The Rise of Cloud Managed IT

Digital transformation is engulfing enterprise IT, with many legacy solutions migrating to the cloud. Paired with the Bring-Your-Own-Device (BYOD), Internet of Things (IoT), cloud adoption and mobile workforce trends, CISOs, network admins and IT teams are faced with new and complex challenges in securing their risk-based perimeter. As that perimeter extends off campus to remote environments, the need arises for convenient access that will encourage productivity and increase efficiency, while enforcing security policies and controlling exposure to emerging cyber threats.

Access Control Meets Cloud Managed IT

The Cisco Meraki and Portnox NAC-as-a-Service partnership helps enterprises realize the potential of cloud managed IT by providing complete visibility, control and management capabilities for network access. As enterprise begins to implement digital transformation, through BYOD, Internet of Things, the mobile workforce and cloud infrastructure, pervasive security tools are required to ensure that access is secured across the risk-based perimeter.

Together, Meraki and Portnox provide mid-market organizations and enterprises with the cloud and compliance infrastructure they need to embrace the benefits of digital transformation, while securing, controlling and appropriately managing access across all network endpoints.

Quick and easy deployment, low operational costs and flexible on-boarding of network endpoints makes the Meraki-Portnox collaboration an essential security tool for the innovative enterprise.

The Key Features of Our Joint Offering

• Enhanced Security: Secure access in all locations and at all times for wired, wireless, and VPN access. 802.1x provides top-notch user authentication, adding a layer of multi-factor authentication (MFA) to VPN.
• Full Visibility: Achieve full visibility into all network endpoints, from operating systems through to open ports and onto running applications. Carry out persistent posture assessments on devices and determine their level of access based on a machine learning devised risk score.
• Zero-Touch Deployment: Start controlling network access today with a pre-deployed and integrated environment including certification authority (CA), RADIUS, user databases and more.
• Complete Control Over Access: Discover all network endpoints and authorize access regardless of the endpoint’s credential validity to allow for gradual deployment of 802.1x access protection.
• Flexible On-Boarding: Add devices to wired/wireless networks based on a variety of pre-defined or unique parameters, as well as an option for secured persistent access for contractors and guests.
• Deep Dive into Devices: Gain context on the devices connecting to your network to better understand their level of risk including information on installed applications, services, certificates, users, open ports and user locations.
• Widen Switch Support: The joint solution supports 802.1X, certificate, domain and MAC authentication, as well as group-based dynamic VLAN assignments.
• Move from CAPEX to OPEX: Make the capital expenditure you continually invest in maintaining legacy security solutions operational expenditure that is investor based on level of need and degree of service use.
• Compliance Compatible: Easily implement compliance directives automate policy management and enforcement across the network.
• Stable and Secure Enterprise Grade Solution: With a highly available yet secured RADIUS Server, as well as agent support for all platforms, ensure business continuity no matter the circumstances.
• Support for MSP/MSSP Model: Service providers can easily manage their existing subscriptions together with Portnox, making the solution part of its repertoire of services, including rebranding options as needed.

Portnox-Meraki Use Cases

Portnox and Meraki’s joint offering is great news for network security, access and control. Here’s how the solutions work together, providing benefits that are made possible by joining forces:

• Persistent risk assessment of employee and contractor workstation to devise a network access control policy based on usage, location and a number of other endpoint characteristics.
• Perform risk assessments and provide access through a one-time password when accessing over the VPN.
• Simply control network segmentation based on VLAN assignment and Active Directory Groups.
• Certificate-based authentication across the entire enterprise – ideal for a multi-site environment.
• Allow for sponsored guest access, making it easier for guests and contractors to access what they need on the network, while controlling the method and scope of access permissions based on endpoint compliance and risk score.

 

About Cisco Meraki
Cisco Meraki is a cloud managed IT company that offers comprehensive solutions for organizations to manage all of their IT needs in one place. Meraki’s set of services include: wireless, switching, security, communications, EMM, security cameras and more, all managed through Meraki’s web-based dashboard interface. Meraki was founded in 2006 by Sanjit Bishwas, John Bicket and Hans Robertson and was acquired by Cisco in 2012.

Leading research firm Gartner has highlighted Identity Threat Detection and Response (ITDR) as one of the top cybersecurity trends of 2022, along with digital supply chain risk, attack surface expansion, and others. But what exactly is ITDR, and why is it important for organizations in 2022 and beyond?

What is Identity Threat Detection & Response?

In simple words, identity threat detection and response is a new security category focused on detecting credential theft, privilege misuse, unapproved entitlements, and other identity-related threats and vulnerabilities.

While other cybersecurity tools play a role in identity threat management, there’s been a marked rise in cybercriminals targeting identity and access management (IAM) infrastructure in recent years. As a result, Gartner felt creating this new category would help organizations sharpen their focus and be better positioned to access the best tools and practices to defend their identity systems. Or in other words, identity-based attacks have become such a common cybersecurity threat that a dedicated and laser-focused approach to combating them is needed.

The Case For ITDR

Today’s cyber threat landscape is more severe than ever before. With organizations rapidly shifting to remote working and public cloud adoption, the traditional network edge effectively no longer exists. This means companies must shift their security posture to focus on identities over devices.

At the same time, identity-based attacks are rising, and this trend shows no signs of slowing down in the foreseeable future. Today, cybercriminals increasingly bypass IAM by leveraging privileged access credentials. Then, they often move laterally across the networks, undetected. They also use this access to exfiltrate valuable data like employees’ and customers’ sensitive personal or financial information.

The security impact of stolen credentials on identity systems is immense. For example, one study found by Verizon that stolen credentials cause 61% of all data breaches1.

With the current state of the cyber threat landscape, cybersecurity experts are now recognizing that IAM and other related tools are not robust security. For example, Gartner argues that threat actors are “actively targeting access management (IAM) infrastructure,” so we need to develop new ways of protecting that infrastructure.

As for a high-profile case of identity compromise in action, look no further than the SolarWinds attack of 2020. SolarWinds is a leading software company that provides system management tools for network infrastructure and monitoring to companies worldwide. Hackers inserted malware into signed versions of SolarWinds’s software, which was then used to infiltrate an eye-watering 18,000 organizations. Essentially, SolarWinds’ Orion Platform created a backdoor through which the hackers could impersonate users and accounts of the targeted organizations. The malware also accessed system files and managed to blend in with legitimate activity without detection.

What Sets ITDR Apart?

A common question around ITDR is how it differs from other threat detection or identity management systems organizations already use today. Is it more of the same? The simple answer is no, but let’s dive a little further to discover why.

Existing identity protection tools like IAM, IGA, and PAM focus primarily on authorization and authentication, ensuring that the right people have access to the files and apps they need. In recent years, organizations have spent considerable effort improving these capabilities, adopting increasingly sophisticated software to manage identities and access with authentication.

In certain cases, IAM can pose a significant security risk when used in isolation – they can become a single point of failure if compromised. This is where ITDR comes in. ITDR is really about segregating these duties so that we can secure our IAM infrastructure and ensure that it’s working as intended.

And how does ITDR stack up against Endpoint Detection and Response (EDR)? EDR is a layered approach to endpoint protection that unites real-time continuous monitoring and endpoint data analytics with a rule-based automated response. EDR solutions work similarly to ITDR but ultimately focus on different things. Namely, EDR looks for attacks on endpoints, while ITDR looks for attacks on identities.

They also work differently once an attack has been identified. For example, when an EDR system detects an attack, it isolates the system to limit the hacker’s movement or shuts down the system to stop the hacker in their tracks. By contrast, ITDR systems often add an additional layer of security by providing fake data that acts as a decoy. These solutions can also limit lateral movement through the network.

However, it’s also true that ITDR solutions may vary depending on the provider. With this in mind, here are the features a solution should have to qualify as ITDR:

It should monitor and detect nefarious identity and privileges activity.

• It should detect identity-related misconfigurations, for example, Active Directory misconfigurations, that could lead to compromise. These misconfigurations could be intentional or unintentional, but both are equally damaging.
• It should investigate identity threats using contextual user information. The system should be able to detect if a user deviates from their typical activity, for example, accessing the system from an unusual location or downloading files they wouldn’t normally interact with.
• Following detection comes the response. We’ve already covered how ITDR responds to threats in action, but other responses would be removing excessive privileges (and moving towards Least Privilege) and investigating anomalies in privilege usage.

Final Thoughts

Identity security should be a top priority for organizations in today’s increasingly hostile cyber threat landscape. Effectively detecting and responding to identity-based threats is essential in a world where cybercriminals are continually bypassing authentication and authorization tools. ITDR plays a crucial role here in protecting our identity systems and keeping cyber criminals out. As a result, we expect to see more organizations investing in ITDR solutions over the coming years.

It may sound cliché, but if there’s one point this decade has hammered home so far, it’s that the only constant is change. From the coronavirus pandemic to the Great Resignation, many of us are navigating new jobs and staffing changes, which means new BYOD (Bring Your Own Device) policies as work shifts from in the office to hybrid or even fully remote.

Freedom vs. Security

BYOD is a huge challenge for both IT departments and users. There is a fine line between keeping the network safe and secure, but not making the policies so restrictive that users won’t want to use their personal devices at all. While most people prefer to keep working on their company laptop, everyone has a smart phone they often use for e-mail and Teams/Slack/G-Suite. Most people understand that security is important, but it’s not realistic to tell them they can’t back up family photos to the cloud or risk having their entire device remotely wiped.

The beauty of remote work is the freedom it gives everyone to manage their day – a break between meetings may mean a load of laundry or a quick errand, secure in the knowledge that they can still be available if someone needs them. A BYOD policy that’s too strict removes this freedom altogether or worse, motivates users to try and find a way around it.

Crushing Candy, Not My Personal Data

Another big concern is the level of access to browsing history and application data your company has, especially if users must install an application for network access. Someone who likes to listen to true crime podcasts may google something like “is Visine poisonous?” and not want to worry about having their desk dusted for fingerprints the next day. Someone on level 9,949 of Candy Crush might not want to risk losing their app data. You get the point.

Freedom to Roam & Install (Almost) Anything with AgentP

Enter the beauty of Portnox NAC-as-a-Service with AgentP – the perfect solution to keep personal data safe and networks secure. AgentP allows for configuring important security policies like “phones that are not password protected don’t get to access the accounting servers” and “devices located in Russia don’t get to join the network at all.” If you’re running Android and you download apps wildly across the internet, you probably won’t be allowed on the corporate network either. And while they see location data via country, city, and zip code, no one is micro-managing your trip to Target to buy cat food before your furry friends stage a revolution (although sneaking off to Hawaii might be a problem.)

In fact, although your access can be blocked based on what applications you’ve downloaded, whether your phone is jail broken/rootkitted, where your phone is physically located, and/or what version of the OS you’re running, there is no way to force updates or application removals – you still retain total control and ownership of your device and everything on it.

How AgentP Strikes the Right Balance

Creating a balance between security and usability will always be challenging, but Portnox NAC-as-a-Service with AgentP is an excellent way to keep both the network and those family photos safe – a true win-win for everyone. And now on to level 9,950 of Candy Crush!

The global annual cost of cybercrime is now an eye-watering $6 trillion. To put this into perspective, if cybercrime were a country, it would be the world’s third-largest economy after the US and China.

The cybercrime landscape has changed dramatically over the last decade. For example, ransomware was 57 times more destructive in 2021 than in 2015. The average cost of data breaches continues to rise every year. Moreover, the COVID-19 pandemic has changed how we work – more people are working remotely and from their own devices. This means cybersecurity teams have less insight into what employees are doing, and as a result, Shadow IT is becoming an even bigger problem.

But how do chief information security officers (CISOs) navigate this increasingly hostile cyber threat landscape in a world where IT security budgets are tightening? With the US economy on the brink of a recession, cybersecurity budgets are tighter than ever. As a result, CISOs need to do more with less and develop a new and robust IT security strategy. That’s what we’re going to be diving into today.

Ways to Stretch IT Security Budgets

1. Get More From Your Existing Tools

As the number of data breaches has skyrocketed over recent years, so have the technologies we deploy to stop them. For example, the average small business uses between 15 and 20 IT security tools, while medium-sized companies use 50 to 60, and enterprises use over 130 IT security tools. But how many of these companies are using their cybersecurity tools to their full potential?

It’s a good idea to evaluate and consolidate your existing cybersecurity tools. For example, you might find that one tool can do everything another tool can do or that you have a significant overlap in functionality across your arsenal. Getting rid of redundant tools not only saves money but also makes it easier to manage your cyber threat landscape. Or in other words, the more tools you have, the higher the probability of misconfigurations, patch management issues, and privileges and password management issues.

If you’re unsure just how far specific tools can go, you can ask the vendor for free or low-cost training to help fill in the gaps. Moreover, opening a line of discussion with your IT security vendors can also give you valuable information about what tools can offer heightened protection in the future. For example, you might find that one vendor is imminently about to release a new security feature that addresses a critical security concern in your industry.

2. Choose Automated Tools

Automation has come a long way in cybersecurity, and it’s even more potent today with cutting-edge technologies like artificial intelligence and machine learning. With automation technology, IT security systems can sense, study, and stop cybersecurity threats automatically and before they escalate into a fully-fledged security incident. Today we see automation, AI, and machine learning deployed across security tools, including network security tools like Network Penetration Testing tools, Network Intrusion Detection Systems, and in other areas like vulnerability management, security logging, and Security Information and Event Management (SIEM).

However, it’s critical to note that most cybersecurity experts don’t recommend leveraging automation to replace staff. Automation can boost efficiency and reduce human errors, but it’s no match for a highly skilled security professional. Essentially, by investing in automation, your existing cybersecurity staff become freed up to work on more complex tasks.

3. Make Your Case for More Funds

Getting the funds you need to provide effective network security can be challenging. As a CISO, you’re competing with other senior-ranking IT staff for your fair share of the IT budget.

According to a Deloitte report, around 6% to 14% of the IT budget goes to cybersecurity for the average business. So, if your team is getting significantly less than this, you might want to consider why. Are your budget decision-makers unconvinced of the need for cybersecurity? Do they have doubts about its effectiveness? And what can you do to prove that more upfront investment is substantially cheaper than a costly cyber attack?

When you go into budget discussions, you must have a good grip on the data and any upcoming concerns in the industry. For example, during COVID-19, we saw a massive spike in ransomware attacks. And today, Crime-as-a-Service (CaaS) tools are dramatically lowering the barrier to entry for would-be hackers. So much of cybersecurity is about anticipating your opponent’s move and being prepared before they strike. This means you have to pay attention to emerging trends just as much as current threats when detailing your cybersecurity budget.

4. A More Creative Approach to Staffing

Employees will always be a dominant part of your IT security strategy, but they also make up a significant percentage of organizations’ IT security budgets. So, how do you ensure you’re spending your money wisely while getting the IT security skills you need?

First, you need to set your sights beyond your local area. Skilled cybersecurity professionals are in high demand, but the talent pool is small. Moreover, the cybersecurity skills gap continues to widen every year. In the era of remote working, CISOs have never been in a better position to recruit security workers from different geographical areas.

And on the point of the cybersecurity skills gap, companies need to be more creative in combating this issue. What do we mean by this? Well, many HR teams have a poor understanding of the skills or qualifications needed to be an effective IT security worker. As a result, they might filter out candidates without specific qualifications despite this being easy to remedy with training.

You can recruit people with practical skills or look for people with these skills in-house. For example, technical aptitude, problem-solving skills, attention to detail, communication skills, fundamental computer forensics skills, and a desire to learn are crucial skills that often take a back seat to a specific certification in the recruiting process.

Additionally, you might find it’s more cost-effective to outsource parts of your cybersecurity function than to build the perfect team in-house.

Final Thoughts on IT Security Budgets

The consequences of not investing in robust IT security are clear – costly fines, successful data breaches, and hefty reputational losses. CISOs know this, and so do the wider IT function. However, with an economic downturn looking ever more likely, CISOs will have to get more creative with their cybersecurity budgets or risk being left even more vulnerable.

Remote Authentication Dial-In User Service (RADIUS Authentication) authenticates and authorizes users trying to access a network by sending client access requests to a RADIUS server. The requests are formatted with data such as the client’s password, username, port, and IP address which are then examined in the database for matches.

Leveraging RADIUS in your organization can strengthen your network security through centralized authentication and enhanced access controls. RADIUS servers can be very useful in many contexts, and migrating it to the cloud can be used with WiFi access points and VPNs. By shifting to the cloud, RADIUS becomes more centralized within an organization’s core infrastructure.

The Advantages of Shifting RADIUS Server to the Cloud:

 Added Security Benefits: A RADIUS server gives room for unique user credentials which mitigates the threat of hackers infiltrating a network, WiFi since there is no shared fused password among several people.

• Reduces the Hassle of Password Management: With unique credentials, a shared password does not need routine changing since every person manages their own. This saves time for IT administrators and eliminates the need for users to routinely update passwords.
• Benefits Enterprise Networks with Multiple IT Admins: With a RADIUS server, it is extremely easy to control who and what has access and when. Only authorized users have access   sensitive information with a large organization’s network. VLAN segmentation through attributes critical characteristics of RADIUS-driven networks.
• Centralizes User and System Authentication: IT admins have only one contact point for managing user’s password management, authentication, and authorization.
• Easy Integrations with Existing Infrastructure: Modern RADIUS servers can easily integrate with any IT infrastructure currently in place. The extent of flexibility means that you can use cloud RADIUS with other infrastructure that you already set up, and this benefit can be enjoyed with the traditional setup.
• Easy Activation and Deactivation: RADIUS servers are typically handled by a third-party provider which helps reduce workloads for resource-light IT admins point their network to the cloud RADIUS endpoints for authentication.
• Secure VPN Authentication: Not only does RADIUS authentication securely connect users to WiFi networks, but it also works with VPNs. This ensures that only authorized users can access your network through your company VPN.
• Enables 802.1x: 802.1x uses Extensible Authentication Protocol (EAP) for shifting authentication packets between two parts. EAP is highly versatile, making it easy to add to an existing infrastructure. 

Cloud-based RADIUS servers can serve as a great authentication solution that provides immense benefits without the hassles of managing and maintaining on-prem hardware.