Search results

As 2022 comes to a close, Professor Avishai Wool, AlgoSec Co-Founder and CTO, provides his top 5 issues organizations will need to be... IaC 2023 Cybersecurity Predictions and Best Practices Prof. Avishai Wool 2 min read Prof. Avishai Wool Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 12/6/22 Published As 2022 comes to a close, Professor Avishai Wool, AlgoSec Co-Founder and CTO, provides his top 5 issues organizations will need to be aware in 2023 that will also dominate the cyber community conversation. 1) Application centric approach to network security will supersede basic NSPM I think the market has matured to the point where the NSPM approach has reached a tipping point and I see the shift to an application perspective becoming the de facto approach in network security policy management as there are better and more robust technologies in the market that can help organizations get there faster. I see this shift becoming even more viable in 2023 based on recent market trends in which organizations are opting for downsizing and trying to do more with the smaller staff at the expense of losing tribal knowledge. As a result, I see organizations shifting more towards adopting a holistic approach to network security that are more application centric in which they can retain critical knowledge, such as application traffic intent and application policy rules, so that the new generations can step in and pick up where the previous predecessors left off. 2) Containerization will enhance layered security I expect container security to be increasingly popular in the future, as companies understand that their existing network security mechanisms are not enough for the communication networks of today. Containers are seen as a cost-effective light-weight solution for deployment – and deploying them introduces another inner layer where security policies can be applied: behind the perimeter filters, the internal zoning, and the micro-segmentation, organizations can now also consider nano-segmentation at the container level. Vulnerability testing is another dimension of the container platform especially within cloud applications and SaaS products. The common Kubernetes platform offers both opportunities and challenges for vulnerability scanners. Beyond 2023 , businesses will need to enhance both their visibility and management capabilities of security within their containerized applications 3) Security driven IaaS ecosystems to improve network security I expect the popularity of Infrastructure as a service (IaaS) to continue to soar, making it difficult for security teams to keep up with the associated risks and vulnerabilities. Pre-set security settings may not meet the needs of the organization and customizing these settings can prove to be difficult. The customizability of IaaS offers great potential for productivity, but it also makes it complicated to secure. The bottom line is that companies can no longer depend on their network perimeter to guard sensitive data. In response, I anticipate organizations that begin utilizing an “Always-on Security” approach such as Infrastructure as Code (IaC) which would permit them to construct personalized policies to control the development environments during each phase of the software development life cycle (SDLC) and recognize potential risks, security flaws, and compliance issues on a what-if basis, before deploying flawed settings into production. 4) Cloud-native security tools will reign supreme I expect that cloud-based security systems will become more commonplace: these security solutions offer a wide range of abilities, such as secure access, identity and access management, data loss prevention, application security, automation of security, detection and prevention of intrusions, security information and event management, and encryption. With companies transitioning more workloads to the cloud, they will want to make use of many of these features. These tools make it possible for remote teams to manage a greater public cloud presence: comfortably configuring services and automating processes, to identify and preemptively tackle any kind of threats. To bridge the gap in cloud data security, I anticipate the emergence of data safeguarding systems that are designed specifically for cloud usage and are able to link up with public cloud systems in an advanced, agentless manner. This has been classified in the market as Cloud Native Application Protection Platform (CNAPP) . These platforms must be able to detect where the data is stored and what sorts of data are stored in the cloud, so that corporations can prioritize on what is most important – defending their most sensitive data and cloud-based applications without interfering with their normal operations. 5) Expect ransomware not to go away and get even more sophisticated Organizations in 2022 saw no let-up from ransomware threats, some of whom were attacked multiple times and I do not see any reason why this trend will change in 2023. Cyber criminals are getting more resourceful and savvier in their attempts to stay ahead of law enforcement, and I anticipate these attacks will only become more frequent as their perpetrators are proving more capable of infiltrating many organizations’ cyber defenses. In response, organizations will have to seek more technology solutions to protect data at the source. But that would not suffice. I think organizations will need to look beyond technological solutions and apply better preparedness strategies. Whether it be Zero Trust or something less overarching but more practical for an organization’s business needs, such as Micro-segmentation , it would ensure that threat-actors would not be able to access the data residing inside the security perimeter. Schedule a demo Related Articles Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read 5 Multi-Cloud Environments Cloud Security Mar 19, 2023 · 2 min read Convergence didn’t fail, compliance did. Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

CIS provides best practices to help companies like yours improve their cloud security posture. You’ll protect your systems against... Cloud Security What is CIS Compliance? (and How to Apply CIS Benchmarks) Rony Moshkovich 2 min read Rony Moshkovich Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 6/20/23 Published CIS provides best practices to help companies like yours improve their cloud security posture. You’ll protect your systems against various threats by complying with its benchmark standards. This post will walk you through CIS benchmarks, their development, and the kinds of systems they apply to. We will also discuss the significance of CIS compliance and how Prevasio may help you achieve it. What are CIS benchmarks? CIS stands for Center for Internet Security . It’s a nonprofit organization that aims to improve companies’ cybersecurity readiness and response. Founded in 2000, the CIS comprises cybersecurity experts from diverse backgrounds. They have the common goal of enhancing cybersecurity resilience and reducing security threats. CIS compliance means adhering to the Center for Internet Security (CIS) benchmarks. CIS benchmarks are best practices and guidelines to help you build a robust cloud security strategy. These CIS benchmarks give a detailed road map for protecting a business’s IT infrastructure. They also encompass various platforms, such as web servers or cloud bases. The CIS benchmarks are frequently called industry standards. They are normally in line with other regulatory organizations, such as ISO, NIST, and HIPAA. Many firms adhere to CIS benchmarks to ensure they follow industry standards. They also do this to show their dedication to cybersecurity to clients and stakeholders. The CIS benchmarks and CIS controls are always tested through on-premises analysis by leading security firms. This ensures that CIS releases standards that are effective at mitigating cyber risks. How are the CIS benchmarks developed? A community of cybersecurity professionals around the world cooperatively develops CIS benchmarks. They exchange their knowledge, viewpoints, and experiences on a platform provided by CIS. The end result is consensus-based best practices that will protect various IT systems. The CIS benchmark development process typically involves the following steps: 1. Identify the technology: The first step is to identify the system or technology that has to be protected. This encompasses a range of applications. It can be an operating system, database, web server, or cloud environment. 2. Define the scope: The following stage is to specify the benchmark’s parameters. It involves defining what must be implemented for the technology to be successfully protected. They may include precise setups, guidelines, and safeguards. 3. Develop recommendations: Next, a community of cybersecurity experts will identify ideas for safeguarding the technology. These ideas are usually based on current best practices, norms, and guidelines. They may include the minimum security requirements and measures to be taken. 4. Expert consensus review: Thereafter, a broader group of experts and stakeholders assess the ideas. They will offer comments and suggestions for improvement. This level aims to achieve consensus on the appropriate technical safeguards. 5. Pilot testing: The benchmark is then tested in a real-world setting. At this point, CIS aims to determine its efficacy and spot any problems that need fixing. 6. Publication and maintenance: The CIS will publish the benchmark once it has been improved and verified. The benchmark will constantly be evaluated and updated to keep it current and useful for safeguarding IT systems. What are the CIS benchmark levels? CIS benchmarks are divided into three levels based on the complexity of an IT system. It’s up to you to choose the level you need based on the complexity of your IT environment. Each level of the benchmarks offers better security recommendations than the previous level. The following are the distinct categories that benchmarks are divided into: Level 1 This is the most basic level of CIS standards. It requires organizations to set basic security measures to reduce cyber threats. Some CIS guidelines at this level include password rules, system hardening, and risk management. The level 1 CIS benchmarks are ideal for small businesses with basic IT systems. Level 2 This is the intermediate level of the CIS benchmarks. It is suitable for small to medium businesses that have complex IT systems. The Level 2 CIS standards offer greater security recommendations to your cloud platform. It has guidelines for network segmentation, authentication, user permissions, logging, and monitoring. At this level, you’ll know where to focus your remediation efforts if you spot a vulnerability in your system. Level 2 also covers data protection topics like disaster recovery plans and encryption. Level 3 Level 3 is the most advanced level of the CIS benchmarks. It offers the highest security recommendations compared to the other two. Level 3 also offers the Security Technical Implementation Guide (STIG) profiles for companies. STIG are configuration guidelines developed by the Defense Information Systems Agency. These security standards help you meet US government requirements. This level is ideal for large organizations with the most sensitive and vital data. These are companies that must protect their IT systems from complex security threats. It offers guidelines for real-time security analytics, safe cloud environment setups, and enhanced threat detection. What types of systems do CIS benchmarks apply to? The CIS benchmarks are applicable to many IT systems used in a cloud environment. The following are examples of systems that CIS benchmarks can apply to: Operating systems: CIS benchmarks offer standard secure configurations for common operating systems, including Amazon Linux, Windows Servers, macOS, and Unix. They address network security, system hardening, and managing users and accounts. Cloud infrastructure: CIS benchmarks can help protect various cloud infrastructures, including public, private, and multi-cloud. They recommend guidelines that safeguard cloud systems by various cloud service providers. For example, network security, access restrictions, and data protection. The benchmarks cover cloud systems such as Amazon Web Services (AWS), Microsoft Azure, IBM, Oracle, and Google Cloud Platform. Server software: CIS benchmarks provide secure configuration baselines for various servers, including databases (SQL), DNS, Web, and authentication servers. The baselines cover system hardening, patch management, and access restrictions. Desktop software: Desktop apps such as music players, productivity programs, and web browsers can be weak points in your IT system. CIS benchmarks offer guidelines to help you protect your desktop software from vulnerabilities. They may include patch management, user and account management, and program setup. Mobile devices: The CIS benchmarks recommend safeguarding endpoints such as tablets and mobile devices. The standards include measures for data protection, account administration, and device configuration. Network devices: CIS benchmarks also involve network hardware, including switches, routers, and firewalls. Some standards for network devices include access restrictions, network segmentation, logging, and monitoring. Print devices: CIS benchmarks also cover print devices like printers and scanners. The CIS benchmark baselines include access restrictions, data protection, and firmware upgrades. Why is CIS compliance important? CIS compliance helps you maintain secure IT systems. It does this by helping you adhere to globally recognized cybersecurity standards. CIS benchmarks cover various IT systems and product categories, such as cloud infrastructures. So by ensuring CIS benchmark compliance, you reduce the risk of cyber threats to your IT systems. Achieving CIS compliance has several benefits: 1. Your business will meet internationally accepted cybersecurity standards . The CIS standards are developed through a consensus review process. This means they are founded on the most recent threat intelligence and best practices. So you can rely on the standards to build a solid foundation for securing your IT infrastructure. 2. It can help you meet regulatory compliance requirements for other important cybersecurity frameworks . CIS standards can help you prove that you comply with other industry regulations. This is especially true for companies that handle sensitive data or work in regulated sectors. CIS compliance is closely related to other regulatory compliances such as NIST, HIPAA, and PCI DSS. By implementing the CIS standards, you’ll conform to the applicable industry regulations. 3. Achieving CIS continuous compliance can help you lower your exposure to cybersecurity risks . In the process, safeguard your vital data and systems. This aids in preventing data breaches, malware infections, and other cyberattacks. Such incidents could seriously harm your company’s operations, image, and financial situation. A great example is the Scottish Oil giant, SSE. It had to pay €10M in penalties for failing to comply with a CIS standard in 2013. 4. Abiding by the security measures set by CIS guidelines can help you achieve your goals faster as a business. The guidelines cover the most important and frequently attacked areas of IT infrastructure. 5. CIS compliance enhances your general security posture. It also decreases the time and resources needed to maintain security. It does this by providing uniform security procedures across various platforms. How to achieve CIS compliance? Your organization can achieve CIS compliance by conforming to the guidelines of the CIS benchmarks and CIS controls. Each CIS benchmark usually includes a description of a recommended configuration. It also usually contains a justification for the implementation of the configuration. Finally, it offers step-by-step instructions on how to carry out the recommendation manually. While the standards may seem easy to implement manually, they may consume your time and increase the chances of human errors. That is why most security teams prefer using tools to automate achieving and maintaining CIS compliance. CIS hardened images are great examples of CIS compliance automation tools. They are pre-configured images that contain all the necessary recommendations from CIS benchmarks. You can be assured of maintaining compliance by using these CIS hardened images in your cloud environment. You can also use CSPM tools to automate achieving and maintaining CIS compliance. Cloud Security Posture Management tools automatically scan for vulnerabilities in your cloud. They then offer detailed instructions on how to fix those issues effectively. This way, your administrators don’t have to go through the pain of doing manual compliance checks. You save time and effort by working with a CSPM tool. Use Prevasio to monitor CIS compliance. Prevasio is a cloud-native application platform (CNAPP) that can help you achieve and maintain CIS compliance in various setups, including Azure, AWS, and GCP. A CNAPP is basically a CSPM tool on steroids. It combines the features of CSPM, CIEM, IAM, and CWPP tools into one solution. This means you’ll get clearer visibility of your cloud environment from one platform. Prevasio constantly assesses your system against the latest version of CIS benchmarks. It then generates reports showing areas that need adjustments to keep your cloud security cyber threat-proof. This saves you time as you won’t have to do the compliance checks manually. Prevasio also has a robust set of features to help you comply with standards from other regulatory bodies. So using this CSPM tool, you’ll automatically comply with HIPAA, PCI DSS, and GDPR. Prevasio offers strong vulnerability evaluation and management capabilities besides CIS compliance monitoring. It uses cutting-edge scanning algorithms to find known flaws, incorrect setups, and other security problems in IT settings. This can help you identify and fix vulnerabilities before fraudsters can exploit them. The bottom line on CIS compliance Achieving and maintaining CIS compliance is essential in today’s continually changing threat landscape . However, doing the compliance checks manually takes time. You may not also spot weaknesses in your cloud security in time. This means that you need to automate your CIS compliance. And what better solution than a cloud security posture management tool like Prevasio? Prevasio is the ideal option for observing compliance and preventing malware that attack surfaces in cloud assets. Prevasio offers a robust security platform to help you achieve CIS compliance and maintain a secure IT environment. This platform is agentless, meaning it doesn’t run on the cloud like most of its competitors. So you save a lot in costs every time Prevasio runs a scan. Prevaiso also conducts layer analysis. It helps you spot the exact line of code where the problem is rather than give a general area. In the process, saving you time spent identifying and solving critical threats. Try Prevasio today! Schedule a demo Related Articles Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read 5 Multi-Cloud Environments Cloud Security Mar 19, 2023 · 2 min read Convergence didn’t fail, compliance did. Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Before I became a Sale Engineer I started my career working in operations and I don’t remember the first time I heard the term zero trust... Zero Trust AlgoSec and Zero-Trust for Healthcare Adolfo Lopez 2 min read Adolfo Lopez Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 2/26/24 Published Before I became a Sale Engineer I started my career working in operations and I don’t remember the first time I heard the term zero trust but I all I knew is that it was very important and everyone was striving to get to that level of security. Today I’ll get into how AlgoSec can help achieve those goals, but first let’s have a quick recap on what zero trust is in the first place. There are countless whitepapers and frameworks that define zero trust much better than I can, but they are also multiple pages long, so I’ll do a quick recap. Traditionally when designing a network you may have different zones and each zone might have different levels of access. In many of these types of designs there is a lot of trust that is given once they are in a certain zone. For example, once someone gets to their workplace at the hospital, the nursing home, the dental center or any other medical office and does all the necessary authentication steps (proper company laptop, credentials, etc…) they potentially have free reign to everything. This is a very simple example and in a real-world scenario there would hopefully be many more safeguards in place. But what does happen in real world scenarios is that devices still manage to get trusted more than they should. And from my own experience and from working with customers this happens way too often. Especially in the healthcare industry this is becoming more and more important. These days there are many different types of medical devices, some that hold sensitive information, some scanning instruments, and some that might even be critical to patient support. More importantly many are connected to some type of network. Because of this level of connectivity, we do need to start shifting toward this idea of zero trust. In healthcare cybersecurity isn’t just a matter of maintaining the network, it’s about maintaining the critical operations of the hospitals running smoothly and patient data safe and secure. Maintaining security policies is critical to achieving zero trust. Below you can see some of the key features that AlgoSec has that can help achieve that goal. Feature Description Security Policy Analysis Analyze existing security policy sets across all parts of the network (on-premises and cloud) with various vendors. Policy Cleanup Identify and remove redundant rules, duplicate rules, and more from the first report. Specific Recommendations Over time, recommendations become more specific, such as identifying unnecessary rules (e.g., a printer talking to a medical device without actual use). Application Perspective Tie firewall rules to actual applications to understand the business function they support, leading to more targeted security policies. Granularity & Visibility Higher level of visibility and granularity in security policies, focusing on specific application flows rather than broad network access. Security Posture by Application View and assess security risks and vulnerabilities at the application level, improving overall security posture. One of my favorite aspects of the AlgoSec platform is that we not only help optimize your security policies, but we also start to look at security from an application perspective. Traditionally, firewall change requests come in and it’s just asking for very specific things, “Source A to Destination B using Protocol C.” But using AlgoSec we tie those rules to actual applications to see what business function this is supporting. By knowing the specific flows and tying them to a specific application this allows us to keep a closer eye on the actual security policies we need to create. This helps with that zero trust journey because having that higher level of visibility and granularity helps to keep the rules more specific. Instead of a change request coming in that is allowing wide open access between two subnets the application can be designed for only the access that is required. It also allows for an overall better view of the security posture. Zero trust, like many other ideas and frameworks in our industry might seem farfetched at first. We ask ourselves, how do we get there or how do we implement without it becoming so cumbersome that we give up on it. I think it’s normal to be a bit pessimistic about achieving the goal and it’s completely fine to look at some projects as moving targets that we might not have a hard deadline on. There usually isn’t a magic bullet that accomplish our goals, especially something like achieving zero trust. Multiple initiatives and projects are necessary. With AlgoSec’s expertise in application connectivity and policy management, we can be a key partner in that journey. Schedule a demo Related Articles Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read 5 Multi-Cloud Environments Cloud Security Mar 19, 2023 · 2 min read Convergence didn’t fail, compliance did. Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Safeguarding the network architecture is the need of the hour. According to a study, the average cost of a data breach is at an all-time... Network Security Policy Management Network segmentation vs. VLAN explained Tsippi Dach 2 min read Tsippi Dach Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 8/9/23 Published Safeguarding the network architecture is the need of the hour. According to a study, the average cost of a data breach is at an all-time high of $4.35 million. And this figure will only increase with governments and regulators becoming ever stricter on data breaches. The go-to method IT administrators adopt to safeguard their networks is network segmentation. By segmenting a larger network into smaller chunks, it becomes much more manageable to secure the entire network. But network segmentation is a broad concept and doesn’t refer to a single procedure. In fact, there are several segmentation processes — one of them being VLAN. Instead of simplifying, this adds to the complexity. In this article, we will explain the core difference between network segmentation and VLAN and when you should opt for a particular one over the other. What is network segmentation? Let’s start with the definitions of network segmentation and VLAN. By definition, network segmentation is the practice of compartmentalizing a network according to firewall rules . In other words, it’s about dividing a computer network into subnetworks. The subnetworks, at the IP level, are known as subnets. Each of the subnets then works independently and in isolation. Think of how a nation is split into various states and provinces for better management at the local level. Running an entire nation at the federal level is too much work. In addition to subnetting, there are other segmentation options like firewall segmentation and SDN (Software Defined Network) segmentation. But for this article’s sake, we will focus on subnets since those are the most common. What is VLAN? VLAN or Virtual LAN (Virtual Local Area Network) is also a type of network segmentation approach where the main physical network is divided into multiple smaller virtual networks. The division is done logically or virtually, not requiring buying additional physical resources. The same resource is divided using computer logic. There are several benefits to dividing the parts of the network, either using VLAN segmentation or subnet techniques. Some of them are: Broadcast domain isolation Both subnets and VLAN isolate broadcast domains. This way, broadcasting network traffic is contained in a single segment instead of being exposed to the entire network. This reduces the chance of network congestion during peak hours and unnecessary server overload, thereby maximizing efficiency. Enhanced security The isolation by subnets or VLAN enhances the IT network’s security policies. This is achieved through various factors that are at play. But primarily, the creation of subnetworks makes the flat network more secure. With multiple subnetworks, you can regulate the security parameters. Thus, those subnets containing critical data (like that of healthcare) can have enhanced cybersecurity measures more than others, making them harder to crack. So, from a security perspective, both subnets and VLAN are a must. Better network management With digitization and IT modernization, the IT infrastructure is growing. Concurrently, it’s getting harder to manage them. Microsegmentation is one way of managing the ever-growing infrastructure. By segmenting, you can deploy teams to each segment, thereby strengthening their management and accountability. With the implementation of SDN, you can even configure and automate the management of some of the subnetworks. Flexibility in scalability Many network administrators face network performance and scalability issues expanding resources. The issues are a mix of technical and economical. Network segmentation offers a solution to such issues. By segmenting the entire data center network, you can choose which segments to expand and control the resources granted to each segment. This also makes scalability more economical. While both offer scalability opportunities, VLAN offers superior functionality than subnets. Reduced scope of compliance Compliance is another area that IT execs need to work on. And network segmentation, either via subnets or VLAN, can help in this regard. By having subnets, you don’t have to audit your entire segmented network as required by regulators. Just audit the necessary subnets and submit the reports to the regulators for approval. This takes far less time and costs significantly less than auditing the entire network. Differences between network segmentation and VLAN By definition, network segmentation (subnetting) and VLAN sound pretty similar. After all, there’s a division of the main network into subnetworks or smaller networks. But besides the core similarities mentioned above, there are a few critical differences. Let’s dive into the differences between the two. The primary difference between the two subnets are layer 3 divisions, while VLANs are layer 2 divisions. As you may recall, networks are layer 1 (device), layer 2 (data link), layer 3 (IP, routers), and so on, up to layer 7 (application). TCP/IP is the newer framework with four layers only. So, when you divide a network at a data link, you need to adopt VLAN. With VLAN, several networks exist on the same physical network but may not be connected to the same fiber switch. In subnets, the division occurs at IP level. Thus, the independent subnets are assigned their IP addresses and communicate with others over layer 3. Besides this significant difference, there are other dissimilarities you should know. Here’s a table to help you understand: VLAN Subnet 1 Divides the network within the same physical network using logic. Divides the IP network into multiple IP networks 2 VLANs communicate with other devices within the same LAN The communication between the subnets is carried out over layer 3 3 It is configured at the switch side It is configured at IP level 4 VLAN divisions are software-based terminology since they’re divided logically. Subnets can be both hardware- of software-based 5 VLAN provides better network access and tend to be more stable Subnets offer limited control When to adopt a subnet? There are use cases when subnets are more suited, while there are cases when you’re better off with Virtual LANs. As per the definition, you need to adopt a subnet when dividing different networks at IP level. So, if you want to create multiple IP addresses for each partition, implement subnets. The subnets are essentially networks within a network with their own IP addresses. Thus, they divide the broadcast domain and improve speed and efficiency. Subnets are also the go-to segmentation method when you need to make the sub-networks available over layer 3 to the outside world. With appropriate access control lists, anyone with an internet connection would be able to access the subnets But subnetting is also used to prevent access to a particular subnet. For example, you may want to limit access to the company’s software codebase to anyone outside the development department. So, only network devices with approved IP addresses used by the developer network are approved to access the codebase. But there are two downsides to subnets you should know. The first one is increased time complexity. When dealing with a single network, three steps are in place to reach the Process (Source Host, Destination Network, and Process). In subnets, there’s an additional step involved (Source Host, Destination Network, Subnet, Process). This extra step increases time complexity, requiring more time for data transfer and connectivity. It also affects stability. Subnetting also increases the number of IP addresses required since each subnet requires its own IP address. This can become hard to manage over time. When to adopt VLAN? Virtual LANs are internal networks within the same physical network. They interact with one another, not with other devices on the same network or outside the world. Think of VLAN as a private wireless network at home. Your neighbors don’t have access to it, but everyone in your home has. If that sounds like your desired result, you should adopt VLAN. There are three types of VLANs (basic, extended, and tagged). In basic VLAN, you assign IDs to each switch port or PCI . Once assigned, you can’t change them. Extended VLAN has more functionalities like priority-based routing. Lastly, tagged VLAN enables you to create multiple VLANs with IEEE 802.1Q. The main advantages of different VLANs over subnet are speed and stability. Since endpoints do not have to resolve IP addresses every time, they tend to be faster. But there’s a significant disadvantage to VLANs: It’s easier to breach multiple partitions if there’s a malicious injection. Without proper network security controls, it is easier to exploit vulnerabilities using malware and ransomware , putting your entire network at risk. Having ACLs (access control lists) can help in such situations. Furthermore, there are issues arising out of physical store requirements. Connecting two segments in VLAN requires you to use routers and IoT. Routers are physical devices that take up space. The more segments you create, the more routers you need to use. Over time, management can become an issue. The bottom line Both subnets and VLANs are network segmentation approaches that improve security and workload management. It’s not a given that you can’t have both. Some companies benefit from the implementation of VLAN and subnets simultaneously. But there are specific times when IT service providers prefer one over the other. Consider your requirements to select the approach that’s right for you. Schedule a demo Related Articles Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read 5 Multi-Cloud Environments Cloud Security Mar 19, 2023 · 2 min read Convergence didn’t fail, compliance did. Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Organizations transitioning to the cloud require robust security concepts to protect their most critical assets, including business... Cloud Security Top Two Cloud Security Concepts You Won’t Want to Overlook Rony Moshkovich 2 min read Rony Moshkovich Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 11/24/22 Published Organizations transitioning to the cloud require robust security concepts to protect their most critical assets, including business applications and sensitive data. Rony Moshkovitch, Prevasio’s co-founder, explains these concepts and why reinforcing a DevSecOps culture would help organizations strike the right balance between security and agility. In the post-COVID era, enterprise cloud adoption has grown rapidly. Per a 2022 security survey , over 98% of organizations use some form of cloud-based infrastructure. But 27% have also experienced a cloud security incident in the previous 12 months. So, what can organizations do to protect their critical business applications and sensitive data in the cloud? Why Consider Paved Road, Guardrails, and Least Privilege Access for Cloud Security It is in the organization’s best interest to allow developers to expedite the lifecycle of an application. At the same time, it’s the security teams’ job to facilitate this process in tandem with the developers to help them deliver a more secure application on time. As organizations migrate their applications and workloads to a multi-cloud platform, it’s incumbent to use a Shift left approach to DevSecOps. This enables security teams to build tools, and develop best practices and guidelines that enable the DevOps teams to effectively own the security process during the application development stage without spending time responding to risk and compliance violations issued by the security teams. This is where Paved Road, Guardrails and Least Privilege could add value to your DevSecOps. Concept 1: The Paved Road + Guardrails Approach Suppose your security team builds numerous tools, establishes best practices, and provides expert guidance. These resources enable your developers to use the cloud safely and protect all enterprise assets and data without spending all their time or energy on these tasks. They can achieve these objectives because the security team has built a “paved road” with strong “guardrails” for the entire organization to follow and adopt. By following and implementing good practices, such as building an asset inventory, creating safe templates, and conducting risk analyses for each cloud and cloud service, the security team enables developers to execute their own tasks quickly and safely. Security staff will implement strong controls that no one can violate or bypass. They will also clearly define a controlled exception process, so every exception is clearly tracked and accountability is always maintained. Over time, your organization may work with more cloud vendors and use more cloud services. In this expanding cloud landscape, the paved road and guardrails will allow users to do their jobs effectively in a security-controlled manner because security is already “baked in” to everything they work with. Moreover, they will be prevented from doing anything that may increase the organization’s risk of breaches, thus keeping you safe from the bad guys. How Paved Road Security and Guardrails Can Be Applied Successfully Example 1: Set Baked-in Security Controls Remember to bake security into reusable Terraform templates or AWS CloudFormation modules of paved roads. You may apply this tactic to provision new infrastructure, create new storage buckets, or adopt new cloud services. When you create a paved road and implement appropriate guardrails, all your golden modules and templates are already secure from the outset – safeguarding your assets and preventing undesirable security events. Example 2: Introducing Security Standardizations When creating resource functions with built-in security standards, developers should adhere to these standards to confidently configure required resources without introducing security issues into the cloud ecosystem. Example 3: Automating Security with Infrastructure as Code (IaC) IaC is a way to manage and provision new infrastructure by coding specifications instead of following manual processes. To create a paved road for IaC, the security team can introduce tagging to provision and track cloud resources. They can also incorporate strong security guardrails into the development environment to secure the new infrastructure right from the outset. Concept 2: The Principle of Least Privileged Access (PoLP) The Principle of Least Privilege Access (PoLP) is often synonymous with Zero Trust. PoLP is about ensuring that a user can only access the resources they need to complete a required task. The idea is to prevent the misuse of critical systems and data and reduce the attack surface to decrease the probability of breaches. How Can PoLP Be Applied Successfully Example 1: Ring-fencing critical assets This is the process of isolating specific “crown jewel” applications so that even if an attacker could make it into your environment, they would be unable to reach that data or application. As few people as possible would be given credentials that allow access, therefore following least privilege access rules. Crown jewel applications could be anything from where sensitive customer data is stored, to business-critical systems and processes. Example 2: Establishing Role Based Access Control (RABC) Based on the role that they hold at the company, RBAC or role-based access control allows specific access to certain data or applications, or parts of the network. This goes hand in hand with the principle of least privilege, and means that if credentials are stolen, the attackers are limited to what access the employee in question holds. As this is based on users, you could isolate privileged user sessions specifically to keep them with an extra layer of protection. Only if an administrator account or one with wide access privilege is stolen, would the business be in real trouble. Example 3: Isolate applications, tiers, users, or data This task is usually done with micro-segmentation, where specific applications, users, data, or any other element of the business is protected from an attack with internal, next-gen firewalls. Risk is reduced in a similar way to the examples above, where the requisite access needed is provided using the principle of least privilege to allow access to only those who need it, and no one else. In some situations, you might need to allow elevated privileges for a short period of time, for example during an emergency. Watch out for privilege creep, where users gain more access over time without any corrective oversight. Conclusion and Next Steps Paved Road, Guardrails and PoLP concepts are all essential for a strong cloud security posture. By adopting these concepts, your organization can move to the next stage of cloud security maturity and create a culture of security-minded responsibility at every level of the enterprise. The Prevasio cloud security platform allows you to apply these concepts across your entire cloud estate while securing your most critical applications. Schedule a demo Related Articles Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read 5 Multi-Cloud Environments Cloud Security Mar 19, 2023 · 2 min read Convergence didn’t fail, compliance did. Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Previous Part of the analysis is available here. Next Part of the analysis is available here. Update from 19 December 2020: ‍Prevasio... Cloud Security Sunburst Backdoor, Part II: DGA & The List of Victims Rony Moshkovich 2 min read Rony Moshkovich Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 12/17/20 Published Previous Part of the analysis is available here . Next Part of the analysis is available here . Update from 19 December 2020: Prevasio would like to thank Zetalytics for providing us with an updated (larger) list of passive (historic) DNS queries for the domains generated by the malware. As described in the first part of our analysis, the DGA (Domain Generation Algorithm) of the Sunburst backdoor produces a domain name that may look like: fivu4vjamve5vfrtn2huov[.]appsync-api.us-west-2[.]avsvmcloud[.]com The first part of the domain name (before the first dot) consists of a 16-character random string, appended with an encoded computer’s domain name. This is the domain in which the local computer is registered. From the example string above, we can conclude that the encoded computer’s domain starts from the 17th character and up until the dot (highlighted in yellow): fivu4vjamve5vfrt n2huov In order to encode a local computer’s domain name, the malware uses one of 2 simple methods: Method 1 : a substitution table, if the domain name consists of small letters, digits, or special characters ‘-‘, ‘_’, ‘.’ Method 2 : base64 with a custom alphabet, in case of capital letters present in the domain name Method 1 In our example, the encoded domain name is “n2huov” . As it does not have any capital letters, the malware encodes it with a substitution table “rq3gsalt6u1iyfzop572d49bnx8cvmkewhj” . For each character in the domain name, the encoder replaces it with a character located in the substitution table four characters right from the original character. In order to decode the name back, all we have to do is to replace each encoded character with another character, located in the substitution table four characters left from the original character. To illustrate this method, imagine that the original substitution table is printed on a paper strip and then covered with a card with 6 perforated windows. Above each window, there is a sticker note with a number on it, to reflect the order of characters in the word “n2huov” , where ‘n’ is #1, ‘2’ is #2, ‘h’ is #3 and so on: Once the paper strip is pulled by 4 characters right, the perforated windows will reveal a different word underneath the card: “domain” , where ‘d’ is #1, ‘o’ is #2, ‘m’ is #3, etc.: A special case is reserved for such characters as ‘0’ , ‘-‘ , ‘_’ , ‘.’ . These characters are encoded with ‘0’ , followed with a character from the substitution table. An index of that character in the substitution table, divided by 4, provides an index within the string “0_-.” . The following snippet in C# illustrates how an encoded string can be decoded: static string decode_domain( string s) { string table = "rq3gsalt6u1iyfzop572d49bnx8cvmkewhj" ; string result = "" ; for ( int i = 0 ; i < s.Length; i++) { if (s[i] != '0' ) { result += table[(table.IndexOf(s[i]) + table.Length - 4 ) % table.Length]; } else { if (i < s.Length - 1 ) { if (table.Contains(s[i + 1 ])) { result += "0_-." [table.IndexOf(s[i + 1 ]) % 4 ]; } else { break ; } } i++; } } return result; } Method 2 This method is a standard base64 encoder with a custom alphabet “ph2eifo3n5utg1j8d94qrvbmk0sal76c” . Here is a snippet in C# that provides a decoder: public static string FromBase32String( string str) { string table = "ph2eifo3n5utg1j8d94qrvbmk0sal76c" ; int numBytes = str.Length * 5 / 8 ; byte [] bytes = new Byte[numBytes]; int bit_buffer; int currentCharIndex; int bits_in_buffer; if (str.Length < 3 ) { bytes[ 0 ] = ( byte )(table.IndexOf(str[ 0 ]) | table.IndexOf(str[ 1 ]) << 5 ); return System.Text.Encoding.UTF8.GetString(bytes); } bit_buffer = (table.IndexOf(str[ 0 ]) | table.IndexOf(str[ 1 ]) << 5 ); bits_in_buffer = 10 ; currentCharIndex = 2 ; for ( int i = 0 ; i < bytes.Length; i++) { bytes[i] = ( byte )bit_buffer; bit_buffer >>= 8 ; bits_in_buffer -= 8 ; while (bits_in_buffer < 8 && currentCharIndex < str.Length) { bit_buffer |= table.IndexOf(str[currentCharIndex++]) << bits_in_buffer; bits_in_buffer += 5 ; } } return System.Text.Encoding.UTF8.GetString(bytes); } When the malware encodes a domain using Method 2, it prepends the encrypted string with a double zero character: “00” . Following that, extracting a domain part of an encoded domain name (long form) is as simple as: static string get_domain_part( string s) { int i = s.IndexOf( ".appsync-api" ); if (i > 0 ) { s = s.Substring( 0 , i); if (s.Length > 16 ) { return s.Substring( 16 ); } } return "" ; } Once the domain part is extracted, the decoded domain name can be obtained by using Method 1 or Method 2, as explained above: if (domain.StartsWith( "00" )) { decoded = FromBase32String(domain.Substring( 2 )); } else { decoded = decode_domain(domain); } Decrypting the Victims’ Domain Names To see the decoder in action, let’s select 2 lists: List #1 Bambenek Consulting has provided a list of observed hostnames for the DGA domain. List #2 The second list has surfaced in a Paste bin paste , allegedly sourced from Zetalytics / Zonecruncher . NOTE: This list is fairly ‘noisy’, as it has non-decodable domain names. By feeding both lists to our decoder, we can now obtain a list of decoded domains, that could have been generated by the victims of the Sunburst backdoor. DISCLAIMER: It is not clear if the provided lists contain valid domain names that indeed belong to the victims. It is quite possible that the encoded domain names were produced by third-party tools, sandboxes, or by researchers that investigated and analysed the backdoor. The decoded domain names are provided purely as a reverse engineering exercise. The resulting list was manually processed to eliminate noise, and to exclude duplicate entries. Following that, we have made an attempt to map the obtained domain names to the company names, using Google search. Reader’s discretion is advised as such mappings could be inaccurate. Decoded Domain Mapping (Could Be Inaccurate) hgvc.com Hilton Grand Vacations Amerisaf AMERISAFE, Inc. kcpl.com Kansas City Power and Light Company SFBALLET San Francisco Ballet scif.com State Compensation Insurance Fund LOGOSTEC Logostec Ventilação Industrial ARYZTA.C ARYZTA Food Solutions bmrn.com BioMarin Pharmaceutical Inc. AHCCCS.S Arizona Health Care Cost Containment System nnge.org Next Generation Global Education cree.com Cree, Inc (semiconductor products) calsb.org The State Bar of California rbe.sk.ca Regina Public Schools cisco.com Cisco Systems pcsco.com Professional Computer Systems barrie.ca City of Barrie ripta.com Rhode Island Public Transit Authority uncity.dk UN City (Building in Denmark) bisco.int Boambee Industrial Supplies (Bisco) haifa.edu University of Haifa smsnet.pl SMSNET, Poland fcmat.org Fiscal Crisis and Management Assistance Team wiley.com Wiley (publishing) ciena.com Ciena (networking systems) belkin.com Belkin spsd.sk.ca Saskatoon Public Schools pqcorp.com PQ Corporation ftfcu.corp First Tech Federal Credit Union bop.com.pk The Bank of Punjab nvidia.com NVidia insead.org INSEAD (non-profit, private university) usd373.org Newton Public Schools agloan.ads American AgCredit pageaz.gov City of Page jarvis.lab Erich Jarvis Lab ch2news.tv Channel 2 (Israeli TV channel) bgeltd.com Bradford / Hammacher Remote Support Software dsh.ca.gov California Department of State Hospitals dotcomm.org Douglas Omaha Technology Commission sc.pima.gov Arizona Superior Court in Pima County itps.uk.net IT Professional Services, UK moncton.loc City of Moncton acmedctr.ad Alameda Health System csci-va.com Computer Systems Center Incorporated keyano.local Keyano College uis.kent.edu Kent State University alm.brand.dk Sydbank Group (Banking, Denmark) ironform.com Ironform (metal fabrication) corp.ncr.com NCR Corporation ap.serco.com Serco Asia Pacific int.sap.corp SAP mmhs-fla.org Cleveland Clinic Martin Health nswhealth.net NSW Health mixonhill.com Mixon Hill (intelligent transportation systems) bcofsa.com.ar Banco de Formosa ci.dublin.ca. Dublin, City in California siskiyous.edu College of the Siskiyous weioffice.com Walton Family Foundation ecobank.group Ecobank Group (Africa) corp.sana.com Sana Biotechnology med.ds.osd.mi US Gov Information System wz.hasbro.com Hasbro (Toy company) its.iastate.ed Iowa State University amr.corp.intel Intel cds.capilanou. Capilano University e-idsolutions. IDSolutions (video conferencing) helixwater.org Helix Water District detmir-group.r Detsky Mir (Russian children’s retailer) int.lukoil-int LUKOIL (Oil and gas company, Russia) ad.azarthritis Arizona Arthritis and Rheumatology Associates net.vestfor.dk Vestforbrænding allegronet.co. Allegronet (Cloud based services, Israel) us.deloitte.co Deloitte central.pima.g Pima County Government city.kingston. City of Kingston staff.technion Technion – Israel Institute of Technology airquality.org Sacramento Metropolitan Air Quality Management District phabahamas.org Public Hospitals Authority, Caribbean parametrix.com Parametrix (Engineering) ad.checkpoint. Check Point corp.riotinto. Rio Tinto (Mining company, Australia) intra.rakuten. Rakuten us.rwbaird.com Robert W. Baird & Co. (Financial services) ville.terrebonn Ville de Terrebonne woodruff-sawyer Woodruff-Sawyer & Co., Inc. fisherbartoninc Fisher Barton Group banccentral.com BancCentral Financial Services Corp. taylorfarms.com Taylor Fresh Foods neophotonics.co NeoPhotonics (optoelectronic devices) gloucesterva.ne Gloucester County magnoliaisd.loc Magnolia Independent School District zippertubing.co Zippertubing (Manufacturing) milledgeville.l Milledgeville (City in Georgia) digitalreachinc Digital Reach, Inc. deniz.denizbank DenizBank thoughtspot.int ThoughtSpot (Business intelligence) lufkintexas.net Lufkin (City in Texas) digitalsense.co Digital Sense (Cloud Services) wrbaustralia.ad W. R. Berkley Insurance Australia christieclinic. Christie Clinic Telehealth signaturebank.l Signature Bank dufferincounty. Dufferin County mountsinai.hosp Mount Sinai Hospital securview.local Securview Victory (Video Interface technology) weber-kunststof Weber Kunststoftechniek parentpay.local ParentPay (Cashless Payments) europapier.inte Europapier International AG molsoncoors.com Molson Coors Beverage Company fujitsugeneral. Fujitsu General cityofsacramento City of Sacramento ninewellshospita Ninewells Hospital fortsmithlibrary Fort Smith Public Library dokkenengineerin Dokken Engineering vantagedatacente Vantage Data Centers friendshipstateb Friendship State Bank clinicasierravis Clinica Sierra Vista ftsillapachecasi Apache Casino Hotel voceracommunicat Vocera (clinical communications) mutualofomahabanMutual of Omaha Bank Schedule a demo Related Articles Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read 5 Multi-Cloud Environments Cloud Security Mar 19, 2023 · 2 min read Convergence didn’t fail, compliance did. Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Eric Jeffery, AlgoSec’s regional solutions engineer, gives his view on the pivotal role of AppSec network engineers and how they can... Application Connectivity Management How AppSec Network Engineers Can Align Security with the Business Eric Jeffery 2 min read Eric Jeffery Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 7/13/22 Published Eric Jeffery, AlgoSec’s regional solutions engineer, gives his view on the pivotal role of AppSec network engineers and how they can positively impact the business It may surprise many people but the number one skills gap hampering today’s application security network engineers is primarily centred around the soft skills which includes communication, writing, presentation, team building and critical thinking. Why is this so important? Because first and foremost, their goal is to manage the organization’s security posture by deploying the best application security tools and technologies for the specific security and growth needs of the business. Keep things safe but don’t get in the way of revenue generation What an application security network engineer should not do is get in the way of developing new business-critical or revenue generating applications. At the same time, they need to understand that they have a leadership role to play in steering a safe and profitable course for the business. Starting with an in depth understanding of all wired traffic, AppSec network engineers need to know what applications are running on the network, how they communicate, who they communicate with and how to secure the traffic and connectivity flow associated with each one of them. An AppSec network engineer’s expertise should extend much more than mastering simple applications such as FTP and SSH. Rather, business traffic continuity should sit at the pinnacle of their responsibilities. There’s a lot of revenue generating traffic that they need to understand and put the right guardrails to protect it. However, equally as important, they need to make sure that the traffic is not hindered by outdated or irrelevant rules and policies, to avoid any negative financial impact on the organization. Layers of expertise beyond the OSI model A good starting point for any AppSec network engineer is to acquire a commanding knowledge of the seven layers of the OSI model, especially Layer 6 which covers Presentation. In practical terms, this means that they should have a thorough understanding of the network and transport layers – knowing what traffic is going across the network and why. It’s also helpful to have basic scripting knowledge and an understanding of simple scripts such as a cron job for scheduling tasks. It could also be useful to know some basic level programming like Perl and PHP. Beyond the network skills, AppSec network engineers should grasp the business vertical in which they operate. Once they gain an understanding of the business DNA and the applications that make it tick, then they can add real value to their organizations. What’s on the network vs. what should be on the network Should AppSec network engineers be expected to understand business and applications? Absolutely. With this level of skill and knowledge, they can help the business progress securely by corelating what is actually in the network environment versus what should be in the environment. Once they have clear understanding, they can clean up then environment and optimize network performance with enhanced security. This becomes more critical as organizations grow and develop, often allowing too much unnecessary traffic into the environment. Typically, this is how the scenario plays out: Applications are added or removed (decommissioned), or a new vendor or solution is brought on board and the firewall turns into a de facto router. The end result of such often leads to new vulnerabilities and too many unnecessary threat vectors. This is precisely where the aforementioned soft skills come in – an AppSec network engineer should be able to call out practices that don’t align with business goals. It’s also incumbent upon organizations to offer soft skills training to help their AppSec network engineers become more valuable to their teams. Need an application view to be effective in securing the business When firewalls become de facto routers, organizations end up relying on other areas for security. However, security needs to be aligned with the applications to prevent cyber attacks from getting onto the network and then from moving laterally across the network, should they manage to bypass the firewalls. All too often, east-west security is inadequate and therefore, AppSec network engineers need to look at network segmentation and application segmentation as part of a holistic network security strategy. The good news is that there are some great new technologies that can help with segmenting an internal network. The lesser good news is that there’s a danger in the thinking that by bolting on new tools, the problem will be solved. So often these tools are only partially deployed before the team moves onto the next “latest and the greatest” solution. When exploring new technologies, AppSec network engineers must ask themselves the following: Is there a matching use case for each solution? Will procurement of another tool lead to securing the environment or will it just be another useless “flavor of the month” tool? Irregardless, once the new technology solution is acquired, it is imperative to align the right skilful people with this technology to enable the organization to intelligently secure the whole environment before moving onto a new tool. To further hone this point, celebrating the introduction of a new firewall is superfluous if at the end of the day, it does not utilize the right rules and policies. Ushering some of these new technologies without proper deployment will only leave gaping holes and give organizations a false sense of security, exposing them to continuous risks. Don’t put the cloud native cart before the horse The role of an AppSec network engineer becomes even more critical when moving to the cloud. It starts with asking probing questions: What are the applications in the business and why are we moving them to the cloud? Is it for scalability, speed of access or to update a legacy system? Will the business benefit from the investment and the potential performance impact? It’s also important to consider the architecture in the cloud: Is it containerized, public cloud, private cloud or hybrid? Once you get definitive answers to these questions, create reference architectures and get senior level buy-in. Finally, think about the order in which the enterprise migrates applications to the cloud and maybe start with some non-critical applications that only affect a small number of locations or people before risking moving critical revenue generating applications. Don’t put the cart before the horse. DevSecOps: We should be working together; you can be sure the criminals are… Network application security is complicated enough without introducing internal squabbles over resources or sacrificing security for speed. Security teams and development teams need to work together and focus on what is best for your business. Again, this where the soft skills like teamwork, communications and project management come into play. The bottom line is this: Understand bad actors and prepare for the worst. The bad guys are just chomping at the bit, waiting for your organizations to make the next mistake. To beat them, DevSecOps teams must leverage all the resources they have available. Future promise or false sense of security? There are some exciting new technologies to look forward to in the horizon to help secure the application environment. Areas like quantum computing, machine learning, AI and blockchain show great promise in outfoxing the cyber criminals in the healthcare and financial services industries. It is expected that the AppSec network engineer will play a vital role in the viability of these new technologies. Yet, the right technology will still need to be applied to the right use case correctly and then fully deployed to in order see any effective results. The takeaway So much of the role of the AppSec network engineer is about taking a cold hard look at the goals of the business and asking some challenging questions. It all starts with “what’s right for the business?” rather than “what’s the latest technology we can get our hands on?” To be an effective AppSec network engineer, individuals should not only know the corporate network inside out, but they also must have an overall grasp of applications and the applicable business cases they support. Furthermore, collaboration with developers and operations (DevOps) becomes an agent for rapid deployment of revenue generating or mission critical applications. But it still goes back to the soft skills. To protect the business from taking needless security risks and demand a seat at the decision-making table, AppSec network engineers need to apply strong leadership, project management and communications skills To learn more on the importance of AppSec network engineers to your organization’s cybersecurity team, watch the following video Schedule a demo Related Articles Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read 5 Multi-Cloud Environments Cloud Security Mar 19, 2023 · 2 min read Convergence didn’t fail, compliance did. Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Jeremiah Cornelius, Technical Leader for Alliances and Partners at AlgoSec, explores the security capability native to VMware’s approach... Digital Transformation Intrinsic Transformation: VMware NSX-T and AlgoSec Go Beyond Virtualization Jeremiah Cornelius 2 min read Jeremiah Cornelius Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 7/8/21 Published Jeremiah Cornelius, Technical Leader for Alliances and Partners at AlgoSec, explores the security capability native to VMware’s approach for virtual networking with NSX-T. Intrinsic transformation NSX-T culminates VMware’s decade of development of these technologies, that better align than ever before with AlgoSec’s approach for software automation of micro-segmentation and compliant security operations management. It is the latest iteration of VMware’s approach to networking and security, derived from many years as a platform for operating virtual machines, and managing these as hosted “vApp” workloads. If you’re familiar with the main players in Software Defined Networking, then you may remember that NSX-T shares its origin in the same student research at Stanford University, which also gave rise to several other competing SDN offerings. One thing that differentiated VMware from other players was their strong focus on virtualization over traditional network equipment stacks. This meant in some cases, network connections, data-packets, forwarding, and endpoints all existing in software and no “copper wire” existing anywhere! Knowing about this difference is more than a bit of trivia — it explains how the NSX family was designed with security features built into the architecture, having native capability for software security controls such as firewall segmentation and packet inspection. Described by VMware as “Intrinsic Security,” these are NSX capabilities that first drove the widespread acceptance of practical micro-segmentation in the data center. Since that first introduction of NSX micro-segmentation, a transformation occurred in customer demands, which required an expansion of VMware’s universe to horizons beyond their hypervisor and virtual machines. As a key enabler for this expansion, NSX-T has emerged as a networking and security technology that extends from serverless micro-services and container frameworks to VMs hosted on many cloud architectures located in physical data centers or as tenants in public clouds. The current iteration is called the NSX-T Service-Defined Firewall, which controls access to applications and services along with business-focused policies. Leaders in our segments If you’ve followed this far along, then maybe you’ve recognized several common themes between AlgoSec’s Security Management Suite and VMware’s NSX-T. Among these are security operations management as software configuration, modeling connectivity on business uses versus technology conventions, and transforming security into an enabling function. It’s not a surprise then, to know that our companies are technology partners. In fact, we began our alliance with VMware back in 2015 as the uptake in NSX micro-segmentation began to reveal an increased need for visibility, planning, automation, and reporting — along with requirements for extending policy from NSX objects to attached physical security devices from a variety of vendors. The sophistication and flexibility of NSX enforcement capability were excellently matched by the AlgoSec strengths in identifying risk and maintaining compliance while sustaining a change management record of configurations from our combined workflow automation. Strength to strength Up until now, this is a rosy picture painted, with an emphasis on the upsides of the AlgoSec partnership with VMware NSX-T. In the real world, we find that many of our applications are not-so-well understood as to be ready for micro-segmentation. More often, the teams responsible for the availability and security of these applications are detached from the business intent and value, further making it difficult to assess and therefore address risks. The line between traditional-style infrastructure and modern services isn’t always as clearly defined, either — making the advantages possible by migration and transformation difficult to determine and potentially introducing their own risks. It is in these environments, with multiple technologies, different stakeholders, and operation teams with different scopes, that AlgoSec solves hard problems with better automation tools. Taking advantage of NSX-T means first being faced with multiple deployment types, including public and private clouds as well as on-prem infrastructure, multiple security vendors, unclear existing network flows, and missing associations between business applications and their existing controls. These are visibility issues that AlgoSec resolves by automating the discovery and mapping of business applications , including associated policies across different technologies, and producing visual, graphic analysis that includes risk assessment and impact of changes. This capability for full visibility leads directly to addressing the open issues for risk and compliance. After all, if these present challenges in discovering and identifying risk using existing technology solutions, then there’s a big gap to close on the way to transforming these. Since AlgoSec has addressed the visibility across these, identifying risk becomes uniform and manageable. AlgoSec can lower transformation risk with NSX-T while ensuring that risk and compliance management are maintained on an ongoing basis. Workflow for risk mitigation by NSX-T intrinsic security can be driven by AlgoSec policy automation, without recourse to multiple tools when these mitigations need to cross boundaries to third-party firewalls or cloud security controls. With this integrated policy automation, what were once point-in-time configurations can be enabled for discovery-based updates for internal standards and changes to regulatory mandates. The result of AlgoSec pairing with VMWare NSX-T is a simplified overall security architecture — one that more rapidly responds to emerging risk and requests for changes, accelerates the speed of operations while more closely aligning with business, and ensures both compliant configurations and compliant lifecycle operations. VMware NSX? Ask AlgoSec The AlgoSec integration with VMware NSX-T builds on our years of collaboration with earlier versions of the NSX platform, with a track record of solving the more difficult configuration management problems for leaders of principal industries around the globe. If you want to discover more about what AlgoSec does to enable and enrich our alliance solution with VMware , contact us! AlgoSec works directly with VMware and your trusted technology delivery partners, and we’re glad to share more with you. Schedule a personal demo to see how AlgoSec makes your transformation to VMware Intrinsic Security possible now. Schedule a demo Related Articles Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read 5 Multi-Cloud Environments Cloud Security Mar 19, 2023 · 2 min read Convergence didn’t fail, compliance did. Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

For your organization to implement robust security policies, it must have clear information on the security risks it is exposed to. An... Uncategorized How to Perform a Network Security Risk Assessment in 6 Steps Tsippi Dach 2 min read Tsippi Dach Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 1/18/24 Published For your organization to implement robust security policies, it must have clear information on the security risks it is exposed to. An effective IT security plan must take the organization’s unique set of systems and technologies into account. This helps security professionals decide where to deploy limited resources for improving security processes. Cybersecurity risk assessments provide clear, actionable data about the quality and success of the organization’s current security measures. They offer insight into the potential impact of security threats across the entire organization, giving security leaders the information they need to manage risk more effectively. Conducting a comprehensive cyber risk assessment can help you improve your organization’s security posture, address security-related production bottlenecks in business operations, and make sure security team budgets are wisely spent. This kind of assessment is also a vital step in the compliance process . Organizations must undergo information security risk assessments in order to meet regulatory requirements set by different authorities and frameworks, including: The Health Insurance Portability and Accountability Act (HIPAA), The International Organization for Standardization (ISO) The National Institute of Standards and Technology (NIST) Cybersecurity Framework The Payment Card Industry Data Security Standard (PCI DSS) General Data Protection Regulation (GDPR) What is a Security Risk Assessment? Your organization’s security risk assessment is a formal document that identifies, evaluates, and prioritizes cyber threats according to their potential impact on business operations. Categorizing threats this way allows cybersecurity leaders to manage the risk level associated with them in a proactive, strategic way. The assessment provides valuable data about vulnerabilities in business systems and the likelihood of cyber attacks against those systems. It also provides context into mitigation strategies for identified risks, which helps security leaders make informed decisions during the risk management process. For example, a security risk assessment may find that the organization needs to be more reliant on its firewalls and access control solutions . If a threat actor uses phishing or social engineering to bypass these defenses (or take control of them entirely), the entire organization could suffer a catastrophic data breach. In this case, the assessment may recommend investing in penetration testing and advanced incident response capabilities. Organizations that neglect to invest in network security risk assessments won’t know their weaknesses until after they are actively exploited. By the time hackers launch a ransomware attack, it’s too late to consider whether your antivirus systems are properly configured against malware. Who Should Perform Your Organization’s Cyber Risk Assessment? A dedicated internal team should take ownership over the risk assessment process . The process will require technical personnel with a deep understanding of the organization’s IT infrastructure. Executive stakeholders should also be involved because they understand how information flows in the context of the organization’s business logic, and can provide broad insight into its risk management strategy . Small businesses may not have the resources necessary to conduct a comprehensive risk analysis internally. While a variety of assessment tools and solutions are available on the market, partnering with a reputable managed security service provider is the best way to ensure an accurate outcome. Adhering to a consistent methodology is vital, and experienced vulnerability assessment professionals ensure the best results. How to Conduct a Network Security Risk Assessment 1. Develop a comprehensive asset map The first step is accurately mapping out your organization’s network assets. If you don’t have a clear idea of exactly what systems, tools, and applications the organization uses, you won’t be able to manage the risks associated with them. Keep in mind that human user accounts should be counted as assets as well. The Verizon 2023 Data Breach Investigation Report shows that the human element is involved in more than a quarter of all data breaches. The better you understand your organization’s human users and their privilege profiles, the more effectively you can protect them from potential threats and secure critical assets effectively. Ideally, all of your organization’s users should be assigned and managed through a centralized system. For Windows-based networks, Active Directory is usually the solution that comes to mind. Your organization may have a different system in place if it uses a different operating system. Also, don’t forget about information assets like trade secrets and intellectual property. Cybercriminals may target these assets in order to extort the organization. Your asset map should show you exactly where these critical assets are stored, and provide context into which users have permission to access them. Log and track every single asset in a central database that you can quickly access and easily update. Assign security value to each asset as you go and categorize them by access level . Here’s an example of how you might want to structure that categorization: Public data. This is data you’ve intentionally made available to the public. It includes web page content, marketing brochures, and any other information of no consequence in a data breach scenario. Confidential data. This data is not publicly available. If the organization shares it with third parties, it is only under a non-disclosure agreement. Sensitive technical or financial information may end up in this category. Internal use only. This term refers to data that is not allowed outside the company, even under non-disclosure terms. It might include employee pay structures, long-term strategy documents, or product research data. Intellectual property. Any trade secrets, issued patents, or copyrighted assets are intellectual property. The value of the organization depends in some way on this information remaining confidential. Compliance restricted data. This category includes any data that is protected by regulatory or legal obligations. For a HIPAA-compliant organization, that would include patient data, medical histories, and protected personal information. This database will be one of the most important security assessment tools you use throughout the next seven steps. 2. Identify security threats and vulnerabilities Once you have a comprehensive asset inventory, you can begin identifying risks and vulnerabilities for each asset. There are many different types of tests and risk assessment tools you can use for this step. Automating the process whenever possible is highly recommended, since it may otherwise become a lengthy and time-consuming manual task. Vulnerability scanning tools can automatically assess your network and applications for vulnerabilities associated with known threats. The scan’s results will tell you exactly what kinds of threats your information systems are susceptible to, and provide some information about how you can remediate them. Be aware that these scans can only determine your vulnerability to known threats. They won’t detect insider threats , zero-day vulnerabilities and some scanners may overlook security tool misconfigurations that attackers can take advantage of. You may also wish to conduct a security gap analysis. This will provide you with comprehensive information about how your current security program compares to an established standard like CMMC or PCI DSS. This won’t help protect against zero-day threats, but it can uncover information security management problems and misconfigurations that would otherwise go unnoticed. To take this step to the next level, you can conduct penetration testing against the systems and assets your organization uses. This will validate vulnerability scan and gap analysis data while potentially uncovering unknown vulnerabilities in the process. Pentesting replicates real attacks on your systems, providing deep insight into just how feasible those attacks may be from a threat actor’s perspective. When assessing the different risks your organization faces, try to answer the following questions: What is the most likely business outcome associated with this risk? Will the impact of this risk include permanent damage, like destroyed data? Would your organization be subject to fines for compliance violations associated with this risk? Could your organization face additional legal liabilities if someone exploited this risk? 3. Prioritize risks according to severity and likelihood Once you’ve conducted vulnerability scans and assessed the different risks that could impact your organization, you will be left with a long list of potential threats. This list will include more risks and hazards than you could possibly address all at once. The next step is to go through the list and prioritize each risk according to its potential impact and how likely it is to happen. If you implemented penetration testing in the previous step, you should have precise data on how likely certain attacks are to take place. Your team will tell you how many steps they took to compromise confidential data, which authentication systems they had to bypass, and what other security functionalities they disabled. Every additional step reduces the likelihood of a cybercriminal carrying out the attack successfully. If you do not implement penetration testing, you will have to conduct an audit to assess the likelihood of attackers exploiting your organization’s vulnerabilities. Industry-wide threat intelligence data can give you an idea of how frequent certain types of attacks are. During this step, you’ll have to balance the likelihood of exploitation with the severity of the potential impact for each risk. This will require research into the remediation costs associated with many cyberattacks. Remediation costs should include business impact – such as downtime, legal liabilities, and reputational damage – as well as the cost of paying employees to carry out remediation tasks. Assigning internal IT employees to remediation tasks implies the opportunity cost of diverting them from their usual responsibilities. The more completely you assess these costs, the more accurate your assessment will be. 4. Develop security controls in response to risks Now that you have a comprehensive overview of the risks your organization is exposed to, you can begin developing security controls to address them. These controls should provide visibility and functionality to your security processes, allowing you to prevent attackers from exploiting your information systems and detect them when they make an attempt. There are three main types of security control available to the typical organization: Physical controls prevent unauthorized access to sensitive locations and hardware assets. Security cameras, door locks, and live guards all contribute to physical security. These controls prevent external attacks from taking place on premises. Administrative controls are policies, practices, and workflows that secure business assets and provide visibility into workplace processes. These are vital for protecting against credential-based attacks and malicious insiders. Technical controls include purpose-built security tools like hardware firewalls, encrypted data storage solutions, and antivirus software. Depending on their configuration, these controls can address almost any type of threat. These categories have further sub-categories that describe how the control interacts with the threat it is protecting against. Most controls protect against more than one type of risk, and many controls will protect against different risks in different ways. Here are some of the functions of different controls that you should keep in mind: Detection-based controls trigger alerts when they discover unauthorized activity happening on the network. Intrusion detection systems (IDS) and security information and event management (SIEM) platforms are examples of detection-based solutions. When you configure one of these systems to detect a known risk, you are implementing a detection-based technical control. Prevention-based controls block unauthorized activity from taking place altogether. Authentication protocols and firewall rules are common examples of prevention-based security controls. When you update your organization’s password policy, you are implementing a prevention-based administrative control. Correction and compensation-based controls focus on remediating the effects of cyberattacks once they occur. Disaster recovery systems and business continuity solutions are examples. When you copy a backup database to an on-premises server, you are establishing physical compensation-based controls that will help you recover from potential threats. 5. Document the results and create a remediation plan Once you’ve assessed your organization’s exposure to different risks and developed security controls to address those risks, you are ready to condense them into a cohesive remediation plan . You will use the data you’ve gathered so far to justify the recommendations you make, so it’s a good idea to present that data visually. Consider creating a risk matrix to show how individual risks compare to one another based on their severity and likelihood. High-impact risks that have a high likelihood of occurring should draw more time and attention than risks that are either low-impact, unlikely, or both. Your remediation plan will document the steps that security teams will need to take when responding to each incident you describe. If multiple options exist for a particular vulnerability, you may add a cost/benefit analysis of multiple approaches. This should provide you with an accurate way to quantify the cost of certain cyberattacks and provide a comparative cost for implementing controls against that type of attack. Comparing the cost of remediation with the cost of implementing controls should show some obvious options for cybersecurity investment. It’s easy to make the case for securing against high-severity, high-likelihood attacks with high remediation costs and low control costs. Implementing security patches is an example of this kind of security control that costs very little but provides a great deal of value in this context. Depending on your organization’s security risk profile, you may uncover other opportunities to improve security quickly. You will probably also find opportunities that are more difficult or expensive to carry out. You will have to pitch these opportunities to stakeholders and make the case for their approval. 6. Implement recommendations and evaluate the effectiveness of your assessment Once you have approval to implement your recommendations, it’s time for action. Your security team can now assign each item in the remediation plan to the team member responsible and oversee their completion. Be sure to allow a realistic time frame for each step in the process to be completed – especially if your team is not actively executing every task on its own. You should also include steps for monitoring the effectiveness of their efforts and documenting the changes they make to your security posture. This will provide you with key performance metrics that you can compare with future network security assessments moving forward, and help you demonstrate the value of your remediation efforts overall. Once you have implemented the recommendations, you can monitor and optimize the performance of your information systems to ensure your security posture adapts to new threats as they emerge. Risk assessments are not static processes, and you should be prepared to conduct internal audits and simulate the impact of configuration changes on your current deployment. You may wish to repeat your risk evaluation and gap analysis step to find out how much your organization’s security posture has changed. You can use automated tools like AlgoSec to conduct configuration simulations and optimize the way your network responds to new and emerging threats. Investing time and energy into these tasks now will lessen the burden of your next network security risk assessment and make it easier for you to gain approval for the recommendations you make in the future. Schedule a demo Related Articles Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read 5 Multi-Cloud Environments Cloud Security Mar 19, 2023 · 2 min read Convergence didn’t fail, compliance did. Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Cloud threats are at an all-time high. But not only that, hackers are becoming more sophisticated with cutting-edge tools and new ways to... Cloud Security A Guide to Upskilling Your Cloud Architects & Security Teams in 2023 Rony Moshkovich 2 min read Rony Moshkovich Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 8/2/23 Published Cloud threats are at an all-time high. But not only that, hackers are becoming more sophisticated with cutting-edge tools and new ways to attack your systems. Cloud service providers can only do so much. So, most of the responsibility for securing your data and applications will still fall on you. This makes it critical to equip your organization’s cloud architects and security teams with the necessary skills that help them stay ahead of the evolving threat landscape. Although the core qualities of a cloud architect remain the same, upskilling requires them to learn emerging skills in strategy, leadership, operational, and technical areas. Doing this makes your cloud architects and security teams well-rounded to solve complex cloud issues and ensure the successful design of cloud security architecture. Here, we’ll outline the top skills for cloud architects. This can be a guide for upskilling your current security team and hiring new cloud security architects. But besides the emerging skills, what are the core responsibilities of a cloud security architect? Responsibilities of Cloud Security Architects A cloud security architect builds, designs, and deploys security systems and controls for cloud-based computing services and data storage systems. Their responsibilities will likely depend on your organization’s cloud security strategy. Here are some of them: 1. Plan and Manage the Organization’s Cloud Security Architecture and Strategy: Security architects must work with other security team members and employees to ensure the security architecture aligns with your organization’s strategic goals. 2. Select Appropriate Security Tools and Controls: Cloud security architects must understand the capabilities and limitations of cloud security tools and controls and contribute when selecting the appropriate ones. This includes existing enterprise tools with extensibility to cloud environments, cloud-native security controls, and third-party services. They are responsible for designing new security protocols whenever needed and testing them to ensure they work as expected. 3. Determine Areas of Deployments for Security Controls: After selecting the right tools, controls, and measures, architects must also determine where they should be deployed within the cloud security architecture. 4. Participating in Forensic Investigations: Security architects may also participate in digital forensics and incident response during and after events. These investigations can help determine how future incidents can be prevented. 5. Define Design Principles that Govern Cloud Security Decisions: Cloud security architects will outline design principles that will be used to make choices on the security tools and controls to be deployed, where, and from which sources or vendors. 6. Educating employees on data security best practices: Untrained employees can undo the efforts of cloud security architects. So, security architects must educate technical and non-technical employees on the importance of data security. This includes best practices for creating strong passwords, identifying social engineering attacks, and protecting sensitive information. Best Practices for Prioritizing Cloud Security Architecture Skills Like many other organizations, there’s a good chance your company has moved (or is in the process of moving) all or part of its resources to the cloud. This could either be a cloud-first or cloud-only strategy. As such, they must implement strong security measures that protect the enterprise from emerging threats and intrusions. Cloud security architecture is only one of many aspects of cloud security disciplines. And professionals specializing in this field must advance their skillset to make proper selections for security technologies, procedures, and the entire architecture. However, your cloud security architects cannot learn everything. So, you must prioritize and determine the skills that will help them become better architects and deliver effective security architectures for your organization. To do this, you may want to consider the demand and usage of the skill in your organization. Will upskilling them with these skills solve any key challenge or pain point in your organization? You can achieve this by identifying the native security tools key to business requirements, compliance adherence, and how cloud risks can be managed effectively. Additionally, you should consider the relevance of the skill to the current cloud security ecosystem. Can they apply this skill immediately? Does it make them better cloud security architects? Lastly, different cloud deployment (e.g., a public, private, edge, and distributed cloud) or cloud service models (e.g., Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS)) bring unique challenges that demand different skillsets. So, you must identify the necessary skills peculiar to each proposed project. Once you have all these figured out, here are some must-have skillsets for cloud security architects. Critical Skills for Cloud Security Architect Cloud security architects need several common skills, like knowledge of programming languages (.NET, PHP, Python, Java, Ruby, etc.), network integration with cloud services, and operating systems (Windows, macOS, and Linux). However, due to the evolving nature of cloud threats, more skills are required. Training your security teams and architects can have more advantages than onboarding new recruits. This is because existing teams are already familiar with your organization’s processes, culture, and values. However, whether you’re hiring new cloud security architects or upskilling your current workforce, here are the most valuable skills to look out for or learn. 1. Experience in cloud deployment models (IaaS, PaaS, and SaaS) It’s important to have cloud architects and security teams that integrate various security components in different cloud deployments for optimal results. They must understand the appropriate security capabilities and patterns for each deployment. This includes adapting to unique security requirements during deployment, combining cloud-native and third-party tools, and understanding the shared responsibility model between the CSP and your organization. 2. Knowledge of cloud security frameworks and standards Cloud security frameworks, standards, and methodologies provide a structured approach to security activities. Interpreting and applying these frameworks and standards is a critical skill for security architects. Some cloud security frameworks and standards include ISO 27001, ISAE 3402, CSA STAR, and CIS benchmarks. Familiarity with regional or industry-specific requirements like HIPAA, CCPA, and PCI DSS can ensure compliance with regulatory requirements. Best practices like the AWS Well-Architected Framework, Microsoft Cloud Security Benchmark, and Microsoft Cybersecurity Reference Architectures are also necessary skills. 3. Understanding of Native Cloud Security Tools and Where to Apply Them Although most CSPs have native tools that streamline your cloud security policies, understanding which tools your organization needs and where is a must-have skill. There are a few reasons why; it’s cost-effective, integrates seamlessly with the respective cloud platform, enhances management and configuration, and aligns with the CSP’s security updates. Still, not all native tools are necessary for your cloud architecture. As native security tools evolve, cloud architects must constantly be ahead by understanding their capabilities. 4. Knowledge of Cloud Identity and Access Management (IAM) Patterns IAM is essential for managing user access and permissions within the cloud environment. Familiarity with IAM patterns ensures proper security controls are in place. Note that popular cloud service providers, like Amazon Web Services, Microsoft Azure, and Google Cloud Platform, may have different processes for implementing IAM. However, the key principles of IAM policies remain. So, your cloud architects must understand how to define appropriate IAM measures for access controls, user identities, authentication techniques like multi-factor authentication (MFA) or single sign-on (SSO), and limiting data exfiltration risks in SaaS apps. 5. Proficiency with Cloud-Native Application Protection Platforms CNAPP is a cloud-native security model that combines the capabilities of Cloud Security Posture Management (CSPM), Cloud Workload Protection Platform (CWPP), and Cloud Service Network Security (CSNS) into a single platform. Cloud solutions like this simplify monitoring, detecting, and mitigating cloud security threats and vulnerabilities. As the nature of threats advances, using CNAPPs like Prevasio can provide comprehensive visibility and security of your cloud assets like Virtual Machines, containers, object storage, etc. CNAPPs enable cloud security architects to enhance risk prioritization by providing valuable insights into Kubernetes stack security configuration through improved assessments. 6. Aligning Your Cloud Security Architecture with Business Requirements It’s necessary to align your cloud security architecture with your business’s strategic goals. Every organization has unique requirements, and your risk tolerance levels will differ. When security architects are equipped to understand how to bridge security architecture and business requirements, they can ensure all security measures and control are calibrated to mitigate risks. This allows you to prioritize security controls, ensures optimal resource allocation, and improves compliance with industry-specific regulatory requirements. 7. Experience with Legacy Information Systems Although cloud adoption is increasing, many organizations have still not moved all their assets to the cloud. At some point, some of your on-premises legacy systems may need to be hosted in a cloud environment. However, legacy information systems’ architecture, technologies, and security mechanisms differ from modern cloud environments. This makes it important to have cloud security architects with experience working with legacy information systems. Their knowledge will help your organization solve any integration challenges when moving to the cloud. It will also help you avoid security vulnerabilities associated with legacy systems and ensure continuity and interoperability (such as data synchronization and maintaining data integrity) between these systems and cloud technologies. 8. Proficiency with Databases, Networks, and Database Management Systems (DBMS) Cloud security architects must also understand how databases and database management systems (DBMS) work. This knowledge allows them to design and implement the right measures that protect data stored within the cloud infrastructure. Proficiency with databases can also help them implement appropriate access controls and authentication measures for securing databases in the cloud. For example, they can enforce role-based access controls (RBAC) within the database environment. 9. Solid Understanding of Cloud DevOps DevOps is increasingly becoming more adopted than traditional software development processes. So, it’s necessary to help your cloud security architects embrace and support DevOps practices. This involves developing skills related to application and infrastructure delivery. They should familiarize themselves with tools that enable integration and automation throughout the software delivery lifecycle. Additionally, architects should understand agile development processes and actively work to ensure that security is seamlessly incorporated into the delivery process. Other crucial skills to consider include cloud risk management for enterprises, understanding business architecture, and approaches to container service security. Conclusion By upskilling your cloud security architects, you’re investing in their personal development and equipping them with skills to navigate the rapidly evolving cloud threat landscape. It allows them to stay ahead of emerging threats, align cloud security practices with your business requirements, and optimize cloud-native security tools. Cutting-edge solutions like Cloud-Native Application Protection Platforms (CNAPPs) are specifically designed to help your organization address the unique challenges of cloud deployments. With Prevasio, your security architects and teams are empowered with automation, application security, native integration, API security testing, and cloud-specific threat mitigation capabilities. Prevasio’s agentless CNAPP provides increased risk visibility and helps your cloud security architects implement best practices. Contact us now to learn more about how our platform can help scale your cloud security. Schedule a demo Related Articles Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read 5 Multi-Cloud Environments Cloud Security Mar 19, 2023 · 2 min read Convergence didn’t fail, compliance did. Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

A Comprehensive Cloud Security Checklist for Your Cloud Environment There’s a lot to consider when securing your cloud environment.... Cloud Security Cloud Security Checklist: Key Steps and Best Practices Rony Moshkovich 2 min read Rony Moshkovich Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 7/21/23 Published A Comprehensive Cloud Security Checklist for Your Cloud Environment There’s a lot to consider when securing your cloud environment. Threats range from malware to malicious attacks, and everything in between. With so many threats, a checklist of cloud security best practices will save you time. First we’ll get a grounding in the top cloud security risks and some key considerations. The Top 5 Security Risks in Cloud Computing Understanding the risks involved in cloud computing is a key first step. The top 5 security risks in cloud computing are: 1. Limited visibility Less visibility means less control. Less control could lead to unauthorized practices going unnoticed. 2. Malware Malware is malicious software, including viruses, ransomware, spyware, and others. 3. Data breaches Breaches can lead to financial losses due to regulatory fines and compensation. They may also cause reputational damage. 4. Data loss The consequences of data loss can be severe, especially it includes customer information. 5. Inadequate cloud security controls If cloud security measures aren’t comprehensive, they can leave you vulnerable to cyberattacks. Key Cloud Security Checklist Considerations 1. Managing User Access and Privileges Properly managing user access and privileges is a critical aspect of cloud infrastructure. Strong access controls mean only the right people can access sensitive data. 2. Preventing Unauthorized Access Implementing stringent security measures, such as firewalls, helps fortify your environment. 3. Encrypting Cloud-Based Data Assets Encryption ensures that data is unreadable to unauthorized parties. 4. Ensuring Compliance Compliance with industry regulations and data protection standards is crucial. 5. Preventing Data Loss Regularly backing up your data helps reduce the impact of unforeseen incidents. 6. Monitoring for Attacks Security monitoring tools can proactively identify suspicious activities, and respond quickly. Cloud Security Checklist Understand cloud security risks Establish a shared responsibility agreement with your cloud services provider (CSP) Establish cloud data protection policies Set identity and access management rules Set data-sharing restrictions Encrypt sensitive data Employ a comprehensive data backup and recovery plan Use malware protection Create an update and patching schedule Regularly assess cloud security Set up security monitoring and logging Adjust cloud security policies as new issues emerge Let’s take a look at these in more detail. Full Cloud Security Checklist 1. Understand Cloud Security Risks 1a. Identify Sensitive Information First, identify all your sensitive information. This data could range from customer information to patents, designs, and trade secrets. 1b. Understand Data Access and Sharing Use access control measures, like role-based access control (RBAC), to manage data access. You should also understand and control how data is shared. One idea is to use data loss prevention (DLP) tools to prevent unauthorized data transfers. 1c. Explore Shadow IT Shadow IT refers to using IT tools and services without your company’s approval. While these tools can be more productive or convenient, they can pose security risks. 2. Establish a Shared Responsibility Agreement with Your Cloud Service Provider (CSP) Understanding the shared responsibility model in cloud security is essential. There are various models – IaaS, PaaS, or SaaS. Common CSPs include Microsoft Azure and AWS. 2a. Establish Visibility and Control It’s important to establish strong visibility into your operations and endpoints. This includes understanding user activities, resource usage, and security events. Using security tools gives you a centralized view of your secure cloud environment. You can even enable real-time monitoring and prompt responses to suspicious activities. Cloud Access Security Brokers (CASBs) or cloud-native security tools can be useful here. 2b. Ensure Compliance Compliance with relevant laws and regulations is fundamental. This could range from data protection laws to industry-specific regulations. 2c. Incident Management Despite your best efforts, security incidents can still occur. Having an incident response plan is a key element in managing the impact of any security events. This plan should tell team members how to respond to an incident. 3. Establish Cloud Data Protection Policies Create clear policies around data protection in the cloud . These should cover areas such as data classification, encryption, and access control. These policies should align with your organizational objectives and comply with relevant regulations. 3a. Data Classification You should categorize data based on its sensitivity and potential impact if breached. Typical classifications include public, internal, confidential, and restricted data. 3b. Data Encryption Encryption protects your data in the cloud and on-premises. It involves converting your data so it can only be read by those who possess the decryption key. Your policy should mandate the use of strong encryption for sensitive data. 3c. Access Control Each user should only have the access necessary to perform their job function and no more. Policies should include password policies and changes of workloads. 4. Set Identity and Access Management Rules 4a. User Identity Management Identity and Access Management tools ensure only the right people access your data. Using IAM rules is critical to controlling who has access to your cloud resources. These rules should be regularly updated. 4b. 2-Factor and Multi-Factor Authentication Two-factor authentication (2FA) and multi-factor authentication (MFA) are useful tools. You reduce the risk by implementing 2FA or MFA, even if a password is compromised. 5. Set Data Sharing Restrictions 5a. Define Data Sharing Policies Define clear data-sharing permissions. These policies should align with the principles of least privilege and need-to-know basis. 5b. Implement Data Loss Prevention (DLP) Measures Data Loss Prevention (DLP) tools can help enforce data-sharing policies. These tools monitor and control data movements in your cloud environment. 5c. Audit and Review Data Sharing Activities Regularly review and audit your data-sharing activities to ensure compliance. Audits help identify any inappropriate data sharing and provide insights for improvement. 6. Encrypt Sensitive Data Data encryption plays a pivotal role in safeguarding your sensitive information. It involves converting your data into a coded form that can only be read after it’s been decrypted. 6a. Protect Data at Rest This involves transforming data into a scrambled form while it’s in storage. It ensures that even if your storage is compromised, the data remains unintelligible. 6b. Data Encryption in Transit This ensures that your sensitive data remains secure while it’s being moved. This could be across the internet, over a network, or between components in a system. 6c. Key Management Managing your encryption keys is just as important as encrypting the data itself. Keys should be stored securely and rotated regularly. Additionally, consider using hardware security modules (HSMs) for key storage. 6d. Choose Strong Encryption Algorithms The strength of your encryption depends significantly on the algorithms you use. Choose well-established encryption algorithms. Advanced Encryption Standard (AES) or RSA are solid algorithms. 7. Employ a Comprehensive Data Backup and Recovery Plan 7a. Establish a Regular Backup Schedule Install a regular backup schedule that fits your organization’s needs . The frequency of backups may depend on how often your data changes. 7b. Choose Suitable Backup Methods You can choose from backup methods such as snapshots, replication, or traditional backups. Each method has its own benefits and limitations. 7c. Implement a Data Recovery Strategy In addition to backing up your data, you need a solid strategy for restoring that data if a loss occurs. This includes determining recovery objectives. 7d. Test Your Backup and Recovery Plan Regular testing is crucial to ensuring your backup and recovery plan works. Test different scenarios, such as recovering a single file or a whole system. 7e. Secure Your Backups Backups can become cybercriminals’ targets, so they also need to be secured. This includes using encryption to protect backup data and implementing access controls. 8. Use Malware Protection Implementing robust malware protection measures is pivotal in data security. It’s important to maintain up-to-date malware protection and routinely scan your systems. 8a. Deploy Antimalware Software Deploy antimalware software across your cloud environment. This software can detect, quarantine, and eliminate malware threats. Ensure the software you select can protect against a wide range of malware. 8b. Regularly Update Malware Definitions Anti-malware relies on malware definitions. However, cybercriminals continuously create new malware variants, so these definitions become outdated quickly. Ensure your software is set to automatically update. 8c. Conduct Regular Malware Scans Schedule regular malware scans to identify and mitigate threats promptly. This includes full system scans and real-time scanning. 8d. Implement a Malware Response Plan Develop a comprehensive malware response plan to ensure you can address any threats. Train your staff on this plan to respond efficiently during a malware attack. 8e. Monitor for Anomalous Activity Continuously monitor your systems for any anomalous activity. Early detection can significantly reduce the potential damage caused by malware. 9. Create an Update and Patching Schedule 9a. Develop a Regular Patching Schedule Develop a consistent schedule for applying patches and updates to your cloud applications. For high-risk vulnerabilities, consider implementing patches as soon as they become available. 9b. Maintain an Inventory of Software and Systems You need an accurate inventory of all software and systems to manage updates and patches. This inventory should include the system version, last update, and any known vulnerabilities. 9c. Automation Where Possible Automating the patching process can help ensure that updates are applied consistently. Many cloud service providers offer tools or services that can automate patch management. 9d. Test Patches Before Deployment Test updates in a controlled environment to ensure work as intended. This is especially important for patches to critical systems. 9e. Stay Informed About New Vulnerabilities and Patches Keep abreast of new vulnerabilities and patches related to your software and systems. Being aware of the latest threats and solutions can help you respond faster. 9f. Update Security Tools and Configurations Don’t forget to update your cloud security tools and configurations regularly. As your cloud environment evolves, your security needs may change. 10. Regularly Assess Cloud Security 10a. Set up cloud security assessments and audits Establish a consistent schedule for conducting cybersecurity assessments and security audits. Audits are necessary to confirm that your security responsibilities align with your policies. These should examine configurations, security controls, data protection and incident response plans. 10b. Conduct Penetration Testing Penetration testing is a proactive approach to identifying vulnerabilities in your cloud environment. These are designed to uncover potential weaknesses before malicious actors do. 10c. Perform Risk Assessments These assessments should cover a variety of technical, procedural, and human risks. Use risk assessment results to prioritize your security efforts. 10d. Address Assessment Findings After conducting an assessment or audit, review the findings and take appropriate action. It’s essential to communicate any changes effectively to all relevant personnel. 10f. Maintain Documentation Keep thorough documentation of each assessment or audit. Include the scope, process, findings, and actions taken in response. 11. Set Up Security Monitoring and Logging 11a. Intrusion Detection Establish intrusion detection systems (IDS) to monitor your cloud environment. IDSs operate by recognizing patterns or anomalies that could indicate unauthorized intrusions. 11b. Network Firewall Firewalls are key components of network security. They serve as a barrier between secure internal network traffic and external networks. 11c. Security Logging Implement extensive security logging across your cloud environment. Logs record the events that occur within your systems. 11d. Automate Security Alerts Consider automating security alerts based on triggering events or anomalies in your logs. Automated alerts can ensure that your security team responds promptly. 11e. Implement Information Security and Event Management (SIEM) System A Security Information and Event Management (SIEM) system can your cloud data. It can help identify patterns, security breaches, and generate alerts. It will give a holistic view of your security posture. 11f. Regular Review and Maintenance Regularly review your monitoring and logging practices to ensure they remain effective. as your cloud environment and the threat landscape evolve. 12. Adjust Cloud Security Policies as New Issues Emerge 12a. Regular Policy Reviews Establish a schedule for regular review of your cloud security policies. Regular inspections allow for timely updates to keep your policies effective and relevant. 12b. Reactive Policy Adjustments In response to emerging threats or incidents, it may be necessary to adjust on an as-needed basis. Reactive adjustments can help you respond to changes in the risk environment. 12c. Proactive Policy Adjustments Proactive policy adjustments involve anticipating future changes and modifying your policies accordingly. 12d. Stakeholder Engagement Engage relevant stakeholders in the policy review and adjustment process. This can include IT staff, security personnel, management, and even end-users. Different perspectives can provide valuable insights. 12e. Training and Communication It’s essential to communicate changes whenever you adjust your cloud security policies. Provide training if necessary to ensure everyone understands the updated policies. 12f. Documentation and Compliance Document any policy adjustments and ensure they are in line with regulatory requirements. Updated documentation can serve as a reference for future reviews and adjustments. Use a Cloud Security Checklist to Protect Your Data Today Cloud security is a process, and using a checklist can help manage risks. Companies like Prevasio specialize in managing cloud security risks and misconfigurations, providing protection and ensuring compliance. Secure your cloud environment today and keep your data protected against threats. Schedule a demo Related Articles Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read 5 Multi-Cloud Environments Cloud Security Mar 19, 2023 · 2 min read Convergence didn’t fail, compliance did. Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

In this guest blog, Jeff Yager from IT Central Station describes how AlgoSec is perceived by real users and shares how the solution meets... Security Policy Management Taking Control of Network Security Policy Jeff Yeger 2 min read Jeff Yeger Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 8/30/21 Published In this guest blog, Jeff Yager from IT Central Station describes how AlgoSec is perceived by real users and shares how the solution meets their expectations for visibility and monitoring. Business-driven visibility A network and security engineer at a comms service provider agreed, saying, “ The complete and end-to-end visibility and analysis [AlgoSec] provides of the policy rule base is invaluable and saves countless time and effort .” On a related front, according to Srdjan, a senior technical and integration designer at a major retailer, AlgoSec provides a much easier way to process first call resolutions (FCRs) and get visibility into traffic. He said, “With previous vendors, we had to guess what was going on with our traffic and we were not able to act accordingly. Now, we have all sorts of analyses and reports. This makes our decision process, firewall cleanup, and troubleshooting much easier.” Organizations large and small find it imperative to align security with their business processes. AlgoSec provides unified visibility of security across public clouds, software-defined and on-premises networks, including business applications and their connectivity flows. For Mark G., an IT security manager at a sports company, the solution handles rule-based analysis . He said, “AlgoSec provides great unified visibility into all policy packages in one place. We are tracking insecure changes and getting better visibility into network security environment – either on-prem, cloud or mixed.” Notifications are what stood out to Mustafa K., a network security engineer at a financial services firm. He is now easily able to track changes in policies with AlgoSec , noting that “with every change, it automatically sends an email to the IT audit team and increases our visibility of changes in every policy.” Security policy and network analysis AlgoSec’s Firewall Analyzer delivers visibility and analysis of security policies, and enables users to discover, identify, and map business applications across their entire hybrid network by instantly visualizing the entire security topology – in the cloud, on-premises, and everything in between. “It is definitely helpful to see the details of duplicate rules on the firewall,” said Shubham S., a senior technical consultant at a tech services company. He gets a lot of visibility from Firewall Analyzer. As he explained, “ It can define the connectivity and routing . The solution provides us with full visibility into the risk involved in firewall change requests.” A user at a retailer with more than 500 firewalls required automation and reported that “ this was the best product in terms of the flexibility and visibility that we needed to manage [the firewalls] across different regions . We can modify policy according to our maintenance schedule and time zones.” A network & collaboration engineer at a financial services firm likewise added that “ we now have more visibility into our firewall and security environment using a single pane of glass. We have a better audit of what our network and security engineers are doing on each device and are now able to see how much we are compliant with our baseline.” Arieh S., a director of information security operations at a multinational manufacturing company, also used Tufin, but prefers AlgoSec, which “ provides us better visibility for high-risk firewall rules and ease of use.” “If you are looking for a tool that will provide you clear visibility into all the changes in your network and help people prepare well with compliance, then AlgoSec is the tool for you,” stated Miracle C., a security analyst at a security firm. He added, “Don’t think twice; AlgoSec is the tool for any company that wants clear analysis into their network and policy management.” Monitoring and alerts Other IT Central Station members enjoy AlgoSec’s monitoring and alerts features. Sulochana E., a senior systems engineer at an IT firm, said, “ [AlgoSec] provides real-time monitoring , or at least close to real time. I think that is important. I also like its way of organizing. It is pretty clear. I also like their reporting structure – the way we can use AlgoSec to clear a rule base, like covering and hiding rules.” For example, if one of his customers is concerned about different standards , like ISO or PZI levels, they can all do the same compliance from AlgoSec. He added, “We can even track the change monitoring and mitigate their risks with it. You can customize the workflows based on their environment. I find those features interesting in AlgoSec.” AlgoSec helps in terms of firewall monitoring. That was the use case that mattered for Alberto S., a senior networking engineer at a manufacturing company. He said, “ Automatic alerts are sent to the security team so we can react quicker in case something goes wrong or a threat is detected going through the firewall. This is made possible using the simple reports.” Sulochana E. concluded by adding that “AlgoSec has helped to simplify the job of security engineers because you can always monitor your risks and know that your particular configurations are up-to-date, so it reduces the effort of the security engineers.” To learn more about what IT Central Station members think about AlgoSec, visit our reviews page . To schedule your personal AlgoSec demo or speak to an AlgoSec security expert, click here . Schedule a demo Related Articles Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read 5 Multi-Cloud Environments Cloud Security Mar 19, 2023 · 2 min read Convergence didn’t fail, compliance did. Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call