While the Internet continues to unlock new ways for businesses to increase routes to revenue, deliver great employee and customer experiences, and cut costs – cyber thugs have unleashed a slew of ransomware attacks that target legacy network architectures. Thus, these malicious attacks have been elevated to amongst the top of the list of business-level concerns. 

It’s the CISO who is tasked with defending the business from these threats. Hence why it’s no surprise, ransomware is one of the top 5 CISO priorities in 2023, as per a recent study from Evanta, by Gartner.

These attacks encrypt valuable data and hold it hostage, demanding a ransom for its release. The consequences of a successful ransomware attack can be devastating, resulting in not only financial losses, but also reputational damage, and significant operational disruption. 

Over the last few years, ransomware attacks have inflicted significant financial losses on companies across multiple industries. According to this recent report by Cybersecurity Ventures, the global cost of ransomware is projected to reach $265 billion by 2031. That number is massive. For comparison, that amount would rank #42 out of 190 in a list of GDP rankings by country. The report estimates that a new organization will fall victim to a ransomware attack every 11 seconds in  2023. 

These statistics highlight the urgent need for organizations to fortify their defenses against ransomware attacks. The rise in costs for ransomware damages over the last eight years is extremely alarming:

• 2015 – $325 Million
• 2017 – $5 Billion
• 2018 – $8 Billion
• 2019 – $11.5 Billion
• 2021 – $20 Billion
• 2031 – $265 Billion

Ransomware attacks use several techniques to infiltrate networks and compromise data including:

• Phishing Attacks: Phishing emails are crafted to deceive users into clicking on malicious links or downloading infected attachments, leading to the installation of ransomware.
• Remote Desktop Protocol (RDP) Exploitation: Attackers exploit vulnerabilities in RDP to gain unauthorized access to a system and deploy ransomware.
• Malvertising: The distribution of malicious advertisements redirects users to infected websites and triggers an automatic download of ransomware.
• Drive-by Downloads: Just visiting compromised websites can initiate the download and execution of ransomware without user interaction.

In my opinion, to protect against ransomware attacks effectively, IT security leaders should explore Security Service Edge (SSE) vendors that elegantly bring together three key services into a single platform:  Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG), and Cloud Access Security Broker (CASB):

Zero Trust Network Access (ZTNA):
ZTNA is a security model that enforces strict identity verification and access controls before granting access to applications. By implementing ZTNA, organizations can significantly reduce lateral movement by preventing unauthorized access to critical resources and by connecting users directly to applications rather than putting them and their devices on the network.  Unlike legacy VPN tools,  ZTNA solutions do not need to punch holes in the firewall and expose inbound ports thus significantly reducing the attack surface.

Secure Web Gateway (SWG):
A SWG is a gatekeeper between an organization’s internal network and the internet. It filters web traffic, scans for malicious content, and blocks access to risky websites. SWGs use advanced threat intelligence to detect and prevent ransomware attacks originating from internet-based sources. SWG  enforces policies to prevent the downloading of suspicious files and actively block known malicious domains.

Cloud Access Security Broker (CASB):
CASB solutions provide visibility and control over data stored in cloud applications. With the increasing adoption of cloud services, it is crucial to secure cloud-based data from ransomware threats. CASBs enable organizations to monitor and protect data across multiple cloud platforms, enforce security policies, and detect anomalous user activities that could indicate a ransomware attack. CASBs also facilitate granular access controls to cloud applications, ensuring that only authorized users can modify or access critical data.

Take a look here to see what I mean. What you wind up with is the ability to effectively protect the business from ransomware. Below is the approach at Axis.

Ransomware attacks continue to evolve at an alarming rate and pose a severe threat to businesses worldwide. To mitigate this risk, businesses should adopt a proactive defense strategy that places SSE at the heart of it and combines ZTNA, SWG, and CASB into one elegantly delivered cloud service. 

By implementing these technologies, organizations can significantly reduce their vulnerability to ransomware attacks and minimize the potential damage caused by such incidents. 

Investing in the right measures is essential to protect valuable data, safeguard operations, and maintain the trust of customers and stakeholders in an increasingly Internet-connected digital landscape. Chief among them is SSE, the key to making the Internet safe for work.

Explore some of the new ways Axis Security is helping in our new 2023 Summer Release.

The post Making the Internet Safe for Work in a World Stricken with Ransomware appeared first on Axis Security.

The pandemic had led to a significant amount of innovation and evolution in the ZTNA market. To ensure I could make the best use of my time I made a requirements list of the things I wanted to have in the new product that the old product lacked, or that we had difficulties with. I used this as my basis when speaking to each of the vendors, dived into their technology, looked at some demos, and ticked off my requirements.

One of the things I wanted to avoid and made it to the top of the priority list was not having to use multiple user interfaces for the different parts of what I felt was a single product. I didn’t want to go to one place for remote access and another for the Secure Web Gateway. Having multiple user interfaces made it confusing for the IT team, as they had to navigate through different windows to access the information they needed. 

In fact, it made it impossible for the product team to hand it to the business-as-usual team because it was very easy to forget where you had to go to do which administration or troubleshooting task. This led to decreased efficiency and productivity, as everyone had to spend time searching for the right portal to make the right changes and in some cases, they had to make changes in multiple places before it would take effect. I wanted to remove as much complexity as possible and keep things simple.

Another thing that made it high up the list was wanting to avoid the product being sat on top of multiple data lakes. Having multiple data lakes led to lots of data fragmentation, which made it difficult for us to have a unified view of our security posture. This led to increased risk, as we did not have complete visibility into all of the security-related data across user access. It also made it difficult to automate any processes and share information between the IT and security teams. This led to duplication of effort, as the different teams ended up performing the same tasks multiple times, leading to decreased efficiency and increased costs.

Server-initiated flows were also on my requirements list. I needed to ensure that patches could be pushed from our patching server and this was an outbound flow instead of an inbound connection. This was a limitation with the current product which meant that we had to publish our patching server to the internet to push patches which actually added additional risk and was a step backward from our previous VPN solution. We either had to take this risk or stick with a traditional VPN for this use case.

A better agentless offering also made it onto the list. Being a manufacturing company we had contractors and 3^rd parties who needed access to our systems and although we could configure some access via a web browser it was very complicated, unstable, difficult to configure, and very limited on what applications were available. In many cases, we still had to get these users to install agents on their devices to give them the access they required so I needed a much wider range of ports and protocols available agentless in any new tool I decided to purchase.

Another thing I thought about for my requirements list was making sure the solutions within the platform were resilient and redundant and offered the best user experience. The current vendor sent secure web gateway traffic to one set of POPs and ZTNA traffic to another set of POPs that  were hosted in their own data centers on their own hardware. I wanted to find a solution that could easily expand and could use the power of cloud routing to ensure access to applications had the least possible latency but was also clever enough to switch paths if the routes being taken slowed down.

As I went out to the market and did my research and started to complete my requirements list I realized that there was only one vendor that met all these needs and had green ticks on the list of my requirements and that was Axis. I was so excited by what they were doing with their product, and the team was so friendly when I spoke to them, I ended up transitioning to the dark side!

Maybe you can relate to my story or maybe you’re not sure what to do next? If so I recommend a couple of things:

• Grab a (virtual) coffee with me! I would be happy to connect and hear more about the challenges you may be facing and provide recommendations for your business.

• If you’re considering a VPN alternative, check out this VPN Back Back Program from Axis. See if you qualify to get paid as you adopt a modern ZTNA solution.

The post The ZTNA Evolution – My Journey appeared first on Axis Security.

A few months ago, when Russia invaded Ukraine, our concerns became something the whole world rather than just IT started to hear about. It was reported on the news that cyberattacks were being used by both sides and within hours of Russia invading, it was announced that a new data wiper malware had been installed on hundreds of machines across Ukraine by Russia.

Next came sanctions imposed by the west on Russia as a sign of disapproval of the conflict. Given Russia’s demonstrated history of using advanced persistent cyberattacks, US cybersecurity leaders asked companies to remain vigilant and take immediate action to improve their defenses against the potentiality of attacks against businesses.

However, it’s important to note that these are just a few examples, and they are not the only tactics that sophisticated threat actors are utilizing. More than ever, large companies are subjected to cyberattacks and this has been accelerating in the past year.

Legacy infrastructure with large attack surfaces that allow for lateral movement has proven to be an irresistible target for attackers. An attacker can easily sweep the internet scanning for open ports to attack or send mass batches of phishing emails. If they can penetrate the network or install malware the door is open for them. They can roam around on the network and extract data without anyone ever knowing they have been there.

Many companies have solutions from multiple vendors to try and resolve these issues but monitoring and managing these systems, keeping them updated, and reacting to any issues is very time-consuming and expensive. It’s like putting your finger in a leaking dam. The old way of doing things just no longer works.

With the risk of being attacked increasing, we need a better way of architecting to protect against ransomware. We need to minimize the attack surface by ensuring that applications are not directly exposed to the open Internet. The reduction in attack surface should be coupled with the ability to inspect, and if needed, block malicious exploits lurking in SSL.

We need to remove remote access technologies that require placing users directly on the network and replace them with technologies that give the least privileged access to applications. And we need tools to protect sensitive data being exfiltrated with inline inspection and DLP controls. We need to be able to disable upload and download as needed, block copy & paste of data, and be able to tell what data, if any, is being exfiltrated to an external source.

At Axis, we believe we can resolve many of these issues. We place a lightweight connector in front of the applications, and they are published to the required users. Only the application, at a granular level, not full network access. The user requests access to an application and Axis mediates the initial connection, this is key to zero trust. There are no passthrough connections allowed. The user’s identity is verified, and access is validated based on policy and context, such as user identity, device health, application type, and even the user’s location.

The service then brokers a 1:1 outbound connection between a specific resource and an authorized user. The key is that this is granular. There is no network access. Traffic is inspected throughout the session which means if anything changes, such as the user’s IP address, they are removed, or the device posture access is revoked. We can configure DLP controls that disable upload and download as needed, block copy & paste of data, and have the ability to tell you right away what data, if any, is being exfiltrated to an external source.

With the tools we have, working in harmony, we are able to significantly reduce the risk of ransomware as highlighted below:

It’s worth noting that, unlike some zero-trust vendors, Axis has per-application segmentation ability. The competition can only provide access to an application and not an individual application. If that’s the case, sophisticated attacks can still reach other applications running on the same server. Additionally, zero-trust vendors that use virtual firewalls to connect traffic to a network inevitably are still susceptible to ransomware threats due to the visible attack surface that is still present.

The post Architecting to Protect Against Ransomware appeared first on Axis Security.

With 65% of organizations looking to adopt Security Service Edge (SSE) services in the next two years, one of the most common questions we get asked is can SSE replace VDI? Can SSE complement VDI?

The most important thing to consider before answering either of these questions is understanding the different ways VDI is used today. Below are seven common use cases for VDI technologies that we’ve seen.

1. Granular access – Minimizing over privileged access to key business resources
2. Visibility into traffic – VDI can be used to route traffic through on-premises security appliances
3. Data loss prevention – ensuring sensitive data is not stored or placed on the end users smartphone or desktop, while also ensuring data remains within the corporate environment
4. Desktop environment management – Frictionless desktop experience and allowing connectivity from a variety of end user devices via browser
5. License optimization – Instead of have a license every user, VDI allows for hosted pools, which are a collection of one or more identical virtual machines
6. Data optimization – Reducing latency or lag due to client-server connections
7. Traditional application support – Support for legacy protocols (i.e. Windows 2003)

One of the most exciting benefits of SSE is their ability to ensure secure access to specific business resources, without requiring network access. The policies that are created within, and enforced by the service, allow for advanced access control via policies that determine the context in which data can be accessed. Another key capability is the visibility into all session traffic that is made available to security and network admins. User logs can be used to determine which users access what resources, commands used, content that was downloaded etc. Role based access controls even help to ensure privilege account management to control visibility levels of sensitive data for compliance needs. These SSE capabilities can either replace VDI, or be coupled with the remote access solutions for a potent combination – depending on the use case.

SSE services can be used to replace VDI in the above use cases 1, 2 and 3. So, if these are the main reasons for using VDI, IT leaders can feel confident that an SSE service can be used to help remove the need for VDI. That means granular security, and a seamless experience – without springing for expensive VDI licenses. 

For use cases 4,5,6 and 7 SSE is best used as a complement to the VDI technology to introduce more security and control over the environment.

See the image below for an example of accessing SharePoint with our Atmos ZTNA solution, part of our Atmos platform, or a combination of Atmos ZTNA  and VDI, together.

One easy way to reduce the exorbitant costs of VDI, and adopt zero trust security, is to think about potential use cases where using SSE would be best within your business. The low-hanging fruit.

1. Insurance brokers or healthcare professionals – For example, if you are an Insurance company, you most likely employ insurance brokers that are technically third-party users. These brokers need access to web-based applications running in your application portal. Granting these brokers secure access to your portal becomes a breeze with SSE. This is the same for healthcare institutions that employ healthcare professionals who technically do not work for the hospitals they work in
2. B2B customers or supplier access – if you are currently using VDI to connect B2B customers ro resellers to web portal resources to learn about your products, or suppliers to web-apps to create or cancel orders, using SSE could be a better option than VDI.
3. M&A – Perhaps you’re an organization who often grows through mergers and acquisition. Standing up an expensive VDI stack becomes unnecessary if your goal is simply to allow newly acquired employees to access birth-right applications like HR and benefits. SSE not only saves money, but is much easier to manage, and more secure in this case
4. Financial advisors or auditor access – Or perhaps you’re an organization that has auditors (E&Y, KPMG, etc.) who need access to your books, SSE can be a great, cost-effective alternative to VDI if these apps.

Ultimately, determining whether to replace VDI with SSE, or complement, is really up to the customer. They must take the time to first understand how they are using VDI today, then look for ways to reduce VDI use where possible by using SSE. After-all, placing users on a /22 network, and poking holes in firewalls, just to allow access to VDI environments is not ideal when it comes to protecting the network from threat actors and malware. And, neither is spending on pricey VDI licenses. The good news is that in many cases there’s a new alternative for IT to leverage. 

Cheers to SSE.

The post <strong>When to replace, or complement, a VDI Environment with a Security Service Edge (SSE) platform</strong> appeared first on Axis Security.