portsys Archives - Security IT Summit | Forum Events Ltd
Posts Tagged :

portsys

Just one crack – That’s all a hacker needs…

960 640 Guest Post

By Michael Oldham, CEO of PortSys, Inc.

Just one crack. That’s all a hacker needs to find to cripple your organization. Here are three essential steps to take to stop that crack from blowing your infrastructure wide open for bad actors:

Multi-factor authentication (MFA) that includes device validation, certificate checks, Geo IP intelligence and other security policies makes it much harder for hackers to get inside your infrastructure by stealing, guessing or buying credentials.

Close ports across your legacy infrastructure that you opened for cloud, web services, Shadow IT and other applications. This will minimize your exposure to hackers through the internet. Every open port – such as VPN, RDP, MDM, Web Servers, cloud services or infrastructure – is another point of attack hackers gleefully exploit.

A single crack in just one port increases your exposure dramatically.  And your IT team already fights a losing battle trying to manage, maintain, patch and install updates for all those security solutions for those open ports. Closing ports to better secure your organization has a real, direct, significant, long-lasting business benefit.

Segmentation of resources limits the damage anyone can do inside your infrastructure in the event you are breached. Everyone is committed to keeping hackers out, but the truth is they still get in, or you may even be a victim of an insider attack.

Segmentation prevents bad actors from pivoting once they are inside to gain access to other parts of your infrastructure, where they can steal or lock up data. With segmentation, those compartmentalized resources aren’t accessible without proper authentication.

Another benefit of segmentation is that it doesn’t have to just be at the network level. Segmentation can be done at the resource level through intelligent policies that provide access to resources only under specific circumstances.

These three steps help prevent just one crack – or several – that puts your infrastructure at risk to ensure much greater security across your enterprise. And that’s good for any business.

Michael Oldham is CEO of PortSys, Inc., whose Total Access Control (TAC) Zero Trust solution is used by enterprise organizations around the world to secure their infrastructure.

‘Simplicity is the ultimate sophistication’ for Access Control

960 640 Guest Post

By Tim Boivin (pictured), Marketing Director, PortSys

Leonardo DaVinci’s philosophy in the headline has never rung so true as it does today in IT – especially when we’re talking about providing users secure access in our perimeterless world.

If your access approach is wrong, your risk of being hacked ramps up exponentially. Counterintuitively, installing more security solutions can make access less – not more – secure. Each different access solution, each port opened to the outside world, increases your attack surface.

That’s where a Zero Trust Access Control approach helps paint your own sophisticated, yet simple, security masterpiece. For instance, Total Access Control (TAC) offers single sign-on to a central portal that gives users seamless, secure access to resources they need to do their jobs – and only those resources.

With TAC, you can inspect every connection to evaluate a user’s full context – including robust endpoint inspection, credentials verification, device validation, location of the user and more – prior to granting access to any resources, local or cloud. In addition, each connection to each resource through TAC must first pass the security policies you set – and not those set by some third party such as a cloud provider – before that access is granted.

With TAC’s microsegmentation, users are granted access only to the specific resources they are authorized to access, effectively making users captive within the application resources – rather than gaining access to your entire network infrastructure. Each resource can also have its own rules for access – an advanced level of microsegmentation that allows for variable or even partial secure access to resources, based on the user’s context of access for each request.

TAC makes the lives of end users and administrators alike much simpler, so they can focus on doing their jobs instead of trying to remember what password works where for which application. Along the way, your security becomes much more sophisticated in its ability to close the gaps across your infrastructure and keep hackers out.

That’s an IT security masterpiece Leonardo DaVinci would be proud to paint.

To learn more about TAC, watch our video.

5 Minutes With… PortSys CEO Michael Oldham

960 640 Stuart O'Brien

For the latest instalment of our cybersecurity executive interview series we spoke to Michael Oldham, CEO of PortSys, where he works on access control solutions across many industries, including finance, government, defense, utilities, healthcare, education, non-governmental organizations (NGOs), construction, retail, and other market segments where secure access to enterprise information is vital

Tell us about your company, products and services.

PortSys is a global Zero Trust Access Control company.  Total Access Control (TAC), our Zero Trust solution, allows organizations to consolidate their access infrastructure, make it easier for their end users, dramatically improve security, reduce costs, and empower their businesses.

What have been the biggest challenges the IT security industry has faced over the past 12 months?

Complexity, complacency and lack of funding. Over the years we’ve tackled security challenges in the same ways over and over again: a problem comes up, some smart people create a solution for that problem, and we implement it in our datacenters.  Recently these issues have exploded with cloud-based offerings of IaaS, PaaS, SaaS – Everything as a Service, essentially. And we just can’t keep up on the security front.

Complexity hasn’t been any one person’s or team’s fault; but over the last three or four decades we created a Frankenstructure – an incredibly complex infrastructure monster that we have lost control of. The more technologies we bring in, the more prohibitively expensive it gets to own them and keep them up to date. Too many products from too many different vendors, all of which don’t work together, creates a massive amount of security chaos across the enterprise, giving hackers too many cracks in your armor to exploit.

In addition, it’s not a matter of if you get hacked – it’s a matter of when. That’s why being complacent, staying with what you already have while hackers continue to evolve their tactics, is a recipe for failure. Most organizations still rely on a castle-and-moat defense, an outdated approach that wasn’t designed to protect us in today’s perimeterless world.

When hackers breach a perimeter (and don’t fool yourself, they will), it’s game over. Once inside, they can pivot and attack – stealing data, compromising accounts, installing ransomware, or just laying in wait for the right time to spring into action. Most organizations don’t see it coming.

It’s not solely the fault of IT – long-term, short-sighted budget neglect by the C-suite is often at the root of these security lapses. It’s hard to pivot from what we’ve done in the past to what we need to do for future threats without adequate financial resources. Yet IT security is still often seen as a cost center. We need to become more than just a line-item expense to successfully protect – and grow – our organizations.

And what have been the biggest opportunities?

We can have a direct impact on how our organizations operate and create a competitive advantage as well. IT security was always a boat anchor that dragged down innovation, particularly around mobility. Today we have technologies that make accessing information  – from anywhere, on any device – easier and far more secure than ever. So employees, suppliers, business partners and volunteers can be more productive than ever.

The emergence of these relatively recent innovations accelerated as practically the entire world migrated to a remote work environment during the pandemic. These security technologies possess an often hidden – or at least little understood – superpower when it comes to digital transformation. With certain solutions, using Zero Trust principles of security, we can now gain a seat at the table when the big strategic decisions are being made: we can actually empower new strategies that ensure the long-term success of our organizations by improving productivity and protecting access to the crown jewels more securely than ever.

What is the biggest priority for the IT security industry in 2022?

Cleaning up the mess of the past three or four decades. There must be a strategic imperative to consolidate the dizzying array of technologies out there, shrink our attack surface, and empower the business for the long haul. With Zero Trust, we now have the right security approach not only to protect our organizations in today’s perimeterless world, but also to reduce costs and grow the business.

What are the main trends you are expecting to see in the market in 2022?

First, reduce supply chain risks. The Solar Winds attack placed a harsh spotlight on the inadequate controls that are in place across our technology supply chain.

Supply chain attacks are just another method the opportunistic hackers have launched, just another way to get inside our infrastructure where protections are few or non-existent. Once inside, they will wreak havoc, so it is critically important to stop their ability to access our resources and applications, and to create segmentation within our infrastructure to prevent any lateral movement.

The other trend will be to reduce the complexity of our security infrastructure. We have to more robustly secure our proprietary information and resources, and yet be nimble in doing so. Zero Trust has been talked about for years, but confusion about what it actually is and a lack of understanding, caused by overhyped marketing, slowed adoption. That marketing haze is starting to lift as organizations gain a better understanding of how a technology like Zero Trust Access Control helps ensure long-term success.

In 2025 we’ll all be talking about…?

The risks associated with multi-tenant cloud environments. It was inevitable that we would see a breach of a major cloud service that would impact many customers in a single attack, even in the security realm. The recent breaches in Okta and Microsoft cloud services are evidence of that. But  while significant, these breaches will not be the last. Over the next few years we will see more of these and IT security will rise in importance on the list of priorities by affected and concerned customers of these large multi-tenant providers. These services are incredibly tempting to criminal elements because organizations have started to put all their security assets into one cloud basket. Just imagine if they are able to get valid credentials and a convenient sign-in method to thousands of organizations, how much would that be worth? It’s too tempting of a target and it will be exploited in both the cyber and physical worlds.

What’s the most surprising thing you’ve learnt about the IT security sector?

How at risk most organizations are, and how many people just don’t see or  acknowledge and address those risks. They are too focused on the details to see the bigger picture.  They are too focused on just trying to keep up with all the security products they already have in place. They don’t have time to think outside of the box they’ve created.

What’s the most exciting thing about your job?

It’s different every day. I love talking with customers about how our technology improved their business. There are so many unique digital ecosystems out there that every day we learn of another way that we help organizations to stay more secure and more productive.

And what’s the most challenging?

Rising above the noise in the market. There are so many different marketing messages related to Zero Trust that it’s human nature to just tune everyone out. That’s why it’s so important to engage with folks on the front lines and at the decision-making level to make sure they understand which approach works best for their unique needs.

What’s the best piece of advice you’ve ever been given?

Never cheat on your taxes and always watch the money!

Succession or Stranger Things?

Stranger Things for sure! It’s more fun for me to see a bunch of people working together to fight unexpected challenges than to watch a group of people fighting with each other for their own benefit.