VPN Security, or Lack Thereof, Is Causing Security Liabilities: How WedgeARP™ Can Help with Real-time Threat Prevention

No Gravatar

Techradar published a piece recently on how VPN security is causing businesses a lot of headaches; mainly because there is often a lack of security when using legacy VPN services.  In a survey, highlighted by the article, although businesses around the globe have looked to the use of VPN services as a way to enable employees to stay connected and work from home during the pandemic, nearly two thirds of the survey respondents indicated that inadequate security was the number one concern and pain point with using VPNs.  Despite other concerns such as cost, performance issues and reliability of services, security remained at the top of the list, with almost 40% of those responding believing that their corporate network had already been breached by bad actors.  According to the survey, although many organizations revealed that they were not completely sold on utilizing VPN service going forward as a normal part of their operations, 86% of those responding said that they would consider other alternatives if they could offer improvements in terms of security, configuration and management, cost, performance and availabilty.  These respondents also said that if there was an alternative that could limit remote users’ access to specific applications or services without creating a network attack surface, they would immediately embrace this option.

The Techradar article really serves to provide additional support to what Wedge has been stating for a long time and reinforces the warnings that we have brought up about the lack of security with legacy VPNs and the potential implications that some organizations may face when considering things such as VPN Split-Tunneling.   The COVID pandemic greatly sped up the process and timeline for many companies who had been considering the move to allowing even just a portion of their workforce to a Work From Home (WFH) environment.  Unfortunately, because of the need for companies to quickly put infrastructure in place in order to allow their workers to work remotely under government imposed lockdowns, many of these organizations were ill-prepared to deal with the security ramifications that simple legacy VPNs would introduce into their networks.

Although VPNs were initially put in place to allow workers to access documents and other content from their corporate networks, this was originally set up to service perhaps 5% of the workforce.  When the pandemic hit, the numbers quickly shot up, with organizations requiring VPNs to service 95% or more of their workforce.  This surge in usage revealed legacy VPNs’ stress points and limitations and quickly opened the doors for hackers to utilize these vectors of attack and to use them to their advantage.  VPNs had provided some amount of security by allowing employees to use private tunnels to access their corporate networks; however, because of the lack of any sort of network security on their home networks, malware that was able to find its way onto these personal computers could then potentially use these VPN tunnels to propagate onto the corporate networks.  This increased attack surface has been causing the huge headaches that IT staff have had to deal with. 

Thankfully, there is a solution and that solution is Wedge Absolute Real-time Protection (WedgeARP).  The key to the problem, being faced by so many organizations out there using legacy VPNs, is to make sure that there is a solution in place that is scanning the traffic going through the VPN tunnels; ensuring that all content is malware free, without causing any networks slowdown.  And that is what the WedgeARP platform does and how it is able to provide the real-time threat prevention that is so sorely needed by organizations using VPNs.  By situation itself into the network infrastructure itself, WedgeARP uses Deep Content Inspection to reassemble packets into actual content in real-time that can be scanned by multiple levels of AV services that are orchestrated on the platform, including AI and machine-based services that can detect zero-days and never-before-seen malware.  Because WedgeARP is seeing content as it flows in both directions, it can detect malware that may have found its way onto the endpoint because of an unsecured home network and block it before it has a chance to work its way through the VPN to breach the corporate network.  Managed through a single pane of glass, WedgeARP can provide IT staff with actionable intelligence that it can use to determine where attacks are coming from and where they are being directed to.  As well, because WedgeARP can orchestrate a wide variety of security services, security policies such as limiting remote user access to specific applications and services can be put in place for all users; further reducing the attack surface for the corporate network.  As Techradar mentioned, users have been looking for an alternative to the lack of security on legacy VPNs and WedgeARP is that secure alternative.  To learn more about how WedgeARP is securing the WFH environment by providing much-needed VPN security, contact our team at: info@wedgenetworks.com.            

Posted in Industry News, Latest Security News | Tagged , , , , , , | Leave a comment

Microsoft Aiming to Battle Big Crisis Going on in Cybersecurity Right Now: Wedge Has Been Fighting This Battle For a While…

No Gravatar

Yahoo!Finance recently brought to light the fact that Microsoft has now become one of the big players in cybersecurity. After seeing a 40% year-on-year jump in its growing security business (which totalled $10 billion over the past 12 months), it now makes up around 7% of the company’s total revenue for the previous year.  This revenue comes from Microsoft’s security-related services that now include such products as Azure Active Directory, Intune, Microsoft Defender for Endpoint, Microsoft Cloud App Security, etc. which make up what Microsoft calls its Intelligent Cloud and Productivity and Business Processes segments.

Microsoft has been quietly cobbling together and building these services for a while now, according to CEO Satya Nadella, who states that “…you need to sort of obviously build all of this over a period of years if not decades and then sustain it through not just product innovation, but also I would say, practice every day.”

The announcement of these numbers is not just a random release but come in light of the massive SolarWinds cyber-attack that was uncovered in December and which continues to cause further fallout after hitting various private companies along with a broad swath of government agencies, including Treasury, Commerce and State Departments in the United States and around the world.

According to a Reuters report, Microsoft itself had been hacked, although no customer data appeared to have been breached.  According to the US National Telecommunications and Information Agency (NTIA), within its own organization, Microsoft’s Office 365 software had been hacked, which allowed intruders to monitor the agency’s emails for months.  Because of the extensive use of Microsoft products within the government, and because of the breadth of the security services it has started offering, many of these organizations that were hit started turning to Microsoft to determine the extent of the breaches and for advice on how to protect themselves.

As per Microsoft CEO Nadella, part of Microsoft’s strategy against cyber attacks is the incorporation of a “zero trust” architecture, meaning that the cybersecurity services are built to always function as though there has been a breach of some kind; taking more of a proactive approach to scanning for malware and other hacks going through the network.  This definitely provides a validation for Wedge as it has been incorporating this “zero trust” strategy into its product architecture from the beginning with its Deep Content Inspection technology that reassembles data packets back into MIME objects and then scanning these objects to see the full picture and “intent” of the content passing through.  It has further enhanced its offerings with the use of AI and Machine Learning in order to detect zero-day and previously unknown malware; proactively providing real-time threat PREVENTION.

The growing cybersecurity crisis has deepened over the past year, resulting from the Coronavirus Pandemic causing a massive uptick in companies shifting to a Work From Home (WFH) setup.  This has unfortunately introduced a new attack vector for hackers, who are doing their best to exploit it.  When workers are on their unprotected home networks, outside of the fortified corporate networks, it doesn’t take much to inadvertently click on something that could be malicious.  In the typical corporate network environment, something like this would be easily caught but in the home network that might not even have a simple firewall, these security breaches are greatly magnified.

Of course, the fact that there are a wide variety of different operating systems running the plethora of IoT devices out there does not make security any easier.  Although Microsoft security products provide some protection for devices running Microsoft, Apple and Google operating systems as well as devices running off competing clouds such as AWS and Google Cloud, the increasingly interconnected world will become even more difficult so secure because it becomes less about just protecting the devices with endpoint solutions and more about protecting the whole architecture that these devices connect to.  With cloud services growing at such a rapid rate, protecting end-customers connected to these services will become of paramount importance.

Which brings us back to Wedge and the cybersecurity fight that it has been battling almost since its inception.  Founded on a water treatment plant analogy where its founders felt that the best way to protect users was by cleaning the content at the source; this becomes ever increasingly important in the cloud connected world.  Through its Wedge Absolute Real-time Protection (WedgeARP) platform, the company has been building a platform that can orchestrate an ever-growing number of security services to scan content in real-time at the network layer.  By scanning the content itself, the platform is OS agnostic; able to protect endpoint devices regardless of the OS it is running on.  With patented hyper-streaming technologies and the integration of AI and machine learning, the platform is able to scan content in milliseconds, detecting known and even unknown malware, and then blocking it before the endpoint can be compromised – effectively providing the pro-active real-time threat PREVENTION that is much-needed by IoT devices everywhere.  The solution has been deployed in both service provider and corporate networks around the world, and protects millions of endpoints on a daily basis.

At the start of the pandemic, Wedge took the cyberthreats facing WFH users very seriously and further extended its product offering to help protect workers that had been forced from their fortified corporate office networks to work from their largely unprotected home office networks.  WedgeARP, which is offered through global reseller Ingram Micro as Secure Home Office, Secure Remote Office and Secure Azure Virtual WAN, and which can be run through Microsoft’s Azure cloud services, are just some of the solutions through which Wedge is helping to alleviate the cybersecurity crisis that is looming.  By helping to secure the attack vector that WFH opened up through these offerings, Wedge, as Microsoft is doing now, continues to place itself at the forefront of the larger global cybersecurity battle.  To learn more about WedgeARP and how it is being used to provide real-time threat prevention, contact our team at: info@wedgenetworks.com.  Using innovative approaches can help us hopefully avert the big cybersecurity crisis that is looming.

Posted in Industry News, Latest Security News, Wedge Channel Partner Forum | Tagged , , , , , , , , , | Leave a comment

DLS Technology Enters Partnership with Wedge Networks to Provide Real-Time Threat Prevention from Endpoint to Cloud

No Gravatar

Leading Canadian Technology Solutions and Service Provider, DLS to Offer Wedge Networks Absolute Real-time Protection Platform – WedgeARP™ Across Canada.

21 Jan 2021 – CALGARY & OTTAWA, Canada: DLS Technology Corporation (“DLS”), a leading technology solutions and service provider, headquartered in Ottawa, Canada, is announcing today that it has entered into a technology partnership agreement with Wedge Networks Inc. to offer their combined security solutions across the Canadian and Global markets. Through this technology alliance and strategic partnership, DLS will be able to deliver the Wedge Absolute Real-time Protection™ (“WedgeARP™”) platform, in conjunction with its vKey technologies to its customers, which include Canadian embassies and other related agencies worldwide.

WedgeARP™ provides network-based, real-time threat protection for all types of endpoints in a wide range of networks (mobile data, 5G, SD-WAN, SASE, and smart-city/IIoT). With an embedded deep learning AI engine and patented real-time deep content inspection technology, WedgeARP™ can detect never-before-seen malware in milliseconds. Running on an orchestrated threat management platform, it is an effective and autonomous approach to enable large-scale real-time threat prevention.

The addition of the WedgeARP™ platform to DLS’ comprehensive IT solutions creates an excellent and unique partnership opportunity for providing real-time threat protection to its growing list of customers.

“We have been working well with Wedge on the integration of our products and are excited to enter into this strategic alliance as it will allow us to offer real-time cyber security protection that will further enhance security across our client base, which includes highly secure embassies and other government-related organizations.” said Eric She, President of DLS.

“The Wedge and DLS collaborated platform will allow us to strengthen our security capabilities surrounding  data-in-motion, data-in-use and data-at-rest, all in real-time.”

Named one of Canada’s Fastest-Growing Companies by The Globe and Mail for three consecutive years. DLS been delivering IT and cybersecurity solutions that are effective, efficient, secure and trusted for over two decades, quickly becoming one of Canada’s leading IT solution and service providers.

“DLS is an important organization for Wedge to partner with as they share our beliefs and our mission to offer industry-leading real-time threat prevention,” stated Dr. Hongwen Zhang CEO & CTO of Wedge Networks. “With their current customers covering organizations and institutions including Canadian embassies, which require the highest levels of cyber security, we believe that these agencies will be much better protected with the added WedgeARP™ solution.”

DLS, as a technology partner with Wedge, will help to distribute, market, and promote the Wedge solutions across Canada.

About DLS Technology Corporation

Based in Ottawa, Ontario, Canada, DLS Technology Corporation offers comprehensive technology solutions and services to national clients within the government, healthcare, defence and finance sectors.

Named one of Canada’s Fastest-Growing Companies for three consecutive years, DLS takes a hardware and software-agnostic approach when developing its clients’ unique solutions, focusing on delivering comprehensive products that surpass expectations across all vertical with specialization in:

• Cybersecurity and Multifactor Authentication Advanced Search and Predictive Analytics
• Cloud Computing
• Endpoint Security
• Infrastructure and System Integration
• Identity Management and Authentications (MFA)
• Modern Workspace Transformation
• Secure Remote Access (SRA)
• Virtualization

About Wedge Networks

Wedge Networks Inc. is a Real-Time Threat Prevention solutions company. Its innovative technology platform, Wedge Absolute Real-time Protection (WedgeARP™), is a software defined orchestrated network security system. Deployed, via the cloud, on premises, or in a virtualized environment, in data centers by enterprises, governments, and managed security service providers, WedgeARP™ inspects, detects, and blocks in real-time, malware and cyber threats (known, unknown and customized). Wedge does this through its patented Deep Content Inspection (DCI) technologies, combined with artificial intelligence and best-of-breed security functions.

Awarded a Gartner Cool Vendor designation, and twice bestowed with Build-In-Canada Innovation awards, Wedge Networks is headquartered in Calgary, Canada with international teams in the North America, Asia Pacific, and the Middle East and North Africa regions.

For more information on Wedge Networks, visit http://www.wedgenetworks.com/
Please forward any media or PR inquiries to: PR@wedgenetworks.com

Cautionary Statements and Forward Looking Information

This release contains forward-looking statements, which are based on current expectations, estimates, and projections about the Corporation’s business and prospects, as well as management’s beliefs, and certain assumptions made by management. Words such as “anticipates,” “expects,” “intends,” “plans,” “believes,” “seeks,” “estimates,” “may,” “should,” “will” and variations of these words are intended to identify forward-looking statements. Such statements speak only as of the date hereof and are subject to change. The forward-looking statements contained in this news release are made as of the date hereof and Wedge undertakes no obligation to update, publicly or otherwise, or revise any forward-looking information, whether as a result of new information, future events or otherwise unless expressly required by applicable securities laws. The forward-looking information contained in this press release are expressly qualified by this cautionary statement. Readers are cautioned that any such forward-looking statements are not guarantees of future business activities and involve risks and uncertainties, and that the Corporation’s future business activities may differ materially from those in the forward-looking statements as a result of various factors , including, but not limited to: expansion and business strategies, anticipated growth opportunities, the partnership with DLS, the impact of the COVID-19 pandemic, general economic, market or business conditions, the amount of fundraising necessary to perform on its business objectives, operational risks, the ability of the Corporation to raise necessary funds for its business objectives, and the outcome of commercial negotiations. Such statements are not guarantees of future performance and are subject to certain risks, uncertainties, and assumptions that are difficult to predict. Accordingly, actual results could differ materially and adversely from those expressed in any forward-looking statements as a result of various factors. There can be no assurances that such information will prove accurate and, therefore, readers are advised to rely on their own evaluation of such uncertainties. Although the Company believes that the assumptions and factors on which such forward-looking statements is based are reasonable, undue reliance should not be placed on the forward-looking statements as the Company can give no assurance that it will prove to be correct or that any of the events anticipated by such forward-looking statements will transpire or occur, or if any of them do so, what benefits the Company will derive therefrom.

Posted in Industry News, Latest Security News, Wedge Channel Partner Forum, Wedge News | Tagged , , , , , , | Leave a comment

The Global Pandemic is Causing Cyber-Security Teams to Burnout: Why Automated Real-time Threat Prevention Can Help

No Gravatar

ZDNet published an eye-opening –  but at the same time very understandable – article that outlined why the Coronavirus pandemic is seeing cybersecurity teams struggling with burnout as time goes on.  With the second wave hitting many countries, and further lockdowns occurring, this has forced many security operation centres (SOCs) to work remotely while dealing with the new threats that the Work From Home (WFH) environment has introduced.  Not surprisingly, this is leading to higher workloads and an increase in burnout for cybersecurity staff.

According to research from the Ponemon Institute, the current pandemic has increased the hours and workload of information security staff, which was already a high intensity / high stress environment to begin with.  The shift that many organizations saw in 2020, going from mainly office-based to working from home, was also mirrored by a significant number of cybersecurity personnel having to do the same, with over 1/3 of SOC environments shifting to work remotely.

As we’ve mentioned in earlier posts, the big shift to WFH has exacerbated the problems for cybersecurity staff.  Before, when they just had to secure an office environment, they dealt with a wide range of threats such as phishing, malware, ransomware, etc.  Now that a large portion of their organizations are in an WFH environment, it adds an additional layer of complexity and more challenges as they must now also protect those outside of the fortified office network environment from these threats and other ones that are introduced by employees working remotely.

As employees connect to work systems from their home internet connections (and often from their own personal computers), this opens up additional attack vectors that cyber criminals can use to enter corporate networks.  Again, all of these changes have made it even harder for cybersecurity staff, who themselves are now working remotely at home with potentially less resources available to them.  Just like other staff, cybersecurity teams are having to do their jobs while also dealing with the additional pressures and distractions of the work from home environment.  With these additional distractions, it can be hard for cybersecurity analysts to stay productive and focus on defending the networks that they have been tasked with protecting.

The same Ponemon survey has spotlighted that the additional pressures of working in the cybersecurity field while having to work remotely has lowered staff moral to the extent that 3/4 have stated they have experienced burnout from the job.  This has led to some security analysts leaving their positions, further increasing the shortage of these analysts and leading to an increase in the average salary for these positions; which has risen to $111,000, up from $102,000 just prior to the start of the pandemic a year ago.
Although, like many other jobs, SOCs can optimally operate when their staff can meet in-person.   However, SOCs may not be going back to becoming an in-person entity any time soon with potentially other disasters, physical or otherwise, forcing a similar pattern of working remotely in the future.  Organizations need to learn how to manage their cybersecurity staff remotely when events occur that prevent them from working from the office.

And this is where Wedge Networks comes in with its Wedge Absolute Real-time Protection platform (WedgeARP), a deep content inspection-based solution that orchestrates best-in-breed security services along with Ai / Machine learning   We have been keenly aware of the expanding security gap (where rapidly expanding security workloads are greatly outpacing enterprise security capacity) and have tailored our platform to help alleviate this issue.  Not only is WedgeARP effective in providing automated real-time PREVENTION of advanced threats, but it also has detailed analytics built-in to its “single-pane-of-glass” user interface; providing security teams with actionable intelligence that can aid them in further fortifying their networks.  By helping to reduce cybersecurity teams’ workloads – stopping threats before they can cause damage corporate networks – and then by providing them with easy-to-use tools that can reduce the “alert noise” that their other solutions are generating, WedgeARP is an effective solution that can actually help to close the security gap.  By allowing cyber security teams to work smarter and not harder, this can reduce burnout in the employees and help organizations retain these highly skilled staff members.

To learn more about how WedgeARP and its automated real-time threat prevention can help your cybersecurity team work more efficiently in these ever-stressful times, contact us at: info@wedgenetworks.com.  

Posted in Industry News, Latest Security News, Wedge Channel Partner Forum | Tagged , , , , , , , , | Leave a comment

The SolarWinds Aftermath: Detection and Response is Not A Viable Solution – The Benefits of Real-time Threat Prevention

No Gravatar

The SolarWinds compromise has unleashed a flurry of activity in the cybersecurity industry as of late.  Almost all of the activities are related to trying to remediate against the hack that has left untold numbers of organizations vulnerable; and trying to patch holes in their security to ensure that they do not continue to potentially leak confidential information.  

After the SolarWinds revelation, both the Canadian Government and the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which is a part of the U.S. Department of Homeland Security, issued an emergency directive calling on all federal civilian agencies to review their computer networks for signs of compromise and to disconnect from SolarWinds Orion products immediately.  Unfortunately, SolarWinds, which has a wide variety of government contracts (including military and intelligence services, according to Reuters), was attacked and the attackers used a “supply chain attack” method to embed malicious code into SolarWinds’ legitimate software updates.

What is now known is that the malicious updates to SolarWinds’ Orion platform was to blame for global hacks, including the one on FireEye, that occurred earlier this month.  In the FireEye attack, it was reported that the company’s “Red Team” toolkit was stolen, which are tools that can be used to look for vulnerabilities in systems.  This hack of FireEye and data theft puts the toolkit in the hands of hackers, who can then use them for mounting new attacks around the world.

Unfortunately, the SolarWinds compromise is far-reaching; by embedding malware into legitimate software updates via a supply chain attack, this further deteriorates the effectiveness and erodes the trust in the use of endpoint monitoring and detection and response solutions as a viable means of protecting an organization’s network and data from attacks.  In this instance, anyone using the affected SolarWinds Orion Platform updates maybe have been open to hacker attack since early Spring of this year.  

SolarWinds,  through its investor filings, has alerted that as many as 18,000 of its 300,000 customers may have been compromised;  which could be just the tip of the iceberg.  Going forward and looking to 2021, we feel that there will continue to be massive fall-out and data breaches from this hack that will have a global effect on both governments and enterprises still relying on high touch solutions that are installed on the endpoint.  And this is not all.  More recently, many tech giants such as Cisco, Intel, Nvidia, Microsoft, Visa, MasterCard, to name some names, were shown to have been targeted and may have already been compromised and so they are rushing to close holes and remediate where needed.

What does this mean going forward? And can a similar attack be prevented?

Now that the SolarWinds compromise has been detected, this should heighten security analysts’ awareness to these types of attacks and should hopefully make it harder for hackers to perpetrate a compromise such as this.   However, much of the activity surrounding this attack continues to fall in the Detect and Remediate category, which is both costly from a time and resources viewpoint and is an “after the fact” response; basically having to clean up the network and eradicate the malware from any devices that have been infected.

Unfortunately, the reason why this attack was so severe is because it came from a “trusted” source, targeting the DLL of SolarWinds and moving throughout the network from there.  This targeted endpoints, which continue to be the weakest points within a network and which are usually the hardest to secure.  For network security to be effective, it needs to be able to stop malicious content before it can  hit the endpoint.

It is because of the inherent weakness that endpoints have within networks that calls for the need for a “zero-trust” approach to security where EVERYTHING should be scanned in order to ensure that it is secure.  Even if a device within a network has previously been known as being “secure”, one never knows if it has been compromised at some point.  And so the “zero-trust” approach would continue scanning the content both going in and out of the device to ensure that any malicious content that might have infiltrated the device does not move further than the device itself. 

The SolarWinds attack continues to strengthen Wedge’s position that the Detect and Remediate approach to network security, especially with high security requirements such as those for governments, is not truly viable.  We continue to champion Real-time Threat Prevention with our Wedge Absolute Real-time Protection platform, which is a network-based solution that orchestrates a wide variety of industry-best security functions and patented technologies such as Deep Content Inspection, that can scan EVERYTHING for greater visibility of content flowing through the network.  This works in combination with SubSonic and GreenStream technologies, providing real-time performance in high throughput networks, and AI / Machine Learning for the ability to detect novel and previously unknown malware.  By providing Real-time Threat Prevention, malware such as this, is detected and blocked at the network before they can do any harm.  This secures the network as well as all endpoint devices connected to the network by detecting and blocking all malicious content so that there is no “patient zero”.  This not only allows organizations to save on remediation costs but also enables them to make better and more efficient use of the resources that have.

A quick analogy that describes the detect and remediate way of doing things would be akin to asking question “ what is the value of living in a gated community when you still have to fight intruders in your bedroom because the gate continues to allow these intruders in?”.  Such is the case of solutions that rely on sandboxes to provide a verdict on the safety of content only after having already let it through to the endpoint and causing “patient zero”.

At this point, the compromised SolarWinds update file has been identified and most AM/AV solutions should be able to detect and block the malware going forward.  However, any sort of variations of the malware and zero-days would not yet be fingerprinted and could pass through these solutions.  That is where WedgeARP’s incorporation of both a patented Deep Content Inspection engine, orchestrating best-in-breed security services with AI / Machine Learning can enable the ability to provide real-time threat PREVENTION; detecting even unknown malware variants and blocking them before they can do any harm.

What about if there are already infected endpoints within the network?  What are the benefits of utilizing WedgeARP after the intrusion has already taken place?

With the SolarWinds compromise, the biggest threat appears to be the potential theft of information and data leakage from infected endpoints, as well as hackers being allowed to access the confidential information therein.  As in the FireEye case, they had their “Red Team” toolkit stolen.  What happens if an organization decides to deploy WedgeARP while there are still infected endpoints in the network?  The good thing is that WedgeARP has two-way scanning; looking at both inbound and outbound traffic for malicious content – WedgeARP SCANS EVERYTHING!  If there is malware within the network that is trying to “call home”, these communications would be detected and prevented from occurring; effectively cutting off communications between the malware inside the network and the Command and Control server that may be trying to control it.  Combine this with the East-West content scanning that can be enabled within the network and WedgeARP, with its WedgeIQ analytics platform, becomes a powerful tool for analysts to more easily detect which endpoints have been compromised and make remediation much easier.

To find out more about WedgeARP and the benefits that Real-time Threat Prevention has over the typical Detect and Remediate methodology , please contact us at: info@wedgenetworks.com. Our team will be happy to answer your questions and provide an introduction to the WedgeARP platform.

Posted in Industry News, Latest Security News | Tagged , , , , , , , , , , , | Leave a comment

Security Bulletin: SolarWinds Supply Chain Compromise Affects Various U.S. Government Agencies – What You Need to Know

No Gravatar

Earlier this week, both the Canadian Government and the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which is a part of the U.S. Department of Homeland Security, issued an emergency directive calling on all federal civilian agencies to review their computer networks for signs of compromise and to disconnect from SolarWinds Orion products immediately.  

The SolarWinds Supply Chain Compromise incident that has affected many Governments and Government agencies such as the U.S. Treasury and Commerce departments, as well as security company FireEye, was a “highly sophisticated” attack.  It is considered a supply chain attack on the company’s Orion Platform that was intended to be a narrow, extremely targeted and manually executed attack.  As a result of this incident, the Government of Canada has issued a security incident alert to notify IT professionals and managers of organizations who may be using the SolarWinds platform.

The cyberattacks against the SolarWinds Orion Platform occurred when hackers inserted a vulnerability into its software update builds for versions 2019.4 HF 5 and 2020.2 with no hotfix installed or 2020.2 HF 1.  This vulnerability successfully trojanized the platform and actors were successfully able to distribute malware.  The campaign may have begun as early as Spring 2020 and could be currently ongoing.  Post compromise activities leverage multiple techniques to evade detection and obscure activities, which could include lateral movement and data theft.

In the case of the SolarWinds, attack, Wedge can confirm that its WedgeARP solution is made for real-time threat prevention and that  the Wedge solution can stop the transmission of the trojan malware “Sunburst / Solorigate”, in real-time.  All customers are advised to immediately enable the security policy of Anti-Malware functions on their WedgeARP.  This will immediately stop this malware from getting into your IT network and systems.

How do you know if you still have SUNBURST / SOLORIGATE infected hosts?  With WedgeARP’s rapidly updated threat intelligence (zero-day), customers who license our Wedge Web Filter security function have the ability to detect Sunburst  / Solorigate infected hosts.  By enabling outbound network security policies for Web Filter, you will be able to detect and block the infected hosts’ activities that steal your confidential data and that would send it to tracked Sunburst C2 servers.  Wedge and its threat intelligence partners are updating the tracked server lists in real-time and on a global scale. 

To find out more about WedgeARP and the benefits of Real-time Threat Prevention, please contact us at: info@wedgenetworks. Our team will be happy to answer your questions and provide an introduction to the WedgeARP platform.

Posted in Industry News, Latest Security News | Tagged , , , , , , , , | Leave a comment

New CSE Report Provides Warning That Critical Infrastructure Networks in Canada are At High Risk of Attack: What You Need To Do Now (LONG READ)

No Gravatar

A recent report from the CBC covering a new intelligence assessment from the Communications Security Establishment (CSE) has highlighted the very real threat against Canada’s critical infrastructure, such as the electricity supply.  The CSE has intimated that state-sponsored actors are sharpening their cyber capabilities to enable an attack that will be used to intimidate or prepare for future online assaults.  While the report focused primarily on Canada’s Critical Infrastructure, we believe same applies to all our customers, worldwide.

The report has provided some extremely interesting findings. Here are some that we would like to directly highlight:

“State-sponsored actors are very likely attempting to develop cyber capabilities to disrupt Canadian critical infrastructure, such as the supply of electricity, to further their goals. We judge that it is very unlikely, however, that cyber threat actors will intentionally seek to disrupt Canadian critical infrastructure and cause major damage or loss of life in the absence of international hostilities. Nevertheless, cyber threat actors may target critical Canadian organizations to collect information, pre-position for future activities, or as a form of intimidation.”

First Finding – The probing that is occurring is focused on ‘collecting’ information. Next, 

“In 2019, Russia-associated actors probed the networks of electricity utilities in the US and Canada. Iranian hacking groups have targeted ICS infrastructure in rival nations, including the US, Israel, and Saudi Arabia. North Korean malware has been found in the IT networks of Indian power plants, and US utility employees have been targeted by Chinese state-sponsored cyber threat actors.”

Second Finding – The probing that is occurring is not just focused on the infrastructure but also on the ‘employees’.   As we’ve seen in the past, employees can often be a weak link in the security chain.  The report goes further, stating, 

“We assess that cybercriminals will very likely increase their targeting of ICS in the next two years in an attempt to place increased pressure on critical infrastructure and heavy industry victims to promptly accede to ransom demands.”

Third Finding – There is a critical connection between Industrial Control System (ICS) threats and ransomware.  In one case, state actors are using threats to ICS in order to force the victim to pay the ransom or face monetary loss through operation shutdowns due to safety concerns.  Here is the statement, 

“We assess that cybercriminals will very likely increase their targeting of ICS in the next two years in an attempt to place increased pressure on critical infrastructure and heavy industry victims to promptly accede to ransom demands.”

“Since January 2019, at least seven ransomware variants have contained instructions to terminate ICS processes. The impact of these attacks on ICS varies according to the specific circumstances of the industrial process and the reaction of the site staff. In June 2020, a car manufacturer halted production at most of its North American plants, including one in Canada, “to ensure safety” after very likely being hit by one of these ransomware variants.

Fourth Finding –  Ransomware campaigns,  in order to increase their success, are becoming more focused on Big Game Hunting (BGH).  Threatening ICS is hence becoming part of these BGH campaigns.  BGH campaigns are generating exceedingly higher bounties.  One such case was brought up by the report: 

“As BGH ransomware campaigns have become more common, the value of ransom demands has increased. Ransomware researchers estimate that the average ransom demand increased by 33% since Q4 2019 to approximately $148,700 CAD in Q1 2020 due to the impact of targeted ransomware operations At the more extreme end of the spectrum are multi-million dollar ransom events, which have become increasingly common. In October 2019, a Canadian insurance company paid $1.3 million CAD to recover 20 servers and 1,000 workstations.” 

Fifth Finding –  There is a blurring of lines between ransomware campaigns and state sponsored campaigns (including ICS targets) because of the mutually beneficial outcomes. 

“In addition, we assess that it is likely that state-sponsored cyber threat actors will use ransomware to obfuscate the origins or intentions of their cyber operations. It is almost certain that the intelligence services of multiple countries maintain associations with cybercriminals that engage in ransomware schemes. In these mutually beneficial relationships, cybercriminals share stolen data with intelligence services while the intelligence service allows the cybercriminals to operate free from law enforcement.”

Sixth Finding –  These targeted ransomware campaigns against large enterprises and critical infrastructure providers are going to increase over the next two years – and those who refuse to pay are risking the severe consequences. 

“We expect that ransomware directed against Canada in the next two years will almost certainly continue to target large enterprises and critical infrastructure providers. Furthermore, many Canadian victims will likely continue to give in to ransom demands due to the severe economic and potentially destructive consequences of refusing payment. Since late 2019, multiple Canadian businesses and provincial governments have had their data publicly leaked by ransomware operators for refusing payment, including a construction company and a consortium of Canadian agricultural companies.”

Final Finding – There are multiple statements about Canadian enterprises being targeted if they have foreign operations.  These foreign operations will often also be weak security links offering entry into the networks of the main operations in Canada. 

“Many organizations rely on a complex and often globally distributed supply chain for many aspects of their operations, including precursor manufacturing, IT infrastructure and support, and financial services. Cyber threat actors target the networks of trusted vendors and then leverage the vendors to access the networks of their true targets.”

In Summary, as the report alludes, the unfortunate reality is that the threats will continue to grow as more and more critical infrastructure networks and operational technology networks improve their technology use and go online.  In the past, Operational Technology (OT) that has been used to control a variety of critical infrastructure and systems was fairly immune to cyber attacks as they utilized older IT and were air-gapped from the internet.  However, with newer technology being introduced that lowers operation costs and makes things more efficient and easy to use, the number of attack vectors are increasing dramatically.  Now, with upgraded technology that utilizes the internet to access and control systems, they become increasingly more favoured targets by these state-sponsored hackers.

And critical infrastructure will not be the only targets going forward.  As more and more IoT devices connect to the internet (such as those used in the growing number of “smart cities” as well as in other areas such as healthcare, with personal medical devices), the risks will continue to grow.  We’ve written about potential healthcare vulnerabilities in the past that could result in life or death situations.  These are all interconnected and inter-related to the explosion in the number of IoT devices being used and the growing threat that they bring to the systems that use them.

What should you do?

First, your organization should review its current solutions in place to see whether they are able to detect and block any and all malware in real-time. By ensuring that malware is unable to breach the network is the first step in avoiding prolonged and focused attacks by hackers.

Next, your organization should look at information sessions for employees to make them aware of various types of attacks and what they may look like. Unfortunately, the human element is one of the weakest links in the security wall and a simple phishing email to an unsuspecting employee can sometimes be the hole that hackers need to get into the network.

Review how well fortified your ICS devices are and what protections they are afforded by your current solution. If there are holes here, they need to be closed by a solution that is aware of the vulnerabilities and that can scan for them and block them.

Have a look at the game plan that your organization has concerning how it deals with Ransomware attacks. Although the best way handle these is to prevent them from occurring in the first place with a real-time threat prevention solution, look at whether you have adequate back-up systems in place as well as see how quickly your IT security team can get your systems up and running again from these back-ups.

Finally, if you have subsidiaries overseas, do an assessment on how they communicate back to your HQ network and servers and see how well this communication channel is secured. As we’ve seen during the current pandemic, VPN connections are not as secure as people think they are. These channels need to be fully secured by a solution that can scan the VPN communications for any malware that may have found their way onto the endpoint devices.

This brings us to how some of these critical vulnerabilities can be fixed.  From our perspective, many of these attack vectors can quickly and easily be closed with the right solution.   Wedge has been at the forefront of the Real-time Threat Prevention revolution, developing an orchestrated network security platform that combines Deep Content Inspection visibility with AI / Machine learning, along with patented high performance data processing technologies that enables the real-time detection and blocking of all malware (known, unknown and targeted).  By incorporating AI and automated and continuous machine learning in the fight against bad actors, many of whom have already started using AI to create new malware, Wedge is looking to turn the tide against these attacks.  

Wedge has also recently started offering WedgeARP for enterprises that have a portion of its employees working from home with Wedge Secure Home Office and has also started providing Wedge Secure Remote Office, a uCPE and vCPE based WedgeARP offering for those organizations with offices overseas. The key here is being able to detect malware in real-time and block it before it has a chance to gain access to these critical infrastructure networks. This goes a long way to helping prevent targeted and co-ordinated attacks; hopefully also preventing hackers from collecting information they need to put themselves in advantageous and intimidating positions in the future.

While the CSE’s briefing was not meant to scare people into taking an extreme approach by “going off the grid by building a cabin in the woods”, it is a good reminder that it is time for many of these critical industries to take a more pro-active approach to how they are defending themselves against highly motivated state-sponsored hackers.  

Coming back to the CSE’s warnings, we feel that the time is now for many of these vulnerable organizations to take a closer look at their cyber defences and see how Wedge Absolute Real-time Protection can help stave off these future attacks.  To find our more about WedgeARP and Real-time Threat Prevention, contact our team at: info@wedgenetworks.com.  The solutions are available.  They just need to be put in place.

Posted in Industry News, Latest Security News | Tagged , , , , , , , , | Leave a comment

Companies in Belgium Paying EUR100MM Per Year As A Result of Ransomware (Growing 29%!) : Wedge Absolute Real-time Protection Can Help Stop This!

No Gravatar

According to the Brussels Times, a report by the Belgian parliamentary economy committee notes that Belgian companies are paying an estimated EUR100 MM per year to criminal hackers.  As claimed by a series of experts that were interviewed by the committee, almost one third of companies have experienced ransomware.  Unfortunately, fearing a loss of face or reputation for the company, many do not report the matter to the police.

Many of these cases also go unreported as a result of the accessibility to ransomware insurance, which reimburses companies for some of their losses; also making it less likely that they will report the cybercrime.  Unfortunately, the problem in Belgium typically concerns small and medium-sized businesses which often suffer major financial damage if they are unable to get back access to their data.  Thus, many of these companies often have no choice but to pay.  The current figures for the region show that the number of cases of ransomware in 2019 rose by 29% from the previous year and unfortunately, the cases are trending steeply upwards.  

As we have seen elsewhere around the world, ransomware has become a big business with hardly any skill needed as hardware and software used to perpetrate this type of cybercrime is easily obtainable from hackers that offer “Ransomware-as-a-Service” to whomever is willing to pay.  As a result, it is expected that cyber-fraud will continue to increase exponentially; that is, unless businesses start looking at more innovative approaches such as Real-time Threat Prevention.

“The perpetrators don’t even have to be skilled in computer science,” said Antwerp prosecutor Robrecht De Keersmaecker, chief coordinator of the Cybercrime Expertise Network.

Thankfully, Wedge’s Absolute Real-time Protection utilizes AI that doesn’t require the user to be an expert either; it can detect new and variations of ransomware automatically with its built in highly trained neural network.

The big downfall for most organizations who are using typical network security solutions is that they are often based on the old notion of “Detect and Remediate”; that basically detects the malware AFTER it has already infiltrated the network and then tries to eradicate it.  By this time, in the case of ransomware, the cyber criminals have already accessed the network and has locked up key files which they can then obtain ransom for.  This does not have to be the situation if companies start employing a Detect and Block, or Real-time Threat Prevention approach to their cyber security.

This is where Wedge Networks comes in.  Wedge has developed the Wedge Absolute Real-time Protection (WedgeARP) orchestrated security platform that incorporates Deep Content Inspection along with AI and Machine Learning to be able to “SEE” content flowing through the network and to understand the intent of the data. This enables the solution to detect even new, never-before-seen malware, such as the ransomware variants that are being created every day.  With patented high speed network data processing, WedgeARP can detect and then block all malware in real-time; stopping them BEFORE they can even access the network to do any harm. 

To learn more about WedgeARP and how it can help prevent your organization from becoming another ransomware statistic, contact our team at: info@wedgenetworks.com.  We offer a FREE 90 day trial to any and all organizations who are feel that they would prefer to prevent a ransomware attack than have to deal with paying out to cyber criminals.

Posted in Industry News, Latest Security News | Tagged , , , , , | Leave a comment

Is Ineffective Technology The Real Reason Why Cybersecurity Is Failing? We Disagree…

No Gravatar

 posted a rather provocative article recently that postulated that the reason why cybersecurity was failing is due to ineffective technology.  Although we can see how many might consider this to be an accurate representation of the cybersecurity industry right now, we at Wedge would have to disagree on whether this is a completely accurate picture.  Although there might be a lot of heavily marketed but ineffective technologies on the market right now, there are also several innovative companies whose technologies will potentially disrupt the industry and fix some of the failings that are evident out there.

The article and underlying report by DebateSecurity.com does touch on a few key ideas as to why the industry finds itself in this interesting case of misperception; such as efficacy issues (with many solutions not really performing as they are advertised), which leads to trust issues by CISO’s who buy a solution and then “cross their fingers and hope that the technology works”.  The other key idea being that it is also an economics problem, with an “asymmetry between the parties that prevents buyers from effectively evaluating technology” and that it “incentivizes vendors to bring sub-optimal solutions to the market”.  Apart from governments, very few buyers in the market have the ability to use detailed and independent cybersecurity efficacy assessments as part of their procurement process.  For the most part it is because it takes time and resources to conduct assessments on several solutions to find the best one for the organization’s use case.  As such, they often end up going with the solutions with the most advertised features or on the ones that have the best marketing, instead of putting the priority on the actual efficacy of the solution itself.  Basically, buyers end up typically looking for the least expensive solution that can do the “most” for them. Because of the conflicting goals between the buyer and the seller, the “sub-optimal” solutions often end up being sold based on price or “advertised features”.

When it comes down to it, the unfortunate result of the long-standing disconnect between buyers and sellers in the cybersecurity space has resulted in the acceptance of ineffective technology as being “normal”.  Companies / buyers will often only be able to perhaps try only a couple of solutions and then end up basically taking a risk on one of them; “hoping” that it actually works for their organization.
So, what are some of the suggestions that the article and the report make for solving this issue?  There are four characteristics that have been broadly agreed upon as requirements for comprehensively defining cybersecurity technology efficacy.  These are that the solution:

1. Must have the capability to deliver the stated security mission (fit-for-purpose)
2. Must have the practicality that enterprises need to implement, integrate, operate and maintain it (fit-for0use)
3. Must have the quality in design and build to avoid vulnerabilities and negative impacts
4. Must have its origins from a vendor company, its people and supply chain, such that no additional security risks are introduced.

The thought is that in order for changes to start happening to the cybersecurity industry, coordinated action between all stakeholders (buyers and sellers) would have to occur and that it might only be achieved through regulation.  Several respondents to the DebateSecurity report stated that a transparent assessment of technology could help to solve what is essentially a breakdown in the market, and that setting standards on technology assessments, instead of the technology itself could help to prevent stifling innovation that might occur otherwise.

When it is all said and done, the big challenge for cybersecurity professionals is trying to select effective technologies for their organizations.  Unfortunately, the pressure is on them to choose the right technologies with limited assessment resources, especially when buying the wrong solution may see them looking for employment elsewhere.
So, why does Wedge disagree with the overall premise of HelpNetSecurity’s article?  Well, for one, we feel that we are one of those innovative companies whose technologies is seeking to disrupt the industry!  We have patented technologies that have proven their effectiveness time and time again and we are starting to win converts with our Real-time Threat Prevention approach to cybersecurity.  Unlike many of the larger solution providers who rely on the big marketing budgets to sell their products, Wedge has been quietly winning customers over with our innovative orchestrated threat management platform.  We base our solution on our patented high performance SubSonic Engine and Deep Content Inspection technology that enables us to go further than other solutions by reassembling packets into their MIME objects so that we can “see” the intent of the content.  Over the years, with our Open Service Bus, we have been able to take the best-of-breed security services on the market and run them on our high performance platform to offer the best of the best that is available.  More recently, we have also incorporated automated and continuously learning AI / Machine Learning neural  networks to help in the ongoing cybersecurity battle.  This allows our Wedge Absolute Real-time Protection platform to now be able to even recognize zero-days and never-before-seen malware, blocking it in real-time!  And, as new technologies are developed, we’ll continue to add them to our platform…

When it comes down to it, Wedge has always focused on creating highly effective cybersecurity technologies, right from the start.  We have been and continue to be a company focused on innovation.  That is why we feel that by painting the whole industry with the same brush and stating that it is failing because of ineffective technology does companies like ours, who are bringing innovative and effective solutions to the industry, a big disservice.  Hopefully, the companies out there who are peddling ineffective solutions will soon be displaced by innovative solutions like ours.  To find out more about some highly effective technology in the Cybersecurity industry, feel free to contact our team at: info@wedgenetworks.com.

Posted in Industry News, Latest Security News, Wedge News | Tagged , , , , , , , , , , | Leave a comment

Another Municipality Hit By a Cyber Attack / Cyber Fraud: Why Not Prevent These Occurrences Using WedgeARP – Real-time Threat Prevention?

No Gravatar

Here’s an interesting case of a municipality that has lost money, not due to ransomware this time (unlike the other blogs that we’ve done such as: thisthis and this) , but due to cyber fraud.  Portageonline.com reported that the Municipality of Westlake-Gladstone, in Manitoba, “was the target of a malicious cyber security breach, in which a significant amount of money was electronically stolen from the Municipality’s operating bank account.”  What makes this different from the typical attack is that instead of using a ransomware angle, the hackers infiltrated the Municipality’s network, were able to access confidential banking account information, and made off with approximately $447,000.00 via a number of electronic withdrawals in amounts of $9,950.00.
This occurred even though the municipality had a secure server and their network was being monitored by an IT security management company.  That IT management company continues to state that they have been “unable to detect any suspicious activity on the administrative office server and network and are confident that the server and networks in our office are secure.” So, a cyber-attack has occurred that resulted in the loss of almost half a million dollars and the IT management company still hasn’t found out how it happened?  There seems to be something wrong with this picture and something lacking in the municipality’s current security set-up and/or security management company.

Granted, lately, we’ve been so focused on ransomware attacks that have hit municipalities and government departments, that we forget that there are other cyber attacks that are still being perpetrated, with the results still being the loss of money.  With the main moneymakers continuing to be very targeted ransomware, a lot of government IT departments may neglect to consider other zero-days and never-before-seen malware that can also lead to monetary loss in other ways.

That’s why at Wedge, we continue to press for organizations to consider looking at solutions such as our Wedge Absolute Real-time Protection (WedgeARP) that integrates AI/Machine Learning neural networks into our orchestrated real-time deep content inspection platform.  Along with our high performance engine, the AI/ML deep learning aspect of our solution enables us to detect not only the ransomware attacks that are so widespread and rampant, but also any other never-before-seen attacks that could lead to the security breach as described above.  

If a hacker has been able to gain access into your secure network, who knows what sort of damage can be done or what confidential information could be exfiltrated to allow unauthorized access into other secure systems, such as the banking network, in this case.  Stay one step ahead by integrating solutions such as WedgeARP that take a pro-active approach to network security and that can PREVENT hackers from gaining access to secure servers and networks BEFORE they can do any harm.  For more information on how your organization can secure itself against cyber attacks such as these, contact our team at: info@wedgenetworks.com.

Posted in Industry News, Latest Security News | Tagged , , , , , , , , | Leave a comment