A few months ago, when Russia invaded Ukraine, our concerns became something the whole world rather than just IT started to hear about. It was reported on the news that cyberattacks were being used by both sides and within hours of Russia invading, it was announced that a new data wiper malware had been installed on hundreds of machines across Ukraine by Russia.

Next came sanctions imposed by the west on Russia as a sign of disapproval of the conflict. Given Russia’s demonstrated history of using advanced persistent cyberattacks, US cybersecurity leaders asked companies to remain vigilant and take immediate action to improve their defenses against the potentiality of attacks against businesses.

However, it’s important to note that these are just a few examples, and they are not the only tactics that sophisticated threat actors are utilizing. More than ever, large companies are subjected to cyberattacks and this has been accelerating in the past year.

Legacy infrastructure with large attack surfaces that allow for lateral movement has proven to be an irresistible target for attackers. An attacker can easily sweep the internet scanning for open ports to attack or send mass batches of phishing emails. If they can penetrate the network or install malware the door is open for them. They can roam around on the network and extract data without anyone ever knowing they have been there.

Many companies have solutions from multiple vendors to try and resolve these issues but monitoring and managing these systems, keeping them updated, and reacting to any issues is very time-consuming and expensive. It’s like putting your finger in a leaking dam. The old way of doing things just no longer works.

With the risk of being attacked increasing, we need a better way of architecting to protect against ransomware. We need to minimize the attack surface by ensuring that applications are not directly exposed to the open Internet. The reduction in attack surface should be coupled with the ability to inspect, and if needed, block malicious exploits lurking in SSL.

We need to remove remote access technologies that require placing users directly on the network and replace them with technologies that give the least privileged access to applications. And we need tools to protect sensitive data being exfiltrated with inline inspection and DLP controls. We need to be able to disable upload and download as needed, block copy & paste of data, and be able to tell what data, if any, is being exfiltrated to an external source.

At Axis, we believe we can resolve many of these issues. We place a lightweight connector in front of the applications, and they are published to the required users. Only the application, at a granular level, not full network access. The user requests access to an application and Axis mediates the initial connection, this is key to zero trust. There are no passthrough connections allowed. The user’s identity is verified, and access is validated based on policy and context, such as user identity, device health, application type, and even the user’s location.

The service then brokers a 1:1 outbound connection between a specific resource and an authorized user. The key is that this is granular. There is no network access. Traffic is inspected throughout the session which means if anything changes, such as the user’s IP address, they are removed, or the device posture access is revoked. We can configure DLP controls that disable upload and download as needed, block copy & paste of data, and have the ability to tell you right away what data, if any, is being exfiltrated to an external source.

With the tools we have, working in harmony, we are able to significantly reduce the risk of ransomware as highlighted below:

It’s worth noting that, unlike some zero-trust vendors, Axis has per-application segmentation ability. The competition can only provide access to an application and not an individual application. If that’s the case, sophisticated attacks can still reach other applications running on the same server. Additionally, zero-trust vendors that use virtual firewalls to connect traffic to a network inevitably are still susceptible to ransomware threats due to the visible attack surface that is still present.

The post Architecting to Protect Against Ransomware appeared first on Axis Security.

With 65% of organizations looking to adopt Security Service Edge (SSE) services in the next two years, one of the most common questions we get asked is can SSE replace VDI? Can SSE complement VDI?

The most important thing to consider before answering either of these questions is understanding the different ways VDI is used today. Below are seven common use cases for VDI technologies that we’ve seen.

1. Granular access – Minimizing over privileged access to key business resources
2. Visibility into traffic – VDI can be used to route traffic through on-premises security appliances
3. Data loss prevention – ensuring sensitive data is not stored or placed on the end users smartphone or desktop, while also ensuring data remains within the corporate environment
4. Desktop environment management – Frictionless desktop experience and allowing connectivity from a variety of end user devices via browser
5. License optimization – Instead of have a license every user, VDI allows for hosted pools, which are a collection of one or more identical virtual machines
6. Data optimization – Reducing latency or lag due to client-server connections
7. Traditional application support – Support for legacy protocols (i.e. Windows 2003)

One of the most exciting benefits of SSE is their ability to ensure secure access to specific business resources, without requiring network access. The policies that are created within, and enforced by the service, allow for advanced access control via policies that determine the context in which data can be accessed. Another key capability is the visibility into all session traffic that is made available to security and network admins. User logs can be used to determine which users access what resources, commands used, content that was downloaded etc. Role based access controls even help to ensure privilege account management to control visibility levels of sensitive data for compliance needs. These SSE capabilities can either replace VDI, or be coupled with the remote access solutions for a potent combination – depending on the use case.

SSE services can be used to replace VDI in the above use cases 1, 2 and 3. So, if these are the main reasons for using VDI, IT leaders can feel confident that an SSE service can be used to help remove the need for VDI. That means granular security, and a seamless experience – without springing for expensive VDI licenses. 

For use cases 4,5,6 and 7 SSE is best used as a complement to the VDI technology to introduce more security and control over the environment.

See the image below for an example of accessing SharePoint with our Atmos ZTNA solution, part of our Atmos platform, or a combination of Atmos ZTNA  and VDI, together.

One easy way to reduce the exorbitant costs of VDI, and adopt zero trust security, is to think about potential use cases where using SSE would be best within your business. The low-hanging fruit.

1. Insurance brokers or healthcare professionals – For example, if you are an Insurance company, you most likely employ insurance brokers that are technically third-party users. These brokers need access to web-based applications running in your application portal. Granting these brokers secure access to your portal becomes a breeze with SSE. This is the same for healthcare institutions that employ healthcare professionals who technically do not work for the hospitals they work in
2. B2B customers or supplier access – if you are currently using VDI to connect B2B customers ro resellers to web portal resources to learn about your products, or suppliers to web-apps to create or cancel orders, using SSE could be a better option than VDI.
3. M&A – Perhaps you’re an organization who often grows through mergers and acquisition. Standing up an expensive VDI stack becomes unnecessary if your goal is simply to allow newly acquired employees to access birth-right applications like HR and benefits. SSE not only saves money, but is much easier to manage, and more secure in this case
4. Financial advisors or auditor access – Or perhaps you’re an organization that has auditors (E&Y, KPMG, etc.) who need access to your books, SSE can be a great, cost-effective alternative to VDI if these apps.

Ultimately, determining whether to replace VDI with SSE, or complement, is really up to the customer. They must take the time to first understand how they are using VDI today, then look for ways to reduce VDI use where possible by using SSE. After-all, placing users on a /22 network, and poking holes in firewalls, just to allow access to VDI environments is not ideal when it comes to protecting the network from threat actors and malware. And, neither is spending on pricey VDI licenses. The good news is that in many cases there’s a new alternative for IT to leverage. 

Cheers to SSE.

The post <strong>When to replace, or complement, a VDI Environment with a Security Service Edge (SSE) platform</strong> appeared first on Axis Security.

The pandemic was also responsible for rapid technological innovation, faster than we have ever seen before. Businesses today are at a crossroads and many teams need guidance on what direction to take. Do we stick with what we know or do we evolve along with this new form of work? This presents businesses with an opportunity to improve and grasp innovation with both hands. With these things in mind, Axis released industry-first data with its Security Service Edge (SSE) Adoption Report, from which we have derived six security predictions for 2023:

Prediction 1: Hybrid work is here to stay.

Even though the pandemic is slowly starting to come to an end, users are not returning to the office at the rate at which they left. Many companies have realized that happy staff are efficient staff and are allowing employees to continue to either work from home or provide flexible work options. 78% of companies confirmed that they are supporting a hybrid work model with an additional 10% supporting a fully remote workforce. 

This change to a hybrid workforce leads us to our first prediction. We predict that securing remote users will be top of mind during 2023. The tools we used in the past to connect users to applications and give visibility into these connections do not work in this new world. Companies are starting to consider how to do this in the future. The pandemic created rapid technological advances and there is a large selection of tools built specifically to secure this new hybrid workforce. Gone are the days of needing multiple pieces of hardware and software in a data center to get the job done. No longer do you need to feed and maintain software and hardware, pay renewal fees, and struggle with complexity.

Prediction 2: Balancing security, productivity, and visibility

To reiterate, we believe hybrid work is a permanent reality for many businesses, as a result, this creates a lot of new risks given the tools of the past no longer work as they once did. The report findings highlight that the biggest challenges with securing this new modern workplace are (1) adopting a zero-trust access strategy, (2) ensuring user productivity, and (3) having adequate visibility into user and application traffic.

In the past, teams have had to choose between security, productivity, and visibility, yet teams today must have all three with no compromise. Our second prediction is that security and networking teams will adopt tools that will fix these three core issues in the simplest way possible. Teams will not want to purchase multiple tools from multiple vendors and struggle to connect them together when an easier way is available. If this can be done in a single product from a single vendor this is the direction people are going to take.

Prediction 3: Prioritizing consolidation of security tools

The results show that 63% of businesses have three or more different security solutions in their environments with 22% having six or more different solutions. Managing these different solutions is complex and costly since teams need to learn, administrate, and troubleshoot across multiple user interfaces and pay for new hardware during renewal cycles. 

This leads us to our next prediction. Security and networking leaders will look to purchase solutions that allow them to consolidate and remove as many network-security solutions as possible. Teams want to remove both complexity and cost, meaning they need a tool that doesn’t sit alongside their existing security infrastructure (like a VPN) but one that can fully replace it. As many organizations consider solution consolidation, many are turning to Security Service Edge (SSE) solutions.

As businesses consider the consolidation benefits of SSE platforms, 63% are looking for SSE to eliminate or reduce the need for enterprise VPN, 50% for SSL inspection, and 44% for DDoS, along with a continued list of other inbound and outbound security stack solutions.

Prediction 4: SSE adoption will skyrocket

In just under two years, Security Service Edge (SSE) has become a popular and well-known technology category with 71% of cybersecurity professionals being familiar with the term. In fact, 65% of businesses stated that they plan to adopt SSE in the next 24 months with 43% planning to deploy by the end of 2023. 

SSE has quickly become a strategic initiative with 67% of businesses planning to start SASE implementation with SSE versus WAN Edge Services. Additionally, respondents ranked SSE as the #1 most critical element of a zero trust strategy, outranking SSO and MFA, endpoint security, and SIEM providers. 

Further, with 47% of respondents stating they will begin SSE adoption with Zero Trust Network Access (ZTNA) technologies, we predict that many organizations’ first step on their SSE journey will be leveraging use cases like hybrid employee access as well as agentless third-party access. From there, many will move to a full enterprise-wide VPN replacement project and then a wider SSE platform deployment including SWG, CASB, and DLP. They will want this to be from a single vendor and within a single platform.

Prediction 5: SSE architecture will be a big factor

SSE platforms often fall into two architecture categories. You have SSE platforms that have PoPs hosted in their own data centers while other vendors have PoPs hosted in Public Cloud Providers. When asked which architecture type they would prefer, 60% of organizations preferred SSE platforms that leverage the public cloud in some way, whether PoPs are fully hosted in public cloud or having a mixture of private and public PoP locations.

This leads us to predict that more and more people will pick SSE platforms from vendors that are either fully hosting their PoPs in the Public Cloud Providers or have a hybrid form of PoPs to ensure that they have access to the flexibility, reliability, and redundancy of established cloud giants.

Prediction 6: Digital Experience Monitoring (DEM) will be an SSE staple

The move to hybrid work means that old tools used in our castle and moat architectures no longer work. We can no longer see what our users are doing, making it very difficult to protect them from the growing number of cyber threats.  In fact, ensuring user productivity and increasing visibility are the second and third biggest challenges the business experiences when securing the modern workforce. This is why 90% of businesses believe that a DEM offering is an essential element in a holistic SSE platform. 

Our final prediction is that visibility is going to become critical to companies when choosing an SSE platform. Having all the information in a single data lake that makes reporting easy will be important. With the users, data and applications now everywhere this will be something not only your network and support teams will require but also your security team. This will make visibility a core requirement.

This year focus on…

It’s clear that this hybrid workforce is here to stay. For many IT and Security folks, this will be seen as an opportunity to consolidate a number of legacy tools they are using and move towards a more modern form of secure access. If your team hasn’t considered the business impacts of an SSE platform, I highly recommend you check out the Definitive Guide to SSE. Or if you’re interested check out the full findings of the 2023 SSE Adoption Report.

The post Top 6 Security Predictions for 2023 appeared first on Axis Security.

If you’ve not downloaded the first ever SSE Adoption report conducted by CyberSecurity Insiders, do! CyberSecurity Insiders, is a 500,000+ member online community for information security professionals, bringing together the best minds dedicated to advancing cybersecurity and protecting organizations across all industries, company sizes, and security roles. They are a comprehensive source for everything related to cybersecurity – connecting people, opportunities, and ideas.

After reviewing the report, there are several data points which stand out to me. The one which grabbed my attention most was this one.

67% of respondents are focused on adopting a Security Service Edge (SSE) platform vs WAN Edge services in the next 24 months.  Additionally, SSE was ranked the most critical element in a zero trust strategy, surpassing areas like Identity, Endpoint, and SIEM. So what is driving this interesting shift to SSE?  

Let’s first start with the change in the workforce.  2020 unlocked the power of the remote, or what we are now calling, the hybrid workforce.  While many believed the response to the black swan event three years ago would cause a downturn in employee productivity, the reverse has been true.  In May of 2022, Accenture did a survey.  It correlated that 63% of high revenue companies use a hybrid work model.  Why?  It is more productive than the traditional office based approach.  Additionally, hybrid work also results in high employee satisfaction as shown in a study by Ergotoron.  It revealed that 88% of employees valued the flexibility associated with hybrid work.  Lastly, the employment pool.  In the past, most people, including myself, planned their possible job options around a 25 mile circle.  Anything outside of that, was a hard pass.  With remote and hybrid work, my circle is now national, if not international.  This is a win for both the company and the worker! 

Therefore the need to enable, as well as secure, the hybrid workforce, is driving the growing adoption of SSE as a platform.  The business leaders are seeing this as a priority.  How can they create and maintain a high revenue workforce, greatly reduce risk to the organization while also simplifying the delivery and overhead of IT tools?  This is what SSE does and does well.  

If you are not familiar with the Security Service Edge (SSE) concept, it provides the business a platform based on least privilege access and then extends a security fabric out to where the employee is accessing the network.  In the past this was difficult to do.  Often the network or security engineer was confronted with a dilemma.  Do I prioritize access over security with access winning out most of the time. SSE changes the game.  It solves the dilemma and enables the business to have both; speed of access to business critical applications along with security too.  SSE also includes, as part of the platform, critical security services like data leakage protection and controls on SaaS services like Microsoft O365, Salesforce in the form of a CASB solution. Lastly, an integrated SSE platform will also pair down the number of security solutions a business will need to support. This is critical as we head into 2023 with uncertain economic headwinds rolling in and business leaders are searching their budgets for cost savings! 

The last point I want to make is about WAN Edge Services.  While this technology has been a high priority for the past 8 years due to SDWAN, the utility of this technology is now declining.  With the rise of the hybrid workforce, the focus is no longer on the branch or campus office.  Additionally, according to the WAN research firm Telegeography, 50% of companies have now adopted SDWAN.  This means the early adopters and the early majority are already using SDWAN.  SDWAN is now mainstream.  The work has been done here for progressive, forward thinking companies.  They are already moving on to adopt the benefits of the hybrid workforce and are looking to reap the rewards of an SSE enabled productivity and employee satisfaction!  

Welcome to the year of SSE!

Interested in learning more? Download the full results of the 2023 SSE Adoption report!

The post 2023: The year of SASE? Not So Fast Says SSE!!! appeared first on Axis Security.