Skip to content

How to find Ivanti EPMM (MobileIron Core)

How to find Ivanti Endpoint Manager Mobile (EPMM) with runZero 

On July 24th, Ivanti announced that their Endpoint Manager Mobile (EPMM, formerly MobileIron Core) product versions 11.10 and prior contain a critical authentication bypass vulnerability. Successfully exploiting this vulnerability would allow an unauthenticated remote attacker to access users’ personally identifiable information (PII) and make changes to the vulnerable server.

There is evidence that this vulnerability is being exploited in the wild.

What is Ivanti Endpoint Manager Mobile (EPMM)?

Ivanti Endpoint Manager Mobile (EPMM) is a mobile management software product that helps organizations set policies for mobile devices, applications, and content. It was formerly known as MobileIron Core.
What is the impact?
An unauthenticated remote attacker who successfully exploited this vulnerability would be able to retrieve users’ personally identifiable information (PII) and make changes to the vulnerable server. This is due to an authentication bypass vulnerability, meaning that in some cases an attacker can bypass authentication controls.

With a CVSS score of 10.0, this vulnerability is considered critical. There is evidence that this vulnerability is being exploited in the wild and this vulnerability has been added to the CISA Known Exploited Vulnerabilities catalog.

Are updates available?

Ivanti has released a patch for this vulnerability and issued guidance for customers on how to upgrade.

How do I find potentially vulnerable Ivanti Endpoint Management Mobile services with runZero?

EPMM can be found by navigating to the Services Inventory and using the following pre-built query to locate EPMM services on your network:

	_asset.protocol:http AND protocol:http AND html.title:"Ivanti User Portal: Sign In"

Starting with runZero 3.10.10, from the Asset Inventory use the following pre-built query to locate EPMM services on your network:

	product:”Ivanti Endpoint Manager Mobile”

Results from the above query should be triaged to determine if they require patching.
As always, any prebuilt queries are available from your runZero console. Check out the documentation for other useful inventory queries.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

What is hybrid cloud security?

As many organizations move to hybrid cloud infrastructures, hybrid cloud security has become a hot topic. This transition allows businesses to leverage the benefits of both cloud environments and on-premises setups combining the best of both worlds.

Yet, as hybrid cloud adoption grows, we’re entering uncharted territory regarding security. The hybrid nature of these environments introduces previously unseen security challenges that must be addressed. At the same time, cyber threats are becoming more sophisticated, and attackers are targeting weak links in the system.

Hybrid cloud security definition

Hybrid cloud security refers to measures, practices, and technologies that protect data and applications in an infrastructure combining on-premises and public cloud services. Its main function is to ensure resource confidentiality, integrity, and availability across both setups.

Key takeaways

  • Hybrid cloud setups pose security challenges because they combine the security concerns of both on-premises and cloud services.

  • Data protection is more complex in hybrid setups as data is scattered across multiple environments.

  • Cloud migration is challenging as organizations must ensure data security during the transition.

  • Hybrid cloud security risks can be addressed with unified access management.

  • Best practices for data encryption, security automation, regular security audits, and employee cybersecurity training are recommended best practices.

  • In a hybrid approach, network segmentation, firewalls, Intrusion Detection Systems (IDS), secure APIs, and MFA are essential for security.

  • Hybrid setups offer enhanced flexibility and various deployment options.

Let’s dig deeper into the most pressing hybrid cloud security concerns and their potential solutions.

Hybrid cloud security issues and challenges

While it’s true that hybrid cloud setups can be a lifesaver for businesses and bring many benefits, there’s the flipside. Hybrid cloud setups make cybersecurity more difficult by combining the challenges of on-premises infrastructure and the cloud counterpart. That way, network administrators need to secure not only each component of the hybrid model but also ensure that the system is safe at the junctions from on-premise to the cloud.

As sensitive data is distributed across multiple cloud providers and joined with on-premise infrastructure, it must be protected at all stages of transfers. Access management also becomes more complex as organizations must consistently apply security policies across all environments. It isn’t easy to achieve — legacy on-premise setups may not support sophisticated identity verification methods or can efficiently encrypt stored data.

Another challenge is endpoint security. In hybrid computing, endpoints, mobile devices and remote machines have direct access to the cloud environments. This expands the attack surface as hackers can target cloud networks directly and use weak endpoint security as an entry point into the company’s network. To ward these threats off, organizations must also consider what security policies should be applied to endpoint security.

Cloud migration itself is also a serious security challenge. Organizations must map out appropriate data protection mechanisms when moving applications and data between cloud providers or on-premises and cloud environments. If they aren’t implemented consistently, this can result in data breaches or losses.

Hybrid cloud security best practices

To address the security risks and challenges of hybrid cloud strategy effectively, there are some recommended strategies and measures that can be taken.

Unified access management

A unified access management system allows users to enjoy a seamless and consistent experience when accessing resources and applications across different cloud environments. They need to authenticate once, and the system handles the rest, providing single sign-on capabilities.

For network administrators, this provides a centralized approach to managing user identities, access rights, and authentication across various cloud environments and on-premises systems. It enables consistent enforcement of security policies, such as multifactor authentication and access controls, reducing the risk of unauthorized access and data breaches.

Data encryption

Encryption ensures that data transmitted or stored in the hybrid cloud remains secure and protected from unauthorized access. Plus, it provides an additional layer of security, safeguarding sensitive information in case of a data breach or data leak. That way, hackers could only retrieve encrypted data nodes, which would still be inaccessible, and, therefore, useless to them.

Many industries have strict data protection regulations, so sensitive information at rest and in transit must be encrypted to comply. So not only does this help to avoid penalties or legal fines, but it strongly improves an organization’s cybersecurity position.

Security automation

A hybrid cloud model often involves multiple environments and platforms, leading to inconsistencies in security controls. With security automation, some of these problems can be addressed and help to establish consistent security policies and controls across the infrastructure.

Security automation can also help to detect and respond to security threats in real-time. It enables businesses to continuously monitor their cloud and on-premise environments, analyze logs and identify potential security incidents promptly. This helps shorten the time span between the threat’s detection and response.

Periodic security audits

Regular security audits can help identify vulnerabilities and weaknesses in the hybrid cloud infrastructure. This includes assessing potential risks associated with the on-premises and cloud components, such as misconfigurations, insecure APIs, outdated software, or inadequate access controls. Left unresolved, these issues can become a loophole for an attacker to gain entry into your network.

This approach helps to mitigate potential risks in a hybrid cloud environment and implement appropriate risk mitigation strategies. This can involve assessing data integrity, backup and recovery processes, disaster recovery plans, and incident response procedures.

Employee training

Cybersecurity training raises employee awareness about potential risks and threats associated with the hybrid cloud environment. Your staff becomes more knowledgeable about the best practices for data protection, recognizing phishing attempts, securing access credentials and handling sensitive information. It’s also more likely that educated staff is more likely to follow security protocols, reducing the risk of human error-related breaches.

In the long run, investing in cybersecurity training can result in cost savings. This is because financial repercussions associated with data loss, reputational damage, legal liabilities, and regulatory penalties can be avoided.

Hybrid cloud security architecture

Hybrid cloud systems security begins with physical access to servers that contain proprietary code, databases, storage files, records, archives, and more. Therefore, hybrid cloud architecture entails globally distributed hardware across multiple data centers. For network administrators, this means that they need to adopt policies to orchestrate access to internal resources securely.

Therefore, the architecture should incorporate the following elements:

Network segmentation

By dividing the network into segments or subnets, organizations can separate different components of their hybrid cloud environment, like production systems, development environments, or sensitive data repositories. This helps to prevent unauthorized access and reduces the potential for lateral movement within the network.

With network segments, a smaller attack surface is left to attackers. Even if some segment is breached, network segmentation prevents them from easily moving laterally to other segments or compromising critical resources. This can help contain the potential breach’s impact, limiting the exposure of sensitive data and critical systems.

Firewalls and Intrusion Detection Systems (IDS)

Firewalls and IDS should be deployed for public and private cloud environments to monitor and block unauthorized access attempts and potential security threats. As a barrier between incoming and outgoing network traffic, firewalls are essential for protecting the on-premises infrastructure and the cloud components from unauthorized access attempts.

Meanwhile, IDS systems monitor network and system activities for signs of malicious behavior or policy violations. They analyze network traffic patterns, log files, and system events to detect potential security incidents. This enables response to cyber threats in real-time, mitigating the risk of data breaches, unauthorized access, or other malicious activities within the hybrid cloud infrastructure.

Secure APIs

APIs act as gateways for accessing and interacting with cloud services and resources. Incorporating security measures like authentication, authorization, and user roles ensures that only authorized users and applications can access hybrid cloud environments. This enforces security policies and prevents unauthorized access.

Hybrid cloud environments involve integrating multiple systems and platforms, both on-premises and in the cloud. Data transmitted between these systems must be encrypted and protected from interception. This also applies to APIs used to connect different cloud services.

Multifactor authentication (MFA)

MFA expands authentication with an extra layer of security to the authentication process by requiring users to provide multiple factors to verify their identity. Typically, these factors include something that the user knows (such as a password), something they have (such as a smartphone or token), or something they are (such as biometric data). By combining these factors, MFA significantly reduces the risk of unauthorized access, even if one factor is compromised.

Passwords are common targets for attackers due to weak security practices, reuse, or data breaches that leak them out in the open. MFA reduces an organization’s reliance on passwords as the sole authentication mechanism, reducing these risks. Even with a compromised password, MFA prevents unauthorized access into the network.

Public vs. private vs. hybrid cloud

Cloud computing can take many shapes; no model’s right for everyone. As such, several different cloud computing types and services have evolved to meet organizations’ rapidly changing technology needs.

There are three different ways to deploy cloud services: on a public cloud, private cloud, or hybrid cloud.

Public cloud

The most prevalent type of cloud computing deployment is known as public cloud. Third-party cloud service providers own and operate servers and storage and deliver these resources over the internet. The cloud provider manages all the hardware, software and supporting infrastructure in this setup. Examples of public cloud include Google Workspace, Amazon Web Services (AWS), and Microsoft Azure.

Multiple organizations or tenants share the same hardware, storage and network devices within a public cloud environment. They’re accessed via a web interface and are commonly used for web-based email, online office applications, storage, testing, and development environments.

Their main benefits include:

  • Lower costs. Public clouds eliminate the need to buy on-house hardware or software. The business is also paying only for the space they’re actually using.

  • No maintenance. The service provider takes care of maintenance, meaning its clients can focus on other areas.

  • Limitless scalability. As resources are available on demand, business operations can be scaled up or down instantly.

  • High reliability. Huge infrastructure acts as a precaution against the chances of failure.

Private cloud

A private cloud is a collection of cloud resources that a single business or organization exclusively uses. It can be located within the organization’s on-site data centre or hosted by a third-party service provider. Regardless of the physical location, the private cloud operates as a private network, with its services and infrastructures dedicated solely to the organization.

The main selling point of a private cloud is the ability to tailor and customize resources to meet specific organizations’ needs. A high level of customization is relevant to government agencies, financial institutions, and other businesses operating under strict requirements or sensitive business operations. By maintaining a private cloud, these entities can exert greater control over their environment regarding hardware and software.

Private cloud advantages:

  • Flexibility. Organizations can customize their cloud environment according to specific business requirements.

  • Greater control. Resources aren’t shared with others, enabling greater control and privacy.

  • Better stability. Private clouds can offer more in terms of scalability compared to on-premises infrastructure.

Hybrid cloud

A hybrid cloud platform offers enhanced flexibility and various deployment options. With hybrid cloud computing, businesses can effortlessly expand their on-premises infrastructure to the public cloud when there is a fluctuation in computing and processing demand. This approach allows organizations to handle the excess workload without granting third-party data centers full access to their data.

What-is-hybrid-cloud-security 1400x752

In addition, resource scalability eliminates the need for substantial investments to manage short-term spikes in demand. It addresses situations where businesses must allocate local resources for more sensitive data or applications. Instead of purchasing, programming, and maintaining additional resources and equipment that might remain unused for extended periods, companies only pay for the temporary utilization of resources.

In short, hybrid cloud advantages are these:

  • Control. Your organization can retain a private infrastructure for handling sensitive assets or tasks that demand fast response times.

  • Flexibility. Additional resources from the cloud can be leveraged on demand.

  • Cost-efficiency. Organizations pay for only what they’re using.

  • Simplicity. A hybrid approach allows organizations to gradually transition to a cloud model, migrating workloads over time.

How can NordLayer help?

NordLayer can be a helpful ally when securing hybrid cloud setups. Our solutions include a wide range of features that help to secure remote access and flexibly adapt to ever-changing business work environments.

IP address allow-listing, Site-to-Site tunnels and Smart Remote Access features enable network administrators to allow only NordLayer-using members to access their hybrid cloud resources while blocking everyone else. Single sign-on, multifactor authentication, and biometric authentication ensure that only credible members are allowed into your network perimeter. Centrally implemented security controls will help apply additional security policies consistently across all network environments.

Our suite makes applying best practices to a hybrid work environment easy. Contact our sales team today to learn more about our services and solutions.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Senhasegura Upgrade Notes

Caution

Before executing the senhasegura update, always run a snapshot on your hypervisor and perform the running and restoring backup

Caution

If you are using the senhasegura Arbitrator, remove it from the cluster before updating senhasegura. Learn more in our documentation.

Version 3.29

Check out the main changes in this version before updating senhasegura.

Change in the update process

In this version, the senhasegura update process has changed. See now how to update senhasegura to version 3.29, accessing the documentation on how to Update senhasegura, section How to update senhasegura to version 3.29

API Authentication

OAuth 1.0

In this update, we improved the authentication management via OAuth 1.0.

We discontinued the old method of passing authentication parameters through the URL or request body and have adopted sending values exclusively via the header.r. This ensures compliance with the industry standard and greater protection of authentication information.

Caution

If you are using this authentication method, it’s ESSENTIAL to update the integrations to send the information in the new format before proceeding with the senhasegura update.

For instructions on how to send the information via header, see our documentation

Basic authentication

Starting from version 3.29, accessing the API will require the use of OAuth 1.0 or OAuth 2.0. Basic authentication will no longer be available.

MySafe private groups

“Access Groups” have been replaced by “Private Groups” in MySafe, providing a more efficient approach to managing permissions and access.

Integration with AD has also been improved, eliminating negative impacts by removing users manually added to groups. This update aims to offer a more intuitive and reliable experience to our customers, improving the administration of access to resources and data in MySafe.

Check MySafe documentation.

Architecture update

The Debian operating system has been updated, providing significant improvements in performance, security and hardware support.

In addition, the core programming language, databases and third-party libraries have been updated with their new features and performance improvements.

To check all the updates and improvements of version 3.29, access our detailed changelog by clicking here.

 

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×