Kyle Guercio | eSecurity Planet Contributor https://www.esecurityplanet.com/author/kyle-guercio/ Industry-leading guidance and analysis for how to keep your business secure. Mon, 23 Sep 2024 09:59:08 +0000 en-US hourly 1 https://wordpress.org/?v=6.7.1 https://assets.esecurityplanet.com/uploads/2024/08/cropped-4x-PNG_-Shield-eSP_MainLogo_2024_color-32x32.png Kyle Guercio | eSecurity Planet Contributor https://www.esecurityplanet.com/author/kyle-guercio/ 32 32 Best Privileged Access Management (PAM) Software https://www.esecurityplanet.com/products/privileged-access-management-pam-software/ Tue, 30 Nov 2021 12:00:41 +0000 https://www.esecurityplanet.com/?p=17805 Privileged accounts are among an organization’s biggest cybersecurity concerns. These accounts give admins control over data, applications, infrastructure and other critical assets that average system users don’t have permission to access or change. If a hacker gains access to a privileged account, he or she could inflict significant damage, so any unauthorized access to a […]

The post Best Privileged Access Management (PAM) Software appeared first on eSecurity Planet.

]]>
Privileged accounts are among an organization’s biggest cybersecurity concerns. These accounts give admins control over data, applications, infrastructure and other critical assets that average system users don’t have permission to access or change. If a hacker gains access to a privileged account, he or she could inflict significant damage, so any unauthorized access to a privileged account is about as dangerous as a cyberattack can get.

What is Privileged Access Management (PAM)?

Enter Privileged Access Management (PAM). Privileged access management solutions monitor, manage and secure privileged credentials by detecting threats and brokering access while optimizing users’ efficiency to complete tasks. PAM software is based on the principle of Least Privilege Access, which is about granting users access to and control over only the specific segments of a network they need to do their job. Under privileged access management, credentials must be verified before privileged users can enter a system and policies assigned to limit what actions they can take. This methodology improves security throughout the overall system while also optimizing workflows and productivity by removing the ability to waste time with unnecessary systems and applications.

PAM security tools leverage powerful automation capabilities and user-friendly features to build just-in-time (JIT) privileged access programs and zero trust security frameworks. These solutions are typically available as software products or software-as-a-service (SaaS) offerings, depending on the environment, whether on-premises data centers or hybrid and cloud systems.

Privileged Access Management vs IAM

PAM and Identity and Access Management (IAM) go hand in hand but serve different purposes. PAM is focused on defining and controlling privileges for more robust administrative tasks for sysadmins, superusers and other privileged access accounts. IAM manages access for general users and customers within applications, such as logging into accounts for emails or subscription services.

IAM generally has a smaller attack surface, as it focuses on users who only need access to a small number of business-specific applications. PAM focuses on larger actions such as the bulk download or alteration of databases that might give sysadmins access to a large number of accounts or critical data. These tasks create a much larger attack surface and a greater risk of a data breach, making PAM an essential tool in securing a network and its assets.

PAM is usually a subset of broader IAM frameworks, but it should be first in line as it delivers the connection between privileged users and the role-based accounts they require to do their job.

See our picks for the top Identity and Access Management (IAM) tools

What is the Difference Between PAM and Zero Trust Security?

The Zero Trust Security model embraces the philosophy of trust nothing and verify everything, as opposed to traditional castle-and-moat models focused primarily on perimeter security. Least privilege access is at its core, requiring every single connection within a network to be authenticated and authorized before they are granted access to a system. This relies on governance policies for authorization. PAM is the utility that verifies the permissions for administrative users according to these policies. Without PAM, zero trust security would be difficult if not impossible.

As cybercrime has grown in both frequency and severity, zero trust’s advantages have become increasingly clear. Now, 77% of IT decision-makers use a zero trust approach somewhere in their security infrastructure, according to ThycoticCentrify research. As this trend grows, tools like PAM that enable this kind of security will become more important.

See our picks for the best zero trust security tools

What to Look for in Privileged Access Management Software

Multi-factor authentication (MFA) is a core component of PAM solutions, so the best tools offer multiple MFA and authentication options, including compatibility with third-party MFA programs. In-depth audit trails, which provide more transparency, are another feature businesses should look for.

Support for remote systems and hybrid hosting environments aren’t standard but are important for today’s workforces, so some businesses may look for these features. Similarly, businesses with small IT teams or complex environments may need security information and event management (SIEM) software integration. Other features like artificial intelligence (AI)-based automation and user behavior analytics are ideal, too, for ease of management and detecting anomalous behavior.

Best Privileged Access Management (PAM) Software

Jump ahead to:

ARCON Privileged Access Management

Arcon Privileged Access Management can be delivered as both software or SaaS. It provides Privileged Account and Session Management (PASM) capabilities for all systems, as well as Privilege Elevation and Delegation Management (PEDM) for Windows and UNIX/Linux systems. Its impressive discovery capabilities can monitor and identify Active Directory (AD) users, network devices, databases and some applications. The smart session management feature can flag access to the most high-risk systems to help prioritize remediation efforts.

Arcon lacks many out-of-the-box technology integrations and primarily leans on APIs, which means more effort left on security teams for implementation and support. This PAM solution is best suited for midsize to large enterprises with mature use cases and the ability to support approaches through open APIs for adjacent integrations.

BeyondTrust

BeyondTrust Privilege Management is available as software or as a virtual appliance coupled with hardware for Windows, macOS, and UNIX/Linux. It has powerful discovery capabilities that include network and IaaS asset scanning. It beats out Arcon with more out-of-the-box adjacent technology integrations. Privilege Management also supports sandboxing and allow/deny/isolate functions for applications and Windows. File integrity monitoring is supported on Windows and UNIX/Linux systems.

It does provide clustering and high availability functions, however, it relies on high availability for Disaster Recovery (DR)scenarios and lacks a true “break glass” capability to allow access to passwords in emergency situations. But it remains an advanced tool that caters to large global enterprises with mature PASM and PEDM use cases.

CyberArk Privileged Access Security

CyberArk Privileged Access Security is a robust solution that offers PEDM capabilities for Windows and Mac, as well as an On-Demand Privileges Manager (OPM) for UNIX/Linux systems. It also has a separate SaaS offering called CyberArk Privilege Cloud for hybrid and cloud environments.

It boasts advanced discovery capabilities and service account management to support virtually any use case. Its break glass capability provides access to information even when the PAM tool is unavailable. It leads the pack in governance and administration with short-term, long-term and ephemeral access policies.

Privileged Access Security provides automation features for deployment but users still report deployment and upgrades are more complex to manage compared to competitors. The scanning and discovery tools in the SaaS offering are less mature than in the software product version but it’s a good choice for midsize to large enterprises that require on-demand scaling.

Foxpass

Foxpass’s primary business model is as a SaaS solution, but it’s also available as a self-hosted program for Windows, macOS and Linux. The biggest draw of this solution is its flexibility and control, offering multiple integrations and control options to fit into any IT environment. It integrates with Office 365, Google Workspace, Okta and more for both cloud-based and on-premises systems.

Administrators can manage MFA rules, password rotations and password requirements, then automate their enforcement. Automated threat detection takes this ease-of-use further. In the event of network downtime, Foxpass also includes a local cache feature to keep it running. Its highly configurable nature makes it ideal for experienced digital-native companies, but this may be overwhelming for teams newer to these types of software.

Iraje Privileged Access Manager

Iraje may not have the name recognition of some other competitors, but its PAM solution is one of the most competitive available. The SaaS tool can scale to support hundreds of users and thousands of devices. It also features many automation capabilities to help manage these networks, including automated alerts, password rotation, behavioral analytics and reporting.

This solution also includes compliance audit features. Some businesses, like those that fall under the Data Protection Act, must meet standards like ISO 27001, and these audits can help ensure compliance with them. Iraje Privileged Access Manager works across all operating systems and browsers, but it’s best for Windows ecosystems, as many of its third-party integrations fall into that category.

One Identity

One Identity’s Safeguard for Privileged sessions is only available as a hardware or virtual appliance. Its discovery capabilities aren’t market-leading but they are integrated into the main product instead of requiring customers to purchase a stand-alone software solution. It has impressive session management functionality with transparent gatewaying, OCR analysis for live sessions, command filtering, and SQL protocol logging for Microsoft SQL Server. Native governance and administration capabilities are pretty basic but can be improved thanks to integration with the One Identity IGA tool.

This is not the tool for companies looking to automate a lot of PAM processes. It requires users to build scripts for basic automated admin tasks. It also lacks break glass capabilities.

Senhasegura

Senhasegura Privileged Access is delivered only as a virtual image. Its account discovery capabilities are highly extensible with many automation and input connectors, as well as prebuilt integrations with change management database (CMDB) and IT operations monitoring (ITOM) systems. Users praise its logging and analytics features that come with searchable out-of-the-box reporting templates and an impressive graphical user interface (GUI).

Senhasegura Privileged Access is certainly not the best choice for a team looking for easy ways to extend functionality. The solution relies heavily on scripting yet the product documentation is surprisingly limited. So expect to perform a lot of independent research.

ThycoticCentrify

Thycotic and Centrify both previously made this list. Now that they’re merging, we’ll put both together here as the merged company develops.

Centrify’s PAM solution includes Vault, Cloud, Server and Threat Analytics suites, available as software but primarily offered as SaaS to cater to hybrid and cloud environments that require on-demand scaling. This is a good option for organizations with a focus on making data-driven decisions, as it provides advanced privileged access logging and analytics presented through a variety of built-in reports and support for SQL queries. Centrify also caters to largely remote companies by including a remote PAM tool. Account discovery capabilities could use further development, with primary focuses on Active Directory and network scanning. But its break glass capability through what the escrow function is a big win for emergency access. It’s able to export passwords and other sensitive data into CSV files that can then be encrypted and stored securely. Centrify is a good option for global enterprises with a need for AD bridging capabilities but not for macOS systems.

Thycotic Secret Server is available as both software and SaaS. Its credential management is great for Windows systems as it offers extensive support for a variety of Windows service accounts. Thycotic offers some useful add-ons at an additional cost, such as its Account Lifecycle Manager and the Connection Manager to support remote privileged access. It doesn’t have break glass capabilities and advises file copy backups for DR scenarios. Its software is an efficient tool for midsize and large enterprises and is likely the better option over the SaaS offering unless on-demand scalability and availability are a prime concern.

WALLIX Bastion

The main selling point of WALLIX Bastion is its session management functionality and advanced governance and administration, which offers advanced features, such as the Office for Civil Rights (OCR) analysis for live sessions. It also makes automation a priority with options to automate repetitive password policy tasks. Its unique break glass function uses email encryption to gain access when the PAM tool is not available.

WALLIX Bastion’s account discovery is lacking as it’s limited to Active Directory and local account and network scanning. Its event trigger automation controls are also limited to SIEM systems. Overall, it’s an intermediate PAM solution for midsize to large enterprises.

Privileged Access Management best practices

Here are some tips and best practices for ensuring your privileged access management lifecycle stays secure.

Identify Privileged Accounts

The exact parameters that determine what a privileged account varies for every organization according to the needs of the business. Not knowing exactly what a privileged account looks like creates vulnerabilities. Without this knowledge, you can’t create concrete governance policies. Start by mapping out what functions of your organization rely on different data, systems and applications. Then create a profile of who in your organization will have privileged access to these resources and when those accounts will be used. This information will inform your governance, which ensures that privileged accounts are properly monitored and controlled.

Define Governance

Well-defined privileged access governance is key to effectively monitoring and controlling privileged accounts throughout the entire lifecycle. Comprehensive governance entails defining roles, policies and mechanisms for access requests, approvals and delivery. After identifying what a privileged account is within your organization, you can draft policies that ensure accounts only gain access to the information they need, when they need it.

Continuously Monitor Account Activity

Continuous session monitoring and auditing should always be in place in the privileged account lifecycle. When breaches occur, records of account use will help security teams quickly identify the root cause of the issue. This information can also be cross-referenced with the account privileges to identify what policy controls need to be re-configured and improved.

Get Buy-In From Your Organization

Members of your organization need to understand what privileged access is, what access they have and why. Without this knowledge, they may make critical errors with their actions that contradict policies and leave backdoors in the network for attackers. If you don’t already, include PAM in your company’s security awareness training.

Privileged Access Management market

Gartner has identified PAM solutions as a top 10 security control. They deemed it, “one of the most critical security controls, particularly in today’s increasingly complex IT environment.” In a recent survey of IAM leaders, Gartner found that 30% have already implemented PAM solutions, with 36% planning to within the year. Another 22% plan on adopting SAM practices by 2023 or 2025. Only 13% have not included PAM in their future security developments. These figures are extremely similar for SaaS offerings, with 34% already using PAM solutions and 29% planning to adopt by 2023 or 2025.

As organizations increasingly move to cloud infrastructures, there is a shift in PAM solutions increasingly offered as SaaS rather than software, hardware appliances or virtual machine (VM) images. Gartner expects 84% of all organizations to have a SaaS-based PAM solution implemented in their security architecture by 2025, as the market continues to grow by double-digits.

The push for more remote work throughout organizations, especially due to the global pandemic, leads Gartner to expect a large rise in the need for remote administration access – not just for employees but for remote vendors and contractors as well. Remote access features will likely become standard in PAM solutions in the years to come.

Updated by Devin Partida

The post Best Privileged Access Management (PAM) Software appeared first on eSecurity Planet.

]]>
SentinelOne Product Review https://www.esecurityplanet.com/products/sentinelone-product-review/ Fri, 23 Apr 2021 21:21:58 +0000 https://www.esecurityplanet.com/?p=18462 Endpoint detection and response (EDR) is a vital tool for creating an effective security infrastructure for your organization. Endpoints are the most common entry point for malware and other malicious attackers, and protecting them is more important than ever with the boom in remote work due to the COVID-19 pandemic. About SentinelOne SentinelOne is an […]

The post SentinelOne Product Review appeared first on eSecurity Planet.

]]>
Endpoint detection and response (EDR) is a vital tool for creating an effective security infrastructure for your organization. Endpoints are the most common entry point for malware and other malicious attackers, and protecting them is more important than ever with the boom in remote work due to the COVID-19 pandemic.

About SentinelOne

SentinelOne is an advanced EDR tool that uses AI-powered threat detection and response. It combines EDR and endpoint protection platform (EPP) capabilities and operates across all aspects of a network, including endpoints, containers, cloud workloads and internet of things (IoT) devices. SentinelOne was named one of our Top Endpoint Detection & Response (EDR) Solutions for 2021.

Its patented behavioral and static AI models provide powerful automation for identifying and blocking threats. SentinelOne offers protection against executables, memory-only malware, exploits in documents, spear phishing emails, macros, drive-by downloads and other browser exploits, scripts such as Powershell, and credential encroachments.

SentinelOne was named the top-rated endpoint protection platform by Gartner Peer Insights. They recently launched a research division made up of security experts to help protect against evolving advanced threats.

SentinelOne has raised $700 million in funding since being founded in 2013. The vendor also recently acquired Scalyr, a log management, server monitoring and event data analytics provider for $155 million. This move was meant to extend the platform’s monitoring and analysis capabilities beyond endpoints and across an entire enterprise and cloud attack surface.

SentinelOne proved itself to be a powerful enough solution for Amazon to make available on the AWS marketplace so customers can rapidly deploy the solution.

Notable features

SentinelOne offers a number of key features that make it a comprehensive EDR solution.

Administration

Sentinel one simplifies endpoint management. It offers a centralized console for managing assets and discovering and controlling devices.

Detection and response

Machine learning and AI allow SentinelOne to anticipate and identify threats in real-time. It continuously hunts for threats throughout a network, using patented behavioral AI to recognize potentially malicious behavior. It can detect fileless, zero-day and nation-grade attacks.

SentinelOne also provides automated responses. When threats are detected, it can isolate, quarantine and even remediate issues without human intervention.

Analytics

Part of what makes SentinelOne such a powerful solution is its analytics-based approach to threat detection and response. The combination of data collection, behavioral analysis, AI and machine learning, as well as robust incident reporting, provides an abundance of threat intelligence to proactively identify new threats and offer effective remediation. This is further bolstered by the acquisition of Scalyr.

SentinelOne plans

SentinelOne does not release pricing information on its website. Contact the vendor for custom enterprise pricing tailored to meet the varying needs of your organization.

SentinelOne case studies

SentinelOne is best suited for enterprise organizations. It can support use cases across a variety of industries. Here are some example case studies:

Top SentinelOne Alternatives

Featured Partners

eSecurity Planet may receive a commission from merchants for referrals from this website

The post SentinelOne Product Review appeared first on eSecurity Planet.

]]>
XM Cyber Product Review https://www.esecurityplanet.com/products/xm-cyber-product-review/ Thu, 08 Apr 2021 23:26:31 +0000 https://www.esecurityplanet.com/?p=18345 Penetration testing is a powerful method for testing the posture of a security system. It shines a light on vulnerabilities that can lead to disastrous data breaches. There are services that offer white-hat hackers who will simulate attacks. However, these services can be costly and typically only simulate some of the possible attacks. New vulnerabilities […]

The post XM Cyber Product Review appeared first on eSecurity Planet.

]]>
Penetration testing is a powerful method for testing the posture of a security system. It shines a light on vulnerabilities that can lead to disastrous data breaches.

There are services that offer white-hat hackers who will simulate attacks. However, these services can be costly and typically only simulate some of the possible attacks. New vulnerabilities can arise at any time, meaning they may go unnoticed until the next time a white-hat hacker service is brought in. So how do you ensure vulnerabilities are discovered as they arise? A number of security tools can help make that process easier, including vulnerability management and breach and attack simulation (BAS).

About XM Cyber

XM Cyber is a security platform that continuously simulates attacks on an organization’s business-critical assets to discover new vulnerabilities as they arise, and provides prioritized remediation efforts. The platform instantaneously crawls an organization’s infrastructure, immediately identifying attack paths and the business-critical assets that are at risk. XM Cyber scans all assets on a network so it can identify vulnerabilities across multiple workloads and servers.

The tool was developed with the help of more than 30 cybersecurity researchers from the Israel Security Agency, the Mossad. They also recruited the help of the Israeli Intelligence Corps’ elite Unit 8200.

In 2020, XM Cyber received $17 million in series B funding with contributions from Macquarie Capital, Nasdaq Ventures, Our Innovation Fund and Swarth Group. XM Cyber is using that money to grow and enhance its Research and Development department. This latest series brings their total funding to $49 million.

Notable features

The notable features of XM Cyber are primarily focused on providing visibility into vulnerabilities and assisting in prioritizing which vulnerabilities security teams should try to resolve first.

Breach, attack and vulnerability management

The XM Cyber breach and attack feature continuously simulates attacks to identify vulnerabilities, including misconfigurations and human error, in a network. It offers context for these vulnerabilities by showing all the attack paths and the specific critical assets each path puts in jeopardy.

XM Cyber combines vulnerability scanning with patch management to further assist with remediation efforts. By offering context, it justifies where and why patches should be implemented. These simulations can run continuously without impacting a network or production environment so all business processes can carry on as usual.

XM Cyber product screenshot

Image courtesy of XM Cyber

Security posture visibility

After vulnerabilities are identified, XM Cyber assesses the level of risk and prioritizes remediation based on several factors. The first is determining what are the most critical assets that are at risk. It also offers detailed information on each attack technique being used to determine how difficult each will be to execute for cybercriminals. XM Cyber uses these factors to assign a vulnerability risk score for prioritization. The platform then validates that each attack path has been eliminated with each continuous scan.

XM Cyber plans

XM Cyber does not disclose pricing for its platform on its website. Interested parties will need to contact the vendor for a custom quote. But they do offer a free trial and a number of demos for those who want to see it in action.

XM Cyber case studies

The post XM Cyber Product Review appeared first on eSecurity Planet.

]]>
Amazon Alexa Skills Present Security Risks https://www.esecurityplanet.com/trends/amazon-alexa-security-risks/ Thu, 08 Apr 2021 18:56:35 +0000 https://www.esecurityplanet.com/?p=18336 Alexa skills are growing in popularity as users look to extend the capabilities of their Alexa devices. Researchers now believe that the rapid adoption of these skills could have implications for information security as they could open Alexa users up to phishing or invasive data collection What is an Amazon Alexa skill? An Amazon Alexa […]

The post Amazon Alexa Skills Present Security Risks appeared first on eSecurity Planet.

]]>
Alexa skills are growing in popularity as users look to extend the capabilities of their Alexa devices. Researchers now believe that the rapid adoption of these skills could have implications for information security as they could open Alexa users up to phishing or invasive data collection

What is an Amazon Alexa skill?

An Amazon Alexa skill is an application, often built by a third party, that users interact with through their Alexa device. Some examples include Alexa Guard for home security, Easy Meal Ideas for recipes and Spotify for music.

Amazon creates its own native skills but also allows third-party apps to integrate with Alexa. There are certain requirements that these third-party skills must adhere to when they’re developed:

  • Invocation names: Skills must have a name or phrase that, when said by the user, will automatically enable the application.
  • Intents: These are words that trigger certain actions from skills.
  • Cloud-based services: Skills must be hosted on a cloud-based service in order to accept and act on requests.
  • Proper configuration: All three of the previously mentioned requirements must be configured properly in order for Alexa to route requests.

The last step in creating a skill is to have it vetted by Amazon to ensure it meets policy guidelines. The issue that has researchers concerned is the stringency of this vetting process. This is where the issue lies.

Amazon Alexa skills security issues

For skills to pass Amazon’s vetting process, they must abide by Amazon’s privacy policy and meet security requirements for hosting services on external servers. Some researchers worry that Amazon’s vetting is not strict enough. Concerns have also been raised about the Alexa privacy policy and how it affects users’ data.

Problems with Amazon Alexa skill vetting

There are two primary issues when it comes to the Amazon skill vetting process. The first is the potential for duplicate invocation phrases. When developers register their skills with Amazon, some have found loopholes that allow them to use the same phrase as popular brand names, such as Ring and Samsung.

The issue that arises from duplicate invocation names is the increased threat of phishing attacks. When users download a skill, this usually gives a third party access to the user’s email address. Using the name of a popular brand can add fake legitimacy to phishing emails sent by the third party, encouraging users to fall victim to this malicious practice.

The second major issue is that developers are able to make code alterations to their apps after they’ve already been vetted by Amazon. This means developers could go back and either accidentally or purposely make changes to the code that opens their apps up to malware and other cyber threats.

Problems with Amazon Alexa privacy policy

It may or may not come as a surprise to many users how little focus there is from Amazon on being transparent about how skills handle user data. Amazon privacy policy does not require third party skills to disclose how data is being collected and used. 

In fact, a mere 28.5% of third party skills in the US offer valid privacy policies that clearly outline how user data is collected and used. Even more surprising is that only 13.6% of skills that are aimed at children offer valid privacy policies.

How to improve Amazon Alexa skills security

Unfortunately, securing Amazon Alexa users bear the ultimate responsibility for ensuring the skills they enable are secure. Alexa owners should audit their skills to see which offer valid privacy policies and disable any that aren’t being used or are not transparent about how they manage user data. The most surefire way to secure an Alexa is to remove third party skills altogether.

Businesses takeaways

Security issues with Amazon Alexa skills should serve as a lesson for other organizations. Namely that if they open their product or service up to integration with third parties, there are many factors to consider to ensure organizations and their users’ data remains protected. Businesses planning to open their products or platforms to third party integrations should develop a comprehensive and stringent vetting process to guarantee proper security precautions are in place and require full transparency over how user data is collected and used.

The post Amazon Alexa Skills Present Security Risks appeared first on eSecurity Planet.

]]>
ESET Product Review: Pricing & Features https://www.esecurityplanet.com/products/eset-product-review/ Fri, 26 Feb 2021 22:48:30 +0000 https://www.esecurityplanet.com/?p=18228 Antivirus solutions have long been a staple of cybersecurity practices. However, antivirus is no longer enough to protect an entire organization’s infrastructure.  Some antivirus solutions have expanded their offerings to include a more comprehensive suite of security tools to match the needs of modern organizations. These solutions must be manageable from a centralized platform and […]

The post ESET Product Review: Pricing & Features appeared first on eSecurity Planet.

]]>
Antivirus solutions have long been a staple of cybersecurity practices. However, antivirus is no longer enough to protect an entire organization’s infrastructure. 

Some antivirus solutions have expanded their offerings to include a more comprehensive suite of security tools to match the needs of modern organizations. These solutions must be manageable from a centralized platform and must provide visibility into the security posture of a network. ESET is one such vendor that has expanded its antivirus solution.

About ESET

ESET was founded in Slovakia solely as an antivirus product and has provided security solutions for over 30 years. The current version of its product implements multiple layers of protection to detect malware before, during and after execution. The multiple layers are able to:

  • Protect against ransomware
  • Block targeted attacks
  • Prevent data breaches
  • Stop fileless attacks
  • Detect advanced persistent threats

The combination of machine learning, advanced behavior analytics, big data and human expertise from the ESET R&D centers located around the world ensure that the solution is prepared to take on the newest and most advanced threats. ESET acts as a single point of network security management and is available as both a cloud-based or on-premises solution.

Notable features

ESET’s malware engine and ransomware shield are powerful tools for detecting signs of infection. The solutions continuously monitor network activity and compare it to known signatures of malicious behaviors. The ESET Live Grid cloud lab uses machine learning to identify new threats and continuously distributes those malicious signatures to all of its users.

The Unified Extensible Firmware Interface (UEFI) scanner is a valuable tool for protecting firmware. Capabilities for scanning firmware are not common in antimalware solutions, setting ESET ahead of the competition in this vertical. This tool can detect persistent malware that survives system reinstallation, reboots and newly installed hardware. 

ESET’s Antispam feature is also a valuable asset for bolstering data integrity. This tool can block suspicious emails that may contain spyware, ransomware and phishing websites. Antispam can also identify patterns of malicious emails to prepare for similar techniques in the future.

ESET plans

ESET offers three different business plans that vary in price by how many devices it will cover. The following prices reflect having five devices per plan:

The post ESET Product Review: Pricing & Features appeared first on eSecurity Planet.

]]>
Kasada Product Review https://www.esecurityplanet.com/products/kasada-product-review/ Fri, 26 Feb 2021 22:40:00 +0000 https://www.esecurityplanet.com/?p=18224 Kasada is an automated bot detection and mitigation solution designed for enterprise web applications. Its aim is to stop bots from crashing websites, automating fraudulent purchases, credential stuffing, scraping contents and launching general cyberattacks. About Kasada Kasada was founded in 2015 and is headquartered in Australia. The product identifies bots and other potentially malicious, automated […]

The post Kasada Product Review appeared first on eSecurity Planet.

]]>
Kasada is an automated bot detection and mitigation solution designed for enterprise web applications. Its aim is to stop bots from crashing websites, automating fraudulent purchases, credential stuffing, scraping contents and launching general cyberattacks.

About KasadaKasada Logo

Kasada was founded in 2015 and is headquartered in Australia. The product identifies bots and other potentially malicious, automated activity, then creates robust authentication processes to block them from entering websites and applications. 

Bots are an ever-increasing issue as automation technology improves, which has led to Kasada receiving a fair amount of attention in its relatively short time in business. CB Insight recognized Kasada on their Cyber Defender 2020 list for Credential Stuffing Defense. The company also raised $10 million in Series B Funding in 2020, bringing its total funding to $26 million. 

Notable features

One key to the Kasada solution is their adoption of the zero trust methodology of, “trust nothing and verify everything.” All connections to a web application must be authenticated before being granted access to any resources.

This framework is empowered by the Client Interrogation feature built to detect bots. Client sensors collect attributes that indicate automation, such as headless browsers. This information is then analyzed to determine if the client request is from a human user or a bot. 

Kasada uses a unique mitigative method that scales the difficulty of accessing web applications based on a growing number of requests. Using techniques such as resource consumption, fake response, alternative origin redirection and request metering, the product makes it too costly to conduct attacks at scale and deters bots.

The Kasada Threat Research and Security Engineering team is a group of security experts that conduct analysis of the latest bot attacks to enhance the solution’s detection and mitigation processes. Dynamic script injection provides continuous feedback in real-time so there’s no need for upgrades to reap the benefits of this analysis.

Kasada plans

Kasada has not released pricing information for their SaaS-based solution. You can request a demo or contact the company for a quote.

Kasada case studies

Kasada is best suited for enterprise organizations. It can also support use cases across a variety of industries: 

The post Kasada Product Review appeared first on eSecurity Planet.

]]>
Malwarebytes Endpoint Protection Product Review https://www.esecurityplanet.com/endpoint/malwarebytes-endpoint-review/ Tue, 23 Feb 2021 22:30:51 +0000 https://www.esecurityplanet.com/?p=18209 Malwarebytes Endpoint Protection is an endpoint security solution built to protect against advanced threats. Endpoints are one of the most common means of access for malicious attackers. Each one presents a potential vulnerability that could move laterally and infect an entire network, which makes protecting each and every endpoint vital for large organizations that support […]

The post Malwarebytes Endpoint Protection Product Review appeared first on eSecurity Planet.

]]>
Malwarebytes Endpoint Protection is an endpoint security solution built to protect against advanced threats. Endpoints are one of the most common means of access for malicious attackers. Each one presents a potential vulnerability that could move laterally and infect an entire network, which makes protecting each and every endpoint vital for large organizations that support large amounts of devices. 

Malwarebytes provides complete endpoint protection against malware and other attacks using a combination of detection, proactive threat blocking and remediation capabilities. 

About Malwarebytes

Malwarebytes began as a product dedicated solely to protecting against malware when it was founded in 2008 in Santa Clara, CA. However, it has since expanded to act as a much more comprehensive security solution. 

Endpoint Protection uses a Multi-Vector approach to security. It integrates multiple players of protection for both static and dynamic detection techniques to protect against threats across the entire attack chain. The two main groups of layers of detection include rules-based detection and behavior/artificial intelligence (AI) methods. These types of detection can identify both known and new, more advanced threats.

Malwarebytes Endpoint Protection is available as both an on-premises or cloud-based solution. It’s delivered through a single, unified endpoint agent.

Notable features

The biggest differentiating feature for Malwarebytes Endpoint Protection is the Multi-Vector approach to security. Rules-based detection uses signatures and heuristics to detect malware. It compares endpoint activity to attributes of known malware and attacks to identify potential threats. 

Behavior and AI-based detection includes three layers: Machine learning, behavior analysis and exploit mitigation. This multi-layered detection compares endpoint activity to a baseline of “normal” behavior to identify anomalies. Using machine learning and behavior analysis allows Malwarebytes to detect the most advanced, new and evolving threats with unknown signatures.

Malwarebytes also offers Exploit Mitigation to contain the impact of an attack once malicious activity has been identified. By stopping the malware or ransomware from spreading any further through a network, IT teams have more time to begin remediation processes and resolve the issue. 

It teams can easily get a view of current and past threats through the Malwarebytes Threat Visibility Dashboard. It can also be used to pinpoint when and where threats were identified to assist with remediation efforts.

Malwarebytes Endpoint Protection plans

The pricing for Malwarebytes Endpoint Protection, which adds cloud management and scalable protection over lesser editions, will depend on how many devices it will be supporting. The following price is based on a total of 10 devices: $699.00 per year.

Malwarebytes Endpoint Protection case studies

Malwarebytes Endpoint Protection is suitable for small-to-medium-sized businesses and enterprise organizations. It can also support use cases across a variety of industries:

Featured Partners

eSecurity Planet may receive a commission from merchants for referrals from this website

The post Malwarebytes Endpoint Protection Product Review appeared first on eSecurity Planet.

]]>
Cybersecurity Employment Outlook for 2021 https://www.esecurityplanet.com/trends/cybersecurity-employment-2021/ Fri, 18 Dec 2020 23:04:06 +0000 https://www.esecurityplanet.com/?p=17953 The massive SolarWinds breach drove home the point that the cybersecurity threat only gets worse with time, the stakes higher – and the tools more sophisticated. With the cost of cybercrime estimated to reach $6 trillion globally in 2021, there is a staggering demand for skilled cybersecurity professionals to combat these threats and manage cyber […]

The post Cybersecurity Employment Outlook for 2021 appeared first on eSecurity Planet.

]]>
The massive SolarWinds breach drove home the point that the cybersecurity threat only gets worse with time, the stakes higher – and the tools more sophisticated. With the cost of cybercrime estimated to reach $6 trillion globally in 2021, there is a staggering demand for skilled cybersecurity professionals to combat these threats and manage cyber defenses. The New York Times reports there will be 3.5 million open cybersecurity jobs across the globe in 2021.

There is already a 0% unemployment rate in the security field. That rate has stayed consistent since 2011 and shows no sign of changing. So anyone with experience or education in cybersecurity should have no problem finding a job.

In this outlook on cybersecurity employment in 2021, we’ll cover the current state of employment, what positions and skills are in the highest demand, concerns over how prepared employees are to face the newest generation of malicious actors, and how cybersecurity professionals can increase their value. For a look at how our predictions compare from last year, check out our previous employment outlook article.

The cybersecurity skills gap

While this huge opportunity for cybersecurity pros may look like a positive at first glance, it also indicates a big problem. There simply are not enough trained professionals with the required skills to fill all the necessary positions, especially considering that virtually all IT jobs require some level of security knowledge. This issue is only exacerbated as new risks emerge, such as Advanced Persistent Threats (APT) and quantum computing.

That skills gap means real stress on current cybersecurity employees; 78% in a recent Devo-Ponemon report said working in a security operations center (SOC) is “very painful.”

74% of companies already report the skills gap is impacting their ability to secure sensitive information, leading to data breaches and issues with regulatory compliance. 58% of CISOs report they’re concerned that the cybersecurity skills gap will only continue to worsen in 2021.

But the need to fill these roles is so vital that many companies are willing to hire employees with liberal arts degrees or no degree at all, as long as they have some experience or hold certain certifications.

Certifications to reduce the skills gap

Certifications now play a large role in determining what positions people are capable of filling. According to Burning Glass, around 59% of all cybersecurity positions request at least one certification. These are not only a good way to boost compensation but also offer a great entry point for entering the security field for those looking for entry-level positions. Two of the most important to be aware of are CISSP (Certified Information Systems Security Professional) and CompTIA Security+.

CISSP is one of the most valuable certifications for those who already have at least 5 years of experience in the security field. Earning this certification consists of passing a rigorous exam that validates one’s ability to develop, implement and manage advanced cybersecurity programs. For those looking to make forward movement quickly, CISSP should be on their list of certifications to secure.

The CompTIA Security+ certification is a valuable step to take for those seeking entry-level positions to shine amongst the competition. This certification was made to validate that the holder possesses the baseline skills necessary to carry out core security functions. The exam for CompTIA Security+ tests the individual’s ability to identify and respond to potential threats. It should be the first certification that cybersecurity professionals pursue.

Check out our article on the best cybersecurity certifications for 2021 to see what others can help security professionals prove their skills.

Cybersecurity job opportunities

The variety of different security positions is vast but the following positions are likely to be the highest in demand and most vital to success. As a result, compensation will be high.

C-level cybersecurity positions

It’s virtually guaranteed that all companies either have been or will be hacked. Understandably, this has terrified many organizations. They’ve come to realize that to thwart cybersecurity threats, they need to bring on highly-skilled and experienced professionals. And the most skilled and experienced will be those seeking high ranking, C-level positions.

CISOs (Chief Information Security Officers) in particular are in incredibly high demand. Whether they’re looking to expand their security leadership or replace existing executives with new talent, 100% of Fortune 500 and Global 2000 companies will have open C-level security positions in 2021.

Information security analysts

Modern organizations base the vast majority of their business decisions on data, and cybersecurity is certainly no exception. Information security analysts use data to determine what are the most serious threats facing an organization and guide where they should be implementing their security resources.

Demand for information security analysts is expected to grow at a rate of 32 percent through 2028. This rate is higher than all other occupations, even outside of the security field.

Cybersecurity project managers

After security analysts determine the approach an organization should take to combat threats, cybersecurity project managers need to ensure the implementation of these measures is carried out properly. Given how complicated security measures may be, especially at the enterprise level, they could be managing large teams of employees with a substantial budget.

To ensure everything runs efficiently, companies need skilled project managers. Reader’s Digest listed this role in their 21 most in-demand positions for this year.

In-demand skills

As with the different types of positions available in this field, the varying desired skills are seemingly endless. But for the coming years, cloud security and DevOps (development and operations) skills will reign supreme.

Cloud security

An increasing number of organizations are embracing a cloud infrastructure and that rate won’t slow down anytime soon. But cloud technologies raise an entirely new set of potential risks. This makes cloud security the most lucrative skill to have right now.

Currently, jobs that require cloud security skills stay open for an average of 79 days. That is longer than virtually all IT job openings. Existing professionals with cloud security skills can expect an increase in compensation of up to $15,025 in 2021.

Development

Second only to cloud security is DevOps and security application development skills. As new threats evolve, the software and tools used to combat them must follow suit.

Skilled developers are necessary to create solutions that can detect new threats, automate tasks and offer valuable information for remediation. Professionals with DevOps and application security skills could see an increase in compensation of $12,266 in 2021.

Other in-demand skills

Cloud security and DevOps skills will be in the highest demand but there is no shortage of other valuable skills that will see huge opportunities for employment. According to Burning Glass Technologies, these are other skills that will be in-demand:

Industries

No industry is safe from security threats. But some industries, namely the financial and health industries, are at much higher risk for a few key reasons, which means they will be looking to fill many cybersecurity positions. Two of the most important being the storage of personally identifiable information (PII) and regulatory compliance:

  1. PII: both industries are at huge risk as they store their customer’s PII, which can be used to compromise bank accounts and other finances. A data breach on a mass scale could compromise tens of thousands of individuals’ information, leading to identity theft and financial implications.
  2. Regulatory compliance: these industries must abide by strict regulations that deal with security. Some of the main regulations include HIPAA (Health Insurance Portability and Accountability Act), GDPR (General Data Protection Regulation) and PCI-DSS (The Payment Card Industry Data Security Standard).

Positions by geographical location

Cybersecurity professionals from all around the world will have employment opportunities available to them, especially with the boom in remote work this year. But there are certain geographical locations that will see the highest demand for these positions.

The Asia-Pacific region is experiencing a huge surge in demand with over 2 million open security positions. Across Europe, there are currently around 400,000 positions available. In total, the U.S. has 314,000 open positions, with the majority of them centered in five states: Virginia, Texas, Colorado, New York and North Carolina.

The post Cybersecurity Employment Outlook for 2021 appeared first on eSecurity Planet.

]]>
XDR Emerges as a Key Next-Generation Security Tool https://www.esecurityplanet.com/threats/xdr-emerges-as-a-key-next-generation-security-tool/ Fri, 04 Dec 2020 23:13:45 +0000 https://www.esecurityplanet.com/?p=17821 Corporate networks are complex, and so is the myriad of cybersecurity solutions that protect them. Trying to manage all the security tools in a comprehensive way can leave security teams overwhelmed. Extended detection and response (XDR) solutions are a new attempt to unify all those security tools. They’re designed to consolidate multiple products into a […]

The post XDR Emerges as a Key Next-Generation Security Tool appeared first on eSecurity Planet.

]]>
Corporate networks are complex, and so is the myriad of cybersecurity solutions that protect them. Trying to manage all the security tools in a comprehensive way can leave security teams overwhelmed.

Extended detection and response (XDR) solutions are a new attempt to unify all those security tools. They’re designed to consolidate multiple products into a unified security solution that provides automated monitoring, analysis, detection, and remediation. The goal is to increase detection accuracy while simultaneously improving remediation and security operations efficiency. The advantages of XDR are considered to be so promising that Gartner named XDR the number one security trend to come out of 2020.

What is XDR?

One of the main goals of XDR solutions is enhanced detection and response capabilities. XDR unifies visibility and control across all endpoints, the network, and cloud workloads. This improved visibility provides contextualization of these threats to assist with remediation efforts. Not only does it help protect against modern attacks, but also future unknown attacks as they emerge.

XDR also provides integration between data sources and security operations. By collecting and analyzing data from multiple sources to validate threat alerts, it is able to reduce the occurrence of false positives and the overall number of alerts. When security teams can focus their efforts only on real threats, they save precious time.

XDR shares SIEM‘s ability to pull together data for a unified view of security, but unlike SIEM, XDR is an actual collection of products merged into a single solution. You can expect all XDR products to include Endpoint detection and response (EDR), threat intelligence and analytics, antivirus software, firewalls and data encryption, among other technologies.

Palo Alto Networks was the first to introduce the concept of XDR in 2018 with Cortex XDR. The company’s goal was to provide security teams with a higher level of threat awareness and the tools to eliminate vulnerabilities beyond what EDR could offer. Cortex XDR comprises an assortment of capabilities, including the following:

  • Next-generation antivirus: This advanced antivirus software can block the latest malware, ransomware, exploits and fileless attacks.
  • Endpoint protection: A combination of device controls, host firewalls and disk encryption secure all endpoints in a network.
  • Detection and response: Cortex XDR uses AI-driven analytics to pinpoint the location of vulnerabilities, identify the root cause of the issue and coordinate response efforts.
  • Managed threat hunting: With help from Palo Alto Network’s Unit 42 experts, you can uncover complex and advanced persistent threats (APT).
  • Threat intelligence: Cortex XDR can collect data from a global community of researchers and organizations to extend visibility and enrich investigations with in-depth contextualization.

EDR vs. MDR vs. NDR vs. XDR

From the birth of EDR as a security solution space in 2013 by a Gartner analyst, three generally accepted offshoots exist. 

As EDR became a more widely accepted security service, it was a matter of time before managed service providers (MSP) would offer their expertise for a price. MDR vendors can provide clients with traditional EDR security, SOC resources, and IDPS capabilities. One can expect MDR vendors are en route to adding more XDR features to their managed IT solutions.

Unlike EDR, which focuses on endpoints at the network perimeter, an alternative solution dubbed network detection and response (NDR) by Gartner in 2020 manages the internal network data and workloads. While NDR might be less familiar, it plays into how XDR improves upon its predecessors and covers end-to-end infrastructure segments.

The following graphic touches on some of the critical differences between the detection and response family of solutions.

A graphic designed by Sam Ingalls that show how EDR, MDR, NDR, and XDR differ in their capabilities .
Designed by Sam Ingalls. © eSecurityPlanet 2021.

Contextualize threats

The broad umbrella of solutions encompassed in XDR solutions provides a holistic perspective over a network’s security. An XDR product collects and correlates data across email, endpoints, servers, cloud workloads and networks. It then applies situational security context to reduce noise and expedite identification of the root cause of the threat.

Benefits of XDR

There are many benefits to implementing XDR into your security infrastructure. Ultimately, you’ll gain improved protection, detection and response capabilities. Even with large investments in security, detection and response times can still be slowed down due to a large number of data streams from different products that must be analyzed. XDR tools can centralize all of this data into a single repository, making it much easier to get a holistic view of potential threats.

Properly maintaining network security requires constant attention. This can leave security teams stretched thin, executing time-consuming tasks that take away from more important work. But they must be carried out nonetheless. XDR tools were designed to improve the efficiency of security operations with extensive automation capabilities, such as monitoring for abnormalities, pulling information from relevant data sources, sending out alerts, and even implementing remediation efforts.

If your security budget is a concern, XDR may be a good option. Without the need to pay for multiple licenses and SaaS subscriptions, you may ultimately see a lower total cost of ownership and reduced overhead.

Elements of XDR

The elements of XDR can be boiled down to three main components:

Detection

Robust analytics that combines endpoint data collection with a growing list of security controls means XDR software can identify more advanced threats.

Investigation

A highly contextualized view from XDR tools makes identifying the root cause of issues a much quicker process.

Recommendations

XDR tools can provide query recommendations to security teams to help further an investigation. They can also offer counsel on responding to threats and remediation.

Risks of XDR

As with any new product that enters the market, there is potential for unseen consequences, the biggest of which in this case is vendor lock-in. Organizations often use a combination of vendors to fill out their security infrastructure. But if all the security solutions you need are wrapped up in one product from a single vendor, then you’re locked in. This isn’t a major issue if you’re a happy customer, but if you find that one aspect of the product is not working for your business needs, or the tech support offered by the vendor is less than satisfactory, there may not be much you can do about it.

Efficiency is a cornerstone principle for XDR products. They automate certain processes, grant high-visibility to security teams and free up time for them to work on other projects. But if you focus too much on efficiency and how quickly teams are getting things done, you risk sacrificing efficacy in the process. Don’t get too caught up in streamlining all security tasks. You should still regularly review the efficacy of your XDR solution.

XDR platforms are increasingly showing up in vendors’ catalogs, but they are by no means commonplace yet, so there are currently limited XDR vendors to choose from. But given all of the issues they can resolve if pieced together and operated properly, you will likely see more options available in the near future.

Top XDR vendors

Because XDR is a newer industry, the vendor who do offer it are powerhouse names in the industry. Some of the vendors to make our list of top XDR solutions this year include:

  • Trend Micro
  • Palo Alto Networks
  • Cynet
  • Crowdstrike

Learn more about the emerging, comprehensive technology and the budding XDR market in our Top XDR Solutions.

This article was updated by Sam Ingalls on July 17, 2021.

The post XDR Emerges as a Key Next-Generation Security Tool appeared first on eSecurity Planet.

]]>
Microsegmentation: The Next Evolution in Cybersecurity https://www.esecurityplanet.com/threats/microsegmentation-zero-trust-security/ Fri, 23 Oct 2020 22:25:32 +0000 https://www.esecurityplanet.com/?p=17812 The explosion in remote work that followed the COVID-19 pandemic has shifted corporate models from a main-branch focus to distributed corporate networks and vastly spread out remote employees. That in turn has shifted focus away from distributed networks and technologies like SD-WAN to the edge of the network – and to technologies like zero trust […]

The post Microsegmentation: The Next Evolution in Cybersecurity appeared first on eSecurity Planet.

]]>
The explosion in remote work that followed the COVID-19 pandemic has shifted corporate models from a main-branch focus to distributed corporate networks and vastly spread out remote employees. That in turn has shifted focus away from distributed networks and technologies like SD-WAN to the edge of the network – and to technologies like zero trust security and microsegmentation.

The next evolution of cybersecurity


Microsegmentation uses virtualization technology to create increasingly granular secure zones in networks. By applying tightly-focused security policies, microsegmentation moves security away from simply identifying IP addresses and grants users access to only the applications and data they need based on their identity and role. Security then becomes about the individual user, limiting dangerous lateral movement within a network. Those policies can be further refined by location and device – an adaptive approach that takes into consideration current security risk. It’s a core technology for zero trust, the idea that no one should be trusted or given more access than they require.

See our picks for Top Microsegmentation Products

The benefits of microsegmentation

Microsegmentation offers organizations a number of benefits:

  • Reduced attack surface: Microsegmentation limits attackers’ ability to move laterally through a network, ultimately reducing the potential attack surface.
  • Threat detection and response: Even with optimized security practices in place, breaches are inevitable. But microsegmentation can drastically improve threat detection and response times. When policy violations are detected, microsegmentation tools can generate real-time alerts and even block unsanctioned activity.
  • Regulatory Compliance: Microsegmentation can strengthen organizations’ regulatory compliance posture by creating segments that specifically store regulated data, typically the personally identifiable information (PII) of customers covered under laws such as General Data Protection Regulation (GDPR) and The California Consumer Privacy Act (CCPA). Compliance-focused policies can then be created for these segments. This also greatly simplifies the auditing process.

The Problem with traditional security techniques

More traditional security tools, such as firewalls, VPNs and network access control (NAC), have their limits because they focus primarily on securing the network perimeter. Security teams historically assumed the biggest threats were attacking from outside the network. But that approach overlooked insider threats – and the damage that hackers could do when they eventually got inside the network.

Complicating the network security picture is the rise in activity at the edge of the network, from consumers, remote workers and Internet of Things (IoT) devices. Edge traffic has prompted organizations to move data processing away from data centers to the edge of the network. That improves data center security and responsiveness – but shifts those problems to the network’s edge, necessitating new approaches to security. In response, edge security has become a new buzzword, and at its core is the concept of zero trust.

Authenticating users and devices with zero trust security

The zero trust framework relies on the philosophy of “trust nothing and verify everything.” This means that organizations must authenticate and authorize every single user and device connecting internally or externally to a network before allowing access to any applications or stored data. This method of “least privilege” access recognizes that too much trust is a vulnerability.

If a malicious actor gains access to a network, perimeter-focused security tools can’t prevent them from moving laterally through a network, giving them access to applications and data. That lateral movement is particularly dangerous because such advanced persistent threats are behind the most disastrous data breaches. Zero trust secures access across all applications and environments within a network.

So how can security teams authenticate the massive numbers of users and devices traveling throughout a network? One key is to create software-defined segments and define security policies for them at a granular level using microsegmentation.

Isolating networks and workloads with microsegmentation

Historically, organizations used network segmentation for security, which is a technique for creating sub-networks within a hardware-based environment. These network segments are built using traditional, parameter-focused tools, such as VPNs or firewalls, to provide north-south security – the flow of data entering or exiting a network.

Microsegmentation, on the other hand, offers protection for east-west, or lateral traffic – the flow of data inside a network. This includes server-to-server, application-to-server and web-to-server connections within the network. By creating security microsegments for individual workloads with granular policy controls, microsegmentation provides complete control over the traffic within and between software-defined segments.

Network segmentation vs microsegmentation

A common analogy for network segmentation versus microsegmentation is that network segmentation acts as the walls and moats surrounding your network castle. Microsegmentation acts as the guards protecting every single door and pathway inside the castle walls. Both are needed, but microsegmentation is the missing piece that can protect your most valuable data.

Problems with network segmentation

The theory behind network segmentation stands in stark contrast with zero trust, as it is only concerned with authorizing initial access to a network. This means that once a connection gains access, it is trusted to travel freely throughout the network, or at least that segment. 

Another issue with network segmentation is its reliance on coarse policies for network segments that offer limited control. Software-defined segments in modern hybrid and cloud networks would require thousands of coarse policies for each segment to achieve some lateral traffic protection. This is far more than can be reasonably managed as new resources and users are continually added to a network.

The lack of comprehensive, detailed policies to protect lateral traffic is a particularly large issue in the case of advanced persistent threats (APTs). In these cases, attackers use stolen credentials to gain access to a network. Without a zero-trust framework in place, attackers can then navigate through a network undetected for long periods of time, mapping out an organization’s system and creating highly-customized malware for harvesting sensitive data. Zero trust and microsegmentation are critical new steps for preventing APTs from traveling openly throughout a network.

Reducing the attack surface with zero trust and microsegmentation

By isolating environments and segmenting workloads, a zero trust framework using microsegmentation greatly reduces the overall attack surface of a network by limiting movement from one potentially compromised workload to another. Once microsegmented, fine-grained security policies can be applied to workloads, all the way down to single machines, users or applications. These policies can be defined according to real-world constructs, such as user groups, access groups and network groups, and can be applied across multiple applications or devices.

How to assign policies

On the device level, policies can be used to assign certain restrictions to devices based on their functionality, so that only devices that require access to critical applications and resources can be granted authorization. These devices can also be isolated from each other so they cannot communicate unless authorized to do so. Devices can also be restricted based on location – say a coffee shop vs. a corporate network – and the security of the device itself, which may not be current on all security updates and patches.

Policies can also be based on source identities, another advantage microsegmentation has over previous methods of segmentation. Network segmentation can only tell you what information is being communicated between segments, whereas microsegmentation can pinpoint the identity of the resource requesting to communicate, whether it be a server, application, host or user. This provides far more granular segmentation, only allowing communication between resources whose identities have been granted proper permissions to do so.

With a comprehensive microsegmentation solution in place, any connection that cannot be verified by policy parameters is blocked from gaining access. Not only does microsegmentation protect against lateral movement, but it also gives security teams high-visibility and context for all network traffic. This allows teams to quickly identify malicious behavior and breaches, improving incident response and remediation.

Choosing zero trust and microsegmentation tools

While the zero trust framework is not a completely new concept, it has only recently gained traction as an enterprise security tool. Therefore, not all zero trust product offerings focus on microsegmentation. When shopping around for a solution, make sure to confirm that it offers microsegmentation so you get the most out of your zero trust framework. Here are a few of the more popular microsegmentation vendors to start your search:

  • Amazon Web Services (AWS)
  • Microsoft
  • VMware
  • Cisco
  • Fortinet
  • Palo Alto Networks

If you’re worried about implementing zero trust in your network, fortunately, this does not require a complete reinvention of the infrastructure. The most effective solutions should layer on top of your environment without the need to replace existing security investments. If you would like to gain a better understanding of what options are available to you, check out our list of the Top Zero Trust Security Solutions.

The post Microsegmentation: The Next Evolution in Cybersecurity appeared first on eSecurity Planet.

]]>