Why cyber-attacks are increasingly successful and how you can arm yourself against them with 2 excellent solutions
It is more than serious in cyberspace. Zero-day exploits and the attacks via Exchange, SolarWinds or Kaseya put the survival of organizations at great risk.
The damage could have been prevented with a Zero-Trust approach. But that needs to be completed with the right tooling. We are very enthusiastic about the combination of Thales SafeNet Trusted Access (for Identity & Access Management) and ZoneZero (Network Security) from TerraZone: Zero Trust Network Access is realized and enforced in a few hours.
Watch the webinar on October 6th, 2021 Plan online session
Why Zero Trust Network Access is so important right now
Zero Trust Network Access (ZTNA) boils down to the fact that nothing and no one can simply access the network and its connected systems, applications and files. The network is central to this because it is the primary attack vector. If you close your network properly, you block access to the connected systems. This prevents lateral movement attacks in which attackers, once they have penetrated the network, systematically use it to gain access to more and more business-critical programs and files. This can also be the environment of a trusted party, such as a managed IT services provider. The hacks of the IT Management software of SolarWinds and Kaseya have shown that compromising such software can affect users' customers.
How to secure complicated networks easily
Today, it gets extra complicated when organizations operate in a hybrid environment consisting of in-house infrastructure and cloud facilities. A good security approach with the right software has an answer to all these complications.
Firewalls and VPN's are no longer provide good protection
The traditional approach revolves around the deployment of a VPN and firewall, but that won't get you anywhere. A standard firewall will not prevent port scans as many used services, such as local e-mail Exchange servers, always communicate from inside to outside. And blocking IP addresses is not sufficient because it remains possible to change and manipulate IP addresses, which simply moves the attack surface. Furthermore, VPNs - including those of the big brands - are repeatedly found to be vulnerable to zero-day attacks, in which the hacker looks for as-yet-unrevealed vulnerabilities in software. 'Zero' in this case means that the software developer has known about the vulnerability for '0' days. Hackers can exploit a zero-day vulnerability before anyone even realizes something is wrong. In fact, anything running on software is vulnerable to zero-days attacks!
On top of that, most VPNs do not (yet) support Multi-Factor Authentication (MFA). MFA is an authentication method that requires the user to provide two or more authentication factors to access an application, online account or VPN. Through traditional VPNs, you first make the connection and then authentication follows. That should be the other way around because otherwise you are very vulnerable. Moreover, VPN does not support MFA after the VPN tunnel is established. Therefore, lateral movement attacks within your network remain possible.
How to provide the right protection against cyber attacks
In an effective ZTNA environment, you must identify and authenticate based on MFA before you can access the VPN and the linked systems behind it at all.
So replace legacy VPN solutions with SafeNet STA along with ZoneZero SDP (Software Defined Perimeter) or upgrade your legacy VPN with ZoneZero VPN. Modernize access control to bring user security - internal and external - to the highest level. For network and application access, set who can log in, when, from what location or IP address, and with what device. And implement MFA not only for the network, but also for all connected applications and their data. Ensure that users are authenticated before accessing the network.
Benefits modernizing your network
Modernization will also improve the user experience. If they can log in more easily and securely, it increases their productivity and reduces the strain on IT department.
Reduce the attack surface and prevent lateral attacks by enforcing network segmentation. And ensure that cloud, hybrid, on-premises and legacy applications are transparently included in security policies. This will also reduce the complexity - and thus the operational costs and security risks - of the infrastructure and security provisions.
What do you need to achieve Zero Trust Network Access?
The above approach may seem easier said than done. However, we have had good experiences implementing ZonZero and SafeNet STA combined solutions for ZTNA at our customers' sites.
TerraZone
TerraZone provides technology aimed at protecting your organization from cyber-attacks. TerraZone products enable secure access to systems, applications and files. Their ZoneZero solutions have a number of important, distinguishing features.
Benefits ZoneZero
- Ease of use. The products are easy to deploy and manage; users do not have to perform complicated actions and therefore become more aware of what they are doing.
- Low cost. ZoneZero offers a modular solution. You don't need any unnecessary modules to realize ZTNA because you can just keep using your current systems/software. With ZoneZero you put an extra security layer, as it were, over your current systems, whether these are in the cloud, hybrid or on-prem.
- Can be used in any environment. No matter how simple or complex this environment is. So not only in the (multi) cloud, but also hybrid or on-prem.
- Completely clientless (without agent software). This significantly reduces the attack surface.
- Works with legacy and modern VPNs. It works with the current VPN (when using ZoneZero VPN) or replacing VPN (when replacing ZoneZero SDP).
- Cloacked network. Among other things, the patented Reverse Access Technology ensures that your network remains invisible from both the outside and the inside. This reduces the attack surface because hackers cannot perform port scans.
- Micro-segmented trusted zones. With segmentation, you prevent cyber attacks such as lateral movement.
- Easily meet compliance and auditing requirements.
Thales
How does Thales fit into this picture? Thales SafeNet Trusted Access (STA) completes ZoneZero. Thales STA is unprecedentedly powerful in the field of Identity & Access Management (IAM). The solution offers a wide choice of tokens and provides detailed restrictions on the use of applications. By combining both products you will find the best balance between security, convenience and cost.
Benefits Thales SafeNet Trusted Access
- Smart Single Sign-On. For quick and easy password-free access to systems, applications and files.
- True Multi-Factor: wide range of tokens, such as the Thales MobilePass smartphone app.
- Centralized and detailed access control, also at the application level.
- Separation of responsibilities: no access to data from the control panel.
- Insight into all admissions
- The efficiency of identity-as-a-service.
- Less pressure on IT-department because users do not have to remember or manage passwords.
With Thales STA and ZoneZero, you control access to mission-critical systems without affecting authorized users. STA authenticates and enables authorized users and entities to access cloud-based apps, including ZoneZero. ZoneZero provides secure access to apps and data in the cloud, on-premises or both. The combined solution can work with, or instead of, your VPN. This allows for fast and reliable scaling.
Do you also want to know how to achieve and enforce Zero Trust Network Access in a few hours? Sign up for the webinar now ‘Thales & TerraZone, better together’.