Security is leaving the data center and moving to the edge

Help Net Security | March 18, 2020

The traditional network security model, in which traffic is routed through the data center for inspection and policy enforcement, is for all intents and purposes obsolete. A 2019 study by research firm Gartner found that “more users, devices, applications, services and data are located outside of an enterprise than inside. Driven by the adoption of multi-cloud infrastructure and applications, mobility and distributed workforces, the focal point for security has shifted to users and devices. As a result, the current data center-centric approach to network security is struggling to support a load it was not designed to bear. This outdated architecture is impacting productivity and the user experience, while increasing networking costs since more and more circuits and APIs are needed to move traffic in and out of the corporate network. Meanwhile, implementing various security functions on remote devices requires a complex and difficult-to-manage mix of endpoint software agents.

Spotlight

Companies of all types are pursuing digital transformation. The goal is to improve customer value, operate with greater efficiency and agility, and increase innovation. But as companies leverage new cloud and DevOps workflows to build their digital business, security has not kept pace. As infrastructure becomes more permeable t


Other News
SOFTWARE SECURITY

GTT Launches Secure Connect to Enhance Enterprise Cloud Security

GTT | March 23, 2022

GTT Communications, Inc., a leading global cloud networking provider to multinational clients, has announced its new Secure Connect offering to extend and strengthen the protection of the enterprise network connecting to the internet and accessed by users from any location. The new service is based on the SASE framework and integrates with GTT Managed SD-WAN. GTT Secure Connect leverages a single cloud platform for agile and ubiquitous delivery of network security, offering a range of features that include CASB (Cloud Access Security Broker), SWG (Secure Web Gateway), ZTNA (Zero Trust Network Access) and FWaaS (Firewall as a Service) capabilities. GTT Secure Connect addresses the growing requirement for secure access to enterprise resources in an environment characterized by the widespread use of digital technologies, broad adoption of cloud applications and a remote workforce. GTT Secure Connect utilizes a cloud delivery model that provides centralized policy control at a site and user level for improved scalability and extends the security perimeter to any network endpoint. Additionally, the integration of security with the functionality of GTT Managed SD-WAN improves performance and simplifies network management. The comprehensive SASE-based feature set can be tailored to meet individual enterprise requirements for anti-virus, firewall and anti-malware protections, more effective blocking of malicious sites, augmented cloud security monitoring, and prevention of unauthorized access to network resources in a work-from-anywhere model. With GTT Secure Connect, network access is based on user, device and application identity — rather than the physical location or IP address — enabling seamless and secure networking between users, private, SaaS and public clouds, and the enterprise data center. “In an enterprise environment where digital business and the use of cloud applications has become more critical, coupled with the challenge of supporting a hybrid workforce and an intensifying cyber-threat landscape, customers are demanding network integrated security solutions that are comprehensive with an improved user experience. GTT Secure Connect has been designed to meet these customer requirements, leveraging our industry-leading SD-WAN capability combined with state-of-the-art, cloud-based security technologies, delivering a more effective and efficient solution that provides next-generation connectivity and protection managed all in one place.” Don MacNeil, GTT COO According to industry research firm Omdia, only 15 percent of enterprises globally have a fully developed approach to cybersecurity and digital risk. Further research by the firm shows that when SD-WAN is combined with security, enterprises report an extra boost in perceived value over just SD-WAN. “Omdia finds securing networks a consistent area of enterprise concern and investment. Enterprise network transformation needs to address the complexity of securing internet VPNs, cloud applications and a remote workforce,” said Cindy Whelan, practice leader, enterprise network services at Omdia. “GTT’s new Secure Connect brings together network and security, supported by professional services, to help enterprises with their security and performance needs in a period of rapid digital transformation and an intensifying cyber-threat landscape.” The underlying technology platform of GTT Secure Connect is Prisma® Access provided by Palo Alto Networks, an industry leader in global cybersecurity. GTT Secure Connect integrates Prisma Access with GTT’s software-defined networking solutions and global Tier 1 IP network. GTT Secure Connect is complemented by GTT Professional Services, which offers the technical expertise and operational experience to support the complete solution from initial design to installation and ongoing service management. This includes project management, technical management and incident management support. Through EtherVision, GTT’s unified customer management portal, GTT Secure Connect provides customers with the insights and control they need to operate their network and manage their security environment. About GTT GTT provides secure global connectivity, improving network performance and agility for your people, places, applications and clouds. We operate a global Tier 1 internet network and provide a comprehensive suite of cloud networking and managed solutions that utilize advanced software-defined networking and security technologies. We serve thousands of businesses with a portfolio that includes SD-WAN and other WAN services, internet, security and voice services. Our customers benefit from a customer-first service experience underpinned by our commitment to operational excellence.

Read More

PLATFORM SECURITY

Palo Alto Networks Achieves FedRAMP Authorization for IoT Security Solution

Palo Alto Networks | April 22, 2022

Palo Alto Networks , the global cybersecurity leader, today announced that its IoT Security solution has achieved Federal Risk and Authorization Management Program (FedRAMP) Moderate Authorization. The company's sponsoring agency is the United States Department of Veterans Affairs (VA). U.S. federal agencies are increasingly focused on adopting a Zero Trust architecture to ensure their IoT devices meet federal security compliance requirements. With this authorization, Palo Alto Networks IoT Security can help federal agencies protect their unmanaged IoT devices with ML-powered visibility, threat prevention and Zero Trust enforcement with a single platform. "As cyberattacks become more frequent and sophisticated, the IoT Security solution helps automate Zero Trust security with quick, accurate discovery and best-in-class protection. We are committed to protecting the U.S. government and its federal agencies from all security threats with reliable solutions." Dana Barnes, senior vice president of Public Sector, Palo Alto Networks Digital transformation across all industries is driving massive growth in the use of IoT devices. Palo Alto Networks Unit 42 IoT Threat Report found that 30% of all devices on enterprise networks fall in the IoT category. Unfortunately, IoT devices and their inherent vulnerabilities are often overlooked, which can lead to enterprise-wide exposure to unseen cyber risk. Federal officials have adopted several provisions in recent years to increase overall protection and awareness of IoT device security vulnerabilities, including the Internet of Things Cybersecurity Improvement Act and the National Institute of Standards and Technology's (NIST) IoT Device Cybersecurity Guidance for the Federal Government. The IoT Security solution's Moderate Authorization extends the offerings Palo Alto Networks provides its U.S. government customers. This authorization adds to the portfolio of other authorized products already being deployed today. The IoT Security solution helps U.S. agencies leverage their current Palo Alto Networks Next-Generation Firewalls (NGFWs) to secure all unmanaged IoT devices at scale. Some of the key benefits for government agencies include: Quick and accurate discovery and insights into all devices, even those never seen before Best-in-class protection with behavior analysis to detect risk, compliance, and anomalous activity, and prevention of known and unknown threats Automated Zero Trust security with automated discovery, least-privileged access policies, and 1-click enforcement Workflow automation across existing IT and security solutions and simplified agentless and sensorless deployment About Palo Alto Networks Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world's greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before.

Read More

PLATFORM SECURITY

Cloudflare Completes Acquisition of Area 1 Security

Cloudflare | April 04, 2022

Cloudflare, Inc. , the security, performance, and reliability company helping to build a better Internet, today announced it has completed its acquisition of Area 1 Security. Email is both one of the largest cloud applications for any business, and the biggest security threats that organizations of all sizes face. Yet legacy email security solutions are often expensive, overly complex, and disjointed from an organization’s holistic security strategy. Further, malicious phishing and business email compromise campaigns are incredibly costly—with U.S. businesses losing more than $2.4 billion a year according to data from the FBI’s Internet Crime Complaint Center 2021 Internet Crime Report. With the acquisition of Area 1 Security, Cloudflare will provide organizations an easy way to block phishing, malware, business email compromise and other advanced threats as part of an integrated, Zero Trust approach to securing all of their organizations’ applications. “Cloudflare's mission is to help build a better Internet, and we've invested heavily in building the world's most powerful cloud network to deliver a faster, safer, and more reliable Internet for our users. Now we're officially able to welcome the Area 1 team to Cloudflare and enhance our ability to secure the number one place where security threats come from, email. To us, Zero Trust security without email built in is worth nearly zero. By bringing email security and Zero Trust together with Area 1 Security, we believe that we will give customers the most complete Zero Trust security platform available." Matthew Prince, co-founder & CEO of Cloudflare Area 1 Security’s cloud native platform, which works seamlessly with any email offering, stops phishing and other advanced email attacks by preemptively discovering and eliminating them before they can inflict damage in a corporate environment. By combining Area 1 Security’s highly scalable technology and years of experience in email protection with Cloudflare’s global network, the two companies will provide a holistic Zero Trust solution that customers can enable through Cloudflare’s global network. Area 1 Security’s email security capabilities will be available for purchase for all enterprise plan customers today, and will be available to customers on all other paid plans in the months to come. "Cloudflare delivers one of the world’s leading Zero Trust networks, and we're excited about what we'll be able to build together for our customers and channel partners," said Patrick Sweeney, CEO and President of Area 1 Security. "By joining forces, Area 1’s technology and Cloudflare's global network will give customers the most complete Zero Trust security platform available, inclusive of securing the most critical of today’s business applications – your email." About Cloudflare Cloudflare, Inc. is on a mission to help build a better Internet. Cloudflare’s suite of products protect and accelerate any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare have all web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks. Cloudflare was named to Entrepreneur Magazine’s Top Company Cultures 2018 list and ranked among the World’s Most Innovative Companies by Fast Company in 2019. Headquartered in San Francisco, CA, Cloudflare has offices in Austin, TX, Champaign, IL, New York, NY, San Jose, CA, Seattle, WA, Washington, D.C., Toronto, Lisbon, London, Munich, Paris, Beijing, Singapore, Sydney, and Tokyo.

Read More

PLATFORM SECURITY

Veracode Research Reveals Software Supply Chain Security Shortfalls for Public Sector

Veracode | March 30, 2022

Veracode, a leading global provider of application security testing solutions, has released new findings that show the public sector has the highest proportion of security flaws in its applications and maintains some of the lowest and slowest fix rates compared to other industry sectors. Analysis of data collected from 20 million scans across half a million applications revealed these sector-specific findings as part of Veracode’s annual report on the State of Software Security (SOSS). "Public sector policy makers and leaders recognize that dated technology and vast troves of sensitive data make government applications a prime target for malicious actors. That’s why the White House and Congress are working together to update regulations governing cybersecurity compliance. In the wake of May 2021's Executive Order to improve the nation's cybersecurity and protect federal government networks, the U.S. Office of Management and Budget, Department of Defense and the White House have issued four memos addressing the need to adopt zero trust cybersecurity principles and strengthen the security of the software supply chain. Our research confirms this need.” Chris Eng, Chief Research Officer at Veracode No Time to Waste: Fix More Flaws Faster Veracode’s research found that compared to other industries, the public sector has the highest proportion of applications with security flaws, at 82 percent. When it comes to how quickly organizations fix flaws once detected, the public sector posts the slowest times on average—roughly two times slower than other sectors. The research also revealed that 60 percent of flaws in third-party libraries in the public sector remain unfixed after two years, which is double that of other sectors and lags the cross-industry average by more than 15 months. Finally, with only a 22 percent fix rate overall, the public sector is challenged to keep software supply chain attacks from impacting critical state, local, and educational applications. Eng continued, “Organizations in this sector must act with urgency. They can improve their secure DevOps practices significantly by using multiple types of scanning—static, dynamic, and software composition analysis—to get a more complete picture of an application’s security, which in turn will help them to improve remediation times, comply with industry regulations, and make the case for increasing application security budgets.” High Severity Flaws Are Priority One Demonstrating a positive trend, the public sector ranks highly when it comes to addressing high severity flaws. The research reveals that government entities have made great strides to address high severity flaws, which appear in only 16 percent of applications. In fact, the number of high severity flaws has decreased by 30 percent in the last year alone, suggesting that developers in the sector increasingly recognize the importance of prioritizing flaws that present the greatest risks. This is encouraging and may reflect growing understanding of new software security guidelines, such as those outlined in the U.S. Executive Order on Cybersecurity and the U.K. Government Cyber Security Strategy 2022 – 2030. Eng closed, "Recognizing that time is of the essence, public sector leaders are beginning to set timelines. For example, in “Moving the US Government Toward Zero Trust Cybersecurity Principles”, Shalanda Young has set a deadline of September 30, 2024 for all US federal agencies to meet specific cybersecurity standards. We think that the progress made against high security flaws is a great starting point and support all public sector agencies who seek to gain better control over their software supply chains." About the State of Software Security Report The twelfth volume of Veracode’s annual report on the State of Software Security (SOSS) examines historical trends shaping the software landscape and how security practices are evolving along with those trends. This year’s findings are based on the full historical data available from Veracode services and customers and represent a cross-section of large and mid-sized companies, commercial software suppliers, and open-source projects. The report contains findings about applications that were subjected to static analysis, dynamic analysis, software composition analysis, and/or manual penetration testing through Veracode’s cloud-based platform. About Veracode Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities.

Read More

Spotlight

Companies of all types are pursuing digital transformation. The goal is to improve customer value, operate with greater efficiency and agility, and increase innovation. But as companies leverage new cloud and DevOps workflows to build their digital business, security has not kept pace. As infrastructure becomes more permeable t

Resources