All Hail, SASE!

SASE, pronounced “sassy”, stands for Secure Access Service Edge. It is a cloud-based network security model and category, proposed by Gartner in 2019. This model includes the network security solutions in a global and cloud-native service that allows IT teams to easily connect and secure all of their organization’s networks and users in an agile, cost-effective, and scalable way. This is especially useful in the currently globally dispersed digital enterprise.

According to Gartner’s analysis, SASE can be characterized as an identity-driven, cloud-native, globally distributed technology that supports and impacts all enterprise edges and IT domains. For example, this would include a branch office in LA along with the main HQ in London, while traveling/mobile team members can connect on the go.

SASE addresses the numerous problems with traditional network security methods, many of which are rooted in the idea that network security architectures should be placed at the center of connectivity in the HQ or data center, where typically branch locations are more vulnerable to attack.

The Fundamentals of Secure Access Service Edge

According to Gartner, cloud-centric digital business, users, devices, and the networked capabilities they require secure access to are everywhere, and what security and risk professionals in a digital enterprise needs is a worldwide fabric/mesh of network and network security capabilities that can be applied when and where to connect entities to the networked capabilities they need access to.

Implementing a SASE architecture would benefit enterprises by providing:

• Lower costs and complexity – Network Security as a Service should come from a single vendor. Consolidating vendors and technology stacks should reduce cost and complexity.
• Agility – Enable new digital business scenarios (apps, services, APIs), and data shareable to partners and contractors with less risk exposure.
• Better performance/latency – latency-optimized routing.
• Ease of use/transparency – Fewer agents per device; less agent and app bloat; consistent applicate experience anywhere, any device. Less operational overhead by updating for new threats and policies without new HW or SW; quicker adoption of new capabilities.
• Enable ZTNA – Network access based on identity of user, device, application – not IP address or physical location for seamless protection on and off the network; end-to-end encryption. Extended to endpoint with public Wi-Fi protection by tunneling to the nearest Point of Presence (POP).
• More effective network and network security staff – Shift to strategic projects like mapping business, regulatory, and application access requirements to SASE capabilities.
• Centralized policy with local enforcement – Cloud-based centralized management with distributed enforcement and decision making.

SASE & Network Access Control

In essence, SASE converges the functions of network and security solutions into a single, unified cloud service. This marks an architectural transformation within the realm of enterprise networking and security, and it means that IT teams can now deliver a holistic and flexible service to their businesses.

The logical next step in the evolution of network security is for organizations to be able to leverage a NAC solution that’s delivered as a cloud service. This eliminates the need for costly on-site appliances and on-going maintenance. Now, all that’s needed to control network access at branches and the headquarters alike, is an internet connection.

New Jersey-based Schuman Cheese has a long, storied history of delivering world-class cheese products to the U.S. market. Operating across several facilities in New Jersey, Illinois, Wisconsin and California, the company maintains a workforce of more than 400, with revenues topping $500 million annually.

A Deep Dive with Portnox CORE

About four years ago, Schuman Cheese went out in search of a network access control (NAC) solution to help the company manage network access across its many wired ports. Lead by IT Infrastructure Administrator, Andrew Sayegh, Schuman Cheese came across Portnox CORE while conducting research online, and determined the platform was worth pursuing. “We initially had a demo, then did a proof of concept, which was very easy to get up and running,” Sayegh went on to say. “We found that the visibility that Portnox CORE gave us for each port in use across the company was unparalleled. We really loved the platform off the bat.”

We found that the visibility that Portnox CORE gave us for each port in use across the company was unparalleled. We really loved the platform off the bat. – Andrew Sayegh, IT Infrastructure Administrator @ Schuman Cheese

Assessing NAC Alternatives like Cisco ISE

Simultaneously, Sayegh and his team were investigating Cisco’s Identity Services Engine (ISE), a legacy onpremise NAC solution. “I had previous experience with ISE, but I still needed another engineer to help me configure and implement it. Had I done it alone, it would’ve taken me a full week or more to complete,” said Sayegh.

After some time using with ISE and comparing it to Portnox CORE, Sayegh and his team felt the choice was obvious. “If ISE ever went down, we wouldn’t know how to fix it on fly. We’d have to find a temporary solution to allow people to reconnect to WiFi and wired ports. It was just always a struggle, especially with over 200 people connecting to our wireless network everyday.”

Closing the WiFi Security Gap Where ISE Fell Short

More recently, years after selecting to deploy Portnox CORE across the company’s wired network, Sayegh and the Schuman Cheese IT security team set their sites on trying to rectify lingering access control issues related to ISE across its wireless network.

“We conducted a test of Portnox CLEAR – your cloud NAC service – for access control across our WiFi environment. It took literally ten minutes to set up with the help of Portnox’s support engineer,” Sayegh continued. “It was just so easy to use out of the gate.”

The Pandemic & Cloud Adoption

“Since we’re a food manufacturer, we still needed to have people in our facilities and warehouses on site during the pandemic. These folks would need to be able to connect to WiFi primarily,” said Sayegh. “The implementation of Portnox CLEAR for WiFi gave us much needed access control that was flexible and easy to enforce during this period of uncertainty.”

Despite the challenges posed by the pandemic, Sayegh and his team continued a campaign of cloud adoption when it came to new security tools – of which Portnox CLEAR fit in well. “We are making a real push to adopt cloud-based tools – that was a major factor in us bringing in CLEAR to support our access control policies across WiFi alongside CORE for wired,” Sayegh stated.

The hybrid use of CORE (on-premise) with CLEAR (cloud-delivered) for network access control has been exceptionally effective for Schuman Cheese, especially now as employees return to the office post-pandemic and increased wired network usage surges alongside continued WiFi reliance. Sayegh concluded: “It’s been very easy to work across both NAC solutions to enforce our network access control policies and keep the network secure.

Originally posted on People and Computers

“The combination of changing work patterns due to the coronavirus, with the increasing migration to cloud environments, creates a new and significant challenge for corporate information security managers,” said Ofer Amitai, one of the founders and CEO of Portnox, explaining how it can be answered at the identification stage.

“One day, a food supplier from abroad called me. One of the company’s employees, who was fired, connected to the organization’s operating systems, changed the temperature of the meat refrigerators and caused damage and loss of goods worth millions of dollars. That’s how they understood that more vital identification is needed on the network and contacted us, “Ofer Amitai, one of the founders and CEO of Portnox, told People and Computers.

“The coming period will be characterized by hybrid work. This format makes remote work an integral part of all workers’ activities, and those who have not yet dealt with a remote work method will do so today or tomorrow. It will enable regular work alongside the protection of the organization and its resources. The combination of changing work patterns due to the coronavirus, with the growing migration to cloud environments, creates a new and significant challenge for corporate information security managers, and is a winning combination for hackers,” continued Amitai.

What is the main challenge for information security managers?

“Above all the challenges facing the information security manager, there is a major challenge, and that is that he must understand who and what threats he is facing,” Amitai noted. “One of the most difficult challenges for the organization is the migration to the cloud – how the systems and data will be kept secure in this new environment on the one hand, and that all systems will work on the other. Israel is slightly behind cloud adoption compared to the US market. It will be like the main headquarters so that one day everything will be connected to the cloud, and the services will be consumed from it, without the need to join the offices to the branch. ”

He added that “when setting up secure access control to the corporate network, make sure that application-level privileges are managed – whether via remote connection (VPN) or user management (VDI), which allows remote, virtual access to the desktop. Connection security must also be ensured via MFA – multi-step authentication of the user. Then the end station must be handled, including personal devices that employees bring from home. The goal is to maintain a consistent level of information security, regardless of the identity of the end device.”

A significant promise – but also risky

Portnox was established in 2007 to help organizations protect their corporate networks through the use of technology that allows them to see all devices connected to the network and to perform preventative and corrective actions that defend it from risk-prone devices. “This is a technology that makes life easier for information security managers in their day-to-day work,” Amitai explained.

“When someone accesses the network – via a remote, local connection or cable – Portnox knows how to make a strong identification of the device and the user. We do not manage the end component, but its risks,” said Amitai. “Our product in the cloud, Portnox CLEAR, enables organizations to protect the enterprise network via the cloud. The solution complements the security layer for VPN and VDI solutions. Through continuous risk monitoring capabilities on end stations and devices, information security principles are maintained and enforced – regardless of physical location. The end station, whether inside or outside the organization, and owned by it, or whether it belongs to the company or the employee, thus, all stations become secure and authenticated devices, which comply with the organizational security policy – all through enforcement, by the policy definition The organization, which changes according to its needs. ”

In conclusion, Amitai stated that “all the trends in the market bring with them a great promise – but also risks. They expose organizations to more hacks into their network, which makes them look for security solutions like ours – smart, easy to manage, and those who make sure the corporate network is secure. We have a wide range of enterprise and SMB clients who come from many sectors, including the medical, banking, and high-tech sectors. In the past year, we have experienced a 30% increase in revenue, and I estimate that the growth trend, which continues this year, will continue in 2022.”

This kind of digital extortion – increasingly viewed as terrorism – would be impossible without the ability to move money around anonymously

Last month, a cybercriminal group penetrated the Colonial Pipeline. This wasn’t just “another” hack, with privacy consequences and threats on personal information. The severe results were shown instantly. Gas supply to millions of Americans was disrupted leading to a spike in gas prices and panic buying causing local fuel shortages in the southeast, and resurfacing old memories of the infamous gas crisis in the US in the late 1970s.

It becomes evident, and not for the first time, that ransomware has the potential to affect the personal lives of innocent citizens tremendously. The problem is worsening by the day as groups improve their ransomware code and collect easy money.

The US authorities responded – a national cyber investigative task force was formed and last night, DOJ told Reuters that US authorities will “give ransomware hacks similar priority as terrorism”. This begs the question, however: will it be possible to stop ransom hacks without treating its originator?

The fact is we’re not looking at this problem holistically. There is one factor making this problem possible, and systemic: cryptocurrency. Ransomware hacks thrive due to the possibility to transfer cryptocurrency easily, rapidly and without leaving traces. The criminals are not required to deal with complex transfers. Gone are the days where hostage-takers demand one million dollars in small-unranked-paper-bills, with a jet on the runway ready to take them to some foreign land where there’s no extradition agreement. All they need is a Bitcoin address, Monero, or ZCash, and a few command lines – and voila – the money lands safely at the hands of the criminals. It’s almost a sterile crime.

In fact, those money transfer machines enable the prosperity of a global crime industry, fueled by corporate extortion funds. For instance, in the case of the Colonial Pipeline, despite the involvement of the FBI and the law authorities, a five million dollar ransom was paid in order to free the systems. Some of the funds were recovered, in an unprecedented operation, and yet, the damage remained.

This is not pocket change. Each win – no matter how financially lucrative – builds on itself and gives these cybercriminals more confidence to fuel the next attack. For example, in dark web forums the phenomenon of “ransomware hack as a service” is gaining popularity, and criminals are offering ransomware for rent. The thieves have become so contented, that they are allowing others to use their tools, while they’re resting safely as ordinary software vendors.

In order to stop terror, we have to stop its funding. However, when it comes to ransomware hacks there is still no internalization of the fact that strict limitations should be put on its primary funding source – cryptocurrencies. The promise for liberty and freedom from censorship made by theoreticians in this field are shattered daily, and instead of a paradise for innocent civilians, we’re left with the opposite – a utopia for criminals. In fact, untraceable cryptocurrencies are the swamp in which the disease of ransomware flourish.

This swamp must be dried up. If governments around the world seriously intend to stop the phenomenon of ransomware hacks, they have to put strict limitations on money transfers via crypto currencies. They must supervise cryptocurrencies the same way they do with cash, bank transfers, diamonds or weapons. Countries should demand users to expose their money sources and prevent them from doing major deals not conducted through the supervised international banking system.

Governments should also implement methods of tracking cryptocurrencies and sound the alarm when illegal activity is detected. If they cannot decide on or implement a system to administer this, governments should consider the unpopular step of complete prohibition of holding and trading cryptocurrency. Drying up of the funding sources for these attacks may be the only viable approach to stop their continued proliferation. If we do not take immediate action to dry those swamps, we will find ourselves in the near future too weak and too ill to recover.

Originally posted on Times of Israel