Frank J. Ohlhorst, Author at eWEEK https://www.eweek.com/author/frank-j-ohlhorst/ Technology News, Tech Product Reviews, Research and Enterprise Analysis Tue, 08 Feb 2022 21:55:49 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.3 How DigitSec Brings Much Needed Security to Salesforce https://www.eweek.com/security/how-digitsec-brings-much-needed-security-to-salesforce/ Tue, 01 Feb 2022 22:59:00 +0000 https://www.eweek.com/?p=220382 Salesforce has experienced massive growth over the last few years and now ranks 137 on the Fortune 500. Simply put, it’s hard to ignore the impact Salesforce has had on the enterprise application market. Yet few seem to realize that there is a great deal of third-party development and customized code on the Salesforce platform, […]

The post How DigitSec Brings Much Needed Security to Salesforce appeared first on eWEEK.

]]>
Salesforce has experienced massive growth over the last few years and now ranks 137 on the Fortune 500. Simply put, it’s hard to ignore the impact Salesforce has had on the enterprise application market. Yet few seem to realize that there is a great deal of third-party development and customized code on the Salesforce platform, and with that code comes potential cybersecurity concerns.

While the company takes great pride in what it calls its “secure, scalable cloud platform,” there may be a disconnect when it comes to the term “secure” when paired with the ability to create custom code. Further complicating the “secure” argument is the fact that numerous tools exist to create custom applications that run on the Salesforce platform, and many of those tools offer low code/no code capabilities.

Seattle-based DigitSec offers a solution to that custom development cybersecurity conundrum in the form of DigitSec S4, an application security testing platform designed for Salesforce.

Also see: 5 Cloud Security Trends in 2022

A Closer Look at S4 for Salesforce

The S4 (short for SaaS Security Scanner) platform brings many application security testing tools to the world of creating secure code for custom Salesforce development.

The platform brings together SAST (Static Source Code Analysis), IAST (Interactive Runtime Testing), and SCA (Software Composition Analysis). This creates a unified offering that automates much of the heavy lifting associated with verifying the security of code and installed applications.

What’s more, the platform incorporates features such as cloud security configuration review, integration into CI/CD pipelines via numerous DevOps tools, and platforms that ease the chore of fixing security bugs.

A view of the S4 security dashboard. 

Hands on with DigitSec S4

S4 was designed to delve deep into the security posture of a Salesforce implementation. While that may be an oversimplification of S4, it does encapsulate the overall definition of the product. It runs in the cloud, and does not require any dedicated on-premise infrastructure or complex provisioning (although private cloud and enterprise install options are available). That means users can get up and running quite quickly.

Further easing adoption of the S4 platform is its ability to integrate into CI/CD platforms, which proves to be a catalyst to make DevSecOps a reality for most any shop leveraging DevOps. Integration into CI/CD pipelines also brings support into agile processes, and in some cases, waterfall-based development projects.

Also see: Secure Access Service Edge: Big Benefits, Big Challenges

Source Code Security Analysis

S4 incorporates a static application security testing (SAST) engine, which automatically scans Salesforce source code (i.e. Apex, Visualforce, Lightning Web Components, Aura) to identify any security vulnerabilities.

When first run on newly ingested code, S4 creates a foundation of findings, which identifies critical vulnerabilities. The code scanning engine uses multiple techniques to identify actual vulnerabilities while avoiding typical false positives common with general-purpose code scanners.

Each finding is further validated and the S4 platform creates a discovery report, which offers examples of why the vulnerability is a true positive. Additionally, the platform incorporates methods to detect injection flaws and other vulnerabilities that are not always obvious to even the most seasoned DevSecOps staffer.

Software Composition Analysis

The S4 platform uses software composition analysis (SCA) to discover exploitable software libraries, and analyze the impact of those libraries within Salesforce. It then generates intelligence on resulting vulnerabilities created by the detected common vulnerabilities and exposures (CVEs).

Recommendations are offered on what libraries to update or patch, as well as the severity and compliance impact of the CVE on the Salesforce organization. S4’s SCA can also be integrated into CI/CD platforms to further automate workflows around development and deployment.

However, developers must remember that SCA should not be a “run once and forget about it” process. New CVEs are reported globally on a daily basis and a library that may be secure yesterday may not be secure tomorrow.  S4 regularly checks 30 different sources for new CVEs to keep its internal database up to date.

The S4 continuously monitors for potential security concerns.

Interactive Runtime Testing

The S4 platform includes runtime testing or interactive application security testing (IAST). This uses data gathered during source code analysis to create an environment to actually test the code while running to discover additional injection flaws that can often be missed by source code testing alone.

Additionally, S4 generates additional intelligence and builds proof of concept examples that illustrate actual exploits. S4 leverages IAST to automatically reduce false positives, while also providing an accurate level of risk that an exploit represents.

Salesforce Cloud Configuration

Most development teams leave Salesforce configuration settings to those deploying or managing the applications and the Salesforce environment.

However, that may create a situation where a tested and secure application becomes vulnerable to an attack because critical Salesforce setting was misconfigured. S4 automates the cloud configuration review process and compares established settings against a known list of Salesforce configuration problems.

Common misconfigurations include access controls, content security policy definitions, password settings, and account settings. Arguably, most assume that the default settings may prove good enough to provide cybersecurity. However, one has to consider the impact of security compliance regulations on those settings.

Also see: 5 Ways Social Media Impacts Cybersecurity

Compliance Reporting

The S4 platform can illuminate how your security bugs are affecting compliance requirements on Salesforce instances.

S4 includes the capability to report how each security vulnerability finding may impact or violate a specific requirement in your chosen framework. This allows prioritization by not only technical security risk (i.e. critical, high, medium, low) but also by highlighting which framework requirements may be violated by the bug.

Conclusion: Redefining How DevSecOps Works

DigitSec S4 helps to redefine how DevSecOps can work efficiently in CI/CD pipelines by automating what were once difficult and manual tasks.

The S4 platform also reduces burdens on developers of Salesforce applications and helps to give them peace of mind that they are delivering secure applications that follow the best practices of cybersecurity. Those managing Salesforce deployments also can benefit from S4, which includes configuration validation and compliance checking.

Ultimately, DigitSec S4 may very well change how DevSecOps is conducted in DevOps environments.

Also see: Tech Predictions for 2022: Cloud, Data, Cybersecurity, AI and More 

The post How DigitSec Brings Much Needed Security to Salesforce appeared first on eWEEK.

]]>
How Sectigo Certificate Manager Removes the Chaos of Enterprise PKI https://www.eweek.com/security/how-sectigo-certificate-manager-removes-the-chaos-of-enterprise-pki/ Tue, 31 Aug 2021 09:50:22 +0000 https://www.eweek.com/?p=219426 Organizations are relying more and more on PKI (Public Key Infrastructure) certificates to protect critical resources. While that in essence is a good thing, the management of those certificates has become a potential cybersecurity nightmare. After all, PKI certificates are used for authenticating users, servers, or devices online, meaning that they are critical for establishing […]

The post How Sectigo Certificate Manager Removes the Chaos of Enterprise PKI appeared first on eWEEK.

]]>
Organizations are relying more and more on PKI (Public Key Infrastructure) certificates to protect critical resources. While that in essence is a good thing, the management of those certificates has become a potential cybersecurity nightmare.

After all, PKI certificates are used for authenticating users, servers, or devices online, meaning that they are critical for establishing trust. What’s more, certificates are commonly used for signing code, documents, or email to validate their legitimacy. And in many cases, PKI certificates establish a secure foundation to encrypt data and communications transiting untrusted networks.

Simply put, PKI has become far too important to ignore and is now the foundation of data protection in the modern enterprise, and failure to effectively manage PKI certificates can have significant reputational and financial consequences for organizations.

Recent service outages caused by expired certificates have highlighted the fact that even companies generally regarded as technology experts can struggle with the burden of PKI management. Disruptions to services like Microsoft Teams and Spotify highlight that effective PKI certificate management can be a challenge for any business.

PKI certificates can no longer be easily managed with spreadsheets, documents, post-it notes, or physical binders. Manual management leaves far too much room for error, and improperly managed certificates can become an attack surface for today’s cybercriminals. Roseland, NJ-based Sectigo aims to reduce the burdens of PKI certificate management with Sectigo Certificate Manager, a PKI management platform that brings both automation and visualization to the once tedious chore of certificate management.

A Closer Look at Sectigo Certificate Manager

As the name implies, Sectigo Certificate Manager is all about managing PKI certificates. However, that overly simplified moniker hides what it takes to manage PKI certificates, especially when those certificates may number in the thousands, have different expiration dates, may come from numerous authorities, or have different use cases.

Obviously, it takes more than just a dashboard to deal with all those intricacies, which is why Sectigo refers to its certificate manager as a platform. Understanding what that means in the context of PKI certificates requires a much deeper dive into the product.

First of all, one has to understand what a PKI certificate life cycle is. Perhaps, the simplest definition is the cradle to grave existence of a certificate. After all, enterprises can buy certificates from a certificate authority, and certificates can evolve over time, and finally certificates may need to be replaced.

What’s more, those certificates may be private (self signed), used for signing code, encrypting email, bringing SSL security to servers or devices, or securing mobile devices. That means there may be a lot of different flavors of PKI certificates, each with their own life cycles.

Sectigo Certificate Manager tackles those issues by becoming a centralized management point for all of the certificates across the enterprise. In other words, Certificate Manager becomes the single source of truth for all of an enterprise’s certificates.

From the outset, the product was designed to be a single platform for the discovery, reporting, installation, and renewal for all public and private certificates in use. Sectigo further leverages the concept of a single platform by offering a dashboard that acts as a single pane of glass view into the overall health and status of the PKI certificate infrastructure.

Hands on Sectigo Certificate Manager

Sectigo Certificate Manager is cloud based, meaning that installation and configuration of the platform proves rather straightforward. Sectigo offers extensive help and resources to ease setup. Initial setup requires navigating to a URL provided by the company. However, before going any further with the platform, it is critical for the administrator to have an understanding of PKI certificates and knowledge of the network.

The platform offers several “tours” which do a very good job of explaining the features and how to accomplish particular tasks. Once logged in, administrators are presented with a dashboard, which offers several tabs for navigation. One of the first tasks will be to setup administrators, as well as other users and assign the appropriate rights. Administrators will also need to define the organization and domains, as well as a few other settings.

Once the initial configuration is done, administrators will need to scan for existing certificates, which imports the certificates into the platform for management. Administrators can also manually import certificates, however that requires that the administrator is aware of those certificates. The discovery scan proves quite thorough. The product also allows administrators to define automatic discovery scans, which should pick up newly issued certificates.

Ultimately, the goal here is to have Sectigo Certificate Manager become the complete management platform for all PKI certificates, which includes being able to order or renew certificates. However, since discovered certificates were not originally ordered using the platform, those certificates will be treated as external, meaning additional steps must be taken to automate the management of those certificates.

The discovery process can be further defined using administrator authored rules, which can help to reduce many of the manual steps normally required to import certificates. In other words, rules can be created to bring certificates into a certain domain or under a specific organization or department.

Discovered Certificates Are Displayed on the DashBoard

Certificate discovery and adding certificates to the platform are a critical component of management. However, once certificates are accounted for, Sectigo Certificate Manager really begins to shine. The primary dashboard offers a clear view of the status of the certificates, as well as highlighting critical information. The products ability to present that information with a single pane of glass view helps to reduce the administrative load.

The platform’s main dashboard offers drill down capabilities as well as tabs to other functions. Those managing a PKI certificate infrastructure will appreciate the included reports. Reports can be quickly generated showing the status of certificates and critical information related to certificates. Those reports should prove useful when it comes to budgeting for certificate purchases or deciding if particular certificates should be deprecated. What’s more, the inclusion of departmental information allows IT to determine the appropriate charge backs for certificates.

One of the most powerful features offered by the platform comes in the form of notifications. Here, administrators can define custom notifications which are used to inform managers of critical issues surrounding PKI certificates, such as certificate expirations. Notifications are customizable and can be created for multiple users/administrators, as well as for different conditions.

Sectigo Certificate Manager helps to automate many other functions around the management of PKI certificates, such as renewals, self-enrollments, and even ordering new certificates. Having a single source of truth for certificates proves to be very valuable for an enterprise. One other capability that could potentially solve problems for those in the development arena comes in the form of being able to setup a private CA (certificate authority), which enables IT staffers to assign certificates to internal projects. Once a private CA is created, administrators can enroll trial certificates and have them authenticated to the private CA.

That capability could potentially remove many of the challenges faced by DevOps practices by bringing private certificates into the pipeline, reducing the need for any externally assigned certificates.

Unified management for PKI certificates

Sectigo Certificate Manager brings unified management to PKI certificates and with that management comes additional capabilities. The platform’s ability to automate some of the more tedious tasks of certificate lifecycles should save IT staffers a significant amount of time, while also reducing common mistakes.

With PKI certificates being used across numerous domains and for numerous use cases, centralized management that also offers visibility could be a potential game changer for those enterprises struggling with certificates. Automation, reporting, real time monitoring, and continuous discovery should help to take the chaos out of certificate management, while also enhancing security.

The post How Sectigo Certificate Manager Removes the Chaos of Enterprise PKI appeared first on eWEEK.

]]>
How ADAssessor Brings Visibility to AD Attack Surfaces https://www.eweek.com/security/how-adassessor-brings-visibility-to-ad-attack-surfaces/ Fri, 06 Aug 2021 10:11:54 +0000 https://www.eweek.com/?p=219305 Effectively securing and protecting Active Directory (AD) is an undeniable best practice for businesses today. Especially since some 90% of the world’s enterprise organizations are using AD as their primary method for authentication and authorization. AD’s enormous market share has made it a prime target for attackers. In fact, cyberattacks on AD are so prevalent […]

The post How ADAssessor Brings Visibility to AD Attack Surfaces appeared first on eWEEK.

]]>
Effectively securing and protecting Active Directory (AD) is an undeniable best practice for businesses today. Especially since some 90% of the world’s enterprise organizations are using AD as their primary method for authentication and authorization.

AD’s enormous market share has made it a prime target for attackers. In fact, cyberattacks on AD are so prevalent that Microsoft warns that some 95 million AD accounts are the target of cyberattacks every day.

AD houses a myriad of sensitive information, such as user account information, enterprise resources, ACLs, and so on, making it an extremely attractive target for cybercriminals. Simply put, if an attacker can exploit the information contained within AD, they can do pretty much as they please with an organization, including stealing information, compromising applications, planting malicious software, or even just simply locking every user out of all applications.

It is a threat made even more dramatic by how AD is now used with Azure and Office 365, extending threats to the enterprise beyond just on premise and into the cloud. Making due diligence even more critical for cybersecurity professionals. Basic chores such as regular audits and defining policies to protect AD must become the norm. However, those traditional best practices have been proven to be insufficient, since organizations still fall prey to attacks on AD.

It is a problem best defined by a lack of visibility. In other words, cybersecurity pros lack complete visibility into AD to detect attack surfaces, as well as suspicious objects, or activities. Audits prove only useful as a snapshot of AD’s status at a given time, while activity monitors cannot often lack the ability to detect anomalous actions.

ADAssessor from Attivo Networks aims to bring real-time visibility to AD solving one of the biggest challenges faced by administrators, the ability to fully understand what is happening behind the scenes in AD, discover attack surfaces, and detect active attacks.

A Closer Look at ADAssessor

ADAssessor is all about detection, visibility, and response for AD environments. In other words, the product is designed to bring cyber hygiene to AD by continuously scanning AD for exposures, misconfigurations, and anomalous activity in AD. What’s more, ADAssessor provides real-time alerting for activities that signify that AD is under attack. Capabilities that are akin to continuous penetration testing for AD.

ADAssessor can be deployed on-premise or as a cloud hosted platform, either of which links to Windows Domain Controllers to monitor AD events, such as change notifications, and detect misconfigurations, scan for potential attack vectors, or identify attacks in progress.

The product establishes the link between the cloud service and the domain controller by installing a software client onto a domain controlled PC, which also acts as an endpoint that enables the product to detect endpoint based attacks on the domain controller.

ADAssessor uses a combination of detection and automation to drive response and alerting, which in turn acts on immediate threats, while also informing administrators of needed actions.

Hands on with ADAssessor

ADAssessor connects to a domain using what could be best described as a hybrid model. Administrators will need to install software on a local PC endpoint, which acts as an ersatz connection between the domain controller and the ADAssessor’s services engine. There are several advantages to that method of integration.

For example, there is no disruption in operations, meaning that the domain controller does not need to be shutdown or rebooted. What’s more, the installation methodology helps keep deployment very simple, while also creating the opportunity to secure the host endpoint.

However, there are a couple of considerations when using that type of installation, such as that dedicated endpoint can become a single point of failure for ADAssessor, and that PC must also be secured, maintained, and managed. Those concerns aside, a hybrid deployment model would seem to be a preferred method for integrating a product such as ADAssessor.

Once installed, ADAssessor goes about its business of assessing the domain controller(s) to discover misconfigurations and weaknesses across AD domains and forests. As the product finds those potential security flaws, it surfaces the information so cybersecurity pros can eliminate those potential attack vectors.

One particular area of interest is how the product helps to reduce attack surfaces by identifying exposures and misconfigurations that leave AD vulnerable to attack. Here the product analyzes active directory information to provide visibility to account risks, privilege exposures, and policy weaknesses, which in turn is used to create something akin to risk metrics that are surfaced to the administrator.

Where Attacks on AD Usually Start

That proves very important for the ongoing battle against attackers. Attacks on AD usually start with an attacker searching an AD controller for exposures and misconfigurations. While attackers may have different goals, most attacks start with attempts at lateral movement, where attackers can attempt to gain privileged access to seize control of the domain. Those types of attacks create recognizable patterns, but only if the activity is being continually monitored and classified.

Here, ADAssessor provides the visibility and the necessary analytics to detect attacks in progress, in real time. What’s more, ADAssessor can restrict suspicious activity from impacting AD, and prevents attackers from gaining granular access to the security settings (or entitlements) , derailing an attack before any damage is done.

ADAssessor continuously monitors identities, as well as privileged account risks. That monitoring creates an active baseline, identifying risks created by AD objects, such as stale credentials, service accounts, shared credentials, and the paths commonly used for attacks on AD identities. The product derails many of those types of attacks by flagging suspicious activities on the AD controller that indicate an attack is underway. .

Typically, attackers will query AD to discover high-value privileged accounts and gather as much data as possible to create a potential attack surface. ADAssessor works well with another Attivo solution called ADSecure, which detects attackers’ attempts to make unauthorized queries and then obfuscates the data that an AD query normally returns.

Simply put, ADSecure intercepts unauthorized AD queries and then returns false information to the attacker, which security teams could further use to trap an attacker and gather information on the attack. ADSecure detections can appear on the ADAssessor dashboard.

The combination of continuous monitoring, paired with real-time analysis improves AD’s cyber hygiene, with the added benefits of reducing potential attack surfaces, and preventing attackers from gaining a foothold on an AD domain.

Closing Thoughts

ADAssessor solves many of the security pain points those administrators encounter on large across Active Directory implementations. That said, it should not be considered a replacement for a competent administrator, but a tool that lessens the burden on administrators. The product also aids security teams by allowing them to go deeper, broader, and wider in their assessments, while gaining continuous visibility to exposures.

ADAssessor offers immediate value by identifying and remediating Active Directory security hygiene issues. That value is further extended by the ease of implementation, which eliminates disruption and gives access to an innovative management console, where analysis and data for remediation assistance is readily available.

ADAssesor also brings real-time attack detection to the table, backed by visibility into critical domain, computer, and user-level exposures. Those insights reveal identities and service account risk related to credentials, privileged accounts, stale accounts, shared credentials, and AD attack paths.

As businesses leverage AD across domains, and implement hybrid solutions, tools that can surface threats and give visibility into complex AD implementations will prove to be even more critical. Attivo seems to have a head start in the world of securing AD, and ADAssessor appears seems to be the primary reason for that head start.

The post How ADAssessor Brings Visibility to AD Attack Surfaces appeared first on eWEEK.

]]>
How Cyglass Brings Network Defense into the “As a Service” Market https://www.eweek.com/enterprise-apps/how-cyglass-brings-network-defense-into-the-as-a-service-market/ Mon, 28 Jun 2021 22:30:47 +0000 https://www.eweek.com/?p=219152 The term “As a Service” is growing in popularity among vendors, IT and cybersecurity managers. After all, if one can transform a burdensome siloed practice into a service, there are bound to be benefits to all concerned. What’s more, the concept of “As a Service” has been well proven by offerings such as SaaS (Software […]

The post How Cyglass Brings Network Defense into the “As a Service” Market appeared first on eWEEK.

]]>
The term “As a Service” is growing in popularity among vendors, IT and cybersecurity managers. After all, if one can transform a burdensome siloed practice into a service, there are bound to be benefits to all concerned. What’s more, the concept of “As a Service” has been well proven by offerings such as SaaS (Software as a Service), PaaS (Platforms as a Service), and IaaS (Infrastructure as a Service), which have all become well entrenched in organizations worldwide.

Yet there is still plenty of room for more “As a Service” offerings; case in point is the cybersecurity market, where enterprises struggle to defend assets from the latest attack vectors using dozens or more cybersecurity platforms and products. Naturally, it is those siloed security products that often lead to a lack of visibility when an attack surface is overlooked because of all of the noise from the cacophony of individual security products.

If it is an untenable situation for larger enterprises, it is a nightmare for medium and small organizations who struggle with limited budgets and small teams. It is forcing cybersecurity teams to look for better ways of dealing with defenses, making cybersecurity solutions a prime target for “As a Service” offerings.

Take for example CyGlass by Nominet, a pure cloud-native “As a Service” offering in the network and cloud threat detection and response (NDR) market and their solution NDaaS (Network Defense as a Service). CyGlass aims to tear down the silos of numerous cybersecurity products and offer a holistic view into network and cloud traffic while also detecting and surfacing activity using Machine Learning and correlating anomalies against defined policies to defend against cyber threats.

A Closer Look at CyGlass

From the outset, CyGlass was designed as an easily implemented service that is able to analyze the massive volumes of network traffic created by organizations today. What’s more, the service brings additional context to network traffic and correlates activities with actions, devices, and user accounts intelligently, comparing those against threat intelligence defined policies. Simply put, CyGlass turns the discover, detect, and respond cybersecurity model into a service offering.

Once deployed, CyGlass learns the network’s conversations, normalizing that traffic and providing insight into network anomalies and risks. That gathered information is used to build policies that allow expected conversations to happen and alert when those conversations fall out of norms or violate a policy control. Baselines can be built for numerous activities across the network and cloud, giving administrators the opportunity to garner network visibility across locations, service providers, and much anything else that participates in a network conversation.

Hands on with CyGlass

CyGlass uses the SaaS/PaaS (Software as a Service/Platform as a Service) model, which potentially simplifies deployment since there is no need to deploy or provision any proprietary hardware. CyGlass integrates with the existing firewalls, network flow devices, PaaS solutions, and directories to gather data and discover network conversations to learn what traffic is normal. As a full SaaS solution, CyGlass does not require the installation of appliances or on premise software. The service does not require that agents be deployed or virtual machines to be defined.

One of the primary capabilities of the product comes in the form of visibility. In other words, by analyzing traffic, Cyglass is able to create a real-time asset inventory, detect network blind spots, discover rogue devices, and develop insights to how devices communicate.

Network monitoring is done continually as part of traffic analysis, which ensures that new devices are discovered in real-time and asset inventories are kept up to date. However, visibility is only part of the overall CyGlass experience.

The product uses its data collection layer to work hand in hand with an AI engine, which in turn leverages machine learning to define, correlate and analyze traffic. Automated analysis drives alerting, which CyGlass refers to as Smart Alerts. The idea behind Smart Alerts is to eliminate alert fatigue, which occurs when there are numerous false positives presented in a management console.

CyGlass’s smart alerting system correlates activities with anomalous events and risky behaviors to provide actionable information, which administrators can act upon immediately. Ultimately, smart alerting reduces the noise of cybersecurity, allowing cybersecurity administrators to focus on actual threats.

Administrators also benefit from the product’s automated reporting, where reports are automatically generated about structural risks and active or potential threats. However, the product goes one step further and also provides instructions on how to remediate a threat. The reports are comprehensive and offer why a particular threat is important, as well as the impact the threat can have on the organization.

What’s more, policies take the anomalous outputs from the AI engine (activities that are known different) and define them in terms of specific threats which can trigger remediation actions to be taken. That comes in handy when dealing with specific risky events like lateral movement, rogue device based threats, and ransomware type attacks.

As most any cybersecurity professional knows, cybersecurity is all about risk. Risk comes in many forms, such as risky activities, risky devices, or risky connections. However, measuring risk in a useful way has always been a complex endeavor. CyGlass addresses risk with threat scoring, which correlates the level of risk against threats, whether those threats are from network actors, cloud threats or problematic devices. The product’s continuous threat scoring helps administrators to better understand and gauge risk, which in turn helps them to prioritize remediation activities.

Both risk and reporting play a critical role in meeting compliance objectives. Here, CyGlass incorporates prebuilt, automated compliance policies, which enforce compliance rules, while also reporting on common compliance concerns, such as control effectiveness, objective metrics, and SLA tracking. CyGlass offers assurance reports for NIST, Cyber Essentials, FFIEC, NIAC, CMMC, with other reports on the way.

One of the most critical features offered by CyGlass is the product’s ability to stop threats. CyGlass’s automated continuous monitoring enables threats to be discovered in real time, and then further defined using the product’s threat intelligence engine. The correlation of threat intelligence data against attack surfaces further defines the level of risk and prompts cybersecurity managers to take action against surfaced threats. Automated remediation efforts can occur through integrations with firewalls, Active Directory, and DNS security tools.

CyGlass also provides reports to help with forensic investigations. The product’s investigative views display trends, in-depth NetFlow activities, as well as other data, which can be used to narrow down the scope of an attack while also providing usable evidence for investigators to leverage.

Transforming Siloed Security

CyGlass successfully transforms what were once siloed security services into a platform offering that leverages the “as a service” model. The service covers network and cloud visibility, threat detection and response as well as compliance monitoring use cases. The company reports that connecting to a firewall (Fortigate, Sonic Wall, Sophos, WatchGuard, etc.) to initial data ingest takes less than 30 minutes and is done 100% remotely. List price is $4.99 per user per month with volume discount curves for larger numbers.

With network visibility being so critical these days (SolarWinds, Ransomware, etc.) and the service also covering cloud systems like Azure, O365, and AWS, CyGlass should be on the short list for of any medium or small company looking to bolster its network and cloud defenses. The ease of provisioning, as well as critical features, such as smart alerts and remediation steps are an added bonus. All things considered, CyGlass can make a credible argument for taking the place of a SIEM at most smaller enterprises and help make remediation from threats easier.

The post How Cyglass Brings Network Defense into the “As a Service” Market appeared first on eWEEK.

]]>
How CrowdStorage Built an Affordable Alternative to Amazon S3 https://www.eweek.com/storage/how-crowdstorage-built-an-affordable-alternative-to-amazon-s3/ Thu, 03 Jun 2021 19:24:01 +0000 https://www.eweek.com/?p=219031 On premise data storage is a lot like closet space: one can never seem to have enough! However, the arrival of cloud-based storage solutions has changed the dynamic. More storage is just a few clicks away, making data storage today more like a long term storage facility, where you pay for the space needed and […]

The post How CrowdStorage Built an Affordable Alternative to Amazon S3 appeared first on eWEEK.

]]>
On premise data storage is a lot like closet space: one can never seem to have enough! However, the arrival of cloud-based storage solutions has changed the dynamic. More storage is just a few clicks away, making data storage today more like a long term storage facility, where you pay for the space needed and the amount of time you need that space.

However, there are a few caveats with that analogy, especially when it comes to calculating costs. Most storage as a service solutions seem to have some hidden costs associated with them. Typically, most users not only pay for a given amount of storage space, they also pay to access that data. Imagine that whenever you wanted to access something stored in a storage facility, you would have to pay a fee on top of the agreed upon rent, even if you were just to take something out of storage.

Typically, cloud storage vendors charge for storage space, as well as accessing the data, using something called egress fees or charging for API requests. Case in point is Amazon S3, where users are charged per GB and then charged for data retrieval requests or other types of data access. Adding insult to injury is the fact that Amazon S3 also uses a somewhat complex formula to calculate those fees, making it difficult to budget storage and access costs.

To its credit, Amazon S3 offers compatibility with numerous applications and services, making it quite simple for applications and services to use Amazon S3 as a primary method for storing and accessing data. It is those support and compatibility issues that drive many organizations to default to S3, despite concerns about costs.

Cloud storage vendor CrowdStorage offers a different take on the cloud storage cost conundrum with its Polycloud object storage service, which offers S3 compatible API and set pricing, without any hidden fees.

A Closer Look at Polycloud

CrowdStorage built Polycloud with several objectives in mind. The first of which was to build an alternative to existing cloud storage offerings, such as Amazon S3, Microsoft Azure Cloud Storage Services, and Google Cloud Storage. Other objectives focused on affordability, compatibility, and ease of use.

However, one primary goal was to establish a platform that could meet future needs as well as bring additional innovation into the cloud storage picture.

For example, the company has designed a method to store small chunks of data across multiple cloud connected storage devices, in essence creating cloud object storage that is distributed across hundreds, if not thousands of cloud connected storage devices, with data replicated across those devices.

The company has already established that cloud storage ideology for archival video files for a proprietary use case for a fortune 5000 company. That use case leverages some 250,000 storage nodes, where 60 Megabyte objects are stored as 40 shards on target devices, creating a highly resilient and secure distributed object storage network.

Hands On with Polycloud

Polycloud uses a “storage as a service paradigm,” where users can sign up for the service using a browser based form. The service is priced using a pay as you go model, where users only pay for what they use.

There are no egress or ingress fees, long term contracts or licensing charges. Current costs are roughly $4 per TB per month. CrowdStorage offers a cloud pricing calculator which compares the cost of Polycloud to other storage providers. The company also offers a “try before you buy” free membership, which includes 10GB of storage.

Once an account is established, users can access storage using a browser based interface. The browser based console is rudimentary and most users will probably only use it to setup storage buckets and upload or download files. That said, the browser based interface proves useful enough to store archival data in a bucket or other data that is not directly associated with an application, such as backup files, logs, and so forth.

Once storage buckets are established, users can leverage CrowdStorage’s S3 compatibility. The company offers integration with numerous applications and makes it is quite easy to create access keys to protect data. Integrations (via S3) are offered for numerous applications, including most of AWS SDKs, meaning that custom software developed using those SDKs can also access storage buckets.

Native S3 integrations are offered for ARQ 7 Backup, CloudBerry Explorer, Commvault, QNAP, and many other third-party applications. Integrating applications is very straightforward, users just need to define a storage location and then provide the necessary credentials. Some applications, such as ARQ 7 Backup, provide wizard-like configuration, further easing setup.

Conclusions

Currently, Polycloud’s claim to fame comes in the form of economy. In other words, CrowdStorage is offering Polycloud as a low cost option for cloud data storage, that is also S3 compatible. Those looking to significantly reduce cloud storage costs will be well served by Polycloud.

However, CrowdStorage is also evolving the Polycloud offering and will expand storage options to include a distributed storage offering, where additional security, as well as even lower costs will become available. The distributed storage model will offer increased resiliency, as well as increased uptime.

Polycloud’s distributed network combines un-utilized storage and bandwidth resources that are already deployed and connected to the internet. Each storage device on the distributed network becomes a distinct node, with a combined capacity of over 400 petabytes. The distributed network consists of nodes that are geographically dispersed and data shards are replicated across multiple nodes, increasing resiliency, while also making the data more secure, since no single file is stored on a single device.

The post How CrowdStorage Built an Affordable Alternative to Amazon S3 appeared first on eWEEK.

]]>
How NetBeez Reveals Actionable Data for Effective Network Management https://www.eweek.com/networking/how-netbeez-reveals-actionable-data-for-effective-network-management/ Thu, 25 Mar 2021 02:00:52 +0000 https://www.eweek.com/?p=218599 Managing networks has become more complex than ever before. Hybrid clouds, SD-WANs, off-premises solutions and the many other flavors of networking have made it almost impossible to get a full picture of network performance, activity and connectivity. Add to that the demands of the COVID-19 crisis, which has further distributed users across hundreds–if not thousands–of […]

The post How NetBeez Reveals Actionable Data for Effective Network Management appeared first on eWEEK.

]]>
Managing networks has become more complex than ever before. Hybrid clouds, SD-WANs, off-premises solutions and the many other flavors of networking have made it almost impossible to get a full picture of network performance, activity and connectivity. Add to that the demands of the COVID-19 crisis, which has further distributed users across hundreds–if not thousands–of remote connections, and you have a formula for losing sight of what is really happening on the network, as well as identifying and resolving issues.

Pittsburgh-based NetBeez aims to bring normalcy back to network monitoring with a suite of monitoring and management tools that fully integrate into a platform that delivers clarity around the many intricacies of today’s distributed networks.

A closer look at NetBeez

It is an age-old axiom that you can not effectively manage what you don’t understand, and NetBeez aims to bring understanding to complex distributed networks so they can be more easily managed. NetBeez uses a platform paradigm to bring together the data gathered from numerous sensors to build a complete end-to-end analysis of what is happening on the network.

The company offers a plethora of agents that address traffic across networks, wifi, end points, virtual machines and even end-user operating systems, which in turn gives an unprecedented view into the inner workings of network traffic. The NetBeez management server is available as an on-premises virtual machine, a public cloud hosted service, or as a service hosted by Net Beez, meaning that administrators have full flexibility when it comes to deployment, usage and scale.

NetBeez also offers sensors that can be integrated into existing networking equipment, such as what is available from Cisco Systems, Extreme Networks, implementations of KVM (Linux kernel-based virtual machine) and others. Cloud instances, such as AWS, GCP and Azure are also supported, as are Linux and Docker containers. The platform also integrates with Windows and Mac endpoints.

Ultimately, the idea with NetBeez is the ability to gather all of the network information and provide the analytics around it so that administrators can better understand performance across the network, as well as how network performance contributes to end user experiences. What’s more, NetBeez also gives insight into how applications and other services perform as related to the capabilities of the network.

Hands on with NetBeez

The NetBeez server can be installed in different ways. Networks that are highly distributed may choose to go with NetBeez’s hosted server implementation. As a hosted service, initial setup and implementation proves to be point and click easy. The virtual machine and cloud-hosted implementations are almost just as easy, but require a little more configuration for setup. Agents prove also easy to install as well and depending upon the type of agent, can be deployed using traditional deployment tools, scripts or using MSI packages (MSI is an installer package file format used by Windows).

Administrators are able to use NetBeez for many different use cases, thanks to the intuitive layout of the management console and the amount of data captured by the system.

WAN Monitoring

<WAN Monitoring Main Console>

<WAN Speed Test Console>

WAN monitoring provides real-time performance analytics as well as trend analysis across all of the WAN points of connectivity. The management console offers several different snapshots of activity, which is derived from captured end-to-end network telemetry. That telemetry is gathered by the platform’s agents and results in a treasure trove of analytical data.

From the console, administrators are able to quickly identify performance outliers, as well as act on alerts. Administrators can also drill down into the specifics of the WAN and delve into problems while also identifying anomalies and alerts.

Real-time data on network connectivity, internet speeds, DNS, web performance and numerous other elements are displayed on the dashboard. If a sensor detects an anomaly, that is also elevated on the dashboard, providing insight as to whether the problem is being caused by the network, an application, a wifi connection or something else.

The functionality of the dashboard serves multiple purposes, allowing administrators to determine the overall functionality of the network, while also guiding them to problem areas or issuing alerts. NetBeez offers integrations into Slack, Splunk, PagerDuty, and other workflow communications platforms that can notify the appropriate individuals of anomalies or other issues.

Trending and anomaly detection has several uses across an enterprise network, helping to ease the burdens of managing network infrastructure while also potentially keeping security teams aware of potentially malicious activity. NetBeez’s WAN monitoring proves useful for SLA enforcement, service assurance and remote detection as well.

NetBeez also offers a RESTful JSON-API (api.netbeez.net) that enables organizations to build custom service status dashboards, which can be shared with the end users or the help desk teams to increase their efficiency in resolving Level 1 tickets

WiFi monitoring:

<WiFi Monitoring Console>

More and more enterprises are deploying WiFi and other wireless technologies across branch and remote offices, as well as on their primary sites. However, WiFi has proven to be a somewhat difficult technology to monitor and manage, thanks to both the portable nature of devices and the potential interference present in the wireless spectrum. NetBeez tackles the conundrum of Wifi performance and connectivity measurement using some dashboards that are tuned to identify problems. What’s more, the use of agents gives the NetBeez console the full spectrum of WiFi visibility. In other words, agents report on the end to end connectivity of devices that use WiFi connections. The agents capture data such as latency, packet loss and network speed in real-time, as well as generate data on WiFi connection timing, association, authentication and DHCP.

One very impressive feature offered is the ability to offer analytics based upon the client system’s perspective. NetBeez records endpoint data, such as signal strength and link quality, associated band, channel and BSSID, and bit rate established. Analytics module is able to run remote SSID scans, support multiple SSIDs and so forth.

The company also offers WiFi sensors that can be deployed to detect signals and traffic, which work in conjunction with WiFi endpoints. Windows and macOS systems also feed NetBeez additional information, such as connection and disconnection events, as well as other metrics. Data gathering happens in real time and is reflected on the dashboard.

Administrators will be able to quickly track down WiFi issues with NetBeez, and real-time data is stored for historical review, reporting and further analysis. Garnering a complete understanding of how WiFi is performing is becoming ever more critical for network managers, especially those that have to manage and troubleshoot remote locations. The ability to determine if a problem is signal related or hardware related can be a major time saver for troubleshooting WiFi issues, as well as monitoring WiFi for anomalies that may indicate a brute force attack is happening.

Remote Worker Monitoring

<Remote Worker Console>

With the Covid crisis driving businesses of all sizes to embrace the remote worker paradigm, those responsible for IT and networking are faced with new challenges. Today, IT help desks and administrators have to support workers that may be using novel connection methods, which may combine cellular ethernet with VPNs, or hotspot WiFi with other connection technologies to reach into the network to access applications.

What’s more, those workers may be using unmanaged or personal devices to access company resources and perform their jobs. Simply put, no two connections may be exactly the same and there can be a lot of variance from user to user to location to location. Many administrators have found it almost impossible to troubleshoot problems without the necessary telemetry or the ability to go on site to physically check the operating environment.

NetBeez is addressing those issues and more with the concept of enabling remote endpoints to participate in the gathering and reporting of critical network telemetry. Administrators can install agents on remote worker endpoints, which then report all of the pertinent information to the NetBeez server in real time. That allows administrators to drill down into issues such as network connectivity and performance, WiFi network monitoring, VPN availability, Web and DNS checks and VoIP testing.

The gathered telemetry gives administrators insight into remote user issues, while also providing information from the remote users point of view. Ultimately, that accelerates root cause analysis and provides statistical data that can be used to define better access policies. What’s more, connections without an agent can be detected and become part of a security analysis to detect potentially malicious activity.

NetBeez rolls the critical information up into a management dashboard, which administrators can use to get a top-level holistic view of remote user connectivity environments, while also providing the ability to drill down into specific issues or create reports that reveal trends.

Multi-Cloud Monitoring

<Console for Multiple Clouds>

Multiple clouds are a reality for many businesses today. Whether they are using multiple cloud instances for failover, or for geographical separation, or even as part of a hybrid application scheme, the simple fact of the matter is that the more cloud connections a business has, the more points of failure there are.

That said, there is another factor a savvy enterprise has to consider: Are those multiple-cloud instances meeting SLA requirements, and are those multiple-cloud instances delivering the performance and capabilities being paid for? NetBeez is able to provide answers to those queries with its public-cloud monitoring capabilities. Currently, NetBeez offers cloud monitoring agents for AWS, Azure and GCP, and it also offers virtual agents that can be run on cloud or on-premises data-center instances.

NetBeez uses those agents to report on the telemetry of those cloud instances and gives an end-to-end view of performance metrics, which gives insight into hybrid network performance. NetBeez acts as a system to automatically detect service interruptions or anomalies and record the real-time information. The gathered data can be used for analysis, trending and so forth, but more importantly, it gives administrators visibility into the cloud network.

That visibility proves especially critical for those looking to deal with multi-cloud performance issues. Since most enterprises do not own the related cloud infrastructure, there is little visibility into what is occurring from the cloud-service provider’s point of view. All the typical cloud administrator knows is that there may be a problem, but it is difficult to track down.

With NetBeez sensors deployed, cloud traffic becomes more visible, as well as the routes the traffic makes, and the connections used. The agents/sensors monitor traffic and can also generate synthetic traffic to better determine root causes of problems or measure performance.

A heaping of automation is included as well, to enable the NetBeez platform to detect problems and inform administrators of those problems as well. Automated incident detection is driven by sensors that detect traffic flow in real time and are able to detect performance degradation, clueing administrators into a potential problem before it becomes critical to operations.

The distributed nature of NetBeez’s monitoring makes it easier to isolate problem areas in a multi-cloud environment, while also populating the console with pertinent information to identify and resolve problems proactively. Reporting gives administrators the ability to identify trends, as well as take into account cumulative performance and operation.

Administrators can also define tests to develop baselines across the multi cloud environments. End-to-end performance monitoring tests can be executed as needed and are highly customizable, allowing administrators to get valuable snapshots of performance to be used to compare against real time metrics.

Conclusions

NetBeez has brought together an impressive suite of monitoring capabilities that bring what were once many different monitoring chores under a unified umbrella of network monitoring. The ability to monitor and measure performance across multiple clouds, endpoints, WANs, local networks, and even WiFi networks should prove valuable for any enterprise looking to unify the management of their heterogeneous cloud enabled networks.

NetBeez has the potential to replace dozens of stand alone tools, while also granting increased visibility to those incharge of keeping WANs, LANs, Clouds, and remote sites working properly.

NetBeez provides a yearly subscription model targeting mid-market and enterprise customers and is available now. For more information, please visit https://netbeez.net

Frank Ohlhorst is a veteran IT product reviewer and analyst who has been an eWEEK regular for many years.

The post How NetBeez Reveals Actionable Data for Effective Network Management appeared first on eWEEK.

]]>
How Simeio Removes Chaos from Identity, Access Management https://www.eweek.com/it-management/how-simeio-removes-chaos-from-identity-access-management/ Thu, 18 Mar 2021 00:27:41 +0000 https://www.eweek.com/?p=218547 The COVID-19 crisis has fueled a global shift to a remote work model, which has created myriad challenges and security concerns for enterprises. CSOs and those charged with cybersecurity are particularly concerned with the who, what, when, why and where of access. Elements that have become more complex to manage due to work-from-home policies and […]

The post How Simeio Removes Chaos from Identity, Access Management appeared first on eWEEK.

]]>
The COVID-19 crisis has fueled a global shift to a remote work model, which has created myriad challenges and security concerns for enterprises. CSOs and those charged with cybersecurity are particularly concerned with the who, what, when, why and where of access.

Elements that have become more complex to manage due to work-from-home policies and a distributed workforce that now leverage remote access, as well as cloud services to do their jobs. Even more troubling is the simple realization that a misstep in any of those elements can lead to severe consequences.

Atlanta-based Simeio aims to take the angst out of managing the elements of identity and access with the company’s IAM (Identity and Access Management) solution, which promises to make identity governance and access management a manageable chore across the enterprise.

A closer look at Simeio Identity Orchestrator (Simeio IO)

Simeio offers an IAM as a service, which greatly simplifies deployment and works natively across multiple clouds, networks, applications and identity technologies. The service incorporates access management and federation, identity governance and privileged access management into a unified, centrally managed offering, which runs on its Simeio Identity Orchestration (IO) Platform. The idea behind identity orchestration is to reduce the inherent complexity of integrating various IAM solutions by transforming it into a microservice, which can then be integrated across multiple applications, platforms and clouds.

Offering identity orchestration as a service brings forth several benefits, including centralized management, a unified management console, along with a central repository for all of the elements contained within identities and the associated entitlements. The service model also makes it easier to scale as well as integrate across multiple platforms.

Hands on with Simeio Identity Orchestrator

Simeio Identity Orchestrator is a multifaceted service that is designed to make identity management and the associated privilege management simple for both end users and administrators. The end user portion of the service takes the form of the Simeio IO portal, where a user logs in; the portal then provides the user with a catalog of applications and services available to that user.

The Simeio IO portal approach brings a unified end-user experience to those logging in and offers the same experience across different devices and different locations. For example, a user may log in via the Simeio IO portal while on site using a corporate PC, or the user may log in remotely using a tablet or other device. Ultimately the experience is consistent for the end user, helping to reduce help desk calls, training needs and other activities that may sap productivity.

[To see a larger version of this image, click on “Open in New Window.”]

The Simeio IO portal is browser-based and does a great deal more than just provide access to authorized applications. For example, if the user needs access to a new application, they are able to select that application from the catalog presented and then put in a request for access. That methodology helps to maintain a zero-trust environment, where when new users are provisioned, they have to request access to applications before being able to use those applications.

Policies can add automated functions

Numerous policies can be defined behind the scenes that dictate the process. Administrators can define a policy to automatically grant a new user access to certain things or even embed some logic that can be used to define access, based upon numerous criteria. The overall idea is to make it as simple as possible for end users, without reducing security, or granting excessive rights. Simply put, it gives administrators full control over the entitlements given to the user; administrators can further define policies to have granular control over the user’s ability to access applications.

The Simeio IO portal is fully customizable, allowing administrators to define the look and feel of the portal. Simeio provides a no-code tool set, which allows administrators to build forms for the portal and fully control the end-user experience. Links and other elements can be embedded in the portal as well. For most businesses, the portal solves the problem of users having to log into multiple applications or multiple sites, or maintain multiple passwords. Multi-Factor Authentication (MFA) can also be integrated into the portal logon process to provide an extra layer of account security.

Although making things secure and easy for the end user proves to be very important for a distributed workforce, the real power of identity orchestration comes in the form of being able to securely manage identities and access from a central control plane and then be able to apply consistent, customizable policies to those accounts that span multiple identity application services and silos. It is a capability that proves quite handy for organizations that work with contractors, external business partners, or even temporary workers. The IO platform enables administrators to create conditional accounts, which can be time-constrained or limited in a number of ways.

Simeio’s ‘app store’

It is worth noting that Simeio IO offers an experience similar to an app store, to which many end users have come accustomed on their smartphones or tablets. The ersatz app store offers a catalog of applications from which the user can choose to request access. Although no one has to be forced to use the app store analog, it seems to be a familiar way for users to request access to an application, which then executes the appropriate workflow behind the scenes to move the request for access along.

The workflow can drive the approval process for administrators. For example, if a user requests access to an application, the workflow can be used to assign an administrator and then surface the request to that administrator, where they can approve or deny the request. Administrators can perform approvals using a smartphone app (if desired) or via the management console. It is also important to note that the platform saves the metadata associated with account actions, provisioning and other requests. That proves valuable for organizations constrained by compliance requirements, especially when it comes to auditing and reporting.

Of course, workflows, application catalogs, user accounts, rights and other actions must be defined somewhere–and that all happens on the back end of the platform, where management consoles are used to define policies and set up the various integrations to applications and identity stores.

[To see a larger version of this image, click on “Open in New Window.”]

Plenty of dashboards available

Simeio IO offers numerous management and analytics dashboards, which prove critical for tracking end user facing aspects, such as login performance, top application usage, login successes and failures, as well as application integration into the platform. There are also numerous reports available for a variety of different use cases, which will come in for compliance reporting.

As a cloud-based service, Simeio IO offers integration with the leading application platforms and supports multi-vendor IAM, IGA and PAM environments. The integration layer used by Simeio IO provides a single view of multiple services for the user base, with common and consistent screens and interfaces.

Simeio IO also handles identity synchronization and identity governance across multiple applications, making access seamless for the end user and centralizing management for the administrator. Administrators have a great deal of flexibility when it comes to defining back-end communications between Simeio IO and the target systems / application servers. Connection information is present on a dashboard and includes all needed details, such as IP addresses, ports, LDAP configuration, Data Store types, OAuth server details and any service provider or identity provider information related to the connection.

Final thoughts

Simeio Identity Orchestrator takes the pain out of managing identities and entitlements across on premise, legacy, cloud applications, IaaS and PaaS from different providers. As a cloud-based service, deployment proves straight forward, not requiring any specialized hardware. What’s more, Simeio IO unifies identity across various platforms, making identity, entitlements and policies much easier to manage and audit.

For end users, the ease of use provided by the Simeio IO platform should make it much easier to access applications, while also offering a simple way to request access to new applications, reset passwords, and determine what can be accessed. Simeio IO is a step in the right direction for those looking to simplify the complexities of IAM and entitlements, as well as meet some of the audit needs for compliance.

Frank Ohlhorst is a veteran IT product reviewer and analyst who has been an eWEEK regular for many years.

The post How Simeio Removes Chaos from Identity, Access Management appeared first on eWEEK.

]]>
How Lumu Illuminates the Current Threat, Compromises Landscape https://www.eweek.com/security/how-lumu-illuminates-the-current-threat-compromises-landscape/ Tue, 02 Mar 2021 00:32:43 +0000 https://www.eweek.com/?p=218441 Effectively battling threats requires actionable intelligence, something many organizations lack today. Typically, compromises or threats are only discovered sometime after an incident occurs, turning what should have been a defense into incident response. That lack of quick discovery potentially creates dark areas in IT, where lateral attacks, data exfiltration and other compromises can go on […]

The post How Lumu Illuminates the Current Threat, Compromises Landscape appeared first on eWEEK.

]]>
Effectively battling threats requires actionable intelligence, something many organizations lack today. Typically, compromises or threats are only discovered sometime after an incident occurs, turning what should have been a defense into incident response. That lack of quick discovery potentially creates dark areas in IT, where lateral attacks, data exfiltration and other compromises can go on for days, weeks or even months.

What’s more, the damage that occurs between an active threat and its discovery can be business-ending, especially for small- and medium-size enterprises. According to IBM, the average cost of a data breach in 2020 was $3.86 million, and the average lifecycle of a breach was 280 days from identification to containment. Simply put, the high costs of undetected compromises and breaches are things that most organizations cannot withstand.

Miami, Florida-based Lumu aims to put an end to that lack of threat discovery with an innovative platform that constantly monitors IT infrastructures for compromises, allowing action to be taken quickly. Lumu’s mantra is one of providing cybersecurity professionals with actionable information about compromises, while also identifying the so-called dark areas of IT to help IT staffers harden their defenses.

A closer look at Lumu

Lumu is a platform-based approach for continuous compromise assessment that leverages metadata to identify confirmed compromise incidents. The platform uses multiple data sources to understand the behavior of enterprise networks, which in turn can be used as an evidence-based method to identify areas subject to threats and compromises. Meanwhile, it offers security professionals unique insights into the level of compromise experienced on the network.

Lumu is available in three different flavors:

  • Lumu Free is offered as a free service, and it has limited capabilities. Lumu Free offers limited visibility of confirmed IoCs (Indicator of Compromise), access to the Lumu Portal, real-time DNS ingestion, continuous compromise assessments of as many as 10 gateways.
  • Lumu OnDemand adds additional features, such as ad-hoc compromise assessment, manual ingestion of numerous metadata sources and actionable insights, along with cybersecurity posture recommendations and information on how to mitigate detected compromises.
  • Lumu Insights, the company’s premier service, offers additional features that should prove very valuable to any team responsible for hunting for threats and dealing with compromises. That service adds detailed visibility into IoCs, as well as network traffic groupings. Network metadata ingestion becomes automated and is performed in real-time. Other features include an unlimited virtual appliance data collector, attack pattern recognition, extensive reporting, and many other novel features.

Hands-on with Lumu Insights

Lumu Insights is the top-tier product offered by the company and as such offers the most extensive feature set. Lumu Insights is deployed using a virtual appliance, which is able to collect data from the network’s extended perimeter. The company also offers agents for most operating systems, which in turn gives additional insights into endpoints–including those that are remote.

[To see a larger view of this image, click on it and select “Open in New Tab.”]

Lumu Insights is able to gather metadata from the local network as well as the cloud, and also from remote endpoints. The Lumu virtual appliance runs on existing hypervisors and is able to gather DNS queries as they traverse the network, while also collecting netflow information and log data. The platform collects a wide range of network metadata, including DNS, netflows, proxy and firewall access logs and Spambox. It can automatically analyze and normalize all activity to discover any outliers and report that information back to IT professionals.

Real-time DNS ingestion proves to be one of the most critical capabilities of the product, since DNS analysis adds much-needed context to network traffic. Ultimately, Lumu’s novel approach to collecting metadata enables the platform to take a deeper look into network operations across network metadata and provide the context that threat hunters need to be effective in their roles.

The platform also offers advanced capabilities, such as attack pattern recognition, network traffic grouping and drill-down capabilities, two years of data retention, the ability to ingest existing threat intelligence, playback capabilities and customizable reports.

In practice, Lumu Insights sits quietly on the network perimeter, and along with the endpoint agents, gathers and analyzes data. However, the real power of the platform comes in the form of what it does with that data and how it creates insights in real time, so that IT staffers can take action quickly if an attack or compromise happens.

The Lumu Portal functions as the primary dashboard and offers a visual representation of the potential threat and compromise environment. The real-time analytics functions by using AI algorithms to compare network metadata in real time to correlate the information against known IoCs, creating an instant assessment of the level of risk.

That information is displayed as alerts on the dashboard and is also available in analytical reports, as well as electronic notices to keep administrators in the loop and encourage proactive actions for maintaining cyber hygiene. One of the more interesting features is the platform’s ability to group network traffic and then allow administrators to drill down into that traffic. Since the platform can collect as much as two years of data, the ability to group network traffic and further analyze it proves critical for forensics tasks.

What’s more, the platform offers playback capabilities, where administrators can step through recorded network activity to better understand exactly what happened during a breach or attack. The insights provided by playback give administrators the opportunity to assess policies and define new rules to help limit attack vectors.

With Lumu Insights, it seems to be all about visibility into the network. The platform allows administrators to focus on compromise assessment and track compromised assets, while also giving actionable insights to administrators, which in turn amounts to full network visibility from the perspective of what is at risk. The platform proves intuitive and provides detailed reports that illustrate the risk presented to assets, while also functioning in real-time.

Conclusions

Lumu Insights is a security platform that can give businesses the upper hand when dealing with evolving threats and compromises, while also discovering the dark areas of the network which potentially become new threat vectors. Lumu Insights offers additional value to cybersecurity teams by working with existing threat intelligence platforms and offers detailed visibility into IoCs.

As cyberthreats evolve, products like Lumu Insights will become critical to cyber operations, especially since the past has shown that compromises and threats can exist for months before discovery. Businesses need to take threat hunting and remediation more seriously and Lumu Insights may very well be the tool to accomplish that.

Lumu offers a free version of the platform that allows anyone to test the service. The premium version, Lumu Insights starts at $64 per asset per year, more information on pricing, features, and other options can be found by following this link.

Frank Ohlhorst is a veteran IT product reviewer and analyst who has been an eWEEK regular for many years.

The post How Lumu Illuminates the Current Threat, Compromises Landscape appeared first on eWEEK.

]]>
How Atera Brings IT Management to Distributed Workforces https://www.eweek.com/enterprise-apps/how-atera-brings-it-management-to-distributed-workforces/ https://www.eweek.com/enterprise-apps/how-atera-brings-it-management-to-distributed-workforces/#respond Fri, 22 Jan 2021 09:33:21 +0000 https://www.eweek.com/uncategorized/how-atera-brings-it-management-to-distributed-workforces/ While the lasting impact of the COVID-19 pandemic may not be known for some time, businesses have realized that there are no certainties or guarantees that things will return back to normal. This realization impacts IT departments and staffers worldwide. Most small, medium and large enterprises had to rapidly embrace different operational mindsets, ones that […]

The post How Atera Brings IT Management to Distributed Workforces appeared first on eWEEK.

]]>
While the lasting impact of the COVID-19 pandemic may not be known for some time, businesses have realized that there are no certainties or guarantees that things will return back to normal. This realization impacts IT departments and staffers worldwide. Most small, medium and large enterprises had to rapidly embrace different operational mindsets, ones that included adopting WFH (work from home) policies while concurrently dealing with changes in support staffers, who also had to work remotely.

Perhaps the biggest challenge for enterprise IT was one of provisioning, securing, monitoring and maintaining endpoints, which are now scattered about the countryside and connected via broadband or cellular services. A challenge that has certainly been a struggle for an evolving situation. Yet, the situation may not be completely alien to enterprise IT, which may have experience in supporting a few remote or mobile workers. However, there is a big difference between supporting 1 or 2 percent of the workforce in that fashion, as opposed to 100 percent of the workforce.

For enterprises, this “new normal” may dictate the use of different tools, tools such as PSA (professional services automation), ITSM (IT systems management) and RMM (remote monitoring and management) tools. PSA, ITSM and RMM tools normally fall under the auspices of MSPs (managed service providers). Yet, MSPs may use those tools, or better yet, platforms differently than the typical enterprise may. What’s more, most of those platforms use complex licensing schemes and may require integration with numerous other tools to build a custom offering, which obviously are the areas in which MSPs excel.

Today’s enterprises need much the same capabilities as an MSP, but may not have to worry about platform rebranding, multi-tenancy and many of the other requirements an MSP may have. That said, some of the platforms used by MSPs are adapting to the slightly different model that an enterprise may require. Case in point is Atera Networks, which has developed a SaaS (software as a service) platform for ITSM, RMM, and PSA.

A closer look at the Atera platform  

Atera is a SaaS (software-as-a-service) platform, designed to bring a wide range of ITSM, RMM, and PSA tools to those that need to manage the IT resources in an organization. Unlike many other ITSM products on the market, Atera is a fully hosted offering, requiring no special management servers be set up onsite or in a cloud instance. 

The primary interface is a browser-based management console, which displays rolled-up statuses of monitored systems and highlights issues. From the management console, administrators can perform numerous functions. Submenus offer a path into those additional functions.

Deployment takes little more than installing a small client application on the endpoint. That client application feeds data back to the Atera system and also can execute commands for applying patches, installing software and so forth. 

Platform establishes workflows on its own

From a help-desk perspective, Atera offers the ability to create service tickets, where those having an IT-related issue can create a ticket for processing. The idea here is to establish a workflow for resolving a problem, and more importantly, tracking the status of the problem and how it was resolved. Completed and resolved tickets often offer information that is applicable when encountering a new problem. 

Although trouble tickets are thought of as a reactive approach to maintenance, they can also be used in a proactive manner. If an administrator identifies a problem using the dashboard, he can resolve that problem before it impacts an end user, while also creating a trouble ticket and closing that ticket to have a history of the actions taken. 

The interface also offers the ability to drill down into alerts. Alerts are created when something goes amiss, such as a CPU exceeding a temperature threshold or a hard disk reporting an error. Alerts can be setup using numerous variables and administrators have the ability to define triggers for alerts. That gives administrators the flexibility to fine tune alerts based upon expected parameters.

Atera also inventories endpoints (and servers), as well as creating a visual representation of the devices in the management console. The inventory can be used for a number of different purposes, such as upgrade planning, patch management, and so on.

It can apply patches to systems automatically

Perhaps one of the most important features is Atera’s ability to apply patches to systems, especially considering the increase in cyberattacks aimed at unpatched systems. What’s more, with the increase in work from home situations, Atera can be used to make sure an end user end point can be properly managed and secured.

Numerous automation tools help to ease patch management, software installs, and so forth. That helps to make it easier to remotely onboard a new end point and keep that endpoint maintained. The product offers several other reports, ranging from inventory to device health. Administrators are also able to report on service issues, time spent on problems and user requests.

Although a core percentage of Atera’s customers are MSPs, enterprise users will find many of the reports applicable to an IT department, such as customer satisfaction reports, software inventory reports, and auditor reports. The system can also report on technician performance as well, giving management insight into how well their IT staffers are servicing their internal customers.

Conclusions  

Atera successfully brings forth an RMM tool that is suitable for both MSPs and Enterprises. The simplified “by technician” licensing removes a significant burden from corporate IT departments, which are typically bogged down in managing software licenses, while also supporting BYOD initiatives. Broad support for major OSes and devices further eases implementation and automation tools bring simplified provisioning to distributed IT departments.

What’s more, most any IT department could benefit from a unified tool that takes care of the all-too-common end point problems that seem to materialize in today’s distributed environments. Knowing the details of any given endpoint further brings normalization to overall end user support, eliminating the guessing game so many technicians must go through when helping a remote user. 

Frank Ohlhorst is a veteran IT product reviewer and analyst who has been an eWEEK regular for many years.

The post How Atera Brings IT Management to Distributed Workforces appeared first on eWEEK.

]]>
https://www.eweek.com/enterprise-apps/how-atera-brings-it-management-to-distributed-workforces/feed/ 0
How Strata Brings Distributed Identity to a Multi-Cloud Enterprise https://www.eweek.com/cloud/how-strata-brings-distributed-identity-to-a-multi-cloud-enterprise/ https://www.eweek.com/cloud/how-strata-brings-distributed-identity-to-a-multi-cloud-enterprise/#respond Thu, 21 Jan 2021 10:53:54 +0000 https://www.eweek.com/uncategorized/how-strata-brings-distributed-identity-to-a-multi-cloud-enterprise/ Recent cloud services compromises have demonstrated the importance of controlling identities for access to cloud-delivered services. Afterall, usurping identities has become one of the main attack vectors for cyber criminals today. However, identity information is usually stored in silos, which require management and synchronization across services, which can allow mistakes to go unnoticed and malicious […]

The post How Strata Brings Distributed Identity to a Multi-Cloud Enterprise appeared first on eWEEK.

]]>
Recent cloud services compromises have demonstrated the importance of controlling identities for access to cloud-delivered services. Afterall, usurping identities has become one of the main attack vectors for cyber criminals today. However, identity information is usually stored in silos, which require management and synchronization across services, which can allow mistakes to go unnoticed and malicious activity unchecked. 

Those very same issues grow exponentially once enterprises move into multiple cloud environments, where identities and credentials are stored independently on each cloud service and become even more vulnerable to compromise. Boulder, CO based Strata aims to tear down those identity silos and bring visibility to those that want to regain control over identities and improve cybersecurity. Strata calls their offering an Identity Fabric, an apt name for a platform that brings identity orchestration and automation to multi-cloud environments.

A closer look at the Strata Identity Fabric

The developers at Strata recognized a common failing among multi-cloud solutions, one that could be summed up as each cloud having its own identity silo. In other words, users of cloud services, such as Microsoft Azure, Google Cloud Services, Amazon Web Services and many others would have to maintain a separate silo of identity, authentication, access control and policies for each cloud service, which in turn exponentially complicated identity management as new cloud services were added from different cloud providers. 

The reality today is that enterprises are using multiple clouds and are looking for the flexibility to be able to move across multiple clouds and maintain control of identities and entitlements. Something that amounted to a massive undertaking for enterprises in the throes of digital transformation. Strata addresses the problem of disjointed and fragmented identity silos with a digital fabric that ties identity together into a single managed entity. In other words, those managing identities on numerous clouds could eliminate the practice of supporting numerous identity management systems and move identity management to a single pane of glass.

Simply put, unified identity management across multiple clouds becomes a reality with Strata’s take on multi-cloud identity management. Not only are identities made consistent across clouds, but also policies, as well as the fundamentals of access control, authentication and so forth. Which should prove to be a tremendous time saver for any organization, and of course make tasks like auditing and compliance a bit easier.

Hands on with the Strata Identity Fabric

To fully appreciate what Strata is all about, one has to do a deep dive into the best practices of establishing a distributed model for identity management and cloud security. For example, solving the dilemma of multi-cloud identity problems means leveraging decentralization, where a distributed architecture can be tied together using the concept of a fabric, which can tie clouds (hybrid, private, and public) together, along with on-premises systems.

Strata approaches the concept of a fabric with its platform approach, where it creates a distributed identity model that is centrally managed, yet connected to the various cloud services. The company uses something called Maverics Zero Code Connectors, which operate as connectors to various cloud services using standards, such as SAML, OIDC and SCIM. By leveraging agreed upon standards, custom code is not needed to create multiple identity integrations across multiple clouds and multiple applications. Perhaps it is best to think of those connectors as an abstraction layer that creates one-to-many relationships for identities.

The advantages of that approach are numerous and give administrators the ability to create unified policies, as well as consolidate rules, groups, entitlements, and so on into something akin to the concept of identity as a service, where unified management becomes the norm. What’s more, concepts such as MFA (multi-factor authentication), cross-platform compliance, auditing and ease of migration all become a reality for an organization.

Strata offers in-depth information on gateways to illustrate active processes 

Starta offers a browser-based management console (or dashboard) that offers a single pane of glass view into the status of identities across the integrated clouds and identities. From the management console, administrators can drill down into policies, identities and so forth. Several visualizations are available to further help define the relationship between an identity and services, applications, and clouds.

There are several tools available to consolidate identities and create policies, as well as deploy connectors. From the end-user perspective, Strata offers the appropriate dialogs for a user to log in and be authenticated to the applications and clouds they have rights assigned to. What’s more, MFA can be implemented for additional security, as well as a SSO paradigm to make things simpler for end users to access applications, without introducing the complexity of multiple sign-ons, or creating additional risks with multiple, separate security policies.

Policies are easy to define, as are rule sets which drive access. Activity is logged, allowing administrators to create reports on access, as well as validate compliance, or even investigate security problems. The visual representations of connections and policies further ease the burdens of creating and managing identities. There are also tools that can be used to migrate identities to new clouds (applications), as well as creating the due diligence around assigning entitlements. 

Strata uses a “no-code” approach for deploying connectors, which makes deployment easy, requiring no downtime or custom integration work. By leveraging standards, new connectors can be created quickly as new cloud services become available.

Conclusions

Strata’s approach to solving the multi-cloud identity orchestration problem proves effective. The company earns recognition for its ease of integration, visual representations and its ability to quickly consolidate identities without creating excessive burdens. For enterprises looking to bring identity management into a distributed, yet unified paradigm, Strata offers an elegant approach. The company also offers an interactive demo for those seeking more information.

Frank Ohlhorst is a veteran IT product reviewer and analyst who has been an eWEEK regular for many years.

The post How Strata Brings Distributed Identity to a Multi-Cloud Enterprise appeared first on eWEEK.

]]>
https://www.eweek.com/cloud/how-strata-brings-distributed-identity-to-a-multi-cloud-enterprise/feed/ 0