Blogs

Our ideas, experiences, and opinions… in words.

The  Future of Authentication: Going password less

By Blogs

Embrace FIDO for a Password-Free World

You know what we all hate? I mean, really hate? Passwords.

There are too many of them, they are hard to remember, and if you are like me, you are also probably losing them all the time. What if we tell you there is a way to get rid of passwords without compromising security? In fact, a way that improves both usability and security simultaneously. That would be nice, is’nt? The technology that makes this possible is called Fast Identity Online, or FIDO in short.

What is FIDO?

FIDO is a set of security specifications designed to eliminate the need for passwords by replacing them with passkeys. This initiative began in 2013 through the efforts of the FIDO Alliance, an industry consortium that developed the standard. Today, over 250+ Organizations are part of this alliance, integrating FIDO standards to enhance their security frameworks. The FIDO Alliance is changing the nature of authentication with open standards for phishing-resistant sign-ins with passkeys that are more secure than passwords and SMS OTPs, simpler for consumers and employees to use, and easier for service providers to deploy and manage. The Alliance also provides standards for secure device onboarding to ensure the security and efficiency of connected devices operating in cloud and IoT environments. There are already a few password less methods that you might have seen 

  • Biometric authentication
  • Magic links
  • SMS/Email One-Time Password (OTP)
  • Push notifications

But most of these methods are not secure enough to replace a password + Multi-Factor Authentication (MFA) combination.

The Evolution: FIDO2
The latest advancement, FIDO2, brings two critical components to the forefront: hardware-based authentication and extensive web browser support. With FIDO2, users can authenticate using biometrics or hardware tokens, such as smartphones, which serve as a physical authenticator. This means you can unlock your phone with your face or fingerprint and use it to securely access various services. FIDO2’s web browser support expands its usability across different platforms, making passwordless authentication more accessible than ever.

How Does FIDO Work?
To understand how FIDO works, let’s dive into some cryptographic principles. Cryptography is essential for secure communication and comes in two main forms: symmetric and asymmetric.
Symmetric Cryptography: In symmetric cryptography, the same key is used for both encryption and decryption. Both parties need to know the key, which can be a security risk if the key is exposed.
Asymmetric Cryptography: Asymmetric cryptography uses a pair of keys: a public key and a private key. Messages encrypted with the public key can only be decrypted with the private key, and vice versa. This ensures that even if the public key is shared, the private key remains secure.

FIDO Authentication Flow

  1. Registration:
    • During registration, the user’s device generates a pair of cryptographic keys: a public key and a private key.
    • The private key remains on the user’s device, secured by biometrics or another strong authentication method.
    • The public key is sent to the web server, which stores it in its database.

    2. Authentication:

      • When the user attempts to log in, they provide their username to the web server.
      • The server retrieves the corresponding public key and generates a unique challenge—a piece of data that the user’s device must respond to.
      • The challenge is encrypted with the public key and sent to the user’s device.
      • The user’s device decrypts the challenge using the private key, verifies it, and sends a response back to the server.
      • The server then decrypts the response with the public key. If the challenge matches, the user is authenticated.

      Advantages of FIDO

      • Enhanced Security: FIDO’s use of asymmetric cryptography ensures that even if a public key is exposed, the private key remains secure on the user’s device, drastically reducing the risk of unauthorized access.
      • Phishing Resistance: Since there are no passwords to steal, phishing attacks become significantly less effective. Attackers cannot trick users into revealing passkeys because the authentication process does not involve any sharable secrets.
      • Replay Attack Resistance: FIDO’s challenge-response mechanism ensures each authentication attempt is unique and cannot be reused by attackers.
      • User Convenience: Users no longer need to remember or manage passwords. Authentication relies on cryptographic keys that are automatically generated and managed by their devices.

      Industry Adoption and Support
      Major tech giants like Microsoft, Google, Apple and 150+ more like these have adopted FIDO2, integrating it into their platforms to provide secure, passwordless authentication using passkeys. This widespread adoption signals a strong industry shift towards more secure and user-friendly authentication methods.

      So Why Passkeys when compared with passwords

      • Discoverable (browse can autofill, don’t need to remember)
      • Phishing resistant
      • Remote attack resistant
      • Breach resistant
      • Not reusable
      • Not shareable
      • Easier to maintain

      Looking Ahead: A Password-Free Future

      FIDO represents a revolutionary step in the evolution of digital security. By leveraging the power of cryptography and the convenience of biometrics and hardware-based authentication, FIDO not only eliminates the need for passwords but also enhances security and user experience. As more organizations adopt FIDO, we are moving closer to a future where logins are seamless, secure, and free from the hassles of passwords. This is not just the future of authentication—it is the present, and it’s transforming how we think about security.

      Lets embrace the change and look forward to a world where the stress of managing passwords is a thing of the past. Welcome to the era of FIDO.

      Check on our previous blogs here

      The Imperative of Continuous Zero Trust > Adapting Security for the Ever-Growing Threat Landscape 

      By Blogs, ZTNA

      Despite Zero Trust buzz being around for years now, it is only since 2021 the security landscape is experiencing a major surge in Zero Trust adoptions. The Initial focus was centered on raising awareness, clearly that there is now an ongoing shift towards product and production deployments. Cited in a recent PWC report “2024 Digital Trust Insights: Middle East findings”, still a significant portion of respondents in middle east and across the world are prioritizing Zero Trust implementations within their organizations top priorities. 

      For decades, the cybersecurity landscape relied on building “castle walls” approach – fortifying perimeters, zones, domains and trusting inside. But with the rise of sophisticated cyber threats, cloud adoption, remote work, increasingly collapsed, or do I say spread across perimeter with more and more integrations to ICT environments combined with weak insider factors this strategy has become vulnerable. This is where Zero Trust emerges as a paradigm shift. 

      Zero Trust is the term for an evolving set of cybersecurity paradigm that move defenses from static, network-based perimeters to focus on users, identities, assets, and resources. “Moving security away from the perimeter approach and towards an integrated security architecture approach focusing on data, applications, entity and services protection will be critical to achieving the Zero Trust vision”. It is not a one-time implementation; it is a holistic security philosophy, security framework that requires ongoing vigilance and continuous adaptation to effectively mitigate risks. Unlike traditional perimeter-based security models, which rely on the assumption of trust within the network, zero trust approach assumes that threats could be both external and internal, and it requires continuous authentication & authorization for every user, device, resource, request, and application attempting to access resources, regardless of their location. It operates under the core principle of “never trust, always verify”. This ideally means a 360 degree always on approach to security and data centricity. Access to resources is continuously validated, authenticated and authorized based on multiple factors such as user identity, device health, behavior, risk score and contextual information. It emphasizes that every user, device, or workload connected to or need to access organization’s resources should never be trusted, should always be regularly verified, and should be granted least-privilege access to perform its job. 

      To summarize, at the core level Zero Trust security model operates on key principles applied on to what is called pillars or ‘the key focus areas.   

      Foundational elements- The Principles 

      • Assumes a Hostile Environment 
      • Presume Breach  
      • Never Trust, Always Verify 
      • Scrutinize Explicitly  
      • Apply Unified Analytics  

      Foundational elements- The Pillars  

      • Data 
      • Users 
      • Devices 
      • Identities 
      • Environment/ Network 
      • Applications and workloads  
      • Automation & Orchestration 
      • Visibility & Analytics  

      For Organizations in this journey, a re-engineered security model with Zero Trust for access to resources implements dynamic policy controls. These are tightly combined with observable state of user and the endpoint identity, application, service and the requesting asset with its behavioral and environmental attributes. Confidence levels are correlated from multiple attributes (identity, location, time, device security posture, context, etc.) of that authentication & authorization request. 

      Continuous Zero Trust tightly implements data centricity, multi-factor authentication, conditional access, micro-segmentation, encryption, endpoint security, automation, analytics, and robust auditing to data, applications, assets, services, entities, which are also fundamental to modern cybersecurity practices. It starts with data centric security identifying sensitive data and resources as foundation. The more organizations know where their most sensitive data exists, who can access to it, and what they are doing with it, the more effective the defenses can be. By enforcing the principle of least privilege, organizations limit access rights for users and applications to only what is necessary for their specific roles and responsibilities. This minimizes the potential impact of a security breach and reduces the attack surface. Furthermore, micro-segmentation divides the network into smaller, isolated segments, effectively containing any potential threats and preventing lateral movement. However, implementing these principles in a static manner is insufficient. Continuous Zero Trust approach must ensure that access rights, segmentation policies and containment, automated actions are dynamically adjusted based on real-time context, such as user behavior, device posture, confidence sore and threat intelligence.  By continuously monitoring user entity, behavior, device health, network traffic, and system logs, systems can identify suspicious activities and anomalies indicative of potential security breaches. This proactive approach allows security teams to respond swiftly, mitigating the impact of cyberattacks and minimizing downtime. 

      As AI capabilities advance rapidly, we will continue to see growing sophistication in AI-powered attacks, ranging from deepfake social engineering to adaptive malware crafted to evade detection. However, fully integrated Continuous Zero Trust implementations, enhanced by AI capabilities, offer a robust defense against these threats. 

      Though a Zero Trust security model is most effective when implemented across the organizational digital ecosystem, most organizations do apply this in their cybersecurity implementations to identity & authentication, firewalls, endpoints but stop before their applications. This is because the existing solution claim “Zero Trust” yet do not follow the “verify first, then allow” model for application workloads or it is not fully integrated into the Zero Trust eco system. Integrating vendor suites of products is critical to this journey and will assist in reducing cost and risk to the organization. Also the absence of standardization in the industry makes it difficult for organization in measuring their Zero Trust implementation effectiveness. Organizations can take a phased but continuous approach based on their current cybersecurity maturity, available resources, and business objectives. It is imperative to consider each investment carefully and align them with the present business needs and the vision. 

      <<BLOGS>>

      Security Best Practices to Protect Against Insider Threats

      By Blogs, Security Best Practices

      Its not the technology controls alone nor the sophistication of controls that one have implemented can protect an organization entirely from malicious insiders.
      It requires a combination of technical, procedural, and cultural measures to effectively defend against malicious insiders. Whether they are of intentional or ignorant type.
      An insider or a malicious insider threat can be of many forms – current or former employees, contractors, or business partners who misuse their access and privileges to harm the organization, or a trusted API connection to a third-party which is being exploited under the hood. So lets note what are some effective ways for an organization to protect itself from insider threats: “malicious and ignorant”. Below are the few Security Best Practices to Protect Against Insider Threats:

      Employee Screening
      Conduct thorough background checks on all employees before hiring, especially for positions with access to sensitive data or systems.

      Increase employees cybersecurity awareness, Continuous training.
      With negligence as one of the primary causes of insider security incidents, prioritizing employee cybersecurity education becomes imperative. It’s essential to ensure that your employees fully understand your security policies, the importance of adhering to them, and the potential consequences of non-compliance. Equally vital is equipping your employees with fundamental skills to recognize and respond to potential threats. Educate employees about security policies, acceptable use, and the consequences of insider threats. Promote a culture of security and encourage employees to report suspicious activity without fear of reprisal.

      User Access Control/ Zero trust approach
      Least Privilege Principle: Limit user access to only what is necessary for their roles. Regularly review and update permissions as job roles change.

      Multi-Factor Authentication (MFA)

      Implement MFA for critical systems and sensitive data to make it harder for insiders to compromise accounts.

      Good password policy
      Your organization’s sensitive data and systems are protected from attackers by an effective password policy. Internal company accounts of employees may be compromised, allowing unauthorized access to confidential data. Creating a thorough password policy is crucial to reducing this risk.
      Insiders must adhere to specific rules outlined in a password management policy. These instructions can advise using different passwords for every account, coming up with complicated passwords, and changing passwords frequently. Additionally, without disclosing the credentials, you can give employees access to the endpoints of your company by using password management software.

      Monitoring privileged users activity
      Privileged users within your network present heightened risks compared to regular users due to their elevated access rights. Therefore, it is crucial to give their actions special attention. By closely monitoring privileged users, you significantly increase your ability to detect early indications of privileged account compromise or misuse of privileges.

      Continuously Monitor the activity of employees behavior
      Consider implementing user activity monitoring tools that enable real-time visibility into user sessions. By accessing and observing user sessions that involve interaction with your sensitive data and systems, you can significantly enhance the security of these valuable assets. Continuous monitoring can help you ensure early detection and timely response to suspicious user behavior. To effectively safeguard your assets, consider monitoring the activities of your employees and vendors within your infrastructure is must.

      Ensure data security, Data Loss Prevention (DLP)
      Protecting your valuable data is of utmost importance when managing insider risks. Encryption is the tried and true security practice that effectively safeguards your data from unauthorized access. Securing your data also involves performing full, differential, and incremental backups. By doing so, you can safeguard your valuable information and minimize the risk of data loss. Ensuring quick restoration of business operations is crucial in the event of physical or digital data damage. Regular backups are the key to achieving this. Deploy DLP solutions to monitor and prevent unauthorized data transfers or access to sensitive information. Encrypt sensitive data at rest and in transit always.

      Control access to systems and data
      To mitigate insider risks, controlling access to systems and data within your organization is essential. Implementing a zero-trust architecture adds an additional layer of protection. This approach requires approval or user identity verification before granting access to critical assets. The principle of least privilege can also be employed, whereby each user is granted the minimum level of access rights required, with privileges elevated only when necessary. Combine this with conditional access measures like that of enforcing geo fencing, enterprise mobile management with containerized security for organizational data, etc.

      Regularly review user access rights
      User access reviews involve determining which individuals have access to specific data or systems and assessing whether they need such access for their job roles. Regular user access reviews guarantee that existing access permissions align with the organization’s current business and security requirements.

      Perform regular security and IT compliance audits
      By conducting regular audits, you can evaluate the effectiveness of your existing security measures and pinpoint any deficiencies in your security policies. Audits provide valuable insights into areas that require improvement, allowing you to mitigate insider risks and ensure compliance with cybersecurity standards, laws, and regulations.

      Incident Response Plan
      Develop a comprehensive incident response plan that includes procedures for handling insider threats. Test the plan regularly through tabletop exercises and simulations.

      Exit Procedures
      Implement strict exit procedures to revoke access immediately when an employee leaves the organization. Conduct exit interviews to ensure all assets are returned and access credentials are disabled.

      Whistleblower Programs
      Establish anonymous reporting channels for employees to report suspicious activity. Ensure that reports are taken seriously and investigated promptly.

      Physical Security
      Limit physical access to critical infrastructure and sensitive areas. Use security cameras and access control systems to monitor and control physical access.

      Vendor and Third-Party Risk Management
      Extend security policies to third-party vendors and partners who have access to your systems or data. Verify their security practices and conduct regular audits.

      Legal Measures
      Develop legal agreements and contracts that explicitly outline the consequences of insider threats and unauthorized data access.

      Remember that while technical controls are essential, a strong security culture and continuous employee education are very crucial in mitigating the risks associated with malicious insiders. It’s important to strike a balance between security and trust to maintain a healthy work environment while safeguarding the organization’s assets.

      Effective Cyber Defense Strategies for Enterprises against Social Engineering Attacks – Part1

      By Blogs, Cyber Defense Strategies

      Digital transformation, digital technology usage from what it was to how it is being adopted today by enterprises, and individuals are an almost essential commodity. New applications in this mobile-first cloud-first era are exposing individuals, and organizations to potential cyber security vulnerabilities that can be exploited through social engineering attacks without much of sophistication.

      Social engineering attacks are real and are considered major threats to organizations of every size. They are of manipulation techniques that exploit human error to gain access to something sensitive. They employ deception, manipulation, intimidation, etc to exploit the human element, or users, of target information assets in the cyber context. Generally, these attacks are successful because individuals may be persuaded to take an action by strong incentives like money, sentiment, fame, or fear, as well as by simple deceit. These attacks pose a serious threat to cybersecurity because users can still be tricked into revealing their credentials or executing a malicious action for an attacker regardless of how robust the technical security infrastructure is. There have been many major incidents in the industry notably – Target, Yahoo, Zoom, RSA, Marriott, Twilio, and so on breaches where social engineering was employed to successfully exploit. Eventually leading to a major business impact.

      Here are a few major techniques and types that can come under social engineering attacks – Phishing, Spear Phishing, Whaling, Vishing, Smishing, BEC, DSD, Angular Phishing, Baiting, Quid Pro Quo, Impersonating, Shoulder Surfing, Eavesdropping, Desk Sniffing, Dumpster Diving, Pharming, Tailgating, Credential Harvesting, Water Hole Attacking, URL Hijacking/ TypoSqating, Pretexting, Popup Windows, Reverse Social Engg, Weaponized QRCodeing, Robocalls, Deep fakes, Supply chain attacks.

      Countering social engineering attacks through solely by using technology is not an adequate solution for any organization or individual. To defend, the security approach for the human factor is to improve security through awareness and practice. At the organizational level, a methodical approach to continuously identifying, train vulnerable employees can significantly reduce cybersecurity social engineering threats. This involves continuous assessment of the workforce’s security awareness, maintaining efficient means of communication – regarding the latest threats, and attack tactics in addition to routine system updates, and the underlying appropriate security infrastructure.

      Social Engineering attack defense measures 1

      Organizations must adopt a continuous approach to people, processes, and technology with their Information security program. It necessitates a must training, awareness, and strict policy control programs that is made relevant in every aspect of the organization along with applicable technology controls and the infrastructure making it a PEOPLE, PROCESS, TECHNOLOGY aspect.

      In simple summary – employee & user awareness, multi-factor authentication, monitoring the user & entity behavior, strict identity and access controls, patching, data classification, and leak protection, and zero-trust network access(ZTNA) are a few must-have essential strategies. Organizations must implement these strategies through a proactive, continuous approach for better protection against social engineering attacks.

      What to choose?  Vulnerability assessment or Penetration testing?

      By Blogs

      As Organizations become more distributed and connected they are exposed to a lot of cyber threats.  On the other hand, cyber threats continue to grow and evolve in frequency, vector, and complexity. The evolving tools, tactics, and procedures used by threat actors to breach organizations can only be defended by up-to-date proactive security measures and continuous improvement practices in place.  

      The majority of attacks originate from a range of automated offensive tools to scan the target organization/entity for unpatched vulnerabilities, common misconfigurations, obsolete systems, weak known credentials, expired certifications, etc.  Whether the organization is being specifically targeted or just a target of an indiscriminate attack both vulnerability assessments and penetration testing play a curtail role in the proactive identification of vulnerabilities thereby helping in enhancing the organizational cyber defense, and risk management measures.

      Both vulnerability assessments and Penetration testing are considered proactive security testing and auditing practices in cyber security; they are often interchangeably used but they are two different approaches with related processes.

      Vulnerability Assessment is a systematic review of security weaknesses in a system; in other words, it is the process of identifying, quantifying, and prioritizing the vulnerabilities in a system.

      Mostly for known vulnerabilities. VA tools are generally designed to automatically scan for new and existing threats that can target your system. There are four major stages in vulnerability assessments.

      –       Vulnerability Identification 

      –       Vulnerability Analysis 

      –       Risk Assessment 

      –       Remediation 

      A Good vulnerability report should contain at least the details of the target, description and severity of each uncovered vulnerability with timestamps. 

      Penetration Testing is an exercise to exploit vulnerabilities in the system. It is used to determine whether a detected vulnerability is genuine o. Although there are automated tools that can be launched to exploit a vulnerability, it is done mostly manually by experts also known as – White hat hackers/ ethical hackers. The main purpose of Pentest is to simulate an attack on identified vulnerabilities and exploit them; thereby prioritizing the actions to validate and mitigate confirmed security weaknesses in the system. One can say Pentest is a form of simulated hacking. Generally, the pentesting assignments are categorized based on the level of information and access given to the target 

      –     White-box pentesting: Penetration testers are given internal knowledge of the target system- the connectivity information, architecture documentation, source code, sometimes system credentials to identify, analyze, and exploit the potential weakness in the target system. It is the most time-consuming but also considered the comprehensive type among the other options of penetration testing. 

      –     Gray-box pentesting: In a Gray-box pentesting, some level of access details to the target system and internal knowledge is given. It is to create a more realistic attack simulation where the attacker has gained already some level of knowledge and information about the controls of the target system. 

      –     Black-box pentesting: In a black-box pentesting, other than that of what is already publicly available/published data, the tester is not given internal knowledge of the target system. A black-box pentesting exploits the vulnerabilities from outside the network. It is the quickest of all, the downside is that if it is not exploited, any vulnerabilities of internal services remain uncovered.

      Vulnerability AssessmentPenetration Testing 
      – Automated 
      – Does not validate false positives 
      – Programmed scans
      – Non-intrusive 
      – Manual
      – Rules out false positives 
      – Applies Tailored, intuitive tactics
      – Intrusive 
      GoalUncover known vulnerabilitiesUncover and exploit identified vulnerabilities
      ScopeBroad Focused
      OutcomeList of vulnerabilities with priority for fixing.Safely exploit the vulnerability, Establish attack methodology, and Remediation measures. 

      The choice of whether to do vulnerability assessment or penetration testing depends really on the criticality of the business and the risk. Vulnerability assessment scan is to find the vulnerabilities of a system and prioritize them for fixing. Whereas, the idea of penetration testing is to identify if an adversary can break into the organization’s defense and the related risk, and exposure. 

      Both are essential elements of a properly planned organization’s cyber security program.

      Remote workforce security essentials for a secure work from home, anywhere approach

      By Blogs

      There is this joke that surfaced among tech circles- “ Who leads the digital transformation of your organization” (A) CTO (B) CEO (C) Covid 19. And the answer being marked as (C) Covid 19.

      Whether It is a large enterprise or a small one, The COVID-19 has pushed every one of us with limited InPerson interactions, imposed lockdowns, and also has disrupted the conventional approaches of doing business. As a consequence, many businesses have rolled out work from home. The forced change, otherwise not so common has also undisputedly accelerated overall digital adaption like (1) Cloud adoption (2) Collaboration (3) Connectivity (4) Leading to sensitive data flow across personal devices and home networks, implicating new areas of security concerns and risks.

      There have been numerous industry reports, and new predictions about the surge in attacks, ransomware, phishing, dwell time activity threat reports in the context of work from home remote working environments. All pointing to increased attack surface, vulnerabilities, lack of controls across organizations of all kinds.

      There is no doubt that remote working is here to stay. How people connect and work is evolved, businesses must adopt ways and means to secure and defend work from home/anywhere infrastructure. Generally, organizations have enough attention and resources with reasonable information security, availability measures around their core business & technology service controls (data centers – cloud-native, hybrid, on-prem)., but less on the user side remote working environments.

      Here are our four key essential areas for a sustainable remote workforce security. Building blocks of secure work from home, work from anywhere environments.

      • User awareness
      • Device Security
      • Email Security
      • Access & Network Security

      User Awareness
      No matter how secure your infrastructure and policies are, an unaware employee or an ignorant user falling for a phishing link or a sophisticated social engineering attack can lead to major impacts. For Organizations, It is essentials users are regularly trained and aware of do’s and don’t’s, in addition to this best practices are (1) Multi-factor authentication (2) Least privilege access (3) log everything – user activity logging on data and services across.

      Device Security
      For all endpoints including that of personal devices(BYOD), mobiles consider enforcing automated baseline security validations before allowing access to corporate data and services.
      An organization must ensure a suitable – (1) Endpoint protection platform, (2) Disk Encryption, (3) Mandatory Critical Patching (4) Tightened device policies (EMM)/ Endpoint Management.
      A key capability is that if the local agent could integrate with service side controls and determine the device health and security posture as factors in the access decision to facilitate allow/block access to corporate data and services.

      Email Security
      Email is used widely. It is the most consumed service across businesses and naturally the preferred threat vector for cyber-attacks.
      While organizations have in-place email gateway protection to combat spam and email threats. it is essential to have (1) The users trained on spear phishing, spoofing threats (2) Implement email encryption and signatures – SMIME PKI (3) enhance the security by implementing DMRAC, DKIM, SPF, MFA.

      Access & Network Security
      To defend against the high-risk aspects associated with vulnerable user side home networks, unsecured kiosks, internet access, public networks It is essential organizations consider deploying secure connectivity controls and access measures. Must consist (1) User Identity Protection (2) Multifactor Authentication to services (3) Any typical Zero Trust Network Access (ZTNA) facilitating access security policies allowing organizations granular access control and visibility. More advanced options are the integration of Cloud Security Access brokers (CASB) and Secure Access Service Edge (SASE) technologies.

      The above approach is by no means complete and only addresses a few key areas.
      Protecting the distributed workspace is critical for any organization and challenging. While technologies are evolving and new ones are emerging faster, a holistic risk-based approach would help organizations defend better.

      Identity and Access – Part 1 – Single Sign-On (SSO)

      By Blogs, Identity & Access Management

      Introducing Single Sign-On (SSO) Solution in any Organization can offer greater security and improved usability.

      Most Organizations have multiple applications running across cloud, SaaS, and On-Premise environments, These heterogeneous environments bring complexity, cost, and user identity Management security challenges, especially when they are not integrated into a central authentication. On the other hand, Users find it difficult to manage their multiple application passwords. No one likes remembering all these credentials. What’s worse is many use the same username and password, irrespective of the application they are using – resulting in passwords more prone to the dictionary and brute force attacks to visible passwords on sticky notes around desks. This is where the Single Sign-On technology comes into focus and works like a champ and with cloud being prevalent, it is effective for organizations to consolidate the existing identity and authentication across applications and systems.

      What is Single Sign-On?

      Single Sign-On (SSO) is a method of authentication that allows applications, web portals to use other trustworthy systems, applications to verify users. OR Single sign-on enables users to securely authenticate with multiple applications and web portals by logging in only once—with just one set of credentials (normally domain username and password). SSO is an essential feature of an Identity and Access Management (IAM) platform for controlling access and identity. Verification of user identity is important when it comes to knowing which all accesses and permissions a user could have.

      How It Works

      Single Sign-On works by having a central server(s) or as a service (SaaS options), that all the organization applications are configured to trust and integrate to. When you log in for the first time a cookie/token gets created on this central server. Then, whenever you try to access a second application at its login, you get redirected to the central server, if you already have a cookie there, you will get redirected directly to the app with a token, without login prompts, which means you’re already logged in.

      Authentication with SSO depends on trust between domains (websites/ applications). With single sign-on, this is what happens when you try to log in to an application or website connected to SSO:

      1. The website first checks to see whether you’ve already logged in to the SSO solution, in which case it gives you access to the required website.
      2. If you not logged in, it redirects you to the SSO login screen.
      3. You enter the single username/password that you use for corporate access normally a domain username and password.
      4. The SSO solution requests authentication from the identity provider or authentication system that your company uses like Active Directory. It verifies your identity and notifies the SSO solution.
      5. The SSO solution passes authentication data to the website and returns you to that site.
      6. After login, the site passes authentication verification data with you as you move through the site to verify that you are authenticated each time you go to a new page.

      For example, Google implemented a Single Sign-On (SSO) Solution in its various services. Google’s central server is https://accounts.google.com. Here, once we login to this server, we will be able to access Gmail, Youtube, and Google Docs without entering your credentials again.

      What Are the Benefits of Single Sign-On

      Single Sign-On clearly minimizes the risk of poor password habits and the increased productivity of users.

      1. Seamless user experience: Customers can use a single identity to navigate multiple web and mobile domains or service applications. As customers no longer need to do repeated logins they can enjoy a modern digital experience.
      2. Stronger password protection: Since users only need to remember one password for multiple applications, they are more likely to create a stronger (harder to guess) passphrase beyond policies, and less likely to write it down. These best practices reduce the risk of password theft. We can integrate this with MFA for additional security
      3. It increases employee and IT productivity: Reduce support calls, improve user experience and Mitigate security risks
      4. It combines with Risk-Based Authentication (RBA): You can combine SSO with risk-based authentication (RBA). With RBA, you and your security team can monitor user habits. This powerful combination can prevent cybercriminals from stealing data, damaging your site, or draining IT resources
      5. It reduces password fatigue: To prevent cybercrime, security professionals insist on unique passwords for every single application. This means that the average user must remember dozens of passwords for personal and office use. Unfortunately, this often leads to “password fatigue.”
      6. It prevents Shadow IT.
      7. Reduces User time: Users will spend less time logging into various apps to do their work. Ultimately it enhances the productivity of businesses.

      With more applications moving to the cloud, security and data are a prime concern, CASB Cloud Access Service Broker solution with SSO single sign-on as a framework greatly improves system and application security.

       

      We would be covering the CASB Part in our next blog post in this series.

      Preventive Security Essentials – Monitoring and Analytics ( Part 1)

      By Blogs No Comments

      As part of bringing awareness and what matters the most when it comes to cybersecurity proactive prevention, we are here with yet another blog post and the required essentials.

      If we could put it this way – With the ongoing pandemic (COVID-19) many of us have new realizations!. Cybersecurity and COVID-19 are two different challenges, but they do have key common things. Both are global – we all are vulnerable to them, they do not respect boundaries, they don’t discriminate any, and impacts everyone., Again both require basic measures in place to first prevent. That basic Hygiene is the best measure! so far.

      Taking up with cybersecurity – Organizations across wants to ensure that their data and services are secure, up & running for delivering business operations with customer confidence. Hence – Proactive prevention.

      In order to conduct business securely, as a first step organizations need to understand their exposure, where the threats can emerge and need to know how users are accessing business-critical services. To do this IT teams must adopt a platform that continuously monitors and recognizes the users, devices, networks, and services being used. Simply you cannot protect what you can’t see.

      Most organizations implement different security solutions like firewalls as silos that could help them protect, but hackers use modern techniques to penetrate systems which means IT also needs to adopt technologies that help them gather, correlate, alert by analyzing event data from integrating security solutions. Thus, the need for an effective cybersecurity monitoring system is seen as basic and essential. Because on a regular basis no one would have enough time to go through the number of data sets that systems present,. We need meaningful analytics and actionable information out of monitoring systems.

      Security Information and Event Management (SIEM) is a proven approach to Identify events that matter most by consolidating, analyzing, correlating raw data and event logs that are collected across from users, devices, applications, and networks. It helps organizations detect threats and prioritize remidative actions before an actual threat occurs. These are purpose-built software systems that store logs, normalizes, aggregates and correlates that data to discover trends, detect threats, and generate alerts. The main capabilities of SIEM are log collection, security monitoring, threat detection, investigation, and response. Apart from this, some SIEM solutions have the capability of behavioral analysis, forensic & incident response, threat response workflow, etc. Most importantly SIEM System provides intelligent insights that enable teams to respond quickly to reduce the impact of incidents.

      With a well-integrated SIEM System in-place organizations can identify potential threats inside and outside networks proactively.

      A few notable SIEM Solutions – for your reference-
      IBM QRadar
      ArcSight
      Splunk
      AT&T Cyber Security ( Alien Vault )
      Elastic SIEM
      Azure Sentinel ( Cloud Native )

      Know more about our security offerings https://teksalah.com/cyber-security-solutions-in-uae/

      The New Normal ‘Work from home’: Security risks, challenges, and recommendations

      By Blogs
      Work From Home and Cyber Security Risks

      As workforces are mandated to telework in an effort to contain the spread of the COVID19 virus pandemic, At these challenging lock downtimes, almost all the organizations are enabling work-from-home, if not getting ready with the required ICT, Security Cloud infrastructure. Most of the workforce working remotely, and for these types of remote workloads, many of the organizations are not ready and finding it difficult to cope.

      VPN Servers to App Delivery to VDI Infra, collaboration tools for all of them their security and availability, performance has now become a critical backbone for organizations. Employees who have never worked remotely are told to work from home or WFH. For many organizations and individuals, this is unchartered territory.

      With this blog post, we would like to bring to your notice – a few important cybersecurity risks that a remote workforce may present and some best practices for mitigating those risks.

      Whether as part of standard work program or as a component of business continuity plans, for Organizations engaging in telework we would recommend to start with a defined policy – ex ‘Work from home Policy, BYOD policies’- addressing the scope, roles and responsibilities, and mandatory infosec and organizational specific guidelines.

      Our recommendations are :

      • VPN Server security and their up-to-date patching
      • Enabling Multi-Factor-Authentication for VPN Accounts and user logins
      • Application Delivery Controllers and enforcing end-point mandatory compliance checks
      • SaaS applications and data, service access protecting with conditional access and logging.
      • Ensuring Mobile Device and Endpoint Management security practice in place for corporate and personal (BYOD) devices.
      • PKI And TLS Security for Document Signing, and Secure email SMIME protection.
      • Tightened email phishing and spam protection measures.
      • Must MDR/ End-point-security software for all the devices.
      • Configuring and limiting maximum load provision, auto-provision setting with your cloud infrastructure/ to protect against misuse.
      • Engaged threat detection, monitoring, protection systems in place for data and Services protection.
      • Ensuring compliance and regulatory standards.
      • Recoverable Backups and working HA systems.
      • And more importantly, given the social-engineering aspect of most attacks, end-user education is more critical than ever.

      Need of the hour for many is to enable work-from-home to their employees and to ensure business continuity during these pressing times, it is important to ensure cybersecurity recommendations are taken into consideration to avoid any superimposed security incidents that are very much prevalent these times.

      Amid the COVID-19 crisis, In order to help organizations setup required infra and protect remote employees faster, In coordination with our product vendors we are stepping it up and offering some of our products and services free of charge for a limited time. Including support services to help companies through the set-up and deployment processes.

      × Hello, How can I help you?