Strange Measure of Success: Repelling a Ransomware Attack But STILL Having to Pay a Ransom

No Gravatar

A very interesting article came across the wire recently that had us wondering how the measure of success has seemingly changed recently; especially as it pertains to preventing malware and, in particular, ransomware.  ZDNet posted an article outlining how Blackbaud, one of the world’s largest providers of financial and fundraising technology for non-profits, had been hacked.  In this case, Blackbaud’s security team was able to detect and “successfully” prevent the blocking of system access for users as well as prevent the encryption of their files.  However, as is the case now with ransomware groups, they tend to pursue two avenues for extracting ransom; either for decrypting files, or in the case where the victim refuse to pay and intend on rebuilding their systems from scratch, the hackers will demand a ransom for NOT publishing the data that they have accessed and exfiltrated.  Unfortunately, the attack on Blackbaud was a prime example of “today’s double-extortion ransomware attacks”.  Blackbaud, concerned that a subset of their data had been stolen by the hackers, and not wanting this data to be published, still ended up paying an undisclosed amount in order to ensure that the hackers confirmed that the data they copied had been removed or destroyed.  So, although there was a measure of success by the company’s security team to prevent encryption and lock-up of their systems, this “success” is questionable since they still had to pay out a ransom.

And so, this is the reality for organizations when it comes to their network security; a single attack can provide several avenues for hackers to extort their ransom.  In some cases, these nefarious groups will actually double-dip; requesting one fee for decrypting files and ANOTHER fee for deleting the files that they were able to steal during the attack.  Either way, we feel that having to pay any sort of ransom does not count as successfully thwarting a ransomware attack.  In any case where a hacker has been able to successfully gain access to a network, it is a failure of the Detect and Remediate methodology that so many companies still utilize.  We feel that the only real “success” would be the case where an attack has been Detected and Blocked, BEFORE any network incursion has taken place.  
At Wedge, we are firm believers that the Detect and Block approach is the only true way that networks can be protected.  There are just too many consequences that organizations face once their network has been breached.  The Real-time malware prevention approach is the basis behind Wedge’s Absolute Real-time Protection (WedgeARP) orchestrated threat management platform.  Using a proactive, rather than reactive, way of dealing with all malware (including APT, zero days, known and never-before-seen), WedgeARP utilizes patented Deep Content Inspection techniques, along with orchestrated threat management with multiple layers of protection, to provide its real-time threat protection.  WedgeARP is the first and only platform that applies deep learning / machine learning based threat detection to network content.
 
If you feel that the only true measure of success in dealing with malware and ransomware attacks is by having your network fully protected and by NOT having to pay ransom, you may want to look at the Detect and Block approach that Wedge Networks espouses.  Find our more by contacting our team at: info@wedgenetworks.com.  Having a real-time orchestrated threat management system that can successfully detect and BLOCK attacks before they happen can save your organization time and money by not having to deal with the clean-up efforts that a Detect and Remediate approach requires.

Posted in Industry News, Latest Security News | Tagged , , , , , , , | Leave a comment

Even AFTER a Ransomware Attack, Hackers Continue to Lurk on the Networks: Another Big Reason to Detect and Block This Activity BEFORE It Happens!

No Gravatar

Ransomware continues to be a thorn in everybody’s side, with hackers continuing their unrelenting attacks despite the world being in the midst of a pandemic.  An interesting article from bleeping computer brought to light some interesting information that many organizations are not aware of even after they feel they’ve dealt properly with a ransomware attack.  The popular thought is that after a ransomware attack occurs, the attackers leave so that they won’t get caught.  “Unfortunately, the reality is much different as threat actors are not so quick to give up a resource that they worked so hard to control.”

What actually happens is that a ransomware attack often occurs over an extended period of time, starting with the hacker breaching and accessing a network.  Often, once a network is accessed, other tools are then implemented to gather login credentials and other valuable information.  These credentials are then used to exfiltrate unencrypted files prior to deploying ransomware software.  Once the ransomware is out in the open, even though victims may feel that the hackers have now left their system, the reality is that the hackers are possibly still stealing files AFTER the attack.  The new mode of operation is that, instead of the hackers demanding ransom and running for the hills, they will demand the ransom and then continue lurking around on the network to ensure that they get a more positive outcome to their demands.

In the example provided by bleeping computer, a recent Maze ransomware attack on a San Antonio Aerospace company showed that the hackers were still operating within the company’s network after the fact when they leaked a document from the company’s IT department reporting on the ransomware attack that had just been perpetrated!  Often, hackers are reading their victim’s emails on how they are dealing with the ransomware attack; even as ransomware negotiations are taking place.

The advice that is provided by the experts is that after detecting a ransomware attack, the company should first shut down their network and all computer systems running on it in order to prevent further encryption of data as well as to deny attackers access to systems.  Once this is done, the company should look to a 3rd party cyber security company to perform a full investigation; with the expectation that this audit will provide information on corporate devices that may have persistent infections, other vulnerabilities, as well as detect any malicious software left behind by the hackers.  The victim should be take on the assumption that their network was completely compromised and that even backup servers may have been infected.  They should also look to a different method of communication, not tied to their network, just in case the hackers are still accessing the victim’s regular communication channels.  Victims should also be mindful that even though they may need to completely wipe and rebuild there machines and servers, the hackers may have stolen their credentials so they should ensure that all of the previous credentials are changed in order to mitigate additional access by the hackers.

Unfortunately, the above is still all a result of the prevalent “Detect, Quarantine and Remediate” approach to network security.  Wedge customers would not have to deal with the above case since they subscribe to the “Detect and Block” approach; stopping malware and ransomware in its tracks BEFORE they can enter the network.  As well, Wedge’s solution goes one step further and is able to further guard your gateway by scanning for both incoming AND outgoing threats; thus would be able to detect malicious outbound communications from hackers should the threat already be present within the network.  The big thing about the Detect, Quarantine, Remediate way of doing things is that it tries to solve the problem of malware after the fact.  Once a network has been infected, in order to ensure that malware has been eradicated, the long process of a wipe and rebuild has to occur.  Wedge’s solution is proactive in detecting and blocking attacks but also provides protection by scanning outbound content for malware should the threat be coming from within the network.

There is such a stark difference between a remediation approach and a prevention approach.  Wedge Absolute Real-time Protection (WedgeARP) utilizes a proactive, rather than reactive way of dealing with malware; providing real-time threat protection through the use of patented Deep Content Inspection, along with orchestrated threat management with multiple layers of protection.  WedgeARP is the first and only platform that can apply deep learning / machine learning based threat detection to the network content.  It can detect and block in real-time sophisticated and growing numbers of new, previously unknown and customized or targeted malware variants.  If you feel that a Detect and Block approach may be what your organization is looking to move to instead of continually dealing with remediation activities, contact our team at: info@wedgenetworks.com.  Once you’ve experienced the difference in approaches, you’ll wonder why organizations are still stuck on the Detect and Remediate approach.

Posted in Industry News, Latest Security News | Tagged , , , , | Leave a comment

Wedge Networks to Provide Advanced Real-time Security Leadership in CELTIC-NEXT Project on 5G-enabled Road Safety

No Gravatar

Wedge Networks, Inc., a Leader in Real-time Threat Prevention, Has Been Selected by the Consortium of CELTIC-NEXT Project 5G-SAFE-PLUS to Lead Cyber Security Efforts for CAV and Smart Transportation Safety Services and Chair the Canadian Cluster

CALGARY, Canada – June 30th, 2020 –   Wedge Networks, a global leader in Orchestrated Real-time Threat Prevention, today announced that it has joined the Consortium of CELTIC-NEXT project 5G-SAFE-PLUS to lead Cyber Security Efforts.  Real-time threat prevention is critical for Connected and Autonomous Vehicles (CAVs), smart infrastructure, smart cities, and the digital transformation of our economy.  Supported by the Government of Canada and EUREKA Cluster CELTIC-NEXT, a successful Pan-European RDI initiative in the ICT domain, the Wedge Absolute Real-time Protection™ (WedgeARP™) platform will provide the foundation for innovations in real-time threat prevention to secure 5G-Enabled road safety services, spanning from CAV to transportation services infrastructures.

CELTIC-NEXT project 5G-SAFE-PLUS focuses on smart transportation network safety measures.  It aims to prevent traffic accidents and avoid casualties by delivering 5G-enabled time-critical road safety services to vehicles; following the EU vision of reaching close to zero traffic casualties by 2050.  The project will support interoperability with CAVs, wide-scale implementation and usage of advanced road weather, road maintenance and road safety services with enhanced 5G networking capabilities and service enablers.  With 5G, smart transportation systems will be able to act in real-time.  However, this connectivity also increases the security attack surface, making cyber-attacks and malware intrusion a life-and-death issue.  Advanced real-time threat prevention will be a key deliverable in this project.  The overall solution and services will be piloted in test sites hosted by the partner countries.

“The 5G-SAFE-PLUS project contributes to the vision of EUREKA Cluster CELTIC-NEXT by making transport and mobility smarter, more secure, safer and greener,” says Christiane Reinsch, CELTIC-NEXT Programme Coordinator. “We welcome that Wedge Networks contributes to the cyber security and safety aspects of 5G-SAFE-PLUS.”

“We are inspired by the vision of the 5G-SAFE-PLUS consortium,” remarked Dr. Hongwen Zhang, Wedge Networks, CEO & CTO. “Wedge Networks’ mission is to provide real-time threat prevention for the cloud connected world. The Connected and Autonomous Vehicle and smart transportation industry is one of the largest industries that requires real-time security and safety. We are honored to lead the cyber security group and the Canadian cluster in this very important CELTIC-NEXT project consortium. We look forward to working with other members across Europe to realize the vision of zero traffic casualties by 2050.”

“The main objective of 5G-SAFE-PLUS is to show a way towards the deployment of commercially viable and accessible co-operative systems and 5G-enabled services that can be implemented in various environments and conditions,” states Pekka Eloranta, Senior Consultant at Sitowise Oy and Project Coordinator of 5G-SAFE-PLUS. “Wedge Networks’ vision and core competence in real-time threat prevention will greatly benefit this project.  Its role as the chair of the Canadian Cluster will also bring in innovations in advanced communications, auto manufacturing, smart transportation and smart cities, from Canada.“

About CELTIC-NEXT project 5G-SAFE-PLUS

The 5G-SAFE-PLUS project for “5G Enabled Road Safety Services” aims to prevent traffic accidents and avoid casualties by delivering 5G-enabled time-critical road safety services to vehicles. Here, accurate weather and road maintenance information plays a key role together with direct incident/accident event information. The project will support wide-scale implementation and usage of advanced road weather, road maintenance and road safety services with enhanced 5G networking capabilities and service enablers.

For more information about 5G-SAFE-PLUS, visit: www.celticnext.eu/project-5g-safe-plus/

About CELTIC-NEXT

CELTIC-NEXT is the EUREKA Cluster for next-generation communications enabling the digital society. CELTIC-NEXT stimulates and orchestrates international collaborative projects in the Information and Communications Technology (ICT) domain. The CELTIC-NEXT programme includes a wide scope of ICT topics based on new high-performance communications networks supporting data-rich applications and advanced services, both in the ICT sector and across all vertical sectors. CELTIC-NEXT is labelled for 8 years from January 2019 until December 2026.

CELTIC-NEXT is an industry-driven initiative, involving all the major ICT industry players as well as many SMEs, service providers, and research institutions. The CELTIC-NEXT activities are open to all organisations that share the CELTIC-NEXT vision of an inclusive digital society and are willing to collaborate to their own benefit, aligned with their national priorities, to advance the development and uptake of advanced ICT solutions.

For more information about CELTIC-NEXT, visit: www.celticnext.eu

About EUREKA

EUREKA is an intergovernmental network launched in 1985, to support market-oriented R&D and innovation projects by industry, research centres and universities across all technological sectors. It is composed of 41 member states, including the European Union represented by the Commission and three associated states – Canada, South Africa and South Korea. With its flexible and decentralised network, EUREKA offers project partners rapid access to skills and expertise across Europe and national public and private funding schemes.

For more information about EUREKA, visit: www.eurekanetwork.org

About Wedge Networks

Wedge Networks Inc. is a Real-Time Threat Prevention solutions company.  Its innovative technology platform, Wedge Absolute Real-time Protection (WedgeARP™), is a software defined orchestrated network security system. Deployed in data centers by enterprises, governments,  and managed security service providers, WedgeARP™ inspects, detects, and blocks in real-time, malware and cyber threats (known, unknown and customized). Wedge does this through its patented Deep Content Inspection (DCI) technologies, combined with artificial intelligence and best-of-breed security functions.

Awarded a Gartner Cool Vendor designation, and twice bestowed with Build-In-Canada Innovation awards, Wedge Networks is headquartered in Calgary, Canada with international teams in the North America, Asia Pacific, and the Middle East and North Africa regions. 

For more information on Wedge Networks, visit http://www.wedgenetworks.com

Media Contact:

Wedge Networks:

Please forward any media or PR inquiries to: PR@wedgenetworks.com

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , | Leave a comment

Spectrami Enters Into a Distribution Partnership With Wedge Networks

No Gravatar

Leading Cyber Security Value-Added Distributor Spectrami Introduces Wedge Networks Absolute Real-time Protection Platform – WedgeARP™ to the Middle East and Africa Region

22 June, 2020 – Dubai, UAE: Spectrami, the region’s primary cyber security value-added distributor has announced today that it has been appointed as an authorised distribution partner for Wedge Networks for the Middle East and Africa. Through this partnership, Spectrami will be able to deliver the Wedge Absolute Real-time Protection™ (WedgeARP™) platform to its regional customers that are looking for real-time protection from the growing cybersecurity threats in the region.

WedgeARP™ provides network-based, real-time threat protection for all types of endpoints in a wide range of networks (mobile data, 5G, SD-WAN, SASE, and smart-city/IIoT). With an embedded deep learning AI engine and patented real-time deep content inspection technology, WedgeARP™ can detect never-before-seen malware in milliseconds. Running on an orchestrated threat management platform, it is an effective approach to enable large-scale real-time threat prevention.

Through this agreement, Spectrami expands its portfolio of cyber security solutions and the addition of Wedge Networks creates an excellent opportunity for Spectrami’s vast network of channel partners, resellers, MSPs, and VARs to provide real-time threat protection without compromising the performance of enterprises in the region.

Anand Choudha, CEO at Spectrami said “We are excited to welcome Wedge Networks and they are a valuable addition to our vendor portfolio as it helps us cement our ability to offer world-class cyber security solutions to the enterprises in the region.”

“We are all geared up to introduce the WedgeARP™ platform to our channel partners and with our in-house dedicated team of specialists, we will execute both sales and technical support to our channel partners that will enable them to offer this real-time threat protection platform to their customers spread across various industry verticals,” said Choudha.

Spectrami is one of the fastest-growing cyber security value-added distributors in the Middle East region with a focus on providing advanced security products and solutions across the Middle East. The distributor has a strong network of channel partners spread all across the region and it works closely with partners their customers to offer them innovative and most advanced cyber security solutions.

“The MENA region is an important market for Wedge Networks in our mission to secure the cloud-connected world,” stated Dr. Hongwen Zhang, Wedge Networks, CEO & CTO. “Spectrami is a strong partner for us to serve this market. We are impressed with its forward thinking of the Cloud Distribution Strategy. Working closely, this partnership will bring the much needed real-time threat prevention ability to secure governments, enterprises, and critical infrastructures. We welcome Spectrami to the Wedge Networks partnership family.”

Spectrami is authorised to distribute, market, and promote the Wedge Networks solutions across the Middle East and Africa region.

About Spectrami 

Spectrami is a pan-EMEA value-added distributor with local presence across Middle East, North Africa and parts of Europe. With headquarters in the UAE, the company boasts an extensive network of worldwide channel partners. Specializing in end-to-end solutions across information security, infrastructure management and intelligent automation, the global distributor assists enterprises to meet regulatory standards on their infrastructure, protect confidential data assets and applications.

With proficiency across sales, marketing, logistics and management, Spectrami ’s unique strengths include excellent resources, effective on-ground support and a highly qualified team to identify optimal sales channels and marketing strategies for a product line. Through thriving partnerships with its 100 plus resellers and systems integrators across more than 40 countries in the EMEA market, the value-added distributor ensures a cohesive business model to cater to evolving customer demands across the globe. For more information, visit www.spectrami.com

About Wedge Networks

Wedge Networks Inc. is a Real-Time Threat Prevention solutions company. Its innovative technology platform, Wedge Absolute Real-time Protection (WedgeARP™), is a software defined orchestrated network security system. Deployed in data centers by enterprises, governments, and managed security service providers, WedgeARP™ inspects, detects, and blocks in real-time, malware and cyber threats (known, unknown and customized). Wedge does this through its patented Deep Content Inspection (DCI) technologies, combined with artificial intelligence and best-of-breed security functions.

Awarded a Gartner Cool Vendor designation, and twice bestowed with Build-In-Canada Innovation awards, Wedge Networks is headquartered in Calgary, Canada with international teams in the North America, Asia Pacific, and the Middle East and North Africa regions.

For more information on Wedge Networks, visit http://www.wedgenetworks.com/

Please forward any media or PR inquiries to: PR@wedgenetworks.com

Media Contact
Dharmendra Parmar
Spectrami
Dubai, UAE
Email: parmar@spectrami.com

Posted in Industry News, Latest Security News, Wedge Channel Partner Forum, Wedge News | Tagged , , , , | Leave a comment

Protecting Your WFH Environment: Keeping Yourself Safe

No Gravatar

Vox recently presented a good primer on what to do to secure your work from home (WFH) environment during this pandemic.  As many have experienced, during their hastily required move from the very secure corporate networks to the underwhelmingly secured home network, their personal and home equipment is often woefully inadequate to properly secure the confidential files that they must work from at home.  While many companies will provide the necessary tools such as corporate laptops with VPN access to their corporate networks, many more companies were caught unprepared and are relying on their employees working on their own personal equipment to get their jobs done.  Combine this situation with hacking activity that has more than doubled, and there is a recipe for disaster just waiting to happen.

So, how do these WFH employees protect themselves in their current home office environment?  Distilling the suggestions in the Vox article and adding some of our own, the following are some good points and advice for how to protect yourself and your confidential information while working from a less than secure environment:

1.  Make sure you have strong passwords and use different passwords for each account.  Use two-factor authentication wherever it is offered.  Make sure you are NOT using any default passwords that any of your equipment came with.

2.  Keep current on software updates as these often provide security patches for any new vulnerabilities.  Set up automatic updates where possible.

3.  Be wary of Freeware, especially when it comes to handling sensitive and confidential information.  As we’ve seen with some free teleconference services, they often come with little or no security.

4.  Separate your work and personal life as much as possible.  If provided with a work device, don’t use that for personal activities as it might open up the work devices to security threats depending on the sites you may visit on personal time.

5.  Consider buying security software such as an antivirus program or utilize some secure browser extensions such as adblockers, etc..  While your office network may have afforded you a wide variety of expensive security services such as web and URL Filters, Firewalls, Anti-malware, sandboxes, network traffic analyzers, NGFW, etc., on home networks, it is rare to even see a basic firewall in place.

6.  Be more aware of the potential for phishing attacks and always be wary of whom you are receiving emails and text messages from as this is the prime vector of attack for tricking people into clicking on links that lead to malicious sites or malware.  During the pandemic, phishing attacks have grown exponentially.  This is especially relevant for mobile devices where malicious texts and emails are very readily clicked on.

7.  Also be aware of other IoT devices such as baby monitors, security cameras, personal assistant devices (i.e. Google Home, Amazon Alexa, etc.) that may be listening in and may accidentally pick up confidential information.  Consider turning off microphones and covering cameras while you are doing work.

8.  Utilize a VPN, if possible, to connect to work servers.  This can provide a private connection over public and unsecured networks.  HOWEVER, be aware that VPN usage has surged during this pandemic, leading to a marked increase in attacks on VPNs.  VPNs, although they provide a level of security, are not foolproof.  Make sure that you use a reputable VPN provider.  As an addendum to this point, you can further protect yourself while utilizing a VPN through the addition of the Wedge Absolute Real-time Protection (WedgeARP) Secure Home Office solution.  WedgeARP SHO provides an additional layer of real-time threat protection to your network and web usage that can detect and BLOCK known and unknown (never-before-seen) malware in real-time before it can breach your devices.

While the above is not an exhaustive list, it is a good start to securing your home office environment.  By doing a combination of the suggestions, you can layer your level of security and increase the overall effectiveness of your security.  Security experts always recommend stacking or layering security so that there are redundancies within the system.  Having several safeguards in place makes it more difficult for hackers and undesirable malware from breaching your home office environment.

To find out more about how WedgeARP Secure Home Office can provide you real-time protection against malware and other threats, contact our team at: info@wedgenetworks.com.  The real-time detection and blocking of malware (i.e. the Detect and Block approach) provides the underpinnings of a good WFH security system by keeping all malware out of the network BEFORE it can do any harm.

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , | Leave a comment

Wedge Networks Announces Strategic Distribution Agreement with Ingram Micro Cloud

No Gravatar

Wedge’s Absolute Real-time Protection (WedgeARP™) Available on Ingram Micro Cloud Market Place to Secure the Cloud Connected World

CALGARY & TORONTO, Canada – May 25th, 2020 – Wedge Networks, a global leader in Orchestrated Real-time Threat Prevention, today announced a strategic agreement with Ingram Micro Cloud to offer Wedge Absolute Real-time Protection™ (WedgeARP™) on Ingram Micro Cloud Marketplace that enables effective, real-time threat prevention solutions for any Cloud-connected computing devices from the Microsoft Azure Cloud.

WedgeARP™ provides network-based, real-time threat protection for all types of endpoints in different types of networks (mobile data, 5G, SD-WAN, SASE, and smart-city/IIoT). WedgeARP™ has the deepest visibility of network data in the industry, possessing an unmatched ability to defend against malicious attacks that are undetectable with shallow inspection techniques. With an embedded deep learning AI engine, WedgeARP™ can detect never-before-seen malware in milliseconds. Running on an orchestrated threat management platform, it is a novel approach that provides real-time large-scale security implementations with effective threat management services.

“Ingram Micro Cloud is an important go-to-market partner for Wedge Networks in our pursuit to implement real-time threat prevention for the cloud connected world,” remarked Dr. Hongwen Zhang, Wedge Networks, CEO & CTO. “With a world quickly moving towards working from home, the old methods of ‘Detect and Remediate’ are failing to meet security challenges. ‘Real-time threat prevention’ is becoming the rallying cry for the cyber security industry that has been long struggling to keep up with the expanding security gap. WedgeARP™ is a purposely built solution to address this need. We are impressed with the edge networking and virtual WAN architectures of the Microsoft Azure. This agreement will allow WedgeARP™ to be accessible from Azure Cloud to partners and customers worldwide.”

Wedge will offer three packaged solutions in the Ingram Micro Cloud Marketplace to allow governments and businesses to achieve secure computing and compliance for work-from-home workers and branch offices. Based on the WedgeARP™ platform, these solutions are: WedgeARP™ Secure Home Office; WedgeARP™ Secure Remote Office, and WedgeARP™ Secure Azure Virtual WAN. With Wedge’s patented Deep Content Inspection algorithms for real-time threat prevention, and the integrated deep learning artificial neural networks for new malware detection, these solutions allow customers to enforce real-time threat prevention from the ever-expanding edge of their IT infrastructure to their software defined cloud networks in Microsoft Azure. These solutions provide a set of comprehensive tools for Wedge’s MSSP and reseller partners in the Secure Access Service Edge (SASE) market, and further demonstrate Wedge’s commitment to its mission of Securing the Cloud Connected World.

The WedgeARP™ Secure Home Office is available for early access on Ingram Micro Cloud Marketplace for selected reseller partners and their customers on June 2nd, 2020, with GA in July 2020. Both WedgeARP™ Secure Remote Office, and WedgeARP™ Secure Azure Virtual WAN will be available for early access in July 2020.

“Wedge Networks is a front runner in our Comet Competition for Canadian ISVs. Their Absolute Real-time Protection™ platform and their disruptive real-time advanced threat prevention approach to cyber security is very impressive,” said Tim Fitzgerald, Vice President, Cloud Channel Sales North America at Ingram Micro Cloud. “With more than 200,000 customers in over 160 countries around the world, Ingram Micro Cloud is excited that the WedgeARP™-based solutions will offer an easy-to-implement cyber security platform.”

“The SASE market is emerging as a key segment in network security. The ability to rapidly roll out security services and deliver them as and when needed while maintaining performance is key challenge for this nascent market segment. Solutions like Wedge Networks’ that can combine deep content inspection with advanced machine learning for real-time threat prevention represents how many security services will be delivered from the cloud core to the network edge,” states Roy Chua, Founder and Principal at AvidThink and co-founder of SDxCentral. “This partnership with Ingram Micro represents the combination of market-leading product distribution, service SLA, and effective real-time threat prevention. It will benefit customers of SASE solutions.”

About Ingram Micro Cloud 
Ingram Micro Cloud brings together innovators and problems solvers to help the world accomplish more. It facilitates and manages the cloud’s complex digital value chain—all powered by CloudBlue technology. Ingram Micro Cloud operates in 64 countries with over 55,000 reseller partners, and its Cloud Marketplace serves 6.5 million seats, offering more than 120 cloud solutions. With unmatched global reach, easy access to automated go-to-market and integration tools, deep technical expertise, and a curated selection of scalable SaaS and IaaS solutions, Ingram Micro Cloud helps vendors, resellers and managed service providers by offering More as a Service. Detailed information is available at www.IngramMicroCloud.com.

About Wedge Networks
Wedge Networks Inc. is a Real-Time Threat Prevention solutions company. Its innovative technology platform, Wedge Absolute Real-time Protection (WedgeARP™), is a software defined orchestrated network security system. Deployed in data centers by enterprises, governments, and managed security service providers, WedgeARP™ inspects, detects, and blocks in real-time, malware and cyber threats (known, unknown and customized). Wedge does this through its patented Deep Content Inspection (DCI) technologies, combined with artificial intelligence and best-of-breed security functions.

Awarded a Gartner Cool Vendor designation, and twice bestowed with Build-In-Canada Innovation awards, Wedge Networks is headquartered in Calgary, Canada with international teams in the North America, Asia Pacific, and the Middle East and North Africa regions.

For more information on Wedge Networks, visit http://www.wedgenetworks.com/

Media Contacts:

Wedge Networks: 
Please forward any media or PR inquiries to: PR@wedgenetworks.com

Ingram Micro Cloud and CloudBlue:
David Yang
714-382-3357
david.yang@ingrammicro.com

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , , | Leave a comment

Why We Agree That the Largest Cyberattack in History Will Happen Within Six Months and How You Can Be the Action Hero That Stops It In the Last Critical Seconds…

No Gravatar

This Forbes article sparked my interest as it crossed my desk today.  For one, not many people are willing to stick out their neck to make such bold predictions as Mr. McBride did in his article.  At the same time, the logic behind his prediction and his reasoning appear quite sound.  The analogy of trying to break into two different types of buildings was also quite apt for describing how the best way to defend against an attack and hackers is by reducing the “attack surface”.

As we’ve written previously, COVID-19 has caused many organizations’ “attack surfaces” to be greatly increased as they grapple with the issue of enabling their employees to work from home (WFH).  Although these organizations probably spent a boatload of money fortifying their corporate networks in the workplace with EDR / MDR / Sandbox / NGFW, etc., with COVID-19 forcing workers to work from home, these corporate fortifications are no longer protecting them.
 
From what we’ve seen we wholeheartedly agree that WFH is going to continue, even after the pandemic eases up.  This is clearly evidenced by recent news where tech giants Facebook and Google asked their employees to continue WFH for the rest of the year.  Canadian Universities are also preparing for and advising their students that for the 2020/2021 year, classes will be online with only labs being carried out in person.  This is echoed in the corporate world with Gartner analysts forecasting, from over 74% of CFOs polled, that there is a plan to shift at least 5% of previously on-site employees to permanently remote positions post-COVID-19.
 
Unfortunately, organizations have been struggling to cobble systems together in order to enable WFH resources; usually starting by activating VPN features on their firewalls.  Workers who were previously on secure corporate computers and laptops in their offices, now find themselves trying to make-do with their home computing devices accessing their corporate networks through unsecured home internet connections. Again, based on today’s cybersecurity practises, the key for security has always been to keep the threat landscape as small as possible.  There was already and explosion of IOT and IIOT endpoints happening (to the tune of over 75 Bn devices being connected over the past couple of years and more being connected daily). Adding the effects of the current WFH trend is overwhelming security teams and is quickly exposing the fact that the Detect, Quarantine and Remediate mode of operations does not work.

As we’ve mentioned before, companies that are relying solely on an overwhelmed VPN infrastructure is a recipe for disaster.  Home traffic from devices that the companies do not control is leaving them wide open for a breach.  Even if they are utilizing legacy VPNs to access work networks, without security that can detect and block malware and hackers, their non-VPN traffic is left wide open to security breaches.  Those companies who are trying to avoid overloading their VPNs by electing to use split-tunnelling to offload users’ internet browsing traffic are also leaving themselves wide open for hackers to get into their corporate networks.  Instead of hacking the corporate network directly, hackers are compromising in a roundabout method by gaining access to WFH devices first, with the ultimate goal of accessing corporate networks through these unprotected devices.

So, why do we feel that this prediction has a good possibility of coming true?  Well, current available security  is not sufficient.  Although some VPN solutions enforce “security checks” on devices, this enforcement is static; they can discover vulnerabilities on the system while scanning but do not actually prevent traffic-borne malware at the endpoint.  On the more stringent end of the spectrum, although some organizations are mandating that their WFH employees install sophisticated endpoint detection and response (EDR) solutions, which would enable IT staff to treat home assets similar to business assets, this is defeated again by the fact that the home network security setup is typically far from the level of the fortified corporate fortress; and often times non-existent.  Although we may see Mobile Device Management (MDM) approaches trickle down to WFH devices, where they may be partitioned to support business usage, when it all boils down, the issue really becomes traffic malware detection.
 
As the Forbes article mentions, the alignment of all of the issues that COVID-19 has opened up is a “dream come true for cyber criminals”.  Hackers have stepped up their games and quickly started crafting COVID-related malware that would prey on individuals’ fears, tricking them into clicking on links that purported to provide information on how they could protect themselves during the pandemic.  With targeted phishing attacks on employees who are WFH, and who are prone to distractions from having to WFH, hackers are finding it easier find cracks in corporate security armour.  They only need to “gain access through one entry point to seize control of a whole network.  Once they’re in they can steal data, secrets, and even lock you out of the network.”

To make matters worse, hackers have been targeting those organizations whose resources are already stretched thin trying to battle the pandemic on the front lines.  As of this past week, it was reported that healthcare insurance giant Magellan Health was the victim of a ransomware attack and data breach.  The attack resulted in temporary system outages and exfiltration of confidential company and personal information.  With the company under “immense strain as it attempted to meet the demands onset by the COVID-19 pandemic”, hackers were just waiting for the optimum time to strike and cause most harm.

Back to the Forbes article, it was noted that over the past couple months, hackers have targeted the US Department of Health and cyberattacks against the World Health Organization (WHO) have more than doubled.  Intelligence reports also revealed that coronavirus-related cyberthreats have increase by 600% between the months of February and March with no abatement in sight.  

Hence, based on current trends, and current approaches to security, the prediction looks very likely to come to fruition.  So, if it is no longer a case of “if” but “when”, how do organizations try to protect themselves from being part of that largest cyberattack in history?  How can they try to minimize their “attack surfaces”, even though WFH requirements have basically left them wide open and vulnerable?  Well, if you don’t want your organization to become part of the statistics, you should look into the Wedge Absolute Real-time Protection (WedgeARP) Secure Home Office and Secure Remote Office solutions that are helping organizations greatly reduce their attacks surfaces during this time of growing WFH requirements.  

With our “Detect and Block” approach that underpins the WedgeARP platform, we espouse a proactive instead of reactive way of dealing with malware.  Wedge’s solutions are cloud-managed, on-premises or cloud-enforced security services offerings that provide a vast array of optimized Security-as-a-Service (SECaaS) features to enterprises and those working from home; enabling effective security solutions for any cloud-connected computing devices.  WedgeARP provides real-time threat protection for all types of endpoints in different types of networks (mobile data, 5G, SD-WAN, SASE, and smart-city/IIoT).  It enables situational awareness for the entirety of managed networks, with security event tracing, rapid response, centralized policy management, reporting, and analytics; all of the things that the legacy VPNs are missing. To find out more about how this solution can help reduce your organization’s attack surface, contact us at: info@wedgenetworks.com

For those organizations who already have a VPN infrastructure in place, WedgeARP can be easily deployed into their VPN Cloud to protect all connected systems and devices.  For those organizations who have not yet implemented a VPN infrastructure, Wedge provides professional services to help quickly set up remote offices with Microsoft Azure vWAN, secured by WedgeARP.  
Although it seems that Mr. McBride’s dire prediction looks very likely to come true, we believe that by incorporating solutions such as WedgeARP Secure Remote Office and Secure Home Office into your organization’s WFH infrastructure it may give you the chance of stopping “The Largest Cyberattack in History”.  Don’t be a victim.  As Benjamin Franklin once wrote,”An Ounce of Prevention is Worth a Pound of Cure”.

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , , , , , | Leave a comment

WFH: Security Implications and Considerations of VPN Split-Tunneling

No Gravatar

Cyber-security underpins many facets of our life.  The COVID-19 pandemic that has affected the world is forcing large enterprises and other organizations to quickly cobble together solutions that will enable their employees to keep working from home (WFH).  In many instances, there has been a rapid scale up of WFH employees from a “normal” average of VPN-ed users of around 5% / day, to now the opposite, where the number jumped to 95% users / day.  This surge of WFH network traffic has the pandemic revealing legacy VPNs’ stress points and limitations. As a result, many VPN infrastructures are overwhelmed; leaving many employees to enjoy “paid vacations” as they are unable to access the data and documents needed to carry out their jobs properly.

To ease the pressure on the VPN bottleneck,  many organizations are forced to use the approach of “split-tunneling”, to prevent service outages and performance degradations.  The concept of split-tunneling is simply this – the VPN client installed on the WFH employees’ devices will only direct traffic that is bound for internal business applications through the VPN tunnel while other traffic would always go directly out through the WFH’s home Internet connection.  The reasoning is simple – for example, if an organization’s egress bandwidth to the Internet is 100Mbps, were split tunneling not deployed, the same organization might require 200Mbps to support this new WFH model.  

The rationale is hence business-driven: “split-tunneling”, that many organizations are using, lightens the load on the infrastructure currently in place; without which, supporting this new WFH norm might not be possible.  However, doing so has introduced very severe cyber-security vulnerabilities.

Unlike in a corporate setting, where organizations have spent a lot of money implementing solutions like EDR / MDR/ Sandboxes, Network Traffic Analyzers, Firewalls, NGFW, etc., in a WFH environment, most home users do not have these security pieces in place.  Many do not even have a decent firewall protecting their home networks.  Thus, when split-tunneling is utilized, where the users’ normal, non-business traffic, such as web-browsing, access to external applications, etc. are NOT sent through the VPN tunnel, this traffic is left open and exposed to all of the security vulnerabilities that come with unsecured internet access .  The non-VPN traffic thus leaves these devices and endpoints open to whatever malware is out there.  

As observed by many industries and government agencies, there are lots of new threats ranging from COVID-19-themed ransomware attacks, weaponized URLs, and scam campaigns designed to steal employee credentials or compromise assets almost indiscriminately.  Any of these could quickly and easily lead to severe cybersecurity breaches.

Thus the dilemma we are facing is: Should organizations enable more workers to utilize the limited resources through split-tunneling even though it introduces severe cyber-security vulnerabilities?

Unfortunately, during this highly stressful time, most organizations are simply happy to accept whatever reliable connectivity that they can access, and in so doing, possibly compromising their corporate security posture in the process.  The upside is that they have connectivity for their growing numbers of WFH employees; the downside is that they are without proper security in place to protect those WFH employees who are working outside the protection of the corporate fortress.  To add to this, by using methods such as split-tunneling they may not actually be in compliance with regulations meant to protect their businesses.

We believe that enterprises and government agencies that are currently facing the challenges of increasing their remote and WFH users should reconsider this split-tunneling setup so as to avoid leaving WFH computing devices unprotected. 

There are several strategies to consider:

  • First, you may consider directing all internet traffic of your WFH devices through the corporate VPN tunnel;
  • Second, if it is not feasible to tunnel all traffic, you should at least identify those VIP computing devices, such as those containing or accessing highly confidential information, and have their traffic fully tunneled;
  • Third, deploy real-time threat prevention solutions at the cloud end of your VPN infrastructure. For example, you should consider installing a network-based anti-malware solution such as the Wedge Absolute Real-time Protection (WedgeARP) platform. With its built-in automated AI and Machine-learning, WedgeARP can detect and block all malware (even zero-day and never-before-seen malware) in real-time;
  • Fourth, consider using a public cloud facility, such as Microsoft Azure or Amazon AWS, as an overflow buffer for your VPN infrastructure.  For government agencies, healthcare, and financial institutions, you need to make sure such public cloud services are certified with all of the required GRC compliances.

To learn more about these strategies, feel free to contact us at: info@wedgenetworks.com


Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , | Leave a comment

Law, Accounting and Consulting Firms Beware… COVID-19 Themed Attacks WILL Affect You As Well!!

No Gravatar

As organizations around the world quickly (and maybe haphazardly) retool their infrastructures to allow their employees to work from home (WFH) during this ongoing COVID-19 pandemic, hackers and bad actors have been relentless with their attacks on not only the key healthcare industry but other professional industries as well.  Because of the heightened fear that has been brought about by the COVID-19 virus, hackers are working in overdrive to leverage this fear; crafting COVID-19 themed spam, ransomware and malware.  These, new attacks, unfortunately, are having a greater success; taking advantage of workers who are no longer protected by the walled fortress security that their corporate environments offered as they work from home.

While many organizations look to increasing the amount of legacy VPN use in order to give their employees access to their corporate networks so they can do their jobs, as we’ve advised in previous blogs, there are huge security cracks showing.  Legacy VPNs were just not built for scaling so that they could support millions of users nationally or globally.  And that is the big issue.  In a recent threat post article, “New research found that almost HALF of companies had malware on their corporate-associated home networks – in comparison to malware being found on only 13 percent of corporate networks.”  Further, “home office networks are 3.5 times more likely than corporate networks to be infected by malware”.  This does not bode well as the coronavirus forces organizations to shift their workers to WFH.

Where does this leave professional organizations such as law, accounting and consulting firms as they too have their employees WFH?

Unfortunately, as we see by recent news articles, these organizations are not immune and, if anything, are more focused targets of hackers since their computer systems and networks are loaded with confidential client information, accounting, financial information and other digital files that could severely hamper any work if they were inaccessible.  One recent example of this came through CBC News, which reported that ransomware had locked two Manitoba law firms out of their computer systems.  This “left lawyers and staff at the firms without access to client lists, emails, accounting and financial information, photos and other digital files.  Cloud backups were also locked.”  In this instance it was suspected that someone had clicked on a link or an attachment that had been infected with a virus and this virus then went on to infect the firms’ entire systems.  Although paper records and court filings could be used to retrieve some of the locked data, since the lawyers usually work with a large amount of privileged and confidential information, it would be disastrous if this got into the wrong hands.  If the firms refuse to pay the ransoms, the hackers could turn around and warn that if they aren’t paid, they could just leak the data; this could be devastating to the law firm, both from a reputational standpoint but also from a financial standpoint if the clients who were affected chose to sue the firms.

The same result as above can be felt in literally all professional firms.  Accounting firms, should their data be breached and locked, could have their work ground to a halt if they are unable to access their clients’ accounting information in order to carry out client requests.  Consulting firms, with huge amounts of client data on their computers and systems, could face a barrage of lawsuits if valuable corporate data were leaked.  With employees from these firms in WFH mode, the networks and infrastructures of these organizations are at particular risk if they do not make sure that they have proper security solutions in place.  Although many firms may believe that the legacy VPNs that are enabling their employees to access corporate data from home would be safe; because the employees’ WFH networks are inherently unsafe, it is opening up their corporate networks to easier attacks by determined hackers.

That’s where Wedge Networks can help.  Using its years of experience providing orchestrated real-time security against all malware, Wedge has recently launched its Wedge Absolute Real-time Protection (WedgeARP) Secure Remote Office  and Secure Home Office solutions to bring bullet-proof security to legacy VPNs and other remote office solutions.  Utilizing the WedgeARP platform, it is a cloud-managed, on-premises or cloud-enforced security service offering that provides a vast array of optimized Security-as-a-Service features to organizations; enabling effective security solutions for any cloud-connected computing devices.  Wedge’s solution provides real-time threat protection for all types of endpoints in different types of networks used by WFH and more (mobile data, 5G, SD-WAN, SASE and smart-city / IIoT).  It further enables situational awareness for the entirety of managed networks, with security event tracing, rapid response, centralized policy management, reporting, and analytics; features that legacy VPNs just do not have.

With a proactive “Detect and Block” approach to security instead of the prevalent “Detect and Remediate” response approach, Wedge’s Secure Remote Office solution offers a preventative solution for these professional firms, and really ALL organizations, that are facing the need to ensure that their employees can be productive but SECURE in a WFH environment.  By bringing security, normally seen in just the corporate network environment, to the home office environment, organizations can feel more secure in allowing their employees to access corporate data from home without having to fear that their corporate networks will be compromised.

To find out more about how WedgeARP Secure Remote Office and Secure Home Office solutions could benefit your organization, contact us at: info@wedgenetworks.com.  For those organizations who already have a VPN infrastructure in place, WedgeARP can be easily deployed into their VPN Cloud to protect all connected systems and devices.  For those organizations who have not yet implemented a VPN infrastructure, Wedge provides professional services to help quickly set up remote offices with Microsoft Azure vWAN, secured by WedgeARP.  Don’t allow your organization to be at the mercy of the unrelenting hackers during this time.  We have the solution for you and we’re here to help!

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , , | Leave a comment

Under the Cover of COVID-19, Hackers are Stepping Up Their Criminal Activities in a Big Way and Exposing Security Cracks in Legacy VPNs

No Gravatar

Since the COVID-19 pandemic started taking a firm grasp over the world it has forced companies to accelerate their efforts for enabling their employees to work from home (WFH).  As a result, cybercriminals have taken advantage; exploiting the emerging opportunities and vulnerabilities that have multiplied as workers do work from the less fortified confines of their home “offices”.
 
According to an article by helpnetsecurity, “The impact of the COVID-19 pandemic on cybercrime has been the most visible and striking compared to other criminal activities.  Criminals active in the domain of cybercrime have been able to adapt quickly and capitalize on the anxieties and fears of their victims.  Phishing and ransomware campaigns are being launched to exploit the current crises and are expected to continue to increase in scope and scale.”

More statistics on this are provided by i24news out of Israel, who have stated that in just the past two weeks, the number of daily attacks related to the Corona virus have increased from a few hundred to more than 5,000 with the average currently at more than 2,600 attacks per day.

How is this affecting security for the corporates and other organizations that have seen the number of their employees working from home skyrocket?  One major result is outlined by a a recent article on betanews.com which warns that with the skyrocketing VPN usage and issues of internet overload, security and scalability to handle this is greatly lagging.  With COVID-19 rapidly transforming the globe, forcing the largest number of people to work remotely in history, and with millions of people connecting to their corporate networks from their homes; it is no wonder network infrastructures around the world are being taxed at levels never seen before.

The big threat lies in the legacy Virtual Private Network (VPN) technology that has always provided the backbone to working remotely.  Over the past 30 years, legacy VPNs “have enabled secure, remote access to the internet through a point-to-point connection by creating an encrypted ’tunnel’ through which IP traffic flows.”  The downfall, however, is that because they provide access to the organizations entire network in order for them to access company resources, this makes all organizations using the legacy VPNs more vulnerable to attacks and data breaches.

With the massive numbers now using the legacy VPN technology, more than ever before, cracks are starting to emerge in the technology as the solutions “were not built to scale to support millions of users nationally or globally”.  In the US alone, there has been an upwards of 53% increase in the usage of VPNs due to the number of state governments mandating work-from-home policies; and this is creating an unprecedented stress test on the VPN technologies.  Combine that sudden spike in VPN usage and a resultant slowdown in internet access and reduced quality of service from the massive volume of users and there is a disaster just waiting to happen.

The big concern is the lack of security in legacy VPNs.  For example, NordVPN had a breach recently where an attacker gained access to the TLS key ‘which opened the door and exposed the unencrypted network to hackers”.  “In this case, the intrusion went undetected for over a month due to a lack of activity logs.”  In addition, users are typically not restricted to specific network resources, ‘making VPNs another singular point of failure with respect to identity access and credential management.  There is no segmentation, audit or control.’

Verbatim text from betanews.com: “Critical VPN limitations include a lack of network segmentation, traffic visibility, on-premises user security and straightforward network security.  VPNs are also not suited for dynamic networks because they require computer hardware, constant management and cannot easily adjust to network or server changes.”  “The new challenge for virtually any company I how to provide secure and reliable employee access without draining IT resources and budgets, especially remotely.  Organizations must look beyond traditional VPNs to alternatives that can be quickly deployed and configured via the cloud to provide device and application configurability, as well as accessibility, increased security, privacy and user-access control granularity and analytics.”

The article goes on to outline the new cloud-based network security model defined by research firm Gartner, Secure Access Service Edge (SASE), which combines multiple network technologies delivered as a service and which supports dynamic secure access to all organizational assets.

This is where Wedge Networks and its recently launched Wedge Absolute Real-time Protection (WedgeARP) Secure Remote Office Solution comes into play.  Based on the WedgeARP platform, it is a cloud-managed, on-premises or cloud-enforced security service offering that provides a vast array of optimized Security-as-a-Service features to enterprises; enabling effective security solutions for any cloud-connected computing devices.  The Wedge Secure Remote Office solution provides real-time threat protection for all types of endpoints in different types of networks (mobile data, 5G, SD-WAN, SASE, and smart-city/IIoT).  It enables situational awareness for the entirety of managed networks, with security event tracing, rapid response, centralized policy management, reporting, and analytics; all of the things that the legacy VPNs are missing.

As organizations face difficulties ramping up their WFH infrastructures, Wedge’s Secure Remote Office product provides the easy to deploy and enable solution.  It integrates Microsoft Azure Virtual Wan with WedgeARP, along with Microsoft’s high quality VPN connection; providing Wedge’s cutting-edge real-time cybersecurity services that legacy VPNs are missing.  To find out more about how WedgeARP Secure Remote Office solution could benefit your organization, contact us at: info@wedgenetworks.com.  For those organizations who already have a VPN infrastructure, WedgeARP can be easily deployed into their VPN Cloud to protect all connected systems.  For those organizations who have not yet implemented a VPN infrastructure, Wedge provides professional services to help quickly set up remote offices with Microsoft Azure vWAN, secured by WedgeARP.  During this current COVID-19 Pandemic, Wedge is doing its part to step up and battle the increased hacker activities by helping to close the cracks and security holes that legacy VPNs are showing.

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , , , | Leave a comment