated and distributed threat landscape. For organizations looking to bolster their cybersecurity defenses, adopting a zero trust approach provides a more robust, flexible, and scalable security infrastructure.

VPN Predictions for 2024 and Beyond

1. Severe VPN vulnerabilities and exploits will increase – Given the frequency, severity, and scale of VPN vulnerabilities disclosed in the past year, enterprises should expect this trend to continue. Threat actors and security researchers are aware of the heightened risk of high-severity vulnerabilities in VPN products. In turn, they are actively hunting for more, making it likely that additional CVEs will be found in the coming months and years.

2. High-profile attacks caused by VPN will take the spotlight – Closely related to our first prediction, we will see more large organizations disclose breaches that result from exploited VPN vulnerabilities. In part due to the new SEC regulation guidelines which require public companies to disclose details around breaches with a material impact. As we have seen, threat actors consistently create backdoors in target environments when VPN vulnerabilities occur, only to exploit them at later dates, even after these vulnerabilities have been patched. As the year progresses, more of these will start to be disclosed in public SEC filings and hit the news.

3. A surge in AI-powered VPN offerings will raise security and privacy concerns – Amid ongoing advancements in AI, AI-powered VPN solutions will flood the market. However, enterprises should evaluate these offerings with caution. Although they will promise enhanced performance, the integration of AI will amplify security risks and increase opportunities for attackers to exploit VPN vulnerabilities. In addition, privacy concerns will arise from extensive data analysis that increases the risk of sensitive information being exposed.

4. Password-spraying attacks on VPNs will continue to grow – Attackers will increasingly find ways to exploit weak password management practices and unused default VPN connection profiles through password-spraying attacks. In these attacks, threat actors try the same password across many VPN accounts until they successfully log in, gaining unauthorized access. With numerous recent high-profile VPN breaches effectively leveraging this technique, enterprises should expect similar attacks to persist.

5. Enterprise spend will shift away from VPN toward zero trust connectivity – While VPN has long enabled remote connectivity for enterprises, the technology’s consistent and growing security challenges will make it more challenging to justify long-term spending. As enterprises cement a consensus around zero trust as the preferred architecture for security and connectivity, enterprise budgets will continue to shift toward zero trust initiatives to secure the remote workforce.

How Zscaler Enables VPN Replacement and Zero Trust Transformation

Traditional firewalls and VPNs create a massive attack surface that lets attackers see and exploit exposed resources. By putting users on the network and letting them access any application it hosts, these legacy approaches give attackers easy access to sensitive data.

They make it challenging and time-consuming to safely provide access or share resources with third-party vendors, contractors, and agencies. Beyond that, they drive up costs and complexity, and are too slow to serve today’s hybrid workforce.

The Zscaler Zero Trust Exchange™ platform, the world’s largest inline security cloud, securely connects users, workloads, IoT/OT, and B2B partners without extending network access.

Zscaler Private Access™ (ZPA™), an essential part of the Zero Trust Exchange, provides direct access to private applications hidden behind the Zero Trust Exchange, minimizing the attack surface, enabling granular 1:1 user-to-app segmentation, eliminating lateral movement, and delivering private app protection and inline traffic inspection while stopping zero-day threats—elevating your security posture. A cloud native service, ZPA can be deployed in just hours to replace legacy remote access tools like VPNs and VDIs.

Zero Trust Networking

ZPA enables granular, segmented access with inside-out connectivity to private applications and workloads. Moreover, ZPA includes a comprehensive set of access control services, including AI-powered user-to-app segmentation—with automated recommendations for user access policies and application segments—workload-to-workload segmentation, privileged remote access, private service edge, browser access, and more.

Cyberthreat Protection

ZPA delivers advanced cyber protection capabilities to secure your organization. These include app protection capabilities that use inline security inspection to stop the most prevalent application attacks and zero-day vulnerabilities, as well as deception technology that lures attackers with decoy apps and makes it easy to detect sophisticated threats.

Data Protection

ZPA provides holistic data protection and stops data loss across all channels with web data loss Prevention (DLP), endpoint DLP, and browser isolation that prevents data leakage for vulnerable users and BYOD endpoints.

Best Practices to Counter VPN Risks

  • Minimize the attack surface: Provide direct access to applications, ensuring that both apps and users are invisible to the internet, effectively preventing attackers from discovering and exploiting them for initial access.
  • Prevent initial compromise: Inspect all traffic inline to automatically stop zero-day exploits, malware, and other sophisticated threats.
  • Block unauthorized access: Use strong multifactor authentication (MFA) such as one-time passwords or tokens, biometrics, or FIDO2 credentials to validate user access requests. Conversely, weak MFA often uses approaches use password reset questions.
  • Enforce least-privileged access: Restrict permissions for users, traffic, systems, and applications based on identity and context, ensuring only authorized users can access approved resources (providing additional security in cases of MFA compromise or credential theft).
  • Eliminate lateral movement: Connect users directly to apps, not the network, to limit the blast radius of a potential incident and mitigate the risk of lateral threat movement.
  • Shut down compromised users and insider threats: Enable inline inspection and monitoring to detect compromised users with access to your network, private applications, and data.
  • Stop data loss: Inspect data in motion and data at rest to stop active data theft during an attack.
  • Deploy active defenses: Leverage deception technology with decoys and perform daily threat hunting to derail and capture attacks in real time.
  • Test your security posture: Get regular third-party risk assessments and conduct purple team activities to identify and harden the gaps in your security program. Request that your service providers and technology partners do the same and share the results of these reports with your security team.

Methodology and Demographics

This report is based on the results of a comprehensive online survey of 647 IT and cybersecurity professionals, conducted in April 2024, to identify the latest enterprise adoption trends, challenges, gaps, and solution preferences related to VPN risk. Respondents range from technical executives to IT security practitioners, representing a balanced cross-section of organizations of varying sizes across multiple industries.

Reuse of content – We encourage the reuse of data, charts, and text published in this report under the terms of this Creative Commons Attribution 4.0 International License. You’re free to share and make commercial use of this work as long as you attribute the report as stipulated in the terms of the license. For example: “Zscaler ThreatLabz 2024 VPN Risk Report with Cybersecurity Insiders.”

About Zscaler

Zscaler accelerates digital transformation so that customers can be more agile, efficient, resilient, and secure. The Zscaler Zero Trust Exchange™ protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Distributed across more than 150 data centers globally, the SASE–based Zero Trust Exchange is the world’s largest inline cloud security platform. To learn more, visit www.zscaler.com.

About ThreatLabz

ThreatLabz is the security research arm of Zscaler. This world class team is responsible for hunting new threats and ensuring that the thousands of organizations using the global Zscaler platform are always protected. In addition to malware research and behavioral analysis, team members are involved in the research and development of new prototype modules for advanced threat protection on the Zscaler platform, and regularly conduct internal security audits to ensure that Zscaler products and infrastructure meet security compliance standards. ThreatLabz regularly publishes in-depth analyses of new and emerging threats on its portal, research.zscaler.com.

About Cybersecurity Insiders

Cybersecurity Insiders brings together 600,000+ IT security professionals and world-class technology vendors to facilitate smart problem solving and collaboration in tackling today’s most critical cybersecurity challenges.

Our approach focuses on creating and curating unique content that educates and informs cybersecurity professionals about the latest cybersecurity trends, solutions, and best practices. From comprehensive research studies and unbiased product reviews to practical e-guides, engaging webinars, and educational articles – we are committed to providing resources that provide evidence-based answers to today’s complex cybersecurity challenges.

Contact us today to learn how Cybersecurity Insiders can help you stand out in a crowded market and boost demand, brand visibility, and thought leadership presence. 

Email us at info@cybersecurity-insiders.com or visit cybersecurity-insiders.com

The post Zcaler ThreatLabz 2024 VPN Risk Report appeared first on Cybersecurity Insiders.

San Juan, Puerto Rico, April 25th, 2024, CyberNewsWire

The telecom company AeroNet Wireless announced the launch of its new 10Gbps speed Internet plan, marking an important landmark for the telecommunications sector in Puerto Rico. “We have invested millions to expand and strengthen our network, demonstrating our commitment to launching Puerto Rico to the next level of connectivity and Internet services. Our new 10Gbps plan is the first of its kind on the island, and we are confident that it will position AeroNet and Puerto Rico’s telecommunications industry as a force to be reckoned with nationwide,” said AeroNet’s President and Founder, Gino Villarini, at an event held at Parallel 18 facilities, in San Juan. 

The new 10Gbps speed service exemplifies a statement of ambition by AeroNet to lead the way with innovation through the latest technology in the telecommunications business on the island. The launch of AeroFiber 10Gbps Nex-Gen represents a leap in business connection speed, as 10 Gbps equals 10,000 Mbps (megabits per second). “This means an exceptional data transfer capacity that allows the realization of complex tasks and the execution of advanced applications at an unprecedented speed. To grasp the magnitude of this speed, AeroFiber 10Gbps is 100 times faster than conventional internet connections,” explained Villarini during the launch of the new service.

According to the telecommunications businessman, the innovative service is designed to meet the growing demands of the commercial sector, offering a connection that drives efficiency, productivity, and competitiveness. This aims to ensure that businesses in Puerto Rico have access to a robust network capable of meeting the challenges of the digital age. “AeroNet is the only hybrid provider in Puerto Rico that offers the service through fiber optic and microwave. The service is available throughout the island, including Vieques and Culebra,” he added.

AeroNet has designed a highly competitive pricing scale to make its new 10Gbps service affordable for the entire commercial sector, seeking to transform how businesses operate and compete. “We not only ensure an ultra-fast connection; we support every interaction with a highly trained and professional technical support team, enhancing productivity and peace of mind for our customers for a seamless service experience.”

Contact

Marketing Manager

Meredith Lugo

AeroNet Wireless

mlugo@aeronetpr.com

 

The post AeroNet Wireless Launches 10Gbps Internet Plan: A Landmark Moment in Puerto Rico’s Telecommunications Industry appeared first on Cybersecurity Insiders.

San Francisco, United States, May 7th, 2024, CyberNewsWire

Hunters, the pioneer in modern SOC platforms, today announced its full adoption of the Open Cybersecurity Schema Framework (OCSF), coupled with the launch of groundbreaking OCSF-native Search capability. This strategic advancement underscores Hunters’ commitment to standardizing and enhancing cybersecurity operations through open, integrated data sharing frameworks.

Uri May, CEO of Hunters, explained the strategic significance of this move, stating, “Adopting OCSF as our primary data model represents a transformative step in our journey to elevate cybersecurity operations. Alongside this, our new advanced OCSF-native search functionality is set to transform how security data is searched and analyzed, offering unprecedented efficiency and precision.”

Democratizing Security Operations with OCSF

The adoption of OCSF provides a unified, standardized language across cybersecurity tools and platforms, simplifying data integration and analysis workflows. The adoption fosters frictionless interoperability and enables enhanced collaboration among cybersecurity professionals, promoting flexibility and innovation by eliminating constraints imposed by proprietary data formats.

“Adopting OCSF will not only enhance our AI-driven security solutions, but also enable seamless data integration across vast and diverse datasets, dramatically improving the speed and accuracy of threat detection and response,” added May.

Some of the benefits of adopting OCSF include:

  • Streamlined Operations and Enhanced Collaboration – practitioners use common security language, promoting efficient sharing of insights and best practices, bolstering collective defense strategies.
  • Breaking Vendor Lock-in and Data Silos – Organizations are not constrained by proprietary data formats from specific vendors.
  • Revolutionizing Threat Hunting and Investigation – By shifting from logs to context-aware events and objects, OCSF enables multi-stage attack analysis and context-rich threat hunting.
  • Accelerating AI and Gen-AI in Security – Standardized data schema accelerates the development of AI-driven security solutions.

OCSF-native Search Functionality: A New Era in Cybersecurity Analytics

Hunters is thrilled to launch their revolutionary OCSF-native search functionality, designed specifically for SOC analysts and threat hunters. This innovative technology addresses the complexities of “query engineering” by leveraging a universal data schema—OCSF—to streamline the search process across diverse data formats and environments. The new search capabilities not only reduces the frustration and errors associated with traditional query syntax but also enhances both general and specialized investigation capabilities, transforming how security teams interact with data and significantly accelerating their operations.

OCSF-Native Search is Revolutionizing Search in the following ways:

  • Event and Object Based Searching: A New Search Paradigm – Hunters SOC platform introduces event and object-based searching, eliminating the complexities of source-specific log formats, by enabling analysts to search cybersecurity events and objects without the need for field normalization or navigating diverse log formats.
  • Democratizing Data Analysis: Equipping Analysts of All Levels for Success – OCSF-native search simplifies the search experience, eliminating the need for SQL proficiency or specialized knowledge in tools like Kibana or KQL. With an intuitive interface tailored to the OCSF model, analysts of all experience levels can quickly become proficient, bypassing traditional complexities and lengthy training sessions. 
  • Entity Investigation Curated Workflows: Investigations with a Single Click – With this new capability analysts can pivot directly from Hunters alerts to Search with a single click, automatically populating and executing queries for deep context. This eliminates the need for manual query building, facilitating a seamless investigative workflow that allows analysts to efficiently explore and analyze security incidents.
  • Timeline Experience: Enhanced Chronological Insight for Security Analysis – A new timeline-based approach to search enables analysts to explore the chronological progression of security events. This feature provides insights into patterns, anomalies, and potential threats, enhancing the investigative workflow. Analysts can identify correlations, track threat evolution, and streamline investigations efficiently.

“Our new search functionality is a game-changer for both experienced and novice security practitioners,” says Yuval Itzchakov, CTO at Hunters. “It elevates SOC operations by providing Tier 1 analysts with the clarity needed for higher-level analysis and democratizes security insights, making advanced investigations accessible to more team members.”

Contributing to the Community – OCSF Mapping

In conjunction with this new product release, Hunters is also proud to contribute to the cybersecurity community by sharing one hundred mappings of security logs to the OCSF schema. This contribution is part of their commitment to fostering an open and collaborative environment where knowledge sharing accelerates innovation and strengthens security postures across the industry. 

The full adoption of OCSF and the launch of our OCSF-native search functionality mark significant milestones in Hunters’ ongoing mission to innovate and automate cybersecurity analytics and operations. By embracing open standards and providing powerful, intuitive search capabilities, they are not only advancing our platform but also contributing to a more interconnected, efficient, and effective cybersecurity ecosystem.

To learn more, visit us at RSAC Booth #4317, Moscone North, or contact us on www.hunters.security 

Contact

Ada Filipek

Hunters

ada.filipek@hunters.ai

 

 

 

 

The post Hunters Announces Full Adoption of OCSF and Introduces OCSF-Native Search appeared first on Cybersecurity Insiders.

Philadelphia, Pennsylvania, May 8th, 2024, CyberNewsWire

Security Risk Advisors (SRA) announces the launch of their OT/XIoT Detection Selection Workshop, a complimentary offering designed to assist organizations in selecting the most suitable operational technology (OT) and Extended Internet of Things (XIoT) security tools for their unique environments. 

Led by seasoned OT/XIoT security consultants, the workshop provides participants with an invaluable opportunity to gain insights into both best-in-class and novel solutions, to identify those closest aligned to their specific needs.

In today’s increasingly interconnected digital landscape, the importance of choosing the right OT/XIoT security tools cannot be overstated. These tools serve as the first line of risk reduction and defense against cyber threats targeting critical industrial processes and infrastructure.

Making informed decisions, whether adding a new solution or replacing an incumbent, significantly impacts an organization’s ability to mitigate threats and protect its assets. During the half-day consultation, participants will delve deep into their OT/XIoT security environments, examining current tools and analyzing their infrastructure. The free workshop will result in personalized recommendations of the best-fit solutions from industry vendors.

 “We recognize the importance of selecting the right security tools for cyber-physical environments,” says Jason Rivera, Director of OT/XIoT Security at SRA. “Our workshop empowers organizations to make informed decisions, giving confidence that their selection is fit for purpose.”

Submit your application here.

About Security Risk Advisors

Security Risk Advisors offers Purple Teams, Cloud Security, Penetration Testing, OT Security and 24x7x365 Cybersecurity Operations. Based in Philadelphia, SRA operates across the USA, Ireland and Australia. For more information, visit SRA’s website at https://sra.io.

Contact

Marketing Manager

Douglas Webster

news@sra.io

215-867-9051

 

 

The post Free Workshop from Security Risk Advisors Empowers Organizations to Select Optimal OT Security Tools appeared first on Cybersecurity Insiders.

Torrance, California, May 13th, 2024, CyberNewsWire

Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA, has recently signed a technology partnership to exchange threat intelligence data based on domains and potentially on the IP address to protect users by blocking threats to end users. 

Criminal IP underwent rigorous data evaluation to integrate with Quad9’s threat-blocking service, demonstrating high data uniqueness and accuracy. Particularly, test results revealed a remarkable outcome: 99.1% of malicious domains identified by Criminal IP’s threat intelligence were found to be non-duplicative with other TI data.

Through this integration, Quad9 leverages the most up-to-date threat intelligence lists, incorporating data from Criminal IP’s database of malicious domains to block harmful hostnames. This process not only safeguards computers, mobile devices, and IoT systems from a diverse array of threats like malware, phishing, spyware, and botnets, ensuring privacy, but also optimizes performance.

Quad9’s Threat Blocking Enhanced by Criminal IP’s Threat Intelligence

Quad9 is a free anycast DNS platform delivering robust security protections and privacy guarantees that comply with rigorous Swiss Data Protection and GDPR rules. Quad9 is operated as a non-profit by the Quad9 Foundation in Switzerland for the purpose of improving the privacy and cybersecurity of Internet users.

Operating on a high-performance global network, Quad9 partners with Criminal IP, which offers extensive cyber threat information, including malicious IPs, domains, and CVEs, derived from sophisticated IP and domain scoring algorithms and big data analysis on a worldwide scale, enhances this mission.

 

Results of the blocking test for the Quad9 threat-blocking security service integrated with Criminal IP TI

The specially designed Criminal IP Malicious Domains Retrieval API is used to send the Domain Data Feed identified as malicious to Quad9 for integration. This feed is then utilized alongside other threat intelligence (TI) data sources integrated into the Quad9 platform, such as IBM, OpenPhish, F-Secure, RiskIQ, and Domain Tools, to create a comprehensive blocklist for user protection.

Criminal IP’s specialized Domain Threat Intelligence

In addition to these comprehensive threat-blocking results on Quad9, for those seeking more information about each component of domains, users can use Domain Search of Criminal IP. The vulnerability scanner tool meticulously analyzes a wide array of domain details including screenshots, WHOIS data, utilized technologies, page redirections, and certificates. It also identifies potentially malicious content and replicated phishing domains, providing an overall domain score and a Domain Generation Algorithm (DGA) score. This global threat intelligence is updated daily and can be accessed through flexible API integration enabling seamless incorporation of the data into existing security systems, such as SOAR and SIEM. 

Results of searching malicious domain in Criminal IP Domain Search

“Our partnership with Quad9 is a recognition of the accuracy of Criminal IP’s data,” stated Byungtak Kang, CEO of AI SPERA. “It is expected that our collaboration will contribute to the protection of Quad9’s end-users, who have a global reach, while simultaneously enhancing the quality of Criminal IP’s data.”

End users interested in utilizing the integrated threat-blocking security service of Quad9, which is linked with Criminal IP threat intelligence, can automatically activate the service simply by using the Quad9 DNS server (9.9.9.9).

About AI SPERA

AI SPERA launched its global cybersecurity service, Criminal IP, on April 17, 2023, following a successful year-long beta phase. The company has established technical and business partnerships with acclaimed global security firms and educational institutions, including VirusTotal, Cisco, Tenable, and Sumo Logic.

Criminal IP offers personalized plan options, also suitable for company use. Users can check their own credit usage for specific features (Web, Vulnerability Scanner, Tags, etc.) and API on the dashboard, and upgrade the plan anytime according to their needs.

Criminal IP is available in five languages (English, French, Arabic, Korean, and Japanese), providing a powerful and accurate CTI search engine for users worldwide. AI SPERA has been delivering cybersecurity solutions worldwide through a range of products, including Criminal IP CTI Search Engine, Criminal IP ASM, and Criminal IP FDS.

Contact Michael Sena AI SPERA support@aispera.com

 

 

 

 

The post Criminal IP and Quad9 Collaborate to Exchange Domain and IP Threat Intelligence appeared first on Cybersecurity Insiders.

Security operations professionals are the first to sound the alarm on intrusion attempts by bad actors. Organizations rely on them for security monitoring, security incident management, vulnerability management, security device management and network flow monitoring. 

Are you ready for a career in security operations? ISC2, creator of the leading advanced cybersecurity certification, the CISSP, recommends these specific steps. 

1. Become an ISC2 Candidate. Begin your journey by joining ISC2, the world’s leading cybersecurity professional organization, more than 500,000 members, associates and candidates strong. As part of their One Million Certified in Cybersecurity pledge to help close the workforce gap, you’ll be able to access free Official ISC2 Online Self-Paced Training for Certified in Cybersecurity entry-level certification and a free exam. Candidates can also tap a full range of benefits, including 20% off online training and up to 50% off textbooks. Sign up now to get your first year free.

2. Start your journey toward SSCP certification. Systems Security Certified Practitioner (SSCP) certification demonstrates you have the knowledge and skills to implement, monitor and administer IT infrastructure using information security policies and procedures. You’re key to protecting the confidentiality, integrity and availability of data for individuals and organizations.

To qualify for the SSCP, candidates must pass the exam and have at least one year of cumulative, paid work experience in one or more of the seven domains of the ISC2 SSCP exam outline. 

If you don’t yet have the required experience to become an SSCP, you can become an Associate of ISC2 after successfully passing the SSCP exam. You will then have two years to earn the experience needed for SSCP certification. 

3. Keep learning

Security operations never stand still. It’s a constantly evolving field that requires continuing education to stay in front cyberthreats and on top of trends. Professionals can choose from a variety of flexible learning options, including:

ISC2 Certificates turn a laser focus on specific subject matters. And with courseware created on the hottest topics by cybersecurity’s most respected certifying body, you’re assured the most current and relevant content. Choose from online instructor-led or self-paced education with content created by industry experts:

Online Instructor-Led*

  • Prerecorded lessons led by an ISC2 Authorized Instructor
  • Instruction that complements self-paced content
  • Digital badges upon passing certificate assessments

Online Self-Paced

  • Online learning at your own pace
  • Videos available for download on demand
  • Digital badges upon passing certificate assessments

*Online instructor-led only available for select certificates.

ISC2 Security Administration and Operations Certificates focus on the knowledge and skills needed to install, administer and troubleshoot security solutions. Online on-demand certificates include:

  • Responding to a Breach
  • Malware Analysis
  • Crowdsourced Security
  • Cryptography

ISC2 Security Operations Skill-Builders will help you learn valuable skills as you pursue a career in security operations. Grow what you know with short-format learning designed to fit your busy schedule.

A career in security operations provides the opportunity to make a significant impact on the world. Qualified professionals are indispensable to organizations, safeguarding their information and systems. See yourself in security operations and get started today. Learn More

More questions about SSCP? Get Answers in the Ultimate Guide, everything you need to know about SSCP. Download Now.

 

The post Thinking about a Career in Security Operations? Follow this Path appeared first on Cybersecurity Insiders.