A data breach is something every individual and organization needs to avoid. Unfortunately, it has become all too common in today’s online world. One major way that personal information becomes compromised is through identity theft. It’s better not to imagine the extent of damage that goes along with that.

In this highly-connected world, cybersecurity is continuously increasing in scope and size.

For one, consumers want to conduct business with enterprises capable of keeping hackers away. As a result, it becomes necessary to put a response plan against data breaches. The question, therefore, is how do you prevent or respond to a data breach?

What is a Data Breach?

A data breach occurs when an organization suffers a security incident that affects the confidentiality, availability, or integrity of its data. Consequently, the rights and freedoms of individuals become compromised.

Data breaches strike every industry, sector, and individual. For individuals, the cost is often personal financial damage to investment funds, salaries, or savings. On the other hand, corporations often spend hundreds of thousands or millions in dollars to repair systems, improve defense, and more.

How Do Data Breaches Happen?

Compromised credentials are the most common method cyber attackers use to enter a database. The approach accounts for 20% of data breaches.

Most affected credentials include passwords and usernames obtained through a different security incident. Various attack methods come into play in these data breaches including brute-force attacks, megacart attacks, phishing and more. Also, a breach could result from an insider, negligence, and business email compromise (BEC).

For an inside threat, the attackers first conduct surveillance, then map out a network for the most valuable resources, before targeting a potential pathway to infiltrate the systems.

Financial motivations are the reason for most inside attacks. Some employees jump at it when they get tempting offers to make extra money. The outcome is your information changing hands.

Types of Data Breaches

A data breach is also great at ruining a brand and not just your revenue. For individual to remain safe, a knowledge of the common types of breaches is a must. You also need to know how it affects you. So, here is a list.

• Malware or Virus: The goal of this threat is to wipe information from a computer. For companies that heavily rely on data, this is always a heavy blow.
• Password Guessing: Stolen passwords all to often result in extreme damage. Passwords are typically hacked due to their simplicity and being easily guessable. Prime examples of this include Passwords derived from people’s names, pet names, or birthdays.
• Ransomware: As the name suggests, this occurs when you pay a ransom to regain access to your phone or computer.
• Phishing: Phishing involves the mirroring of a website with a fake duplicate that can highly resemble the original. When you unknowingly log into the site, the attackers steal your password to conduct their criminal activities.

How to Detect a Data Breach

As data breaches become inevitable, detection is becoming an increasingly important initiative. At this rate, cybersecurity has become an essential investment for individuals and organizations. We all need to understand who is vulnerable to data breaches and how to detect and respond to them.

Data breach detection is not always easy. It often involves an intelligent Data Security Platform, especially in the case of large companies. Their tools help to provide speed and precision when mitigating damages.

Nevertheless, there are always warning signs that indicate when your system has experienced a data breach. Here are red flags you need to the investigate:

• Sudden user account lockouts or password changes.
• Strange user activity such as logging in at irregular times from unknown locations.
• Unusual pop-ups, redirections, or changes to browser configuration.
• Unusual activity on network ports
• Strange messages from you by email or social media
• Strange configuration changes without an approval

Effects of Data Breaches

Irrespective of the size, a data breach can destroy a business. For example, 60% of small businesses often shut down within six months after an attack. These occurrences can stem from multiple factors including:

• Poisoned Corporate Brand: Data breaches have a way of tainting a business reputation –the effects of which can linger long after the incident.
• Loss of Sales: Reputational damage can lead to a loss of customers and sharp drops in revenue due to drops in customer trust.
• Loss of Intellectual Property: Intellectual property constitutes over 80 percent of a company’s value today. Losing intellectual property can threaten the future of the company and also leaves it vulnerable. In some instances, some competing businesses will even take advantage of stolen information for their own gain.

How to Develop a Data Breach Response Plan

Have an Incident Response Checklist
Having an incident response checklist for data breaches can provide guidance for what to do during breach scenarios. It contains an outlined task to carry out so that everyone knows what exactly to do. However, the checklist should be flexible to allow adjustments for evolving threats.

Be Informed about Laws and Regulations
Regular government policy changes are often a headache for SME businesses. Because of the rise in cybercrime, governments and agencies constantly change regulations on data protection. Be sure to keep tabs on these changes and adapt to new laws.

Review New Cyber Threats
Never take the news of a data breach for granted. It’s important to consistently review new security risks as these provide highly valuable insights.

Identify Data Security Platforms
In case of a security breach, contacting a forensic service provider is safe. They are highly skilled at investigating the cause and impact of an attack. It is best to have the contact for one beforehand rather than waiting for a crisis to find one.

Steps to Take After a Data Breach

1. Identify the Source and Extent of Damage
The first thing to do about any cyber attack is to identify the source. You also need to identify the type and the extent of the damage. It is a time-consuming process when operating without a prevention system.

2. Having an Intrusion Prevention System (IPS)
An IPS automatically logs the security event to you and tracks down the source and identify of the affected files when in use. You can also gain insight into the particular actions taken by the threat actor.

3. Inform your Forensic Service Provider
You need to have a structure in place for addressing security emergencies. If you have a team, have them to swing into action immediately. Remember your checklist and let them follow the procedure for resolving the issue. If it is an inside threat, revoke the account’s privileges and change the password. Should you not have an in-house team, inform your security service provider to tackle the problem.

4. Test your Security Fix
Once the issue gets resolved, implant a short-term security fix to prevent future occurrences. Don’t forget to also test any security fix to avoid attackers using the same method. Be sure to conduct the test on all computers and servers.

5. Inform Authorities and Affected Customers
Customers need to be informed about a breach of their personal data so they take personal measures to protect their identities such as canceling credit cards and setting up two-factor authentication if available. Informing customers requires three critical factors — time, information, and thoroughness. Be sure to communicate honestly and openly where necessary and provide steps of guides for them to protect themselves. In addition, contact authorities about the breach. The government and security agencies provide post-breach regulatory standards for every industry.

6. Prepare a Clean Up and Damage Control
The loss of customer confidence is another devastating effect of data breaches. They tend to be more cautious with any organization after a breach. When you fix all breach-related issues, quickly pivot and work on restoring public trust.

Final Thoughts on Data Breaches

There is no single method for responding to a data breach . Data breaches often require a case-by-case approach along with a thorough risk assessment to determine the best course of action. The extent of damage and nature of the breach will determine the precise steps needed. The response team may work with additional staff or external experts such as IT specialists/data forensics experts. While data breaches can undoubtedly be a nerve-wracking event, the first rule is always prevention, and having a sound response plan can help put the mind at ease.

It should come as no surprise that passwords have fallen out of favor as a reliable method of authentication. This is because passwords are often weak (easily guessable), can be forgotten, and password stores become a weak point for security (if an intruder accesses the password store, they hit the motherload). Luckily, there is a better way to reliably authenticate users – certificate-based authentication.

What Is Certificate-Based Authentication?

Certificate-based authentication is a cryptographic technique that uses a digital certificate to identify a user, device, or machine before granting access to specific resources.

Certificate-based authentication isn’t new. It’s widely used by many internet security protocols, including SSL/TLS, a near-universal protocol that encrypts communications between a client and server, typically web browsers and websites or applications. However, certificate-based authentication works slightly differently for SSL/TLS than in other use cases. With SSL/TLS, the server confirms its identity to the client machine, but this happens in reverse for client certificate-based authentication.

For example, let’s say a company wants to use certificate-based authentication to grant employees access to its email servers. In this scenario, the company will issue employees with valid certificates to access the email servers, and only employees with these certificates will be granted access.

In recent years, certificate-based authentication has risen in popularity as an alternative to password-based authentication, mainly as a way to address the security gaps with usernames and passwords. For example, username/password authentication uses only what the user knows (the password). In contrast, certificate-based authentication adds another layer of security by also using what the user has (the private cryptographic key).

With that said, it’s important to note that certificate-based authentication is rarely used as a replacement for usernames and passwords but instead used in conjunction with them. By using both, companies essentially achieve two-factor authentication without requiring any extra effort from the end user (getting out their cell phone to receive a one-time password (OTP), for example).

How Does Certificate-Based Authentication Work?

Before answering this question, we first have to understand what a digital certificate is. A digital certificate is an electronic password or file that proves the authenticity of a user, server, or device through cryptography and the public key infrastructure (PKI). PKI refers to tools leveraged to create and manage public keys for encryption. It’s built into all web browsers currently in use today, and organizations also use it to secure internal communications and connect devices securely.

The digital certificate file contains identifiable information about the certificate holder and a copy of the public key from the certificate holder. This identifiable information can be a user’s name, company, department, and the device’s IP address and serial number. When it comes to the public key, the key needs to be matched to a corresponding private key to verify it’s real.

So, how does this work in practice? First, the end user digitally signs a piece of data using their private key. This data and the user’s certificate then travel across the network. The destination server will then compare the signed data (protected with a private key) with the public key contained within the certificate. If the keys match, the server authenticates the user, and they’re free to access network resources.

Benefits of Certificate-Based Authentication

Digital certificates are widely used by organizations today and for many reasons. Let’s dive into why.

Boosted Security

Public key cryptography, also known as asymmetric encryption, is considered very secure. This is because all data encrypted with the public key can only be decrypted with the matching private key. So, when two parties communicate, the sender encrypts (scrambles) the data before sending it, and the receiver decrypts (unscrambles) the data after receiving it. The unscrambling can only happen if the keys match. And while in transit, the data remains scrambled and will appear as gibberish to a hacker.

Ease of Deployment & Use

Certificate-based solutions are easy to deploy and manage. They typically come with a cloud-based management platform that allows administrators to issue certificates to new employees with ease. The same is true for renewing or revoking certificates. Moreover, many solutions integrate with Active Directory, which makes the certificate issuing process even more straightforward.

They also don’t require any additional hardware, which isn’t the case for other authentication methods like biometrics or OTP tokens.

Lastly, certificate-based solutions are very user-friendly and require minimal end-user involvement. Users don’t have to expend additional effort to get this boosted level of security. This is crucial because adding friction to any security measures tends to frustrate users and can often lead to worse outcomes. We see this happen with passwords where users typically reuse passwords to ease the burden of remembering multiple highly secure phrases.

Natively Supported by Many Existing Enterprise Applications

Countless enterprise applications and networks natively support X.509 digital certificates – the typical format used in public key certificates. This means enterprises can get up and running with certificate-based authentication with just a few configuration tweaks.

Security Flaws of Certificate-Based Authentication

No solution is without its drawbacks, and the same is true for certificate-based authentication.

It’s much harder to crack a key than a password, but once cracked, the results are the same. If a key is compromised, cybersecurity goes out the window. Essentially, IT can’t distinguish between a hacker and a legitimate employee if the keys match. And this is precisely why certificate-based authentication should be used in coordination with other authentication and cybersecurity measures wherever possible.

Second, certificate-based authentication is only as strong as the digital certificate. Or in other words, the stronger the cryptographic algorithms used to create the certificates, the less likely an attacker can compromise them. For this reason, organizations must ensure that the certificate authority is reputable and trustworthy.

Final Thoughts on Certificate-Based Authentication

Certificate-based authentication can be an excellent addition to any organization’s cybersecurity stack. While it’s not without its drawbacks, the benefits outweigh the challenges. Certificate-based authentication allows only approved users and devices to access your network while keeping unauthorized users and rogue devices locked out.

The Rise of Cloud Managed IT

Digital transformation is engulfing enterprise IT, with many legacy solutions migrating to the cloud. Paired with the Bring-Your-Own-Device (BYOD), Internet of Things (IoT), cloud adoption and mobile workforce trends, CISOs, network admins and IT teams are faced with new and complex challenges in securing their risk-based perimeter. As that perimeter extends off campus to remote environments, the need arises for convenient access that will encourage productivity and increase efficiency, while enforcing security policies and controlling exposure to emerging cyber threats.

Access Control Meets Cloud Managed IT

The Cisco Meraki and Portnox NAC-as-a-Service partnership helps enterprises realize the potential of cloud managed IT by providing complete visibility, control and management capabilities for network access. As enterprise begins to implement digital transformation, through BYOD, Internet of Things, the mobile workforce and cloud infrastructure, pervasive security tools are required to ensure that access is secured across the risk-based perimeter.

Together, Meraki and Portnox provide mid-market organizations and enterprises with the cloud and compliance infrastructure they need to embrace the benefits of digital transformation, while securing, controlling and appropriately managing access across all network endpoints.

Quick and easy deployment, low operational costs and flexible on-boarding of network endpoints makes the Meraki-Portnox collaboration an essential security tool for the innovative enterprise.

The Key Features of Our Joint Offering

• Enhanced Security: Secure access in all locations and at all times for wired, wireless, and VPN access. 802.1x provides top-notch user authentication, adding a layer of multi-factor authentication (MFA) to VPN.
• Full Visibility: Achieve full visibility into all network endpoints, from operating systems through to open ports and onto running applications. Carry out persistent posture assessments on devices and determine their level of access based on a machine learning devised risk score.
• Zero-Touch Deployment: Start controlling network access today with a pre-deployed and integrated environment including certification authority (CA), RADIUS, user databases and more.
• Complete Control Over Access: Discover all network endpoints and authorize access regardless of the endpoint’s credential validity to allow for gradual deployment of 802.1x access protection.
• Flexible On-Boarding: Add devices to wired/wireless networks based on a variety of pre-defined or unique parameters, as well as an option for secured persistent access for contractors and guests.
• Deep Dive into Devices: Gain context on the devices connecting to your network to better understand their level of risk including information on installed applications, services, certificates, users, open ports and user locations.
• Widen Switch Support: The joint solution supports 802.1X, certificate, domain and MAC authentication, as well as group-based dynamic VLAN assignments.
• Move from CAPEX to OPEX: Make the capital expenditure you continually invest in maintaining legacy security solutions operational expenditure that is investor based on level of need and degree of service use.
• Compliance Compatible: Easily implement compliance directives automate policy management and enforcement across the network.
• Stable and Secure Enterprise Grade Solution: With a highly available yet secured RADIUS Server, as well as agent support for all platforms, ensure business continuity no matter the circumstances.
• Support for MSP/MSSP Model: Service providers can easily manage their existing subscriptions together with Portnox, making the solution part of its repertoire of services, including rebranding options as needed.

Portnox-Meraki Use Cases

Portnox and Meraki’s joint offering is great news for network security, access and control. Here’s how the solutions work together, providing benefits that are made possible by joining forces:

• Persistent risk assessment of employee and contractor workstation to devise a network access control policy based on usage, location and a number of other endpoint characteristics.
• Perform risk assessments and provide access through a one-time password when accessing over the VPN.
• Simply control network segmentation based on VLAN assignment and Active Directory Groups.
• Certificate-based authentication across the entire enterprise – ideal for a multi-site environment.
• Allow for sponsored guest access, making it easier for guests and contractors to access what they need on the network, while controlling the method and scope of access permissions based on endpoint compliance and risk score.

 

About Cisco Meraki
Cisco Meraki is a cloud managed IT company that offers comprehensive solutions for organizations to manage all of their IT needs in one place. Meraki’s set of services include: wireless, switching, security, communications, EMM, security cameras and more, all managed through Meraki’s web-based dashboard interface. Meraki was founded in 2006 by Sanjit Bishwas, John Bicket and Hans Robertson and was acquired by Cisco in 2012.

Leading research firm Gartner has highlighted Identity Threat Detection and Response (ITDR) as one of the top cybersecurity trends of 2022, along with digital supply chain risk, attack surface expansion, and others. But what exactly is ITDR, and why is it important for organizations in 2022 and beyond?

What is Identity Threat Detection & Response?

In simple words, identity threat detection and response is a new security category focused on detecting credential theft, privilege misuse, unapproved entitlements, and other identity-related threats and vulnerabilities.

While other cybersecurity tools play a role in identity threat management, there’s been a marked rise in cybercriminals targeting identity and access management (IAM) infrastructure in recent years. As a result, Gartner felt creating this new category would help organizations sharpen their focus and be better positioned to access the best tools and practices to defend their identity systems. Or in other words, identity-based attacks have become such a common cybersecurity threat that a dedicated and laser-focused approach to combating them is needed.

The Case For ITDR

Today’s cyber threat landscape is more severe than ever before. With organizations rapidly shifting to remote working and public cloud adoption, the traditional network edge effectively no longer exists. This means companies must shift their security posture to focus on identities over devices.

At the same time, identity-based attacks are rising, and this trend shows no signs of slowing down in the foreseeable future. Today, cybercriminals increasingly bypass IAM by leveraging privileged access credentials. Then, they often move laterally across the networks, undetected. They also use this access to exfiltrate valuable data like employees’ and customers’ sensitive personal or financial information.

The security impact of stolen credentials on identity systems is immense. For example, one study found by Verizon that stolen credentials cause 61% of all data breaches1.

With the current state of the cyber threat landscape, cybersecurity experts are now recognizing that IAM and other related tools are not robust security. For example, Gartner argues that threat actors are “actively targeting access management (IAM) infrastructure,” so we need to develop new ways of protecting that infrastructure.

As for a high-profile case of identity compromise in action, look no further than the SolarWinds attack of 2020. SolarWinds is a leading software company that provides system management tools for network infrastructure and monitoring to companies worldwide. Hackers inserted malware into signed versions of SolarWinds’s software, which was then used to infiltrate an eye-watering 18,000 organizations. Essentially, SolarWinds’ Orion Platform created a backdoor through which the hackers could impersonate users and accounts of the targeted organizations. The malware also accessed system files and managed to blend in with legitimate activity without detection.

What Sets ITDR Apart?

A common question around ITDR is how it differs from other threat detection or identity management systems organizations already use today. Is it more of the same? The simple answer is no, but let’s dive a little further to discover why.

Existing identity protection tools like IAM, IGA, and PAM focus primarily on authorization and authentication, ensuring that the right people have access to the files and apps they need. In recent years, organizations have spent considerable effort improving these capabilities, adopting increasingly sophisticated software to manage identities and access with authentication.

In certain cases, IAM can pose a significant security risk when used in isolation – they can become a single point of failure if compromised. This is where ITDR comes in. ITDR is really about segregating these duties so that we can secure our IAM infrastructure and ensure that it’s working as intended.

And how does ITDR stack up against Endpoint Detection and Response (EDR)? EDR is a layered approach to endpoint protection that unites real-time continuous monitoring and endpoint data analytics with a rule-based automated response. EDR solutions work similarly to ITDR but ultimately focus on different things. Namely, EDR looks for attacks on endpoints, while ITDR looks for attacks on identities.

They also work differently once an attack has been identified. For example, when an EDR system detects an attack, it isolates the system to limit the hacker’s movement or shuts down the system to stop the hacker in their tracks. By contrast, ITDR systems often add an additional layer of security by providing fake data that acts as a decoy. These solutions can also limit lateral movement through the network.

However, it’s also true that ITDR solutions may vary depending on the provider. With this in mind, here are the features a solution should have to qualify as ITDR:

It should monitor and detect nefarious identity and privileges activity.

• It should detect identity-related misconfigurations, for example, Active Directory misconfigurations, that could lead to compromise. These misconfigurations could be intentional or unintentional, but both are equally damaging.
• It should investigate identity threats using contextual user information. The system should be able to detect if a user deviates from their typical activity, for example, accessing the system from an unusual location or downloading files they wouldn’t normally interact with.
• Following detection comes the response. We’ve already covered how ITDR responds to threats in action, but other responses would be removing excessive privileges (and moving towards Least Privilege) and investigating anomalies in privilege usage.

Final Thoughts

Identity security should be a top priority for organizations in today’s increasingly hostile cyber threat landscape. Effectively detecting and responding to identity-based threats is essential in a world where cybercriminals are continually bypassing authentication and authorization tools. ITDR plays a crucial role here in protecting our identity systems and keeping cyber criminals out. As a result, we expect to see more organizations investing in ITDR solutions over the coming years.

As working environments evolve, we must rethink our network security approach. The traditional “castle-and-moat” network security model, where everyone inside the network is trusted by default, but no one outside can access the data inside, is no longer fit for purpose. Faced with cloud computing, virtualization, and remote working, having a clear perimeter protecting a trusted inside zone no longer works. Today, users work within and outside the trusted zone, and our networks are becoming increasingly complex.

To combat this issue, a growing number of organizations are adopting zero trust network access (ZTNA) and secure access service edge (SASE). Crucially, this isn’t about an either/or approach, pitting the two against each other and deploying the winner. Instead, tight integration between ZTNA and SASE can deliver a whole host of benefits and safeguard organizations against attack.

What Is Zero-Trust Network Access (ZTNA)?

Coined by Forrester Research in 2010, zero-trust network access is a set of technologies and functionalities that provides secure remote access to an organization’s applications, services, and data, based on clearly defined access control policies. In simple words, ZTNA eliminates the concept of implicit trust for network access control (NAC). In practice, this means that no user or device will ever be granted access to network resources based solely on their location on the network. So, for example, using IP addresses as a basis for granting access wouldn’t be allowed in ZTNA.

ZTNA emerged out of a need for a more robust approach to network security in a world where users and sensitive data may be located anywhere – at home, in the cloud, in the corporate office, and so on. It replaces traditional approaches to NAC with solid authentication and authorization tools. As a result, network administrators can apply granular access controls, fine-tuning access control lists based on the concept of least privilege. For example, they can limit or grant users access to an application based on their role or leverage contextual information to authorize access.

What is Secure Access Service Edge?

Coined by Gartner in 2019, SASE is an emerging network security approach combining several cloud-native security technologies to connect users, endpoints, and systems securely. It combines ZTNA, SD-WAN, cloud access security brokers (CASB), secure web gateway (SWG), firewall-as-a-service (FWaaS), SaaS, and more, into a single, integrated cloud-based platform.

The SASE model allows companies to do away with siloed infrastructure that may leave gaps in security. It also enables complete visibility across hybrid environments, provides consistent monitoring and reporting, is less complex, and often cheaper.

Why SASE and ZTNA Are Better Together

Both SASE and ZTNA are crucial components of modern security architecture, but they’re not the same thing. You can think of SASE as a higher-level design philosophy that encompasses ZTNA in addition to other technologies. So, while SASE is a comprehensive and multi-faceted security framework, ZTNA is much more narrowly focused. For example, ZTNA is primarily concerned with limiting network resource access, which is one component of SASE, but not all of it.

When used together, SASE and ZTNA can provide a more robust and comprehensive solution that protects applications and data no matter where the end user is located. But how? Let’s look at some specific benefits of using both SASE and ZTNA.

Supporting Remote Access

The dramatic shift toward remote access over the last several years is one of the primary drivers of both ZTNA and SASE. In the past, companies would rely on multiple solutions like firewalls, SWGs, and remote access VPNs. However, with more and more applications moving to the cloud, this approach was no longer working. Cloud traffic no longer needs to go through a VPN, and companies were struggling to get complete visibility over their applications and data due to the sheer number of cloud-based apps in use. In addition, VPNs are often prohibitively expensive at scale.

SASE offers a better approach to remote access because it connects users to points of presence (PoPs) close to their location instead of routing them to a central data center. At the same time, ZTNA enables more granular and extensive network access control policies, improved scalability, and greater simplicity.

Boosted Agility and Resilience

With a SASE-based solution, companies only have one configuration repository to update – there’s no switching between solutions to ensure everything is patched and working correctly. This supports greater agility and allows network teams to focus on other tasks. Similarly, ZTNA provides boosted resiliency against attacks because it ensures total session protection, regardless of whether a user is on or off the corporate network.

Easier to Scale

As we mentioned earlier, application and device sprawl makes VPNs challenging to manage as the network grows. SASE and ZTNA combat this issue by bringing the scalability of a multitenant cloud-native platform.

Reducing the Attack Surface

SASE and ZTNA can help reduce the attack surface and mitigate the risk of data breaches. These solutions allow organizations to establish a hardened perimeter that cyber criminals can’t easily penetrate. At the same time, ZTNA ensures that only authorized devices and users can access sensitive data and systems and that users only have access to the resources they need to do their jobs.

Policy Enforcement Across the Network

Together, these solutions help companies with policy enforcement across their entire network. This means stronger network security, lower costs, a single view of the whole network, and streamlined network management.

Significant Cost Savings

Deploying security at scale can be expensive, particularly when buying and managing multiple products. Instead, using a single SASE solution with robust ZTNA dramatically reduces costs while ensuring robust and comprehensive security.

Final Thoughts on SASES & ZTNA

Faced with an increasingly severe cyber threat landscape and constantly evolving workplace environments, the castle-and-moat approach to security is becoming increasingly risky. Instead, organizations are moving toward more modern and robust approaches, like ZTNA and SASE. When used in unison, these approaches protect organizations today and prepare them for the future.

What is 802.1x?

IEEE 802.1x is a standard for port-based network access control (PNAC) that determines how to manage authentication for endpoints to connect to each other on a LAN. It can be used to manage access for both wired and wireless networks. It is broadly utilized at both company headquarters and branch enterprise networks to ensure secure endpoint authentication and network access control.

How does the 802.1x protocol work?

• Initiation: The authentication or supplicant conveys a session initiation request. A supplicant conveys an EAP-response message to the authenticator, which summarizes the message and forwards it to the authentication server.
• Authentication: To validate several pieces of information, messages pass between the authentication server and the supplicant through the authenticator.
• Authorization: Once the credentials are verified, the authentication server informs the authenticator to provide the supplicant access to the port.
• Accounting: User and device details, session types, service details and session records are kept by RADIUS accounting.
• Termination: The termination of sessions is done by disconnecting the endpoint device or using management software.

Why is 802.1x authentication important?

802.1x is the golden standard of network authentication security. It can stop over-the-air theft attacks, and is more secure than Pre-Shared Key (PSK) environments common among personal networks.

Governments, individuals, and large organizations alike all require strong network security, beginning with network authentication and access control. Securing all aspects of online data and information has become essential with the increased reliance on technology, and as corporate networks continue to expand, data security continues to be one of the most critical issues for organizations to consider.

While no network is immune to attacks, an efficient and stable network security apparatus is important to protect client data. A strong network security system helps limit the risk of falling victim to data theft and can help to guarantee that shared data across an enterprise network is securely kept.

There are several factors to consider when distributing certificates to managed devices, making it a massive undertaking. These include public key infrastructure (PKI), integration, gateway setup, configuration settings, certificate enrollment, device authentication, and more. 

Thanks to the Simple Certificate Enrollment Protocol (SCEP), administrators can quickly and easily enroll all managed devices for client certificates without any action from the end-user.

Here we will discuss what exactly the Simple Certificate Enrollment Protocol (SCEP) is and why network engineers should care about it. 

What Is The Simple Certificate Enrollment Protocol (SCEP)?

Digital certificate issuance in big enterprises is simplified, secured, and scalable with an open-source protocol called Simple Certificate Enrollment Protocol (SCEP).

SCEP servers utilize this protocol to give users a one-time password (OTP) through an asynchronous, out-of-band mechanism (OOB). After creating a key pair, the user submits the OTP and certificate signing request to the SCEP server for verification and signature. As soon as the certificate is ready, the user may request it from the SCEP server and then install it.

Digital certificate issuing was labor-intensive until the advent of SCEP and related protocols like Certificate Management Protocol and Certificate Management via CMS. SCEP is widely used in big organizations since it is supported by products from major vendors like Microsoft and Cisco.

After its creators left SCEP inactive in 2010, the project was dormant until it was revitalized in 2015. Apart from that, it is presently a draft that anybody may see as part of the work of the open-source community – the Internet Engineering Task Force (IETF).

Why Should Network Engineers Care About SCEP?

The public key infrastructure provides the most secure and user-friendly authentication and symmetric encryption solution for digital identities. Yet, the ambiguity and scale of certificate deployment for most businesses can challenge their already overworked network engineers.  

Manual deploying and maintaining certificates is tedious and error-prone. Whether an organization delivers a single certificate for a Wi-Fi router or holds several certifications across all networked devices and user identities, the whole process may take up to several hours. It leaves companies vulnerable to breaches, Man-in-the-Middle (MITM), and other forms of network disruption.

Certificates managed manually are more likely to be lost, overlooked, or expire without being replaced, putting businesses at high risk. Therefore, enterprises need the automated and well-organized certificate enrollment standard – the Simple Certificate Enrollment Protocol (SCEP) – due to the many risks associated with administering PKI certificates manually.

The significant benefits of the Simple Certificate Enrollment Protocol (SCEP) include:

• Hassle-free certificate issuing.
• Ensuring that certificates are correctly issued and configured across various devices.
• A fully automated procedure for the issuance of certificates. As a consequence of this, it involves very little to no human participation.
• A protocol that saves time, lowers operating expenses, and boosts productivity by enabling network engineers to concentrate on other duties rather than doing those chores themselves.

SCEP is a flexible solution that can meet all your network management requirements since it is compatible with most devices and server operating systems. These include Windows, Apple iOS, macOS, and Linux, as well as directory systems such as Active Directory.

The Future of Access Control

For over a decade, Virtual Private Networks (VPNs) have been providing businesses with secure access for remote workers and end users. As cyberthreats become more rampant and dangerous, communication and network requirements are continuously changing in response. VPNs have begun to show their limited capabilities as they fail to address various security concerns in this ever-changing landscape.

The current VPN technology in use today may not be able to modernize and adapt to the evolving security threats of today. As a result, Software-Defined Perimeters (SDP), Zero Trust Network Access (ZTNA) and Network Access Control (NAC) come into play. Their collective purpose is like a VPN, but they serve as more comprehensive network security solutions.

Network Access Control (NAC)

NAC is a technology designed to provide endpoint authentication and network access controls to ensure only authorized devices are granted access to a network.

Research has demonstrated that NAC and SDP have become essential elements in the development of Zero Trust Networks as they enable monitoring, visibility, and control at the network access layer. Therefore, NAC is a critical foundation for cybersecurity resilience at the access layer.

Moreover, NAC is a technology that utilizes other core technologies in achieving ZTNA. As a result, NAC vendors should provide easy deployment options and software integration. Although network infrastructure evolvement is rapidly changing, many organizations keep hybrid or legacy environments. NAC can be deployed through both on-prem or virtual appliances.

Software-Defined Perimeter (SDP)

SDP solutions are designed to apply the principle of least privilege (POLP), and are software-centric rather than hardware based. It is made to conceal network infrastructure so as not to be seen by external parties and attackers. Once the device and the user are authenticated, SDP builds a one-to-one connection between the server and the device.

To understand how the SDP solution works, think of a door that is always kept locked. Because it is locked, no one can enter the door or even look inside unless the person inside verifies who the person is and what they are doing. When the visitor centers, the person in the house locks the door again.

Zero Trust Networks Access (ZTNA)

ZTNA is a security solution that provides secure remote access to data and services based on defined access control policies. ZTNA is different from VPN as it only grants authenticated users access to the resources needed to perform their job. and helps to eradicate gaps in other secure remote access methods and technologies. In this way, ZTNA works similarly to SDP as they utilize the concept of a dark cloud to stop users from seeing network resources that they are not authorized to access.

Determining the right network access control (NAC) security policy for your organization isn’t an easy task.

It’s often a balancing act between keeping your network secure and ensuring employees can access the systems they need to do their jobs.

Role-based access control (or RBAC) can be a good way of ensuring your network is protected. If you’ve been considering implementing RBAC in your organization but aren’t entirely sure of the benefits, this article will answer your questions.

What is role-based access control?

Role-based access control is a way of restricting access based on a user’s role within an organization. This means that users aren’t assigned permissions directly but are instead given roles that govern their levels of access. Depending on their job and responsibilities, a user may have one or more roles.

Let’s say, for example, you have a staff database on your network, which contains all your employees’ contact details and contractual information.

Everyone in the organization may have access to edit their own personal details. Managers may have access to edit their team’s information, but no one else’s. Your HR team may have full access to the database to view and edit everyone’s data.

RBAC works on the Principle of Least Privilege (PoLP). This means users have the minimal level of access needed to carry out their job.

RBAC isn’t the only access control method available. There are other options you can consider, like attribute-based access control (ABAC), policy-based access control (PBAC) and access control lists (ACL). However, role-based access control is one of the most effective ways of not only keeping networks secure but improving organizational efficiency.

A study by NIST has shown that role-based access control addresses most of the needs of government and commercial organizations.

Why is role-based access control so important when it comes to network security?

Networks are more susceptible to security breaches than ever before. People working from home and the introduction of BYOD policies mean more endpoints that can be compromised.

In fact, according to IBM, it’s estimated that data breaches in 2021 cost businesses an average of $4.24 million.

With this in mind, it’s essential to ensure networks stay safe. Here’s how role-based access control can provide security for businesses large and small.

I. It makes it easy to ensure networks are secure

Setting up permissions for networks is relatively straightforward. However, as people start, leave, and move around organizations, permissions can become less efficient. Users may end up with access to systems they no longer need.

RBAC means IT departments can effectively manage what access people have with a click of a button.

Let’s go back to the example of the staff database above and say that a new staff member has joined the HR team. Rather than setting access at a user level, you can add them into the ‘HR’ role so they can have full access to the system.

A few years later, let’s say the staff member moves into the sales team, meaning they no longer need full access to the staff database. Rather than changing every single point of access they have, it’s just a case of adding them into the ‘sales’ role instead.

II. It reduces the attack surface

It’s estimated that one in four data breaches result from human error. With RBAC, if a member of staff causes an accidental (or intentional) data breach, there will be less impact.

Let’s say someone is a victim of a phishing attempt, and a hacker obtains their login details. The hacker will only be able to access the information that the member of staff has through the roles they have been allocated.

This means even if a data breach occurs, most of your information will still be safe.

III. It eliminates the risk of ‘insider threats’

Disgruntled employees can often try and settle the score by leaking confidential data or deleting important information. Earlier this year, an IT technician in the UK was jailed for 21 months for wiping data from the school he was formerly employed at after being fired.

As role-based access control gives just enough access to ensure staff can carry out their jobs, it minimizes the risk of users causing intentional harm to your networks.

Similarly, if you work with any third parties, you can use RBAC to assign them pre-defined roles and limit what they can view or edit. Once you stop working with them, you can quickly remove their permissions.

IV. It can quickly scale and adapt

As RBAC deals with overarching roles rather than individual permissions, it can grow as an organization’s IT requirements do.

Let’s say you acquire a new application for your organization. Role-based access control makes it easy to create new permissions as well as set different levels of permissions quickly. As a result, you can ensure any new hardware or software stays secure and that the right people have access.

V. It can ensure you stay compliant

Some industries, like healthcare and financial services, are heavily regulated and have stringent compliance regulations in place. For example, the Health Insurance Portability and Accountability Act (HIPAA) states that only certain people should be allowed access to specific systems.

Role-based access controls can ensure that organizations in these industries do what is required of them, minimizing the risk of security breaches as well as fines for willful violations of the law.

How Portnox can help with your RBAC requirements

Role-based access control can be an extremely efficient way of ensuring network security and can be as top-level or granular as your organization demands. The key is developing a solid strategy before creating and assigning roles.

Which parts of your network need access control, which departments need permissions, and how will you assign people to the right roles?

If you need extra support keeping your network safe, Portnox is here to provide you with peace of mind. Our NAC security solutions come with role-based authentication and access policies to ensure the right people can access your network at the right time.

Contact our team today to find out more.

We live in a world where cybercriminals can penetrate an alarming 93% of company networks. In fact, this trend looks set to continue as we move further into 2022 and beyond. 

Simply put, the cyber threat landscape is becoming increasingly dangerous for organizations and individuals today. For example, cybercriminals are becoming more sophisticated in their methods, shadow IT is widening the corporate attack surface, and network administration errors and misconfigurations are common. At the same time, Crime-as-a-Service (CaaS), where experienced cybercriminals sell access to tools and knowledge needed to execute an attack, is skyrocketing in popularity. The result? More hackers and more successful cyber-attacks. 

We need to strengthen our cybersecurity arsenal if we want to turn this situation around and effectively safeguard corporate systems. And that starts with people – the cybersecurity professionals who find unique solutions to keeping bad actors out. But unfortunately, the widening cybersecurity skills gap is making this extremely difficult. With this in mind, let’s look at the current state of the cybersecurity skills gap and what’s driving it. 

The Current State of the Cybersecurity Skills Gap

According to Fortinet’s 2022 Cybersecurity Skills Gap Report, the cybersecurity skills gap contributed to a whopping 80% of data breaches last year. And these breaches had dire consequences, with 64% of organizations saying they lost revenue or faced fines and 38% reporting that breaches cost them more than a million dollars. 

Companies need skilled cybersecurity professionals now more than ever, but finding and keeping this talent is becoming increasingly difficult. For example, the same report found that 60% of organizations struggle to recruit cybersecurity talent and 52% struggle to retain qualified people, despite 76% of organizations indicating their board of directors now recommends increasing cybersecurity headcount. 

In simple words, organizations urgently need to close the cybersecurity skills gap to tighten their network security and keep pace with nefarious actors, but the gap continues to widen. For example, according to another report, the global cybersecurity workforce will need to grow by 65% to defend organizations’ critical assets effectively. 

At the same time, we continue to make immense strides in technological innovation across industries. Technologies that once seemed like science fiction, such as artificial intelligence (AI), machine learning, and Internet of Things (IoT) devices, are now becoming commonplace. But while these technologies undoubtedly add enormous value, we’re not hiring and training the talent to ensure their security.

Perhaps the most puzzling aspect of this situation is why precisely the cybersecurity industry is struggling to attract and retain talent. On paper, cybersecurity appears to be an attractive job prospect for fledgling tech enthusiasts or even IT workers who might want to transition roles into areas like network engineering, cyber intelligence, or security analysis. 

The appeal for people entering the field should be strong job security, a wide variety of opportunities, the ability to make a real impact, and decent pay (the average salary for a cybersecurity engineer in the US is $101,5481). And IT workers looking to transition into the role get much the same benefits but with a lower barrier to entry. For example, a coder is unlikely to struggle to wrap their heads around firewall types, network access control, and authentication security protocols like 802.1X. 

And yet people aren’t jumping at the chance to work in cybersecurity. Moreover, nearly one-third of the cybersecurity workforce plans to leave the field in the near future. But why? 

Factors Driving the Cybersecurity Skills Gap

Various factors are at play in why the cybersecurity industry faces talent shortages and a widening skills gap. So, let’s get into them. 

An Increasingly Demanding Skill Set and Entry Requirements

Due to the severity of today’s cyber threat landscape, cybersecurity professionals need a massive range of skills, and the list is growing yearly. Organizations increasingly want workers to have strong computer science, network engineering, and other technical skills in addition to computer forensics skills, problem-solving skills, and more. 

And more often than not, one of the key prerequisites to enter the field is a formal degree and an advanced professional certification like CISSP (Certified Information Systems Security Professional).

But despite these requirements, getting cybersecurity skills while still in education is often challenging. For example, only 43% of the US’s top 50 computer science programs include security courses for undergraduates. In other words, we might be failing to attract budding IT professionals into cybersecurity before they choose their career paths. And when this next generation of IT workers opts for a different discipline, they find themselves without the needed certifications to transition into cybersecurity. 

Cybersecurity is Too Stressful

Sadly, stress is an industry epidemic in cybersecurity. Defending against advanced threats daily or even hourly can take a toll on mental health, which is reflected in the statistics. For example, according to Deep Instinct’s Voice of SecOps Report, 45% of C-suite and senior cybersecurity professionals have considered quitting the industry due to stress. And another study from the UK found that 42% of security leaders say they would be unlikely to recommend a job in cybersecurity due to the stress of the job.

A Thankless Job

Cybersecurity teams typically attract the most attention when something goes wrong (a successful breach). But, when they successfully defend the network, there’s silence. As a result, morale is often low in cybersecurity teams. If you’re going to be stressed, you should at least have your successes championed, right? Unfortunately, too many companies are failing to do this right now. 

Attitudes Toward Cybersecurity

Most companies recognize that network security and cybersecurity are essential in the modern world, but that doesn’t mean they have positive feelings toward them. Many high-ranking employees believe that cybersecurity stifles innovation or that cybersecurity teams are too heavy-handed regarding network access control. They don’t see all the attacks that cybersecurity teams prevent, so they assume the team is needlessly restricting their access to files and apps to exert power. 

Choosing a career in cybersecurity can seem unappealing if you’re anticipating being undervalued by your employer. 

Where Do We Go From Here?

Unfortunately, it’s never been easier to become a black hat hacker. Advanced hacking tools are easy to come by, and knowledge sharing for things like phishing attacks, whaling attacks, and corporate account takeovers is rife. But the barrier to entry for the other side – the good guys who want to protect corporate networks is far higher. So companies that want to strengthen their network security need to take steps to overcome the cybersecurity skills gap and deploy advanced tools to help bridge the gap.