While the Internet continues to unlock new ways for businesses to increase routes to revenue, deliver great employee and customer experiences, and cut costs – cyber thugs have unleashed a slew of ransomware attacks that target legacy network architectures. Thus, these malicious attacks have been elevated to amongst the top of the list of business-level concerns. 

It’s the CISO who is tasked with defending the business from these threats. Hence why it’s no surprise, ransomware is one of the top 5 CISO priorities in 2023, as per a recent study from Evanta, by Gartner.

These attacks encrypt valuable data and hold it hostage, demanding a ransom for its release. The consequences of a successful ransomware attack can be devastating, resulting in not only financial losses, but also reputational damage, and significant operational disruption. 

Over the last few years, ransomware attacks have inflicted significant financial losses on companies across multiple industries. According to this recent report by Cybersecurity Ventures, the global cost of ransomware is projected to reach $265 billion by 2031. That number is massive. For comparison, that amount would rank #42 out of 190 in a list of GDP rankings by country. The report estimates that a new organization will fall victim to a ransomware attack every 11 seconds in  2023. 

These statistics highlight the urgent need for organizations to fortify their defenses against ransomware attacks. The rise in costs for ransomware damages over the last eight years is extremely alarming:

• 2015 – $325 Million
• 2017 – $5 Billion
• 2018 – $8 Billion
• 2019 – $11.5 Billion
• 2021 – $20 Billion
• 2031 – $265 Billion

Ransomware attacks use several techniques to infiltrate networks and compromise data including:

• Phishing Attacks: Phishing emails are crafted to deceive users into clicking on malicious links or downloading infected attachments, leading to the installation of ransomware.
• Remote Desktop Protocol (RDP) Exploitation: Attackers exploit vulnerabilities in RDP to gain unauthorized access to a system and deploy ransomware.
• Malvertising: The distribution of malicious advertisements redirects users to infected websites and triggers an automatic download of ransomware.
• Drive-by Downloads: Just visiting compromised websites can initiate the download and execution of ransomware without user interaction.

In my opinion, to protect against ransomware attacks effectively, IT security leaders should explore Security Service Edge (SSE) vendors that elegantly bring together three key services into a single platform:  Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG), and Cloud Access Security Broker (CASB):

Zero Trust Network Access (ZTNA):
ZTNA is a security model that enforces strict identity verification and access controls before granting access to applications. By implementing ZTNA, organizations can significantly reduce lateral movement by preventing unauthorized access to critical resources and by connecting users directly to applications rather than putting them and their devices on the network.  Unlike legacy VPN tools,  ZTNA solutions do not need to punch holes in the firewall and expose inbound ports thus significantly reducing the attack surface.

Secure Web Gateway (SWG):
A SWG is a gatekeeper between an organization’s internal network and the internet. It filters web traffic, scans for malicious content, and blocks access to risky websites. SWGs use advanced threat intelligence to detect and prevent ransomware attacks originating from internet-based sources. SWG  enforces policies to prevent the downloading of suspicious files and actively block known malicious domains.

Cloud Access Security Broker (CASB):
CASB solutions provide visibility and control over data stored in cloud applications. With the increasing adoption of cloud services, it is crucial to secure cloud-based data from ransomware threats. CASBs enable organizations to monitor and protect data across multiple cloud platforms, enforce security policies, and detect anomalous user activities that could indicate a ransomware attack. CASBs also facilitate granular access controls to cloud applications, ensuring that only authorized users can modify or access critical data.

Take a look here to see what I mean. What you wind up with is the ability to effectively protect the business from ransomware. Below is the approach at Axis.

Ransomware attacks continue to evolve at an alarming rate and pose a severe threat to businesses worldwide. To mitigate this risk, businesses should adopt a proactive defense strategy that places SSE at the heart of it and combines ZTNA, SWG, and CASB into one elegantly delivered cloud service. 

By implementing these technologies, organizations can significantly reduce their vulnerability to ransomware attacks and minimize the potential damage caused by such incidents. 

Investing in the right measures is essential to protect valuable data, safeguard operations, and maintain the trust of customers and stakeholders in an increasingly Internet-connected digital landscape. Chief among them is SSE, the key to making the Internet safe for work.

Explore some of the new ways Axis Security is helping in our new 2023 Summer Release.

The post Making the Internet Safe for Work in a World Stricken with Ransomware appeared first on Axis Security.

Halloween is here! I usually keep my costume choices a secret until the last minute.  But this year, the choice is easy.  A single vendor SASE Unicorn. Yeah, the “muggles” won’t get it but hey, everyone loves to party with a colorful unicorn!!!

If you are unfamiliar with single vendor SASE, here is what it is. Per Gartner, SASE is a converged network and security service which is delivered as a service. It “enables zero trust access based on the identity of the user, device or entity, combined with real-time context (such as device security posture) to enforce and govern security and compliance policies. Single-vendor SASE offerings should have a common management plane and data lake across all capabilities”. Whew. That is a lot. Let’s break that down a bit.  

SASE Detailed View

The market is converging to address the “original sin” in networking. That’s a lack of security. We need to move beyond the firewall as the means of securing the data center, the branch, and the employee as new applications and employees exist in every nook and cranny of this planet.  Zero trust network solutions are the path forward. SASE creates a system of adaptive trust, embeds it within the network, the endpoint, and then manages it by policy via a common framework. Simplifying this further, it’s software-defined networking with security which now covers not just the network devices but the endpoints too. Leverage identity and device posture checks via northbound APIs and presto, SASE!

Now we’ve established the why and what, let’s get into what the landscape of solutions is currently. They currently come in two form factors. Platform and portfolio. Platform first. A fundamental rule of SASE is this, don’t impact the user experience. By this, I am referring to the number of security treatments a packet or flow will encounter on its journey from the employee to the application and back. The more treatments, the more latency. The ultimate unicorn solution will be based on a “single pass” scanning for security. Platform-based solutions with a unified network and security fabric will be able to provide this or get close to it. Unfortunately, these solutions don’t exist today. Rather, the solutions on the market today are based on portfolios. Either they started off as an SDWAN solution or as a point solution (CASB, private access, or similar). Then vendors either purchased components as part of an acquisition (most common) or combined products already in their portfolio and rebranded them to fill out their “unified SASE” portfolio. Result, non-optimal architecture with tradeoffs meaning the key rule of SASE, the user experience, is broken. Additionally, these solutions can be challenging to manage as the administration UI feels like a federation of products.  

If this is the case, will the unicorn ever appear? My bet is yes and will likely come in two formats. The first form of the unicorn will be based on an SDWAN style solution. It will leverage hardware-based devices in the branch, campus …. and then wait for it… the data center. It will also incorporate the endpoint in the form of an agent for the remote worker. These points of presence will create a distributed fabric feeding back to a common management plane. Functions will be distributed but also resilient.  Much like in SDWAN, if the distributed network and security fabric loses contact with the central management hub, the solution will continue to operate within a cached state. The solution will be full L7 aware and feedback to identity as well as device state repositories. The advantage is the solution can be built into common network hardware like routers, switches, and even APs. The downside is complexity. This is a lot to manage, maintain and keep synchronized.  

The second SASE unicorn will be fully software-based. Rather than a distributed fabric leveraging hardware and software agents, this solution will be broker based with a distributed number of points of presence (PoP). The PoPs will reside either in the “Cloud” or take the form of a “private edge PoP” located in an enterprise data center or branch office. Resiliency is provided thru multiple PoPs in multiple Clouds (AWS, Azure, and so on) as well as the private edge. The advantages are simplification from a management solution, scalability as well as fast innovation since this solution is delivered “as a service”.  The downside is you need to consider how to manage the underlay, meaning the base network to pass data back and forth.

Which unicorn will we see first? My bet is on the fully software-based solution. Hardware is hard.  Software is much easier to build and innovate on. Recommendations? Right now, if someone says they have a “unified SASE solution” take it with a grain of salt. It’s likely a horse with a horn glued on it. The best advice I can give you is this. What problem are you looking to solve? If reducing the cost of your WAN and optimizing access from the branch to SaaS solutions, start with SDWAN. If your issue is enabling the hybrid workforce, look into the Security Service Edge (SSE). For this, SDWAN is not the answer. All that said, for whatever problem is your priority, make sure to ask your vendors about integrations between SDWAN and SASE. Unified SASE is not here yet, but can start to make some early steps in your journey to uncover the unicorn.

The post The Single Vendor SASE Unicorn Halloween Costume appeared first on Axis Security.

COVID not only accelerated digital transformation efforts but also permanently dispersed the workforce away from offices, away from secure data centers and networks to remote locations. Employee needs hadn’t changed, just their location.

Prior to the pandemic only about 30% of employees worked remotely. Fast forward to 2021, 77% of companies plan to embrace a hybrid work strategy going forward. The reason is clear, they’ve been listening to the 83% of employees who prefer a hybrid work model according to Accenture’s Future of Work Study 2021.

Employee’s demands for hybrid work options creates new challenges for IT, and not just related to technology strategy.

The Great Resignation

The Great Resignation of 2021 has hit the business particularly hard, and right where it hurts. According to a recent Harvard Business Review study, resignation rates are highest among mid-career employees between 30 and 45 years old, with an average increase of more than 20% between 2020 and 2021.

One reason this may be the case is that, with the demand for experienced workers at an all-time high, mid-career employees obtained greater leverage to move into roles that fit their desired lifestyle, aka hybrid and remote work. It is critical that businesses do not lose this demographic as they form the backbone of any thriving organization. While these employees may or may not be the ones who come up with transformative business strategies or facilitate corporate acquisitions, they are the ones who have the expertise to implement these strategies and drive the business forward. And now as this massive turnover hits IT teams that were already woefully understaffed, CIOs gain the opportunity to retain the best talent within their teams and organizations.

Retaining Top Talent with the Security Service Edge (SSE)

Here are 2 simple questions for business and IT leaders:

Q: How do you retain employees in the post-COVID age?
A: By letting employees work securely and seamlessly wherever they are.

Q: Ok, so how does IT enable secure, seamless work that adapts to its employees?
A: Gartner recommends adopting a Security Service Edge (SSE) platform.

A Security Service Edge (SSE) platform secures access to the web, cloud services, and private applications wherever a user is located. As a result of a dispersed workforce, an SSE platform creates harmony between security requirements and user experience, unifying three main technologies into one cloud offering: ZTNA, SWG, and CASB.

According to Gartner, the first step of SSE adoption should start by prioritizing half of the hybrid work equation, replacing the remote access VPN with a modern-day ZTNA.

The Answer to Hybrid Work is ZTNA

In the height of the pandemic, deploying, securing, and operating traditional network security tools like VPN was a nightmare for many organizations. Even the largest, most sophisticated organizations had problems scaling their VPN infrastructure for WFH. The result for many was slow, unreliable access due to lack of VPN availability. Now, this problem is amplified with a split workforce, with access happening anywhere between the house and office. Not to mention that cyberattackers started having a field day exploiting VPNs, with a whopping 550 known VPN vulnerabilities that attackers are actively targeting.

IT leaders need a modern way of connectivity that allows their users to access business resources in a way that is versatile, secure, and cost effective. In a world where productivity hinges on availability and accessibility of business applications and collaborative tools – the need for greater visibility and control over user activity and user experience is essential. This is why Gartner believes that 60% of businesses will retire their legacy VPN technology for a modern ZTNA service in the next two years.

As your business considers the future of hybrid work and the access needs associated with it, contemplate these 5 points of necessity when evaluating a ZTNA solution:

• Cloud-First Architecture – ZTNA as-a-service makes adopting cloud simple, optimizes IT’s time, is purpose-built to work with modern cloud services, and allows for modern work experiences. The most advanced ZTNA’s remove the need to purchase and deploy additional hardware to free up IT budget.
• Broadest Coverage and Support – Evaluate the breadth of support a ZTNA service provides. Two areas of consideration: the agent and agentless capabilities and how broad application support is for those two postures (i.e. Web, RDP, SSH, VOIP, etc.).
• Performance and Scale – Look at ZTNA solutions that partner with leading cloud providers for optimized scale or that have their own PoP locations. The more PoP locations leveraged equals less latency for your work from anywhere workforce.
• Visibility and Control – Look for a ZTNA solution that enforces continuous authorization to prevent security gaps and heightens visibility throughout the Layer 7 session. Through increased visibility IT can better enforce least-privileged access universally.
• Simplicity – A ZTNA solution should not be difficult to deploy and should be easy to understand. ZTNA helps overcome experience gaps by making value-centered dashboards and includes features like App discoverer that speed up the implementation of zero trust.

In the end, the business can’t afford to lose their top talent over something as small as hybrid work. To stop the Great Resignation from impacting your organization, IT must find a way to securely guide their users through this new form of hybrid work. Gartner says this should be done through the adoption of a Security Service Edge (SSE) platform. Therefore, I urge IT leaders to consider what SSE would mean for their business. Conversely, consider what the consequences are if you don’t?

The post How CIOs can stop the Great Resignation appeared first on Axis Security.

• 271 security vendors received new funding for a total of $10 billion in new investments in 2020.
• 225 vendors were acquired with private equity claiming the majority of M&A activity.
• The impact of COVID-19 slowed growth for many vendors as they expected demand to drop. But the move to work-from-home increased demand for technology to protect newly distributed organizations. Zero trust networking and SASE solutions saw tremendous growth in 2020.

It should come as no surprise that Gartner estimates that by 2025, three-quarters of large organizations will be actively pursuing a vendor consolidation strategy, up from approximately one-quarter today. (Security Vendor Consolidation Trends — Should You Pursue a Consolidation Strategy? Published 30 July 2020 – ID G00719769 – by John Watts, Peter Firstbrook)

Why are companies moving to simpler cyber security tools?

Since the dawn of the digital age, IT and security teams have been challenged by too many projects, a lack of resources, and people. As we’ve moved to the cloud, these challenges became more acute.

IT leaders and decision makers are trying to outsource where they can. They are committed to reducing complexity and that means reducing the number of solutions to manage. According to ZDNet, citing a survey sponsored by IBM,

“On average, enterprises deploy 45 cybersecurity-related tools on their networks. The widespread use of too many tools may contribute to an inability not only to detect, but also to defend from active attacks. Enterprises that deploy over 50 tools ranked themselves 8% lower in their ability to detect threats, and 7% lower in their defensive capabilities, than other companies employing fewer toolsets.”

Fewer tools, better results. To be good enough to deploy a security solution today vendors must balance new features and functionality.  Bells and whistles don’t close deals anymore.  IT leaders want to know how you can take pressure off of their teams, simplify their operations, and eliminate other solutions from their security stack.  

How is Axis Security making secure access simpler?

The question solution providers should be asking themselves is, How do we fit into the great reduction – how do we make things simpler? We have thought about this question a lot, and that is why we are expanding our capabilities from a ZTNA solution to a broader SASE solution to provide a single platform that brokers, monitors, manages, and secures any access scenario that affects an organization, including securing access to any application, service or resource whether owned by the company or not and enabling any user requesting access whether employee or third-party, wherever they are.  

The App Access Cloud has a unique overlay architecture that makes it amazingly simple to deploy, use, and manage while delivering more secure access — keeping users off the corporate network, and reducing risk by isolating applications. It enables more use cases than any other ZTNA solution accommodating any application or user as well as latency-sensitive and multi-directional access scenarios. The App Access Cloud changes the game with a ZTNA solution that is finally able to fully replace and go beyond legacy VPNs, without replicating or changing the existing network.

The post The killer feature is simplicity appeared first on Axis Security.