Introduction:

The digital era has brought unprecedented cybersecurity challenges, especially for small and medium-sized enterprises (KMU) in the DACH region. With limited resources but facing the same threats as large corporations, these businesses need effective yet budget-friendly cybersecurity solutions. Bluedog’s Sentinel hardware emerges as a beacon of hope, offering KMUs an effective way to protect their internal networks from both external and internal threats.

Understanding the Cyber Threat Landscape for KMUs

Recent incidents in the DACH region, like the cyber-attack on Austria’s Palfinger and the ransomware attack on Swiss firm Comparis, demonstrate the vulnerabilities KMUs face​​. These examples highlight the need for robust cybersecurity measures that can safeguard businesses against complex cyber threats.

The Sentinel Solution: Tailor-Made for KMUs

Bluedog’s Sentinel hardware is designed specifically for KMUs, providing a simple yet comprehensive solution to monitor internal networks. It addresses the unique challenges KMUs face, offering high-level security without the complexity or cost typically associated with such systems.

Real-World Impact of Cybersecurity Breaches on KMUs

Incidents like the ransomware attack on a district council in eastern Germany and the cyberattack on Brenntag’s North American division illustrate the devastating impact of cybersecurity breaches on businesses of all sizes​​. These examples underscore the necessity for KMUs to adopt robust cybersecurity solutions like Bluedog’s Sentinel.

Bluedog’s Sentinel: A Comprehensive, Cost-Effective Solution

Bluedog’s Sentinel provides a 360-degree view of network security, offering real-time monitoring and protection against a wide range of cyber threats. Its affordability makes it an ideal solution for KMUs in the DACH region, ensuring they do not have to compromise on security due to budget constraints.

Conclusion:

In a world where cyber threats are becoming increasingly sophisticated, KMUs can no longer afford to overlook their cybersecurity needs. Bluedog’s Sentinel offers a practical, effective solution tailored to the unique requirements and budget constraints of KMUs in the DACH region. It’s an investment in security that promises peace of mind and business continuity.

The post The Sentinel Advantage: Customized Cybersecurity for KMUs in the DACH Region appeared first on Softlanding Ltd..

Some of the biggest security blunders of 2020 were tied to the exploitation of VPNs. The limitations of this 25-year-old technology were exposed just as global mass remote workforce initiatives reached a fevered pitch. VPNs are not fit for purpose in a world where secure access is more important than ever.

Join two of the industry’s most prolific experts on secure access, Dr. Zero Trust himself, Chase Cunningham, and Brigadier General (ret) Greg Touhill, President of Appgate Federal and the first Federal CISO of the United States, as they help you navigate your way toward a state of Zero Trust.

We’ll discuss the four main pillars of building and executing a superior remote access strategy:

1. Confront your VPN
2. Develop your Roadmap
3. Enforce Zero Trust Access
4. Unleash Operations

With:

Dr. Chase Cunningham, Zero Trust Expert, former Principal Analyst at Forrester

Brigadier General (ret) Greg Touhill, President, Appgate Federal

Moderated by:

Jason Garbis, SVP Products, Appgate

25.Feb..2021 5:00 PM (CET)

The post Four Ways to Transform Secure Access in 2021 appeared first on Softlanding Ltd..

The partnership allows Softlanding , to resell and provide services for App Gate.
Helmut Hubmann, CEO at Softlanding , said, “Our customers are looking for solutions to help them with data discovery, secure collaboration, Sharepoint and TEAMS security. Our partnership with AppGate allows us to expand our security solutions portfolio to include Software Defined Perimeter,Digital Threat Protection,Risk based Authentication and offensive Services.

About AppGate
An industry leader in secure access solutions changing cybersecurity for the better by making it simpler for users and operators and harder for adversaries.

Secure Access to Your Network and for Your Consumers
We work hard to master the offense, understanding how cybercriminals operate, so that we can build the best defense. Our solution

The post Softlanding announces a Partnership with Appgate an industry leader in secure access solutions appeared first on Softlanding Ltd..

While this a fact known to everyone, we would like to highlight some alarming piece(s) of news.

• Coronavirus, alone, is to be blamed for a 238% rise in cyberattacks on banks.
• Ransom attacks crossed 148% in the first quarter of 2020.
• In the first six months of 2020 alone, more than 81 international firms from 81 countries complained of data breaches.
• A whopping 600% increase in phishing attacks was witnessed before the arrival of March.

You are highly mistaken if you feel cyberattacks like phishing attacks or data breaches are only limited to big companies and firms. You could personally fall prey to cyberattacks if you do not secure your personal information and gadgets. Take a look at the following cybersecurity tips that you must take note of and implement in the coming times.

Secure passwords

The era of using Password or 12345 as your password is long gone and not so hysterical anymore. Today, you have your personal and sensitive information stored in your system and your emails. Tomorrow it could be all wiped off or leaked. Firstly, make sure you do not let anyone use your computer while you are gone. Do not use predictable passwords like your name or your birthdate to make it easy for you to remember. It is also easy for hackers to crack it.

Use two-factor authentication options

2FA codes are the best way to secure your online account (along with a strong password). It could be a four- or six-digit code sent on your registered phone number or email address. Whether it is your social media count or email id; make sure you enable 2FA.

Antivirus software

Cybersecurity breaches can happen unknowingly by clicking on “interesting” links or unknown website portals. Installing antivirus software and firewall on your system is definitely a safe and sane decision in this time and age. Make sure to purchase such software from reputed companies.

Install updates

Outdated software can pose a big security threat to your device. Software updates are meant to provide better security and ward off any kind of bugs that act as access to steal information. Enable automatic updates on your device to reduce cybersecurity risks.

Along with staying updated on the tips mentioned above, make sure you keep your devices secure by only installing applications from trusted developers. Avoid public WiFi at all costs unless it’s an emergency and most importantly, always backup your data. These tips are simple and easy to follow. Also, they significantly reduce the risks of cybersecurity attacks.

The post Cybersecurity Tips For 2021 appeared first on Softlanding Ltd..

Covid-19 has forced businesses to rethink the working ways and has caused the propagation of a work-from-home or remote-working culture on a massive scale. Cloud-based SaaS videoconferencing and other supporting applications have made this transition a smooth one and allowed the corporate workforce to remain productive.

The real problem is now being faced by the exceptionally skilled technical workers who require system access which is possible only on highly-secure corporate networks like industrial building management systems. Managers also have to ensure that only authorized personnel are granted access to these systems. Till 2019, access to the systems was only possible if the employee was present on-site. The travel restrictions and social distancing measures that were put in place in 2020 have strained these employees and created potential risks that are critical to operations.

For building management system maintenance, earlier the data center operators allowed access through traditional VPN software. But this software has limitations such as vulnerability to common attack vectors and the complexity and difficulty in managing these VPNs. Also, in most cases, dynamic access is not allowed based on user context and conditions.

Owing to these problems, many data center operators are now looking for suitable alternatives to the more traditional VPNs. One of the best answers for such data center operators who manage sensitive industrial systems is the Software-Defined Perimeter (SDP). One of the biggest advantages offered by SDP is the ability to enforce least privilege access to third party organizations. In contrast to a VPN, SDP based access allows employees to work on specific systems which are a part of the support contractor’s agreement, without giving them access to the entire network.

For example, if a contractor is responsible for the maintenance of wireless humidity and temperature sensors of a data center, that contractor can be given limited access to the relevant servers without allowing access to the other building management systems. SDP also has a feature that allows the data center operators to determine whether or not a system is sufficiently updated and secured to access the network. These additional security and audit controls provide much better safety access control than traditional VPNs.

All in all, The traditional VPNs are no longer suitable for dynamic and multi-dimensional access control for industrial building management systems.

The post Why vpns fail to protect industrial controls appeared first on Softlanding Ltd..

However, it is one of the efficient tools to deal with today’s sophisticated threats.

Zero trust is a security model that requires all users to be authorized, authenticated, and continuously validating security posture and configuration, before being given access to data or apps.

Simply put, the users and devices, both inside and outside the network, are considered untrustworthy (even they have passwords to access).

The trust is vulnerability in a zero trust model. That’s why this concept is known as zero trust. Even a trusted and familiar user needs to get verified to get access.

Zero trust can be incorporated through multifactor authentication identity and access management, and endpoint security technology to validate the user’s identity.

For example, an OTP is sent to the registered number of a user once he logs in using their password.

However, Zero Trust can only be successful if organizations can continuously monitor and validate that a user and his device has the right attributes and privileges. Single validation simply won’t be sufficient, because threats and user attributes are likely to change.

Therefore, organizations should ensure that all access requests are continuously screened before allowing connection to any of your organization or virtual accounts.

The implement of Zero Trust policies mainly relies on real-time visibility into user attributes such as user identity, endpoint hardware system, path levels, OS versions, and user logins.

Why Get Serious about Zero Trust Security

Zero Trust is one of the essential measures to control access to applications, data, and networks. It integrates a wide range of preventative techniques such as endpoint security, least privilege controls, identity verification, and micro-segmentation to prevent potential attackers and restrict their access in the event of a data incident.

This security layer is important as organizations often increase their number of endpoints within their network and increase their infrastructure to cover cloud-based applications and servers.

Zero trust networks let access rights only when it is more than important, verifying all request to link to its systems before approving access.

Minimizing security perimeters into tiny zones to create distinct access to various parts of the network minimizes lateral access across the network.

Finally, by strengthening the network and limiting user access, Zero Trust security aids the organization prevents breaches and reduce potential damages. This is an important preventive measure as the attack might be launched by the users inside.

The post Why Get Serious About Zero Trust Security appeared first on Softlanding Ltd..

To carry out a pass the hash attack, the threat actor first captures the hashes from the targeted networking using certain hash dumping tools.

Then they use a pass the hash tool to lace the captured hashes on a Local Security. This often tricks a Window’s authentication system into considering that the malicious actor’s endpoint is that of the genuine user. This way, it will pass the required credentials when the attacker attempts to access the target network. And they don’t need the real password to do that.

PTH attacks leverage the authentication protocol, as the passwords have remained static for all session until it is rotated. Threat actors commonly capture hashes by scraping the active memory of a system and other tools.
While PTH attacks commonly occur in Windows-based systems, Linux, UNIX, and other platforms are not immune to this attack.

In Windows, PTH leverages SSO or Single Sign-On through NT Lan Manager NTLM, Kerberos, and other authentication processes. Whenever a password is created on a Windows system, it is often hashed and stored in the SAM (Security Accounts Manager), LSASS (Local Security Authority Subsystem) process memory, the Credential Manager store, and an ntds. dit database in Active Directory, or elsewhere.

Therefore, when you log into a Windows workstation or server, you leave behind your passwords.

How to Deal with Pass the Hash Attack?

To make a PtH attack successful, an attacker has to gain local administrative access on a system (PC) to capture the hash. Once the perpetrator gets into the system, they can meet their purpose easily, stealing more passwords.

Incorporating the following security practices can help eliminate, or at least reduce the impact of a Pass the Hash attack:

Having the least Privilege Security System:

It can reduce the possibility, and minimize the effect of a PTH attack, by minimizing a threat actor’s capability to get privileged access and permissions. Removing needless admin rights will be a long term solution to minimize the risk of PTH and many other security threats.

Implying Password Management Solutions:

Make sure to rotate your passwords frequently. You can automate password rotation after each privileged session. It will help you block PTH attacks.

Separating Privileged and Non-Privileged Accounts:

In this practice, different types of non-privileged accounts and privileged accounts are separated. It can minimize the attacker’s reach to the administrator accounts and thereby, minimize the risk for compromise, as well as the risk for lateral activity.

The post What is Pass-The-Hash Attack? How to Prevent It? appeared first on Softlanding Ltd..

• Authentication – A domain controller processes the authentication request and provides information related to the authorization for all the groups for which the user account is a member. This authentication information is included in the user access token generated by the system.
• Object Search – The directory structure of a forest is made transparent by the global catalog for users who are performing a search operation.

Active directory partitions

Understanding how the Active Directory (AD) database is structured will help us in understanding how a global catalog works. The AD database is stored in a single file named NTDS.dit by the domain controllers. The database itself is separated into partitions which facilitate efficient replication and simplify the administration of the database.
Each domain controller has at least three partitions:

• Domain Partition which stores information on the domain’s objects and their attributes
• Configuration Partition which stores information on the forest topology, domain controllers, and site links
• Schema Partition which stores definitions of every object class of the forest and the rules which determine the creation and use of those objects

Additionally, Application Partitions may also be maintained in the domain controllers which store information pertaining to AD-integrated apps and any object type except for the security principles.

Deployment of global catalog servers

Upon successful creation of a new domain, the first domain controller becomes a global catalog server. Enabling the Global Catalog checkbox in the NTDS Settings of the server allows the configuration of additional domain controllers as global catalogs. There are two ways to do this:

• Access the Active Directory Sites and Services management console
• Set-ADObject PowerShell cmdlet by inserting the following code:

Set-ADObject -Identity (Get-ADDomainController -Server ).NTDSSettingsObjectDN -Replace @{options=’1′}
Every domain which is a part of the forest should contain at least one global catalog server. This will remove the need to have an authenticating domain controller that communicates along the length and breadth of the network in order to retrieve global catalog information. Where it is not possible or feasible to deploy a global catalog server for a domain, Universal Group Membership caching can be enabled to reduce network traffic related to authentication. It will also allow logon authentication when communication with a global catalog server is not possible from within the remote site.

The post What is a Global Catalog Server? appeared first on Softlanding Ltd..

Today, more and more email security concerns are on the rise, including spear phishing, whale phishing and ransomware. Therefore, you should deal with such emerging email security concerns. And here comes this shocking truth—over 90% of cyber-attacks have been triggered by an email. It is safe to say that it is still the most vulnerable link in the security chain.

Here we have rounded up some common email security risks:

Sending Email to the Wrong Recipient:

It happens. We must have sent the mail to the wrong person at some point of our life. For example, you must have select “Martin” instead of “Martina” and hit send. Did you know that such silly errors can lead to big cybersecurity threats?

According to one report, such mistakes are the fourth most common action associated with a data incident. For instance, a misdirected email that includes a personally identifiable information or PII can be accessed by a malicious person and eventually lead to data breach.

Getting Phishing Mails:

Phishing is a dangerous tactic used by cyber criminals to trick users gets sensitive information such as bank accounts or social security numbers. For example, they pose as a genuine source such as your boss or bank so that you can trust them without question. These mails include a link that looks like real which takes you to a malicious website.

Directory Harvest Attacks:

A directory harvest attack or DHA is an email threat conducted by spammers who look to access the email database attached to an organization’s domain. Although they use a simple method like a dictionary attack, DHAs target all types of information, unleashing huge damage.

Launching Ransomware:

Generally, ransomware is a type of malware program which is commonly transferred through email. It is also known as “crypto-Trojan, crypto-worm, or crypto-virus”. This malware program keeps the victim’s dat as a hostage or locks it and demands money to release it.

Injecting Key Loggers:

A keylogger is a tool, a hardware device that records every key stroke that the user hits on their keyboard. It is one of the most used email threats to capture passwords, personal messages and credit card info as well as everything being typed by the user.

The post How Email Can Pose a Cybersecurity Threat? appeared first on Softlanding Ltd..

COVID-19 is taking a toll on the world. A higher chance of fraud, theft, and to put it simply, insider danger comes with this. This is supported by a report conducted by The Ponemon Institute that shows that since 2018, insider threats have risen by 47%.

So what is an insider threat exactly? We will take a deep dive into what constitutes an insider danger in this blog post, including the various forms and a walk-through of examples and common indicators. In addition, I will include some information about different ways in which you can protect your organisation from insider threats.

What is a Threat from an Insider?

An Insider Threat is usually a person who uses the access they have been given to the resources of an organisation to cause harm to the company. Although associating danger with malicious intent can be enticing, the fact is that most insider risks come from negligent insiders vs. malicious insiders. Let’s describe these forms of insider threats better.

Malevolent Insider vs. Negligent Insider

A Malicious Insider is a person who deliberately steals information from an organisation or conducts an action with the purpose of causing harm to the organisation. Usually, this is someone with valid access to the network and who exploits that access for personal gain or satisfaction. For these “poor actors,” typical drivers and objectives include:

• Gain in Finance
• Vendetta Personal
• Theft of Intellectual Property
• On behalf of a different agency, espionage

A Negligent Insider is anyone who, because of insecure conduct, inadvertently compromises information or positions the company at increased risk. This not only concerns an organization’s own workers, but also extends to contractors and third-party suppliers. Insecure actions examples include:

• Emailing personal information to the wrong person
• Losing a Notebook
• Falling prey to an assault by phishing
• Circumventing security policies or using poor decisions when obtaining resources from companies

Understanding the Main Insider Danger Risks

There are a variety of reasons why, even more risky than external attackers, insiders can be.

Reason 1:

They have legitimate access to essential resources, such that security vulnerabilities that would be far easier to detect need not be detected and exploited.

Reason 2:

They already know the lay of the land, so they do not need to go through the exercise of discovering where confidential information resides or recognizing the organization’s most important assets or resources.

Reason 3:

Beyond merely stealing or losing confidential data, they face risks. They can take down critical systems or hack them, spread malware, exploit assets for personal benefit, and more.

Each of these variables results in an inherent challenge in being able to identify an insider threat quickly. Malicious insiders are able to cover their tracks much better than foreign threats with legitimate access to resources, knowledge of where sensitive data resides, and security measures in place, and can thus remain undetected for much longer. In certain cases, negligent insiders pose an even higher risk, especially if the nature of their job refers to the routine handling of sensitive systems or data properties.

The Common Indicators

It is necessary to beware of these common indicators in order to avoid a possible data breach or catastrophic problem due to an insider threat:

• Accessing systems or data outside usual job duties (or trying to access them)
• Request for data access without a legitimate “need-to-know”
• Unusual or unexplained patterns of access, such as attempts to download or copy vast quantities of sensitive information
• Accessing or using unauthorised apps, programmes, or computers for storage
• Trying to circumvent security protocols or breach corporate policies
• Showing odd, unpredictable, or disgruntled conduct
• During irregular time periods, such as after work hours or weekends, accessing systems or data

Examples:

With insider risks being so prevalent, let’s discuss some real-life situations where the root cause of a data breach was an insider with legitimate access to a scheme.
Anthem

Anthem was told of an employee who had been stealing and misusing Medicaid member data since July 2016 by LaunchPoint, Anthem’s Medicare insurance coordination services provider. The worker had sent to their personal email a file containing PHI like Medicare ID numbers, Social Security numbers, Health Plan ID numbers, member names, and enrollment dates.

Boeing’s

A Boeing employee named Greg Chung is one of the most notorious and serious examples of a malicious insider. While working at Rockwell and later Boeing, Greg worked as a Chinese spy for over 25 years, stealing classified information to help develop and advance the Chinese space programme. This took place all the way from 1979 until he was eventually caught in 2006. Owing to the existence of the knowledge that he was exfiltrating, Chung not only undermined the businesses he operated in but also national security.

Capital One

In an AWS hosted resource, the 2019 Capital One data breach was eventually due to a misconfigured web application. In this case, this vulnerability was taken advantage of by a software developer who worked for AWS and eventually stole over 100 million customer records that included account and credit card application information. The hacker debated her exploits with colleagues over Slack and even used her full name to publish the data on GitHub.

Protect Your Organization From Insider Threat:

In order to protect the data of a company and preserve the privacy of its personnel and consumers, effective insider threat prevention and identification are essential. The following key processes and related technologies provide an effective insider threat programme:

Effective Threat Program for Insiders Includes:

Tracking

The ability to track user behaviour through the entire network is one of the most integral aspects of an insider threat programme. It is necessary to understand exactly who accesses what data, what they do with it, and how they have access to it. Start monitoring critical systems and data and when required, extend the scope. In addition to providing raw user activity events, a proper monitoring solution can include additional analysis that is capable of detecting suspicious or irregular activity.

Prevention, Prevention
The ability to escape insider threats begins by providing a collection of security policies, technologies, and procedures designed to protect the vital infrastructure and confidential data of an organisation. This entails incorporating technologies such as Identity and Access Management, Multi-Factor Authentication, Privileged Access Management, Active Directory Protection and Data Access Governance. This mixture of technologies helps to guarantee that…

• Access to data is limited and regularly checked when required and
• Through effective controls, confidential data is secured.
• To minimize possible threat vectors, Active Directory is hardened to
• Limited ability to exploit privileged credentials

The value of education, in addition to these innovations, cannot be understated. Employees should be aware of common vectors of attack and how their activities lead to the potential for attacks from insiders. They should know what kinds of behaviors, especially when it comes to confidential information, are off-limits. Your staff and partners should usually be aware of internal security procedures and best practices for basic cybersecurity. Employees should also be aware of how an insider threat may be identified, such as a coworker exhibiting unusual actions and who to reach out to in these situations.
Detecting Risks

The longer an insider threat remains undetected, the greater its financial impact on a company would be. The Ponemon Institute study found that annualised accidents that took 90 days to contain cost organisations $13.71 million, while incidents that lasted less than 30 days cost about half of that. You need a robust threat detection and response system to identify an insider attack in time to avoid a possible catastrophe or a full breach of your network or critical infrastructure, which should include:

• The ability to identify particular methods, strategies and procedures that attackers typically use when trying to compromise credentials or information. This involves the ability to identify hazard criteria for organisations based on their specific requirements.
• Comprehensive investigative potential to support consumers and associated operations with forensic investigations
• Compared to standard access trends, machine learning and user behaviour analytics detect anomalous, outlier behaviour.

Response:
In order to minimise the possible damage from an insider threat, the ability to automate response activities based on detected threats is key. Because specific attacks will require specific responses, it is essential to have a catalogue of response actions that are customizable based on the needs of an organisation. Basic actions in response can include:

• Blocking data access temporarily
• Disabling credentials that are compromised
• Delete files that are malicious
• Sending updates and warnings
• Blocking an application or method

The post What is Insider Threat? appeared first on Softlanding Ltd..