Pipeline Ransomware. Could I Be Next?
If you have been following the news or trying to buy gas in Atlanta, you probably have already heard about the ransomware attack on one of the most important strategic pipelines in the US. 2020 saw ransomware attacks skyrocket and now 2021 seems to be following the trend. The current situation begs us to rethink how we think about our security practices and mindset.
One area of security that you may have heard about is Zero Trust (ZT). For our Ivanti customers I will try to bring some key aspects of this topic to light so that we can help you implement ZT within your own environment.
When I talk about Zero Trust internally or externally, I have always tried to explain this as a mindset and a journey. Some ways in which I think about it include:
- Reduce the attack surface overall and with every inch of new product added.
- Security should not be an afterthought, but an integral part of any solution.
- Re-emphasize who and how can one get access to a service or a resource.
- Last but not least, have a “Always Verify, Never Trust” mindset.
You may see I keep repeating “mindset.” I simply cannot emphasize how important this aspect is to achieving a security level where an organization can carry on with business with very minimal risk of cyberattacks. Also, by no means are the things I have listed here going to be an end-all-be-all list.
As an Ivanti customer what do I need to look into?
How to stop using passwords – What if your end users did not know or even have a password? Does that sound exciting? What if they would get an even better user experience than the current password-based technology you may be using? Ivanti’s Zero Sign On technology could help you here.
How to stop various phishing attacks? Phishing on mobile devices is more concerning as organizations have been fighting phishing attacks, for a considerable amount of time, via email or otherwise on desktops. But again, since we are implementing a Zero Trust framework, we cannot ignore those powerful mobile endpoints. A good mobile phone today is more powerful than even some desktops, and more importantly almost every employee is using it to work from everywhere.
If I combine above two aspects of password theft and phishing on mobile phones, which are not protected, as an attacker it’s easier for me to go after user credentials on those endpoints using email, SMS, or some sophisticated man-in-the-middle (MiTM) attacks. However, the key advantage an attacker has is the limited real estate and a user who is eager to click.
Application security and device integrity: Whether your users are using Windows, macOS, iOS or Android, it’s critical to have control on the applications that are being used at work.
Allowing users to use their favorite tools should also be a choice for IT to consider as line of business users (LOBs) are successful when they have the right tools secured by IT. We have seen SolarWind’s Orion software breach instance and I hope by now we understand even approved software can be vulnerable. This is where a quicker remediation comes in handy. Ivanti Neurons helps IT to self-heal and self-secure, allowing IT to move swiftly to fix identified issues.
Conditional access: A key step to reducing attack surface is to form a policy on who gets access and how. Ivanti’s conditional access capabilities can help you here. For example, a user coming via an unmanaged device, unknown network, or some other condition will always be blocked and given a custom remediation page. This is powerful as you are only allowing devices you can trust. Even when sanctioned devices are allowed to access a service or resource, Ivanti’s solutions ensure that these are based on that endpoint and user’s security posture.
Patch Management: Chances are your patches are not keeping pace with the changes and vulnerabilities discovered. While this may seem daunting for thousands of devices in your enterprise, we can help you achieve this in a few clicks. Using Ivanti Neuron’s discover engine, you get a peek into services that you might not even know existed. Discovering the unknowns will help you understand the footprint across internal datacenters, or even public datacenters such as AWS.
At the end of the day, we have to fight cyberattacks with cooperation and executing on a “Never Trust, Always Verify” aka Zero Trust ideology using best-of-breed solutions. To summarize:
- Discover the unknowns of your enterprise via Ivanti Neurons.
- Have a patching cadence.
- Try to implement passwordless technologies to reduce attack surface for password thefts.
- Do not undermine mobile endpoints and provide attackers an entry point.
- Have a policy for who and how gets access to a service or resource to limit unwarranted access.
Learn more about Ivanti Neurons and request a full private demo through our website.