Volume 1, Issue 3 December 1, 2020
Being “on the same wavelength” suggests that miracle moment when two people are saying or thinking the same thing – sometimes without even speaking! Dynamic understanding.
Wavelength by Juanita Koilpillai
Never Trust, Always Verify – what does this mean for network security? How did networks and networking evolve? Decades ago, computer vendors offered “networks” connecting terminals and remote job entry stations to mainframes. Then in the 60s and 70s Arpanet introduced networking between computers viewing each other as equals to achieve resource sharing. Then in 1973 Cerf and Kahn published the seminal paper describing another protocol layer to accommodate diverse types of individual networks and IP and TCP were born.
In 1996, the virtual private network (VPN) was introduced to provide secure and private communication and file sharing between different offices. Using the VPN, employees would be able to access important files remotely without risk of unauthorized users stealing sensitive data. Good concept except that VPNs offer a huge attack surface to hackers and are complex and expensive to implement and manage.
During the global health crisis, we’ve seen unprecedented growth in the number of corporate employees working away from the office. Many rely on VPNs for connectivity; IT Security and Network Ops trust the VPNs with their cadre of external and internal firewalls grouped around the concentrator usually in a DMZ. Managing this infrastructure is complex and costly. Unfortunately, VPNs are highly visible and vulnerabilities in VPN platforms are exploited by hackers within hours of disclosure. Malware gets planted on concentrators as part of APT (advanced persistent threat) campaigns with goal of stealing sensitive data.
Is it any wonder that security practitioners are considering selective replacement of VPNs with software defined perimeters (SDP)? Waverley’s SDP is like having a private application VPN – but without the vulnerabilities. The Waverley SDP integrates into the CI/CD, imbedded in OpenShift as an example, ensuring access and authorization policies are built into the application/service and instantiated at run time. Did you know that SDP, with an efficient design scales and reduces or eliminates operational overhead and automatically drops connections in real time if unauthorized users, compromised devices or rogue services are detected.
Wave to Wave
Join the dialogue! Here’s a post from our weekly blog. It’s a quick read then share your point of view!
Zero Trust and the Software Defined Perimeter
Get on the same wavelength with how Zero Trust and Software Defined Perimeter make more sense when you understand Dynamic Enforcement and ZTNA in this new blog! https://bit.ly/3pWNCSF
Lambda is the symbol representing wavelength in scientific equations. It’s a monthly feature of the newsletter where we examine an attack vector that has the propensity to introduce risk. In this issue, we examine the business email compromise (BEC).
BEC or business email compromise is a type of scam targeting corporate or publicly available email accounts of executives typically working in financial services. BEC, often referred to as credentials theft, enables attackers to commit fraud by using spoofing or phishing attacks to steal credentials. With the stolen credentials, fraudsters impersonate CEOs or other executives and perform fraudulent wire transfers globally. BEC attacks are costing financial institutions millions of dollars a year in losses to the top line.
BEC can also be instrumental in the exfiltration of sensitive data. Preventing data theft requires threat detection and a comprehensive encryption program that covers data in the cloud and on premises. Organizations are augmenting their cryptographic toolkits with secrets management, tokenization and automated key management across the enterprise landscape.
What’s the future? Zero Trust models and SDP (software defined perimeter) can hide applications and services from attackers. The Waverley SDP prevents access using stolen credentials with a powerful combination of SPA packets and its orchestration – which automatically drops packets in real time. Waverley believes that SDP will make BEC more difficult by quickly denying access when credentials have been compromised.
Waverley Labs is a sponsor of the Digital Risk Management Institute. Listen to this BrightTalk session featuring a new take on defending DDOS Cyber Attacks.
Have you listened to Juanita Koilpillai, Founder/CEO of Waverley Labs talking with David Morris about SDP as a strategic pillar of implementing a Zero Trust Security Model? Waverley delivered the first open-source reference implementation of SDP in cooperation with the Department of Homeland Security and the Cloud Security Alliance (CSA). Multiple IEEE papers showing various implementations (ie. SDN, IaaS, IoT, NFV etc.) for SDP have been published.