Skip to content

Optimizing access to third-party resources in cloud environments

In the world of cybersecurity, things move at lightning speed. And so do we at NordLayer. We’re committed to delivering cutting-edge, secure remote network access solutions for our clients. What’s our secret to success? A robust strategy, clear product vision, and insights that help us develop high-quality products. 

At NordLayer, we never lose sight of our goals. We continually track our product’s growth, ensuring we always head in the right direction. We aim to provide a remote network access solution that fulfills our promise to all our customers and fosters sustainable progress.

Donatas quote 1 1400x635When we look back at the milestones we’ve achieved and those on the horizon, we’re confident about our product lifecycle. Even now, we can see that our developments gained rapid momentum, consistently improving and delivering the best experience for all ways of working.

This is our epic journey of shaping the cybersecurity landscape and enhancing business security.

Our roadmap for a remote network access solution

Our journey started with an ambitious goal: to enable hybrid and remote work in a user-friendly way. We believe a connected world where all work models are possible needs protected connections, and that’s precisely what we’re crafting.

nordlayer timeline 1400x880

Every story has its humble beginnings, and so does NordLayer’s product. Let’s now take a look at our product’s gradual yet significant growth and where our remote network access solution stands now.

Foundation & breakthrough

Our original name was NordVPN Teams. We began as a B2B version of NordVPN (yes, the very VPN that consumers love worldwide). Naturally, it was referred to as a business VPN tool to secure organization connections.

Launched back in 2019, NordLayer started its offering with almost thirty Shared and nearly twenty Private Gateway locations around the globe. Running on three VPN protocols, the tool did a decent job protecting companies on the brink of the pandemic.

It was a time when NordLayer emerged as a virtual private network tool for organizations that needed to protect their teams working remotely and in different settings. Soon, the product capabilities were challenged by the new normal, a.k.a. COVID-19.

Overnight, we faced the task of onboarding hundreds of employees, ensuring secure connections and business continuity. It was a baptism by fire. We embraced and overcame this challenge as a tryout and aspiration to offer protection for businesses around the world.

Elimination of a physical office required new solutions here and now. So, connecting different locations with Site-to-Site functionality and Auto-connect feature were NordLayer’s hatching out of the VPN-only product shell. We quickly realized we had outgrown our shoes and needed to enhance our capabilities to offer an even better solution.

In 2020, ThreatBlock took the spotlight as NordLayer’s flagship release. It was initiated by the business need to secure networks from potential risks. What’s unique about ThreatBlock is that it automatically blocks harmful websites, so no malware or other cyber threats can infect your device.

Followed by identity management enhancements of single sign-on (SSO) integration with major service providers in the market Azure AD, Okta. Also, Google Workspace, the solution soon became available on all major OSs.

The introduction of custom DNS functionality marked the time for something big to evolve.

NordLayer created a sophisticated offering to start establishing its market position. Based on existing features and our future vision, we quickly noticed how prominent NordLayer is in Zero Trust Network Access (ZTNA) and Secure Access Service Edge (SASE) frameworks. Naturally, that led us to focus our development efforts in that direction.

Strategic navigation

The year 2021 started with improving what NordLayer offered its customers in the ZTNA department.

Listening to feedback and adjusting to client business needs, we increased the number of Virtual Private Gateway locations.

We also introduced one more SSO integration with OneLogin, a popular user identity access management service provider, and added biometric authentication for a full range of trusted user authentication options.

But these were just stepping stones compared to the launch of the year, a Smart Remote Access functionality. It was like a network bridge interconnecting devices and creating a virtual LAN, bringing relief to IT administrators and employees and allowing them to work more efficiently wherever they are.

As we navigated through a saturated cybersecurity industry market in 2022, our focus remains on a user-friendly implementation of complex concepts like network security. We also defined our vision and mission, dedicating ourselves to stress-free cybersecurity for our customers, no matter their work setup.

Leaning towards Security Service Edge (SSE), a part of the SASE framework, NordLayer made network security as a service its main strategy. This approach, combined with the ZTNA model, emphasized the performance and convenience of using the tool.

Hence, the NordLynx (WireGuard) protocol was created to drastically increase connection speed compared to other protocols, maintain service quality, and security.

VPNs can slow things down, causing delays. But NordLayer aimed to eliminate this interference so customers forget about the solution running in the background on their computers. And from what we’ve heard, we succeeded in achieving seamless and uninterrupted connections.

So, have you already noticed that we at NordLayer are always up for a challenge? A growing number of Virtual Private Gateways in locations like South Africa and Brazil was a project that led to better service coverage.

Moreover, we added user provisioning functionality with Azure AD and Okta for swift organization onboarding and management to improve the service experience for our customers.

Momentum mastery

The year 2022 also proved to get momentum and turn into a snowballing escalation that only confirmed — buckle up, there’s no way back.

With a focus on Network Access Control and a commitment to meeting compliance requirements, NordLayer introduced Activity monitoring and Device Posture Monitoring for advanced network visibility.

For a more robust and effective Internet Access Security, existing features were accompanied by DNS filtering by category and Deep Packet Inspection (DPI), so the product offers a robust and supportive network management system for our customers.

Automation of processes is the future, and we at NordLayer know it well. That’s why we implemented automated idle session timeouts from the NordLayer application. What’s more, optional enforcement of multi-factor authentication (MFA) and SSO for logging into the Control Panel was added to help ensure advanced security measures for our clients.

In 2023, NordLayer launched a one-of-the-kind Browser Extension to provide more connectivity opportunities to our customers.

A lightweight NordLayer version lets you multitask and secure connections on a browser level. It expanded how users can connect to NordLayer because, unlike the application, it doesn’t need to be OS-compatible and runs only on a browser.

Always On VPN was another big launch for NordLayer. It was dedicated to keeping users connected so organizations could trust that VPN connections stayed active.

To make rolling out NordLayer easier, we introduced the Team Administrator role. This allows admins to share some of their responsibilities in managing team access rights.

For a wider range of third-party service providers, JumpCloud became one of the five options to choose from SSO providers.

Unveiling the next era of NordLayer developments: Cloud Firewall & Device Posture Security

For better network access control, NordLayer is preparing to launch an upgraded Device Posture Security functionality. The already available capability to monitor who and when connects to a company gateway got enhanced with non-compliant device account blocking.

Improved functionality will allow IT admins to create rules, such as defining versions of OS and NordLayer, adding a requirement to have a specific file in a device, seeing if the device is rooted, and, in case of deviations from set rules, blocking the device from entering the network.

Finally, 2023 will be marked with a major product release–Cloud Firewall (FWaaS). The new soon-to-be-released feature will bring NordLayer closer to becoming a unified SSE platform provider. Undoubtedly, it’s a huge upgrade for more granular access control, which allows to deny or allow access based on User/Team, destination, protocol, and port delivered straight from the cloud.

NordLayer’s Cloud Firewall feature will be a great addition to hybrid infrastructures and a relief for legacy organizations that can finally replace expensive and resource-consuming hardware with security deployment in a few clicks.

Simple, intuitive, easy to roll out and use, and efficient, these are the words we often hear from our customers talking about their experience using NordLayer, and it couldn’t make us happier because that’s our goal to strive for.

This encourages the team to work on new and improved product capabilities constantly. We celebrate big launches and get to work even harder to deliver the most stress-free and robust network security solutions.

NordLayer use cases

Product development is an exciting and rewarding process. But without a clear vision and application, all great work can’t be used to its full potential. Thus, NordLayer formulated the main use cases our clients refer to us for help and support.

Internet access security

Modern enterprises, navigating the intricate challenges of internet access security, find themselves at a crossroads—balancing communication demands against rising cyber threats. The transformation in work models—remote, office, and complex hybrid—has introduced unique security challenges.

Threat prevention

NordLayer uses advanced encryption standards to protect data in transit. Whether employees work on-site or remotely, their internet traffic is encrypted, safeguarding company data from threats, potential eavesdroppers, and cyberattacks.

Business VPN

With NordLayer, employees can securely connect to public Wi-Fi networks, such as those in cafes or airports, without the risk of data interception. The VPN shields their connection from potential threats commonly associated with public networks.

Cloud VPN

As businesses increasingly utilize cloud services, NordLayer ensures that access to these resources remains restricted and secure. Whether it’s cloud storage, SaaS applications, or other cloud-based resources, NordLayer’s protective layer ensures seamless and straightforward integration that reduces the risk of data breaches.

Network & resources access management

Companies face the challenge of managing diversified and global teams while embracing a hybrid work model without compromising security. NordLayer, rooted in the Zero Trust model, presents an innovative solution to network and resources access management.

Remote access VPN

A remote access VPN ensures secure connections to company resources, whether in-office or remotely. It encrypts user traffic, safeguarding data from unauthorized interception. With NordLayer, businesses can create dedicated gateways for encrypted access to their network, balancing data availability and security for all workers.

Identity and access management

NordLayer’s Zero Trust approach ensures that only verified users with the right permissions can access specific network resources. This model operates on a trust-no-one-verify-all principle, incorporating strict security measures like 2FA, MFA, SSO, and biometrics to ensure airtight user validation before granting access.

Secure Remote Access

Designed for modern, distributed workforces, NordLayer’s Secure Remote Access application allows teams to connect to company resources from any location. This feature enhances flexibility and maintains a high level of security, ensuring that remote connections are as secure as on-premise ones.

Network segmentation

NordLayer provides organizations with the ability to segment their network through private gateways. This segmentation permits organizations to allocate specific resource access to certain user groups, ensuring that sensitive sections of the network remain insulated and accessible only to those who require it.

Achieving compliance

As regulations intensify and cyber threats amplify, achieving compliance has never been more critical. With staggering statistics revealing the vulnerability of many enterprises, investing in robust cybersecurity mechanisms like NordLayer is essential.

Remote access VPN

NordLayer ensures that connections and all data transfers are encrypted, safeguarding sensitive information from unauthorized access. This is especially crucial for organizations subject to regulations like HIPAA and GDPR, which emphasize the importance of data confidentiality.

NAC and monitoring

NordLayer enforces rigorous access controls, such as single sign-on (SSO), biometrics, and two-factor authentication (2FA). Additionally, it offers 24/7 network activity monitoring, allowing organizations to track secured connections, detect anomalies, and promptly address potential security incidents.

Network segmentation

By implementing network segmentation, NordLayer allows businesses to allocate resource access using private gateways. This heightens overall network security and restricts movement within the network, limiting potential damage from cyber breaches. Such segmentation is essential for compliance with standards that mandate limited and controlled access to specific data sets.

How NordLayer can address your business needs

We cannot emphasize enough how NordLayer outgrew being a simple business VPN and started offering beyond-reaching functionalities. Features we develop unlock a number of different possibilities to secure businesses in many ways:

  • Protect traveling employees & secure access through public Wi-Fi.

  • Prevent access to malicious websites while browsing the internet.

  • Access geo-specific content needed for quality assurance or remote customer support.

  • Ensure IP address masking.

  • Monitor VPN usage in the organization and generate reports.

  • Ensure that employees are connected to a VPN at all times.

  • Allowlist specific cloud tools with fixed IP addresses.

  • Segment network access to hybrid-cloud resources by teams.

  • Restrict access to content categories or specific apps, ports, and protocols.

  • Monitor and restrict non-compliant devices in the organization’s network by predefined security rules.

  • Establish a connection between remote devices and a remote connection to on-site networks.

  • Provide access to company resources on a browser level only.

Looking forward to innovation and growth

Looking towards the future, our primary objective remains the same: ensuring our customers enjoy uninterrupted growth fortified by robust network security. We recognize the evolving dynamics of modern workplaces and are committed to enabling every way of working.

Donatas quote 2 1400x635

To achieve this, we’re looking closely into the SSE framework by developing and providing ZTNA, FWaaS, and SWG features. These advanced models allow us to offer a seamless, stress-free security environment, ensuring that our clients can focus on their core operations, confident in the knowledge that their network remains impervious to threats.

Where NordLayer is today, and its direction forward, gives us the confidence to offer our clients a stress-free and user-friendly network access security solution. A product that enables businesses to achieve the best results, improve productivity, and take their technological posture to another level.

For us, it’s all about fulfilling our goals to deliver an effective, secure, and genuine cybersecurity tool for modern companies. If you want to learn more about security solutions, contact our sales team.

In this episode, we dive into: 

  • ChatGPT’s evil twin WormGPT

  • The Federal Trade Commission (FTC) investigation into OpenAI data leak and ChatGPT’s inaccuracy

  • A new 4-day rule for disclosing cyberattacks set by the US Securities and Exchange Commission (SEC)

Watch Cyberview here 

ChatGPT’s evil twin WormGPT

The new tool, WormGPT, is advertised on underground forums as a blackhat alternative to ChatGPT for launching phishing and business email compromise (BEC) attacks. Although, ChatGPT’s natural language abilities can already help hackers write convincing emails, resulting in the obvious signs of malicious emails disappearing.

Tools like ChatGPT and Google’s Bard have some safeguards in place that try to ensure that AI-generated content does not cause harm. However, WormGPT is specifically designed to be fully unrestricted and facilitate criminal activities, so it raises even more questions about the ethical limits of AI.

FTC investigates OpenAI over data leak and ChatGPT’s inaccuracy

Has ChatGPT broken consumer protection laws by risking personal reputations and data? The FTC has opened an investigation into OpenAI, requiring details on how OpenAI gathers and protects data and vets information.

The FTC wants to know how information was used to train its model and how it prevents false claims from being shown to users. Additionally, they are interested in how APIs connect to OpenAI’s systems and how user data is protected, all while the FTC issued multiple warnings that existing consumer protection laws apply to AI.

The 4-day deadline for public companies to report breaches

US companies hit by cyberattacks will face a 4-day deadline for publicly disclosing hacks, under new rules approved by the US Securities and Exchange Commission (SEC). There are mixed feelings about this new requirement. On the one hand, it is praised for encouraging transparency about cybersecurity breaches, as they are considered as important to investors as any other significant operational disruption.

On the other hand, the new rule is being labeled as a controversially short deadline that may not allow companies enough time to put an action plan in place or fix vulnerabilities. Although regulations state that if the SEC is informed in writing of a national security or public safety risk, a delay in breach disclosure of up to 60 days is allowed.

Stay tuned for the next episode of Cyberview.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

ChatGPT and secure coding: The good, the bad, and the dangerous

In the digital landscape, ChatGPT’s influence is hard to ignore. With a monthly user base exceeding 100 million, people rely on OpenAI’s chatbot for tasks ranging from casual chats to educational resources, content generation, and even coding support.

At Nord Security, we’re particularly intrigued by its coding capabilities. Can ChatGPT really produce secure code that withstands today’s advanced cyber threats? To find out, our security expert, Astrid Bytes (name changed for security reasons), put it to the test. Dive into this blog to discover her experiment and key findings.

Research 

92% of US developers state that they use AI tools like ChatGPT to boost productivity across a variety of programming tasks. One of them might be a login in form, which, at first glance, can look like a simple task. But “simple” can be deceptive. The safe handling of user credentials is critical. One mistake here could result in GDPR violations and hefty fines.

With this in mind, Astrid initiated a code-writing simulation using ChatGPT-3.5. She tasked the AI to generate database check-in code in PHP. What she didn’t do, however, was specifically ask the AI chatbot to create secure code or include certain security features.

You have a login form with a username and password. Please write a code snippet in PHP to check in the database whether the credentials match.

PHP code snipet with enlarged code vulnerabilities

 

The code generated showcased clear vulnerabilities:

  • It’s prone to SQL injection attacks;

  • It allows username enumeration;

  • It hardcodes credentials directly in the code.

Firstly, the susceptibility to SQL injection attacks is caused by the $username variable being directly plugged into the SQL query string, lacking a properly prepared statement with parameter binding. It might be assumed that the sanitize_input function could thwart SQL injections. However, the PHP functions – trim, stripslashes, and htmlspecialchars – aren’t tailored to prevent such injections and can even be detrimental when used for this purpose.

A security expert asked ChatGPT to improve the code so that it is not vulnerable to SQL injection attacks.

1

// Prepare the SQL statement using a parameterized query

2

$stmt = $conn->prepare(“SELECT * FROM users WHERE username = ? LIMIT 1”);

3

$stmt->bind_param(“s”, $username);

4

 

5

// Execute the prepared statement

6

$stmt->execute();

7

 

8

// Get the result from the executed statement

9

$result = $stmt->get_result();
 

The second flaw was user enumeration. The AI code suggested displaying “Invalid password!” for failed logins, a security misstep. Such messages give attackers hints, easing their job of guessing valid usernames. A better practice is to keep things vague with messages like “Invalid username or password”, keeping attackers in the dark about which part failed. Astrid subsequently called for the removal of user enumeration in the code.

1

// Password doesn’t match

2

echo “Invalid username or password!”;

3

}

4

} else {

5

// Delay the response for a short random period (to prevent timing attacks)

6

usleep(rand(100000, 500000)); // Random delay between 0.1s and 0.5s

7

// Generic error message to prevent username enumeration

8

echo “Invalid username or password!”;

9

}
 

The last red flag – hardcoded credentials. Attackers who access the source code could exploit these to compromise the system or steal sensitive information. To fix this issue, the AI chatbot suggests using environment variables or configuration files to store database credentials.

The experiment didn’t end there. Astrid Bytes delved deeper, giving the same task to ChatGPT in other widely used programming languages:

“I was experimenting with 5 different programming languages, including PHP, Java, Rust, JSON, and C, but didn’t notice any significant differences when it came to more secure code,” she reported.

Java code snipet with enlarged code vulnerabilities

 

The Java test mirrored PHP results, revealing code vulnerabilities. Moreover, each time a flaw was patched, a new one emerged.

The Java check-in code and its subsequent iterations suffered from various issues:

  • Vulnerability to SQL injections;

  • Hardcoded credentials in connection strings;

  • Storing passwords as plain text or hashing with the SHA-256 algorithm;

  • Weak exception handling;

  • Exposure to cross-site scripting (XSS) attacks;

  • Unsolicited code that included information not tailored to specific requests or needs.

Astrid also evaluated ChatGPT-4’s secure coding capabilities. She found it slightly more robust than its 3.5 predecessor. However, an expert’s oversight was still needed to correct flaws in the code.

Interestingly, ChatGPT displayed enhanced proficiency when “writing a code in development frameworks compared to vanilla versions of programming languages.” This observation aligns with the fact that certain development frameworks provide integrated solutions to tackle specific security vulnerabilities. Nonetheless, it’s crucial to understand that these frameworks, while helpful, are not foolproof – developers can still produce insecure code within them.

Key takeaways

This test revealed that, while ChatGPT does a great job in engaging in human-like conversation, it doesn’t perform so well in producing secure code. Astrid Bytes classified her findings into the good, the bad, and the dangerous.

The good

  • ChatGPT serves as an excellent coding assistant, boosting productivity and helping with quick algorithm implementations. A study from the National Bureau of Economic Research attests that generative AIs like ChatGPT can enhance workforce productivity by roughly 14%.

  • It can generate code in a multitude of programming languages.

  • ChatGPT-4 generally outperforms ChatGPT-3.5, though expert review remains essential for spotting vulnerabilities.

  • Considering secure coding, the chatbot performs better within modern development frameworks than in standard programming languages.

  • ChatGPT can recognize code issues, detailing their exploitability and suggesting remediation steps. However, this feature is effective only if the user actively seeks such insights.

The bad

  • ChatGPT has a limited response size and cuts corners when focusing only on functional requirements, skipping security considerations. So, you won’t always get the right code on the first try.

The dangerous

  • Code output falls below minimum security standards. Astrid Bytes noted that this issue stems from ChatGPT’s training data: “It’s trained on old data (until September 2021) and isn’t updated on new vulnerabilities and attack types. Plus, ChatGPT has been trained on large amounts of data and coding examples found on the web. The truth is that not all of them are written securely. There is a lot of bad code on the web.”

  • Inadequate code security is language-agnostic. As Astrid asserts, “I was experimenting with 5 different programming languages, but did not notice any significant differences when it came to more secure code.”

  • Secure code only if asked. According to our security expert, “It’s focussed on generating code based on functional requirements (your request to write code that solves a particular task) while security and other non-functional requirements are not always taken into consideration – unless you specifically ask for it.”

  • Requests to fix code vulnerability might lead to a code mutation. As she observed, “While fixing one place, it made changes in another part of the code which was previously secure or even rewritten the code by using a different framework compared to what was originally requested.”

  • Some of ChatGPT’s answers provided were incorrect. Astrid Bytes noticed that ChatGPT sometimes returned code snippets that included extraneous or incorrect information. This inconsistency underscores a recent Purdue University study, which revealed that ChatGPT answered only 48% of software engineering questions accurately.

Conversation on ChatGPT

 

Can ChatGPT be used for coding?

Astrid highlights that ChatGPT should be viewed only as a supporting tool for code writing. Whether you’re using an older or newer version, or even if you prompt it to adhere to secure coding standards, human touch and expert oversight remain indispensable.

“You have to understand that ChatGPT isn’t a security toll. It’s trained on old data and unaware of the latest vulnerabilities and attack vectors. So, it might suggest vulnerable libraries or insecure configurations,” Astrid notes.

Further, the research underscores its significant error rate when addressing coding queries. Such inaccuracies, combined with cybersecurity concerns, have led global giants like Apple, Samsung, and even the coding Q&A hub Stack Overflow to restrict its use.

So, if you decide to use an AI chatbot for coding:

  • Get to know your AI assistant. Whether it’s ChatGPT or any other tool, it’s important to know its limitations.

  • Take security seriously. It might not be such a big deal for single-use scripts that you won’t need tomorrow, but it makes a big difference for production code.

  • Only ask to generate the code in a programming language you’re familiar with. The more knowledge you have on programming language and secure coding practices, the easier it is to spot vulnerabilities in generated code.

  • Use SAST tools to help you evaluate the findings. However, they can generate false positives as well as false negatives. Therefore, any AI-generated code should undergo a manual code review as well.

  • And finally – trust no one. Not even ChatGPT.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

BullWall Server Intrusion Protection Brings MFA Behind the Firewall To Protect Servers and Thwart Breach Attempts

Protects RDP Sessions – The Entry Point for 50% of All Ransomware Deployments — With MFA That Detects and Prevents Unauthorized Users and Halts Breach Progression, Strengthens Cybersecurity Insurance Eligibility

VEJLE, Denmark & WILMINGTON, Del., September 7, 2023BullWall, the global leader in ransomware protection for critical infrastructure, today introduced BullWall Server Intrusion Protection to protect servers from unauthorized access resulting from the use of compromised credentials during Remote Desktop Protocol (RDP) sessions. By placing BullWall’s multi-factor authentication (MFA) between the server and any unauthorized users, organizations are protected from bad actors who may have gained entry to the network, preventing the deployment of ransomware.

BullWall Server Intrusion Protection prevents RDP session hijacking and impedes breach progression to prevent the deployment of ransomware. When an illegitimate session is detected, BullWall blocks any compromised clients and servers, and immediately issues the necessary alerts.  It’s an important new weapon in the ongoing battle against the use of stolen or compromised credentials, one of the most impactful areas of cybersecurity vulnerability for most organizations. With the surge in remote and hybrid work environments, Remote Desktop Protocol (RDP) is the entry point in nearly 50% of all ransomware attacks.

BullWall Server Intrusion Protection works together with BullWall Ransomware Containment (formerly BullWall RansomCare) to prevent and contain ransomware, protecting the organization’s most important, targeted digital assets against cyberattacks – a singularly important safeguard that can substantially impact cybersecurity insurance eligibility and terms for many organizations.

Jan Lovmand, BullWall Co-Founder and CTO, said: “Remote Desktop Protocol is the single most exploited initial attack vector, and the entry point for fully half of all ransomware attacks. We’re really excited to introduce BullWall Server Intrusion Protection to shut down RDP session-level attacks, closing a door that’s otherwise too easily opened. Together with our Ransomware Containment solution, BullWall offers organizations the strongest defense against ransomware available on the market today.”

Morten Gammelgard, BullWall Co-Founder and EVP of EMEA, shared “One of the biggest stumbling blocks to obtaining cyber insurance is the requirement for MFA on servers in addition to endpoints, for every login attempt. BullWall Server Intrusion Protection provides a game-changing MFA solution for server access that doesn’t require a second device. We’re thrilled to offer a solution that increases security, reduces user friction and stops today’s most common attack vector.”

Most security-minded organizations now have MFA in place as single logon – which proves futile against a threat actor logging into a server via RDP and then moving from there to other servers. BullWall Server Intrusion Protection blocks every step of such attacks, and demonstrates the highest levels of compliance and reporting. 

To learn more about BullWall Server Intrusion Detection, please visit here.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Bullwall
BullWall is a fast-growing international cybersecurity solution provider with a dedicated focus on protecting critical data during active ransomware attacks. We are the only security solution able to contain both known and unknown ransomware variants in seconds, preventing encryption and exfiltration across all data storage types.

23.9.2 ‘Voyager’ released

Changes compared to 23.9.1 

Enhancements

  • Updated language translations
  • Improved Comet Server behavior when it fails to start due to license issues. It now starts successfully with limited functionality and displays an error message indicating how to identify the issue
  • Added logging of the reason the job started at the beginning of backup job logs
  • Added option to aggregate usage by Account Name for Gradient PSA integration
  • Added automatic cancellation of running jobs using a Storage Vault when that Storage Vault is deleted
  • Improved the appearance of the “About” window in the Comet Server Service Manager

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Comet
We are a team of dedicated professionals committed to developing reliable and secure backup solutions for MSP’s, Businesses and IT professionals. With over 10 years of experience in the industry, we understand the importance of having a reliable backup solution in place to protect your valuable data. That’s why we’ve developed a comprehensive suite of backup solutions that are easy to use, scalable and highly secure.

Navigating the complexities of third-party remote access

No modern digital business is totally independent. Cloud computing and ever-changing IT technology force organizations to rely on third parties. And most digital companies cannot exist without a community of trusted partners

Companies look to third-party vendors when sourcing the latest applications and infrastructure. Third-party service providers support cloud deployments. External partners cut administration costs. And they even secure company networks. However, third-party remote access brings problems as well as benefits.

Partners need to access your corporate network. And external access brings security risks. Companies can control how their employees use network assets. Yet, enforcing the same standards for workers at third parties is not easy.

This article will explain how to secure third-party access. We will explore how businesses can create secure platforms with robust access controls. And we will help you navigate the design process to ensure seamless and safe third-party relationships.

What is third-party remote access?

Third-party remote access enables secure remote access for users not directly employed by the network owner. Third-party network users come in various forms.

Click to tweet

  • Contractors provide specific services on a contractual basis. Companies bring in contractors as needed to maintain systems, audit security controls, or fill gaps in their workforce. These individuals may work on-site. But they could also be remote contractors.

  • Vendors supply companies with applications needed to create professional environments. They sell cloud infrastructure and storage space. And they provide hardware to engineer physical networks. Vendors are almost always based off-site and may have minimal contact with clients. But they often need network access to provide services.

Securing third-party connections requires comprehensive risk management strategies. Companies should never allow unrestricted network access for vendors or service providers, regardless of how trusted they are.

Third parties dramatically increase the attack surface of corporate networks. For example, risks associated with external partners include:

Insider threats

Employees at third-party organizations may use legitimate credentials to breach networks. They can steal confidential data, implant malware, or compromise system integrity.

Malware attacks

Any remote connection can become a gateway for a ransomware attack. Companies must monitor every access request and ensure that firewalls cover third parties.

System failure

Companies rely on third parties to support everyday operations. When these services fail, they can compromise client networks.

Regulatory risks

Regulations include strict rules about using third-party providers. A data breach due to poor third-party security can lead to regulatory penalties and reputational damage.

The growing need for external network access

Third parties are a crucial part of the modern business landscape. Few organizations own and operate their network infrastructure. Even fewer develop apps in-house. Using third parties is a business necessity. Cloud service providers are filling that need.

Companies worldwide depend on cloud hosting for data storage and employee collaboration. The public cloud computing market has expanded rapidly from $145 billion in 2017 to almost $600 billion in 2023. And there are plenty of reasons for this shift.

Cloud services make managing workflows cheaper and leaner. Third parties allow companies to switch from legacy apps to flexible cloud tools hosted off-site. Local data centers are unnecessary. Maintenance costs fall as companies become less reliant on physical network infrastructure.

Digital transformations also enable companies to serve their customers more efficiently. For example, merchants use third-party technology to create seamless digital purchasing systems. Or they may use a 3D modeling vendor to deliver augmented reality experiences.

The rush to cloud-hosted services is impossible without remote access for third parties. External partners routinely access client assets to support corporate accounting. Or they might deliver customized eCommerce APIs.

This reliance is not unusual. However, without robust security solutions, third parties represent a data breach risk. Securing access for third parties is a critical security challenge.

Risk management in vendor network entry

Organizations need solid strategies to handle third-party risks. Companies managing remote access for third-parties risks must focus on hazard control and mitigating threats.

Hazard control

Security teams identify the risks linked to each vendor. A typical example is data breaches caused by insider attacks. Risk assessors might identify a risk of credential theft due to poor security practices. Alternatively they might decide that third-party API risks like code injection are more significant.

The consequences of third-party services failing is another critical example. Not every vendor poses an operational risk. However, security planners must identify relevant operational risks.

Threat mitigation

After identifying and classifying risks, security teams apply controls or policies to mitigate those risks. Controls must manage third-party access efficiently. They should also protect data against bad actors. Finding the right balance is challenging.

Companies must create and test incident recovery strategies. Recovery plans should mitigate operational risks from third-party failures. Auditing processes constantly test vendor security. Audits identify new risks before they compromise network security.

Secure your infrastructure: the role of network access control

Access control is the most crucial risk mitigation system when handling third-party hazards. Access controls lock down the network edge. They filter third-party access requests. And they enforce authentication and authorization policies.

Properly designed access control systems allow third parties enough access to carry out core duties. However, they limit network access beyond the assets required to carry out those duties.

Access controls vary depending on the organization involved and the type of third party. But they tend to have similar core components. These components include:

Entry regulation or authentication

Authentication systems demand a third-party vendor’s credentials for each access request. For instance, multi-factor authentication (MFA) demands more than one unique identifier for each user. Authentication combines with firewalls and allowlisting. These tools filter unknown users, adding another defensive line to the network edge.

Permission management

Access management systems assign each third-party vendor the permissions needed to execute their duties. Users cannot access network assets outside the scope of the access policy. Tightly defined privileges limit east-west movement inside the network.

Authorization control

Controls track vendor activity. They determine whether third parties can access network objects. Systems collect data about user access requests and the activities of every third-party vendor. This data is stored in a standardized format, enabling access during management audits.

The three components listed above work in combination. They assess third parties before allowing access. Security systems screen malicious threats and block cyber-attacks at the network edge.

How can you ensure secure network access for third parties?

Organizations need to work with third parties. There is no alternative in a cloud-dominated business landscape. The question is how to create secure network access for every vendor.

The answer lies in a mixture of security technologies and administrative measures. On the security side, essential controls include:

  • IP address allowlisting — enforces lists of approved identities. Filters check IP information when users make connection requests. Users can create grouped filters for approved vendors. You can easily add new contractors and automate the removal of third parties when vendor partnerships end.

  • Network Access Control (NAC) – NAC enforces security policies to admit or exclude network users. Controls check device health and user location. And they can check IP address data and user credentials. Network segmentation also falls under NAC. Users who comply with pre-set conditions can access the network environment.

  • Identity and Access Management (IAM) – Access management systems grant users role-based privileges. Security teams can define resources available for each identity. They can use filters to block all other network assets. When third-party security breaches occur, intruders will have limited scope to access data and apps.

  • Access Keys – These tools allow safe access to cloud platforms like Amazon Web Services. When partners log on, they use a unique access key. Network managers do not need to share their AWS or Google credentials. This reduces the chance of allowing unauthorized access to general network assets.

  • Data Loss Prevention (DLP) – DLP protects sensitive data against unauthorized third-party access. DLP enforces data security policies. It tracks data movements and prevents data extraction without appropriate credentials.

  • Firewalls – Firewalls filter incoming and outgoing traffic. They work alongside IP allowlisting, preventing unauthorized access. You can segment data environments and apply cloud-native firewalls around financial or customer information.

Organizations must also implement administrative safeguards to handle third-party risks.

  • Vendor risk assessments – Companies should carry out risk assessments before commissioning third-party services. IT teams should check the compliance record of potential partners. They should verify that third parties take security seriously.

  • Contract management – Contracts should include clauses related to cybersecurity and data protection. Agreements should state the security responsibilities of the third party. Companies should monitor contracts constantly to detect any policy breaches.

  • Security policy management – Security policies should cover third-party access risks. Comprehensive policies should guide the behavior of third parties. Regularly audit these policies to ensure their effectiveness.

Best practices for 3rd party access control

Companies must secure every third-party connection. If not, data breaches and regulatory penalties will result. However, securing third-party access is complex. And organizations routinely work with hundreds of external partners. So, simplifying the security challenge is critical.

With the correct steps, you can control access safely. And you can do so without compromising the efficiency of vendor-supplied solutions. These best practices will help you achieve complete security.

1. Implement strict access controls

Treat all third-party connections as a potential risk. Assess what resources the third-party needs to carry out their role. Only allow access to those resources. Use Access Management solutions, firewalls, and allowlisting to block everything else.

2. Risk assess all vendors and contractors

Carry out a risk assessment before installing third-party tools or onboarding contractors. Determine how third parties could compromise data and applications. Put in place risk control measures to mitigate those risks.

3. Create secure zones with network segmentation

Some third-party solutions create significant risks but still have a business benefit. In these cases, it makes sense to use network segmentation.

Segmentation creates safe zones guarded by cloud firewalls and access controls. Safe zones act like a containment strategy, protecting the rest of the network.

4. Proactively monitor third-party connections

Continuously monitor third-party connections to detect suspicious behavior or potential cyber-attacks. Use threat detection tools to detect malware or unusual access patterns. But don’t avoid being reactive. Employ proactive NAC tools that block third parties that fail to meet security conditions.

5. Write clear security policies for vendors and internal staff

Provide all third parties with security policies during the onboarding process. Policies should explain the partner’s security responsibilities and penalties for policy breaches. They should detail user permissions and access requirements. They should also document data protection rules.

Security policies should also cover internal employees. Explain how to access third-party network assets securely. And provide training to reinforce safe data handling processes.

6. Provide secure connection tools

Provide secure VPN access for third parties. VPNs encrypt connections and anonymize IP addresses. Secure gateways operate access policies for each third party. Encrypted tunnels separate third-party traffic from the wider internet. Business network managers can control each remote connection.

7. Audit third-party access to ensure security

Regularly audit third-party access. Audits should check that access controls are functioning as designed. Check that third-party privileges are appropriate and that segmentation protects critical data. And routinely check for third-party suppliers that have escaped security controls.

Conclusion: make third-party access secure and smooth

Working with third parties is an unavoidable aspect of modern business. Reliance on third parties is never risk-free. But secure vendor onboarding is always possible. You just need the right tools and security expertise.

NordLayer’s access solutions can secure every third-party vendor relationship.

  • IP Allowlisting admits trusted identities and excludes unknown users.

  • NAC tools assess users at the network edge. Only approved devices and identities can enter the network perimeter.

  • Secure gateways create encrypted tunnels for remote third-party connections.

  • Network segmentation systems implement role-based permissions. Authorized partners can access the resources they need. But everything else remains out of their scope.

  • Enhanced identity verification allows to check a user’s identity with identity management features like MFA and biometrics.

Securing third-party access can be confusing. But NordLayer’s secure access controls help you neutralize critical risks. Get in touch with the NordLayer team today. We’ll find a solution that works for you and your external partners.

In this episode, we dive into: 

  • ChatGPT’s evil twin WormGPT

  • The Federal Trade Commission (FTC) investigation into OpenAI data leak and ChatGPT’s inaccuracy

  • A new 4-day rule for disclosing cyberattacks set by the US Securities and Exchange Commission (SEC)

Watch Cyberview here 

ChatGPT’s evil twin WormGPT

The new tool, WormGPT, is advertised on underground forums as a blackhat alternative to ChatGPT for launching phishing and business email compromise (BEC) attacks. Although, ChatGPT’s natural language abilities can already help hackers write convincing emails, resulting in the obvious signs of malicious emails disappearing.

Tools like ChatGPT and Google’s Bard have some safeguards in place that try to ensure that AI-generated content does not cause harm. However, WormGPT is specifically designed to be fully unrestricted and facilitate criminal activities, so it raises even more questions about the ethical limits of AI.

FTC investigates OpenAI over data leak and ChatGPT’s inaccuracy

Has ChatGPT broken consumer protection laws by risking personal reputations and data? The FTC has opened an investigation into OpenAI, requiring details on how OpenAI gathers and protects data and vets information.

The FTC wants to know how information was used to train its model and how it prevents false claims from being shown to users. Additionally, they are interested in how APIs connect to OpenAI’s systems and how user data is protected, all while the FTC issued multiple warnings that existing consumer protection laws apply to AI.

The 4-day deadline for public companies to report breaches

US companies hit by cyberattacks will face a 4-day deadline for publicly disclosing hacks, under new rules approved by the US Securities and Exchange Commission (SEC). There are mixed feelings about this new requirement. On the one hand, it is praised for encouraging transparency about cybersecurity breaches, as they are considered as important to investors as any other significant operational disruption.

On the other hand, the new rule is being labeled as a controversially short deadline that may not allow companies enough time to put an action plan in place or fix vulnerabilities. Although regulations state that if the SEC is informed in writing of a national security or public safety risk, a delay in breach disclosure of up to 60 days is allowed.

Stay tuned for the next episode of Cyberview.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×