Search results

Tsippi Dach, Director of Communications at AlgoSec, explores the relationship between NetOps and SecOps and explains why they are the... DevOps The importance of bridging NetOps and SecOps in network management Tsippi Dach 2 min read Tsippi Dach Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 4/16/21 Published Tsippi Dach, Director of Communications at AlgoSec, explores the relationship between NetOps and SecOps and explains why they are the perfect partnership The IT landscape has changed beyond recognition in the past decade or so. The vast majority of businesses now operate largely in the cloud, which has had a notable impact on their agility and productivity. A recent survey of 1,900 IT and security professionals found that 41 percent or organizations are running more of their workloads in public clouds compared to just one-quarter in 2019. Even businesses that were not digitally mature enough to take full advantage of the cloud will have dramatically altered their strategies in order to support remote working at scale during the COVID-19 pandemic. However, with cloud innovation so high up the boardroom agenda, security is often left lagging behind, creating a vulnerability gap that businesses can little afford in the current heightened risk landscape. The same survey found the leading concern about cloud adoption was network security (58%). Managing organizations’ networks and their security should go hand-in-hand, but, as reflected in the survey, there’s no clear ownership of public cloud security. Responsibility is scattered across SecOps, NOCs and DevOps, and they don’t collaborate in a way that aligns with business interests. We know through experience that this siloed approach hurts security, so what should businesses do about it? How can they bridge the gap between NetOps and SecOps to keep their network assets secure and prevent missteps? Building a case for NetSecOps Today’s digital infrastructure demands the collaboration, perhaps even the convergence, of NetOps and SecOps in order to achieve maximum security and productivity. While the majority of businesses do have open communication channels between the two departments, there is still a large proportion of network and security teams working in isolation. This creates unnecessary friction, which can be problematic for service-based businesses that are trying to deliver the best possible end-user experience. The reality is that NetOps and SecOps share several commonalities. They are both responsible for critical aspects of a business and have to navigate constantly evolving environments, often under extremely restrictive conditions. Agility is particularly important for security teams in order for them to keep pace with emerging technologies, yet deployments are often stalled or abandoned at the implementation phase due to misconfigurations or poor execution. As enterprises continue to deploy software-defined networks and public cloud architecture, security has become even more important to the network team, which is why this convergence needs to happen sooner rather than later. We somehow need to insert the network security element into the NetOps pipeline and seamlessly make it just another step in the process. If we had a way to automatically check whether network connectivity is already enabled as part of the pre-delivery testing phase, that could, at least, save us the heartache of deploying something that will not work. Thankfully, there are tools available that can bring SecOps and NetOps closer together, such as Cisco ACI , Cisco Secure Workload and AlgoSec Security Management Solution . Cisco ACI, for instance, is a tightly coupled policy-driven solution that integrates software and hardware, allowing for greater application agility and data center automation. Cisco Secure Workload (previously known as Tetration), is a micro-segmentation and cloud workload protection platform that offers multi-cloud security based on a zero-trust model. When combined with AlgoSec, Cisco Secure Workload is able to map existing application connectivity and automatically generate and deploy security policies on different network security devices, such as ACI contract, firewalls, routers and cloud security groups. So, while Cisco Secure Workload takes care of enforcing security at each and every endpoint, AlgoSec handles network management. This is NetOps and SecOps convergence in action, allowing for 360-degree oversight of network and security controls for threat detection across entire hybrid and multi-vendor frameworks. While the utopian harmony of NetOps and SecOps may be some way off, using existing tools, processes and platforms to bridge the divide between the two departments can mitigate the ‘silo effect’ resulting in stronger, safer and more resilient operations. We recently hosted a webinar with Doug Hurd from Cisco and Henrik Skovfoged from Conscia discussing how you can bring NetOps and SecOps teams together with Cisco and AlgoSec. You can watch the recorded session here . Schedule a demo Related Articles Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read 5 Multi-Cloud Environments Cloud Security Mar 19, 2023 · 2 min read Convergence didn’t fail, compliance did. Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

NAT Network Security I came across some discussions regarding Network Address Translation (NAT) and its impact on security and the... Firewall Change Management To NAT or not to NAT – It’s not really a question Prof. Avishai Wool 2 min read Prof. Avishai Wool Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 11/26/13 Published NAT Network Security I came across some discussions regarding Network Address Translation (NAT) and its impact on security and the network. Specifically the premise that “ NAT does not add any real security to a network while it breaks almost any good concepts of a structured network design ” is what I’d like to address. When it comes to security, yes, NAT is a very poor protection mechanism and can be circumvented in many ways. It causes headaches to network administrators. So now that we’ve quickly summarized all that’s bad about NAT, let’s address the realization that most organizations use NAT because they HAVE to, not because it’s so wonderful. The alternative to using NAT has a prohibitive cost and is possibly impossible. To dig into what I mean, let’s walk through the following scenario… Imagine you have N devices in your network that need an IP address (every computer, printer, tablet, smartphone, IP phone, etc. that belongs to your organization and its guests). Without NAT you would have to purchase N routable IP addresses from your ISP. The costs would skyrocket! At AlgoSec we run a 120+ employee company in numerous countries around the globe. We probably use 1000 IP addresses. We pay for maybe 3 routable IP addresses and NAT away the rest. Without NAT the operational cost of our IP infrastructure would go up by a factor of x300. NAT Security With regards to NAT’s impact on security, just because NAT is no replacement for a proper firewall doesn’t mean it’s useless. Locking your front door also provides very low-grade security – people still do it, since it’s a lot better than not locking your front door. Schedule a demo Related Articles Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read 5 Multi-Cloud Environments Cloud Security Mar 19, 2023 · 2 min read Convergence didn’t fail, compliance did. Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Partner solution brief AlgoSec and Illumio: stronger together Download PDF Schedule time with one of our experts Schedule time with one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

Update to AlgoSec’s Network Security Management Suite enhances support for leading vendors and extends Cisco integration, giving unrivalled application visibility, change automation and control AlgoSec A30.10 Delivers Enhanced Cloud, SDN and Network Security Management for Cisco ACI, Tetration & FirePower, Microsoft Azure, F5 AFM and Juniper Junos Space Update to AlgoSec’s Network Security Management Suite enhances support for leading vendors and extends Cisco integration, giving unrivalled application visibility, change automation and control April 2, 2020 Speak to one of our experts RIDGEFIELD PARK, N.J., April 2, 2020 – AlgoSec , the leading provider of business-driven network security management solutions, has released the version A30.10 update of its core Network Security Management Suite, which offers new cloud security management capabilities and a range of enhanced features that further extend its technology ecosystem integrations. The AlgoSec Security Management Suite (ASMS) A30.10 builds on A30’s market-leading automation capabilities to enable seamless, zero-touch security management across SDN, cloud and on-premise networks. This gives enterprises the most comprehensive visibility and control over security across their entire hybrid environment. Key features in ASMS A30.10 include: Extended support for Cisco ACI, Tetration and FirePower ASMS A30.10 offers enhanced support for Cisco solutions, including AlgoSec AppViz integration with Cisco Tetration, giving enhanced application visibility and network auto-discovery to dramatically accelerate identification and mapping of the network attributes and rules that support business-critical applications. The update also extends Cisco ACI Network Map modeling and Visibility. AlgoSec provide accurate and detailed traffic simulation query results and enables accurate intelligent automation for complex network security changes. ASMS now also provides Baseline Compliance reporting for Cisco Firepower devices. AlgoSec Firewall Analyzer Administrators can select a specific baseline profile, either the one provided by AlgoSec out-of-the box, a modified version, or they can create their own custom profile. Enhanced automation for F5 AFM and Juniper Junos Space ASMS A30.10 provides enhanced automation through FireFlow support for F5 AFM devices and several Juniper Junos Space enhancements including: – ActiveChange support for Junos Space: ActiveChange enables users to automatically implement work order recommendations via the Juniper Junos Space integration, directly from FireFlow. – Enhances Granularity support of Virtual Routers, VRFs, and Secure Wires for a greater level of route analysis and accurate automation design. Technology ecosystem openness ASMS A30.10 offers increased seamless migrations to virtual appliances, AlgoSec hardware appliances, or Amazon Web Services/Microsoft Azure instances. Easy device relocation also enables system administrators on distributed architectures to relocate devices across nodes. The update carries ASMS API improvements, including enhanced Swagger support, enabling the execution of API request calls and access lists of request parameters directly from Swagger. ASMS A30.10 also introduces new graphs and dashboards in the AlgoSec Reporting Tool (ART), which have an executive focus. New multi-cloud capabilities ASMS A30.10 offers streamlined access to CloudFlow, providing instant visibility, risk detection, and mitigation for cloud misconfigurations and simplifies network security policies with central management and cleanup capabilities. “As organizations accelerate their digital transformation initiatives, they need the ability to make changes to their core business applications quickly and without compromising security across on-premise, SDN and cloud environments. This means IT and security teams must have holistic visibility and granular control over their entire network infrastructure in order to manage these processes,” said Eran Shiff, Vice President, Product, of AlgoSec. “The new features in AlgoSec A30.10 make it even easier for these teams to quickly plan, check and automatically implement changes across their organization’s entire environment, to maximize business agility while strengthening their security and compliance postures.” AlgoSec’s ASMS A30.10 is generally available. About AlgoSec The leading provider of business-driven network security management solutions, AlgoSec helps the world’s largest organizations align security with their mission-critical business processes. With AlgoSec, users can discover, map and migrate business application connectivity, proactively analyze risk from the business perspective, tie cyber-attacks to business processes and intelligently automate network security changes with zero touch – across their cloud, SDN and on-premise networks.Over 1,800 enterprises , including 20 of the Fortune 50, utilize AlgoSec’s solutions to make their organizations more agile, more secure and more compliant – all the time. Since 2005, AlgoSec has shown its commitment to customer satisfaction with the industry’s only money-back guarantee . All product and company names herein may be trademarks of their registered owners. *** Media Contacts:Tsippi [email protected] Craig CowardContext Public [email protected] +44 (0)1625 511 966

CASE STUDY NCR ACCELERATES TOWARDS ZERO-TRUST Download PDF Schedule time with one of our experts Schedule time with one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

The Big Collection Of FIREWALL MANAGEMENT TIPS Download PDF Schedule time with one of our experts Schedule time with one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

Discover five essential tips for securing your network in 2021 with Algosec's network security experts. Webinars 5 power tips to keep your network secure in 2021 No one could have predicted how unpredictable 2020 would be, so we’re here to help you get prepared for whatever is in store in 2021. No matter what happens in the upcoming year – there are five things you can do now to keep your network secure in 2021. Join network security experts Jade Kahn and Asher Benbenisty, and learn how to: Never fly blind: Ensure visibility across your entire hybrid network Do more with less: Accelerate digital transformation & avoid misconfigurations with automation Stay continuously compliant Fight ransomware with micro-segmentation Accelerate in the cloud January 13, 2021 Jade Kahn CMO Asher Benbenisty Director of product marketing Relevant resources 5 Network Security Management Predictions for 2020 Watch Video Choose a better way to manage your network Choose a better way to manage your network Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

Assessing the Value of Network Segmentation from a Business Application Perspective Download PDF Schedule time with one of our experts Schedule time with one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

Did you know that in 2023, the average data breach cost companies a whopping $4.45 million ? Ouch! And with development cycles spinning... Cloud Security How to Implement a Security-as-Code Approach Asher Benbenisty 2 min read Asher Benbenisty Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 11/18/24 Published Did you know that in 2023, the average data breach cost companies a whopping $4.45 million ? Ouch! And with development cycles spinning faster than a hyper-caffeinated hamster, those risks are only multiplying. So how do you keep security from becoming a costly afterthought in this high-speed race? Enter Security as Code (SaC) – your secret weapon for weaving security into the very fabric of your development process. Think of it as baking security into your code like chocolate chips in a cookie – it's part of the recipe from the start, not just a sprinkle on top. SaC isn't just about writing squeaky-clean code; it's about automating, version-controlling, and consistently applying your security policies and checks across your entire development lifecycle. It's like having an army of security experts reviewing every line of code, every configuration, and every deployment, ensuring nothing slips through the cracks. And the best part? SaC helps you catch those pesky vulnerabilities early on, shrinking your attack surface and saving you a mountain of cash in the long run. It's like spotting a pothole before you drive into it – a little fix now saves you a major headache (and repair bill) later. Why Security as Code is Your Cloud's Best Friend Traditionally, security was treated like an unwelcome guest, showing up late to the party and trying to clean up the mess. But in today's fast-paced world, that approach is about as effective as a screen door on a submarine. SaC flips the script, making security an integral part of the development process from day one. It's like having a security guard at every checkpoint, ensuring that only the good guys get through. Here's why SaC is a game-changer for your cloud security: Early Threat Detection: Catch those vulnerabilities early on, when they're easier and cheaper to fix. It's like spotting a termite infestation before your entire house collapses. Boosted Visibility: Integrate security checks into every stage of your development lifecycle, leaving no room for those sneaky vulnerabilities to hide. Think of it as having X-ray vision for your code. Automated Enforcement: Say goodbye to manual errors and inconsistencies. SaC automates your security checks and enforcement, ensuring everything is locked down tight. It's like having a tireless robot army enforcing your security rules 24/7. Supercharged Efficiency: Streamline your development process and free up your team to focus on what they do best – building awesome applications. SaC is like giving your developers a jetpack, allowing them to soar through the development process without getting bogged down in security headaches. Compliance Confidence: Meet those pesky compliance requirements with ease. SaC helps you automate compliance checks and ensure your applications are always playing by the rules. It's like having a compliance officer built into your development process, keeping you on the straight and narrow. Taming the SaC Beast: Conquering the Challenges Okay, so SaC sounds awesome, right? But let's be real, change can be scarier than a clown holding a chainsaw. Many organizations hit a few roadblocks when trying to implement SaC. But fear not, cloud crusaders, we're here to help you conquer those challenges like a boss! Challenge #1: The Learning Curve The Problem: Switching to SaC can feel like learning to ride a unicycle on a tightrope – intimidating, to say the least. Your team might not be familiar with weaving security directly into their code. The Solution: Start small, like adding training wheels to that unicycle. Integrate those essential automated security tools (SAST, DAST) into your CI/CD pipeline. These tools deliver instant value and help your team get comfy with security checks early on. Empower your team with hands-on training and workshops, and cultivate those security champions within your dev teams to spread the SaC gospel. Challenge #2: The Price Tag The Problem: Adopting SaC requires an investment in tools, training, and tweaking your processes. It's like upgrading your security system – it costs some coin upfront, but it saves you a fortune in the long run. The Solution: Think long-term, my friend. The savings from dodging breaches, speeding up development, and automating compliance will make that initial investment look like peanuts. Start small and scale up as you go. Begin with open-source tools or pilot SaC in smaller projects before unleashing it across your entire organization. Challenge #3: Resistance to Change The Problem: Change can be tougher than convincing a cat to take a bath. Developers might worry that SaC will slow them down or cramp their style. The Solution: Rally the troops! Highlight the benefits of SaC – faster releases, fewer last-minute fire drills, and smoother compliance. Share success stories that show how SaC actually makes development better , not slower. And most importantly, communicate clearly. Make sure everyone understands why you're adopting SaC and how it benefits the entire team. Challenge #4: Integration Hiccups The Problem: Integrating SaC into your existing CI/CD pipeline can feel like trying to fit a square peg into a round hole. The Solution: Start small and expand gradually. Begin by automating security checks at critical points in your development cycle, then add more as your team gets comfortable. Focus on those positive outcomes and ensure a smooth transition that enhances your workflow, not disrupts it. SaC in Action: Real-World Wins Don't just take our word for it – check out these real-world examples of how SaC is helping companies across different industries boost their security and efficiency: Financial Services: DMI Finance was drowning in manual security processes for their Salesforce platform. By embracing SaC, they streamlined their workflow, boosted their security, and supercharged their deployments by a whopping 133%! Talk about a win-win! Healthcare: Athenahealth , a healthcare giant serving over 110 million patients, needed to scale securely while keeping those HIPAA compliance wolves at bay. They chose SaC with Okta for identity and access management, ensuring secure patient data and streamlined user authentication. Even during the chaos of COVID-19, they emerged as a leader in secure, scalable healthcare infrastructure. Retail: Swiss sportswear brand On was facing a barrage of credential-based attacks. They fought back by adopting SaC and implementing best practices like least privilege, fortifying their security posture and protecting their customers' data. These success stories prove that SaC isn't just a buzzword – it's a powerful tool that helps organizations across all industries squash vulnerabilities, automate compliance, and streamline their operations. SaC Implementation: Your Step-by-Step Guide Ready to roll up your sleeves and implement SaC in your own development lifecycle? First things first, planning is key. Define those security requirements like your life depends on it. Threat analysis time, people! Gather your team, brainstorm those potential vulnerabilities, and lock down your defenses before you write a single line of code. Next up, design like a security ninja. Threat modeling is your secret weapon. Embrace secure design principles like they're your own personal commandments. And don't forget to plan for security testing – you'll thank me later. Now, let's get coding, but securely, of course. Stick to those secure coding standards like glue. Embrace automated code analysis tools – they're your digital code whisperers. Vet those third-party libraries like you're hiring a bodyguard. And for the love of all that is secure, don't skip those code reviews! Testing time! Automate everything you can. Fuzz testing, security regression testing – bring it on! (Insert Figure 2 here, because visuals are awesome!) Deployment is where the rubber meets the road. Scan that infrastructure as code (IaC) like a hawk. Validate those container images like your life depends on it. And lock down those access controls tighter than a drum. Finally, maintenance is the name of the game. Continuous monitoring is your 24/7 security guard. Keep those patches and updates flowing like a well-oiled machine. And don't forget those regular security audits – they're your security checkup, keeping your system healthy and strong. Boom! You've just implemented SaC like a boss. For a full checklist of SaC implementation, download our checklist : Security as Code Checklist: Download Your Free Copy Want a handy guide to keep track of all the essential SaC practices? Download our free checklist and ensure you're covering all the bases! Download Checklist Now! SaC Adoption: Start Small, Dream Big Implementing SaC might seem daunting, but remember, even the mightiest oak tree starts as a tiny seed. Start small, build gradually, and foster that security-first mindset within your team. It's like training your knights to be vigilant and always ready for battle. Begin by educating your teams on security best practices and gradually integrating those security tools and practices into your SDLC. Start with automated security testing tools like SAST and DAST, and build from there. Regularly review and optimize your security policies and procedures to ensure they're always sharp and ready to defend your cloud kingdom. Conclusion: SaC – Your Ticket to a Secure and Agile Cloud Security as code is no longer a nice-to-have; it's a must-have in today's fast-paced development world. By integrating security from the get-go, you can squash vulnerabilities, ensure compliance, and accelerate your development timelines. SaC is all about shared responsibility, empowering your teams to proactively tackle risks and build trust with your users and stakeholders. And hey, don't forget to grab your free Security as Code Checklist to make sure you're covering all your bases! Schedule a demo Related Articles Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read 5 Multi-Cloud Environments Cloud Security Mar 19, 2023 · 2 min read Convergence didn’t fail, compliance did. Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Hybrid cloud computing enables organizations to deploy sensitive workloads on-premise or in a private cloud, while hosting less... DevSecOps Why organizations need to embrace new thinking in how they tackle hybrid cloud security challenges Prof. Avishai Wool 2 min read Prof. Avishai Wool Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 10/9/22 Published Hybrid cloud computing enables organizations to deploy sensitive workloads on-premise or in a private cloud, while hosting less business-critical resources on public clouds. But despite its many benefits, the hybrid environment also creates security concerns. AlgoSec’s co-founder and CTO, Prof. Avishai Wool shares his expert insights on these concerns and offers best practices to boost hybrid cloud security. Hybrid cloud computing combines on-premises infrastructure, private cloud services, and one or more public clouds. Going hybrid provides businesses with enhanced flexibility, agility, cost savings, and scalability to innovate, grow, and gain a competitive advantage. So, how can you simplify and strengthen security operations in the hybrid cloud? It all starts with visibility – you still can’t protect what you can’t see To protect their entire hybrid infrastructure, applications, workloads, and data, security teams need to know what these assets are and where they reside. They also need to see the entire hybrid estate and not just the individual elements. However, complete visibility is a serious hybrid cloud security challenge. Hybrid environments are highly complex, which can create security blind spots, which then prevent teams from identifying, evaluating, and most importantly, mitigating risk. Another hybrid cloud security concern is that you cannot implement a fragmented security approach to control the entire network. With thousands of integrated and inter-dependent resources and data flowing between them, vulnerabilities crop up, increasing the risk of cyberattacks or breaches. For complete hybrid cloud security, you need a holistic approach that can help you control the entire network. Is DevSecOps the panacea? Not quite In many organizations, DevSecOps teams manage cloud security because they have visibility into what’s happening inside the cloud. However, in the hybrid cloud, many applications have servers or clients existing outside the cloud, which DevSecOps may not have visibility into. Also, the protection of data flowing into and out of the cloud is not always under their remit. To make up for these gaps, other teams are required to manage security operations and minimize hybrid cloud risks. These additional processes and team members must be coordinated to ensure continuous security across the entire hybrid network environment. But this is easier said than done. Using IaC to balance automation with oversight is key, but here’s why you shouldn’t solely rely on it Infrastructure as code (IaC) will help you automatically deploy security controls in the hybrid cloud to prevent misconfiguration errors, non-compliance, and violations while in the production stage and pre application testing. With IaC-based security, you can define security best practices in template files, which will minimize risks and enhance your security posture. But there’s an inherent risk in putting all your eggs in the automation and IaC basket. Due to the fact that all the controls are on the operational side, it can create serious hybrid cloud security issues. And without human attention and action, vulnerabilities may remain unaddressed and open the door to cyberattacks. Since security professionals who are not on the operational side must oversee the cloud environment, it could easily open the door to miscommunication and human errors – a very costly proposition for organizations. For this very reason, you should also implement a process to regularly deploy automatic updates without requiring time-consuming approvals that slow down workflows and weaken security. Strive for 95% automated changes and only involve a person for the remaining 5% that requires human input. Hybrid cloud security best practices – start early, start strong When migrating from on-prem to the cloud, you can choose a greenfield migration or a lift-and-shift migration. Greenfield means rolling out a brand-new application. In this case, ensure that security considerations are “baked in” from the beginning and across all processes. This “shift left” approach helps build an environment that’s secure from the get-go. This ensures that all team members adhere to a unified set of security policy rules to minimize vulnerabilities and reduce security risks within the hybrid cloud environment. If you lift-and-shift on-prem applications to the cloud, note any security assumptions made when they were designed. This is important because they were not built for the cloud and may incorporate protocols that increase security risks. Next, implement appropriate measures during migration planning. For example, implement an Application Load Balancer if applications leverage plaintext protocols, and use sidecars to encrypt applications without having to modify the original codebase. You can also leverage hybrid cloud security solutions to detect and mitigate security problems in real-time. Matching your cloud security with application structure is no longer optional Before moving to a hybrid cloud, map the business logic, application structure, and application ownership into the hybrid cloud estate’s networking structure. To simplify this process, here are some tried and proven ways to consider. Break up your environment into a virtual private cloud (VPC) or virtual network. With the VPC, you can monitor connections, screen traffic, create multiple subnets, and also restrict instance access to improve security posture. Use networking constructs to segregate applications into different functional and networking areas in the cloud. This way, you can deploy network controls to segment your cloud estate and ensure that only authorized users can access sensitive data and resources. Tag all resources based on their operating system, business unit, and geographical area. Tags with descriptive metadata can help to identify resources. They also establish ownership and accountability, provide visibility into cloud consumption, and help with the deployment of security policies. Conclusion In today’s fast-paced business environment, hybrid cloud computing can benefit your organization in many ways. But to capture these benefits, you should make an effort to boost hybrid cloud security. Incorporate the best practices discussed here to improve security and take full advantage of your hybrid environment. To learn more about hybrid cloud security, listen to our Lessons in Cybersecurity podcast episode or head to our hybrid cloud resource hub here . Schedule a demo Related Articles Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read 5 Multi-Cloud Environments Cloud Security Mar 19, 2023 · 2 min read Convergence didn’t fail, compliance did. Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Previous Part of the analysis is available here. Next Part of the analysis is available here. Update from 19 December 2020: ‍Prevasio... Cloud Security Sunburst Backdoor, Part II: DGA & The List of Victims Rony Moshkovich 2 min read Rony Moshkovich Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 12/17/20 Published Previous Part of the analysis is available here . Next Part of the analysis is available here . Update from 19 December 2020: Prevasio would like to thank Zetalytics for providing us with an updated (larger) list of passive (historic) DNS queries for the domains generated by the malware. As described in the first part of our analysis, the DGA (Domain Generation Algorithm) of the Sunburst backdoor produces a domain name that may look like: fivu4vjamve5vfrtn2huov[.]appsync-api.us-west-2[.]avsvmcloud[.]com The first part of the domain name (before the first dot) consists of a 16-character random string, appended with an encoded computer’s domain name. This is the domain in which the local computer is registered. From the example string above, we can conclude that the encoded computer’s domain starts from the 17th character and up until the dot (highlighted in yellow): fivu4vjamve5vfrt n2huov In order to encode a local computer’s domain name, the malware uses one of 2 simple methods: Method 1 : a substitution table, if the domain name consists of small letters, digits, or special characters ‘-‘, ‘_’, ‘.’ Method 2 : base64 with a custom alphabet, in case of capital letters present in the domain name Method 1 In our example, the encoded domain name is “n2huov” . As it does not have any capital letters, the malware encodes it with a substitution table “rq3gsalt6u1iyfzop572d49bnx8cvmkewhj” . For each character in the domain name, the encoder replaces it with a character located in the substitution table four characters right from the original character. In order to decode the name back, all we have to do is to replace each encoded character with another character, located in the substitution table four characters left from the original character. To illustrate this method, imagine that the original substitution table is printed on a paper strip and then covered with a card with 6 perforated windows. Above each window, there is a sticker note with a number on it, to reflect the order of characters in the word “n2huov” , where ‘n’ is #1, ‘2’ is #2, ‘h’ is #3 and so on: Once the paper strip is pulled by 4 characters right, the perforated windows will reveal a different word underneath the card: “domain” , where ‘d’ is #1, ‘o’ is #2, ‘m’ is #3, etc.: A special case is reserved for such characters as ‘0’ , ‘-‘ , ‘_’ , ‘.’ . These characters are encoded with ‘0’ , followed with a character from the substitution table. An index of that character in the substitution table, divided by 4, provides an index within the string “0_-.” . The following snippet in C# illustrates how an encoded string can be decoded: static string decode_domain( string s) { string table = "rq3gsalt6u1iyfzop572d49bnx8cvmkewhj" ; string result = "" ; for ( int i = 0 ; i < s.Length; i++) { if (s[i] != '0' ) { result += table[(table.IndexOf(s[i]) + table.Length - 4 ) % table.Length]; } else { if (i < s.Length - 1 ) { if (table.Contains(s[i + 1 ])) { result += "0_-." [table.IndexOf(s[i + 1 ]) % 4 ]; } else { break ; } } i++; } } return result; } Method 2 This method is a standard base64 encoder with a custom alphabet “ph2eifo3n5utg1j8d94qrvbmk0sal76c” . Here is a snippet in C# that provides a decoder: public static string FromBase32String( string str) { string table = "ph2eifo3n5utg1j8d94qrvbmk0sal76c" ; int numBytes = str.Length * 5 / 8 ; byte [] bytes = new Byte[numBytes]; int bit_buffer; int currentCharIndex; int bits_in_buffer; if (str.Length < 3 ) { bytes[ 0 ] = ( byte )(table.IndexOf(str[ 0 ]) | table.IndexOf(str[ 1 ]) << 5 ); return System.Text.Encoding.UTF8.GetString(bytes); } bit_buffer = (table.IndexOf(str[ 0 ]) | table.IndexOf(str[ 1 ]) << 5 ); bits_in_buffer = 10 ; currentCharIndex = 2 ; for ( int i = 0 ; i < bytes.Length; i++) { bytes[i] = ( byte )bit_buffer; bit_buffer >>= 8 ; bits_in_buffer -= 8 ; while (bits_in_buffer < 8 && currentCharIndex < str.Length) { bit_buffer |= table.IndexOf(str[currentCharIndex++]) << bits_in_buffer; bits_in_buffer += 5 ; } } return System.Text.Encoding.UTF8.GetString(bytes); } When the malware encodes a domain using Method 2, it prepends the encrypted string with a double zero character: “00” . Following that, extracting a domain part of an encoded domain name (long form) is as simple as: static string get_domain_part( string s) { int i = s.IndexOf( ".appsync-api" ); if (i > 0 ) { s = s.Substring( 0 , i); if (s.Length > 16 ) { return s.Substring( 16 ); } } return "" ; } Once the domain part is extracted, the decoded domain name can be obtained by using Method 1 or Method 2, as explained above: if (domain.StartsWith( "00" )) { decoded = FromBase32String(domain.Substring( 2 )); } else { decoded = decode_domain(domain); } Decrypting the Victims’ Domain Names To see the decoder in action, let’s select 2 lists: List #1 Bambenek Consulting has provided a list of observed hostnames for the DGA domain. List #2 The second list has surfaced in a Paste bin paste , allegedly sourced from Zetalytics / Zonecruncher . NOTE: This list is fairly ‘noisy’, as it has non-decodable domain names. By feeding both lists to our decoder, we can now obtain a list of decoded domains, that could have been generated by the victims of the Sunburst backdoor. DISCLAIMER: It is not clear if the provided lists contain valid domain names that indeed belong to the victims. It is quite possible that the encoded domain names were produced by third-party tools, sandboxes, or by researchers that investigated and analysed the backdoor. The decoded domain names are provided purely as a reverse engineering exercise. The resulting list was manually processed to eliminate noise, and to exclude duplicate entries. Following that, we have made an attempt to map the obtained domain names to the company names, using Google search. Reader’s discretion is advised as such mappings could be inaccurate. Decoded Domain Mapping (Could Be Inaccurate) hgvc.com Hilton Grand Vacations Amerisaf AMERISAFE, Inc. kcpl.com Kansas City Power and Light Company SFBALLET San Francisco Ballet scif.com State Compensation Insurance Fund LOGOSTEC Logostec Ventilação Industrial ARYZTA.C ARYZTA Food Solutions bmrn.com BioMarin Pharmaceutical Inc. AHCCCS.S Arizona Health Care Cost Containment System nnge.org Next Generation Global Education cree.com Cree, Inc (semiconductor products) calsb.org The State Bar of California rbe.sk.ca Regina Public Schools cisco.com Cisco Systems pcsco.com Professional Computer Systems barrie.ca City of Barrie ripta.com Rhode Island Public Transit Authority uncity.dk UN City (Building in Denmark) bisco.int Boambee Industrial Supplies (Bisco) haifa.edu University of Haifa smsnet.pl SMSNET, Poland fcmat.org Fiscal Crisis and Management Assistance Team wiley.com Wiley (publishing) ciena.com Ciena (networking systems) belkin.com Belkin spsd.sk.ca Saskatoon Public Schools pqcorp.com PQ Corporation ftfcu.corp First Tech Federal Credit Union bop.com.pk The Bank of Punjab nvidia.com NVidia insead.org INSEAD (non-profit, private university) usd373.org Newton Public Schools agloan.ads American AgCredit pageaz.gov City of Page jarvis.lab Erich Jarvis Lab ch2news.tv Channel 2 (Israeli TV channel) bgeltd.com Bradford / Hammacher Remote Support Software dsh.ca.gov California Department of State Hospitals dotcomm.org Douglas Omaha Technology Commission sc.pima.gov Arizona Superior Court in Pima County itps.uk.net IT Professional Services, UK moncton.loc City of Moncton acmedctr.ad Alameda Health System csci-va.com Computer Systems Center Incorporated keyano.local Keyano College uis.kent.edu Kent State University alm.brand.dk Sydbank Group (Banking, Denmark) ironform.com Ironform (metal fabrication) corp.ncr.com NCR Corporation ap.serco.com Serco Asia Pacific int.sap.corp SAP mmhs-fla.org Cleveland Clinic Martin Health nswhealth.net NSW Health mixonhill.com Mixon Hill (intelligent transportation systems) bcofsa.com.ar Banco de Formosa ci.dublin.ca. Dublin, City in California siskiyous.edu College of the Siskiyous weioffice.com Walton Family Foundation ecobank.group Ecobank Group (Africa) corp.sana.com Sana Biotechnology med.ds.osd.mi US Gov Information System wz.hasbro.com Hasbro (Toy company) its.iastate.ed Iowa State University amr.corp.intel Intel cds.capilanou. Capilano University e-idsolutions. IDSolutions (video conferencing) helixwater.org Helix Water District detmir-group.r Detsky Mir (Russian children’s retailer) int.lukoil-int LUKOIL (Oil and gas company, Russia) ad.azarthritis Arizona Arthritis and Rheumatology Associates net.vestfor.dk Vestforbrænding allegronet.co. Allegronet (Cloud based services, Israel) us.deloitte.co Deloitte central.pima.g Pima County Government city.kingston. City of Kingston staff.technion Technion – Israel Institute of Technology airquality.org Sacramento Metropolitan Air Quality Management District phabahamas.org Public Hospitals Authority, Caribbean parametrix.com Parametrix (Engineering) ad.checkpoint. Check Point corp.riotinto. Rio Tinto (Mining company, Australia) intra.rakuten. Rakuten us.rwbaird.com Robert W. Baird & Co. (Financial services) ville.terrebonn Ville de Terrebonne woodruff-sawyer Woodruff-Sawyer & Co., Inc. fisherbartoninc Fisher Barton Group banccentral.com BancCentral Financial Services Corp. taylorfarms.com Taylor Fresh Foods neophotonics.co NeoPhotonics (optoelectronic devices) gloucesterva.ne Gloucester County magnoliaisd.loc Magnolia Independent School District zippertubing.co Zippertubing (Manufacturing) milledgeville.l Milledgeville (City in Georgia) digitalreachinc Digital Reach, Inc. deniz.denizbank DenizBank thoughtspot.int ThoughtSpot (Business intelligence) lufkintexas.net Lufkin (City in Texas) digitalsense.co Digital Sense (Cloud Services) wrbaustralia.ad W. R. Berkley Insurance Australia christieclinic. Christie Clinic Telehealth signaturebank.l Signature Bank dufferincounty. Dufferin County mountsinai.hosp Mount Sinai Hospital securview.local Securview Victory (Video Interface technology) weber-kunststof Weber Kunststoftechniek parentpay.local ParentPay (Cashless Payments) europapier.inte Europapier International AG molsoncoors.com Molson Coors Beverage Company fujitsugeneral. Fujitsu General cityofsacramento City of Sacramento ninewellshospita Ninewells Hospital fortsmithlibrary Fort Smith Public Library dokkenengineerin Dokken Engineering vantagedatacente Vantage Data Centers friendshipstateb Friendship State Bank clinicasierravis Clinica Sierra Vista ftsillapachecasi Apache Casino Hotel voceracommunicat Vocera (clinical communications) mutualofomahabanMutual of Omaha Bank Schedule a demo Related Articles Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read 5 Multi-Cloud Environments Cloud Security Mar 19, 2023 · 2 min read Convergence didn’t fail, compliance did. Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call