By now, most of you may have already heard about the famous Colonial Pipeline hack that left millions of citizens stranded without fuel. The postmortem revealed some cyber security related holes in the organizations IT infrastructure. However, I think there is a much bigger issue to be addressed here. There is a fast-growing list of cyber security vendors with sophisticated security tools that are readily available, one must wonder why we still continue to notice routine cyber breaches for many large organizations, right? We believe there are some fundamental flaws that are not be addressed by the security vendors.
One such flaw is the ability for the threat to move laterally. Once the attacker has breached organization’s digital boundaries or perimeter, the attackers are free to roam around internally and cause as much damage as they wish. It could take weeks or months before they are caught in the act and that’s enough time for any attacker to wreak havoc. To make it easier, there are ready made cyber-attack that are freely available on the internet for even a novice hacker to breach giant organizations. Once such famous took is called Mimikatz (means cute cats in French). The purpose of the tools is providing a way for attacker to laterally move inside the organization and breach organization’s crown jewels that store the most sensitive information.
The pandemic has suddenly increased the rate of digitization outpacing the rate of security controls. The IT was forced to allow everyone working from home that means the organization’s most sensitive information is now being accessed from employee’s insecure home networks. Traditional VPNs provided such a flexibility for roaming users, but IT was able to control, monitor, and limit the access for such users. The VPNs were never designed as a primary means of enterprise access – and any such use is out of specification obviously. It turns out, we exposed many new flaws in the traditional VPN solutions last 18 months. This is expected if the technology is misused for unintended purposes.
Unless we fix some of the fundamental flaws, it is unlikely that we’d see the end of massive cyber breaches anytime soon. There are some very good proposals from industry experts and analyst that, if understood and followed correctly, could move us in the right direction. Some of you may have heard about Zero Trust Network Access (ZTNA) and, we believe that its most certainly the right approach going forward. The basic premise of Zero Trust is to treat your organization’s digital connectivity as “internet” meaning you do not trust anything or anyone on the enterprise network. You always ensure authorization and authentication before granting access to any asset inside the organization. If implemented correctly, Zero Trust and ZTNA can act as a powerful weapon against cyber threats. Afterall, the whole internet is based on similar principles.
It is however very unfortunate that the term ZTNA is abused to mean ONLY as a remote access technology or simply a replacement for legacy VPN solution. I am most certain that the well-meaning analysts had a much higher purpose behind their recommendation, and I am certain that their goal has been to ensure that we implement ZTNA to provide secure access from anything to anything over any network from anywhere. Also, ZTNA must mean that we offer “just in time” access – not the traditional always ON access to our key assets.
In our view, a comprehensive Zero Trust solution must have the following attributes – (1) It should be backwards and forwards compatible with all assets and endpoints. Piecemeal and fragmented solutions are the primary reason for cyber breaches (2) It should offer protection for all assets – on-premises, in the data centers, or hosted in the cloud. Siloed approach exposes security vulnerabilities (3) It must integrate and work with current enterprise ecosystem, no forklift upgrades. These are the principles we follow at Airgap. Our patent pending solution is custom designed to ensure complete asset discovery, traffic visibility, and IT control regardless of the asset location.
Large enterprises must secure their high-value assets against lateral threat movement while remaining complaint against industry regulations. Legacy solutions don’t provide the necessary visibility and control. Airgap Security Platform profiles and ring-fences every endpoint ensuring complete visibility and protection without the need for agent installation or hardware modifications and, it is backward and forward compatible with all IT assets - on-prem, in the data center, or in the cloud. Airgap continues to grow its customer base at a rapid pace with a clear objective to protect high value enterprise assets.
To learn more about Airgap, please contact [email protected]