Challenges Faced by CTOs
- Identity and Access Management (IAM)
- Segmenting existing, large flat networks
- Remote access for employees
As the CTO, you along with your peer in the CISOs office weren’t prepared for the burden your entire workforce moving to remote work from home would place on your bandwidth, VPN licenses, resources on edge VPN concentrators and firewalls, and more. Coupled with firewall and VPN policy changes needed for access to internal resources that may not have been available for certain departments, many CTOs like yourself quickly deployed stop-gap solutions, such as RDP servers facing the internet and other remote access solutions, like Teamviewer. However, these along with VPN solutions don’t come without their share of vulnerabilities and you’re still trying to figure out how to move away from the flat network you have in your environment that allows an attacker to pivot laterally to any machine if they’re in the network.
“BlastShield truly works. In test after test, I was unsuccessful at circumventing its passwordless MFA login for remote access as well as break outside the software-defined microsegmentation to pivot around inside the network.” - Alissa Knight, CISO, Recovering Hacker
Blastshield helps CTOs by instrumenting your network with a solution to solve the three most critical steps in the kill chain for an attacker: (1) account takeover; (2) lateral movement; and (3) remote access compromise. By disrupting the adversarial decision-making process, the mean time to detection (MTTD) and mean time to response (MTTR) can be greatly reduced, lowering the cost of a breach and potential for data compromise.
Your job among many, is to ensure identity and access management (IAM) is in place that provides a framework of policies and technologies to ensure that the right users have the appropriate access to the technology resources they need to do their jobs. However, hackers exploit this using brute force attacks against passwords when multifactor authentication (MFA) isn’t in place using tools such as credential stuffers for account takeover (ATO). The fact is, operating in today’s environment and facing today’s threat actors with password authentication alone isn’t enough, especially with advancements in multifactor authentication and the pervasive threat of social engineering. BlastShield™ eliminates passwords completely for remote users requiring them to only have their mobile phone and a QR code to authenticate. This effectively eliminates the threat of account takeovers in your environment. If a user doesn’t have a password, there’s no password for an attacker to guess.
The days of trying to figure out how to take an already built network that’s been running for decades and implement microsegmentation at the switch level are over. Software-defined networking (SDN) has virtualized what used to be hardware-based routing and switching allowing you to use software to segment your network. SDN has paved the way for the Software Defined Perimeter (SDP) that enables microsegmentation using software enabling assets to be cloaked, hidden from outsiders and insider threats who aren’t authorized to access them.
By implementing microsegmentation, when a breach does occur, it prevents the adversary from being able to move laterally around the network to harvest credentials from memory and steal data.
BlastShield™ is a software-defined microsegmentation solution that enables you to take an already existing network and fragment it into secure enclaves and define what hosts can talk to each other that are members of the same enclave. This prevents an adversary from being able to freely roam and “live off the land” unrestrained until they’re detected.
Microsegmentation can be implemented without disrupting existing routing tables and switch configurations at the hardware level eliminating friction to your network operations team.
The old days of defense in depth analogous to a moat built around the castle walls to protect it are gone. Data is now ubiquitous, moving across cloud workloads, the intranet, and now in this new hybrid work environment, to employee homes and mobile devices.
As a CTO, you must think about extending your infrastructure on the internal network and data to those who need it to everywhere your employees are. Previously, this was done with VPNs, which are now starting to see their retirement as SDN is becoming more ubiquitous. Companies are moving quickly towards sunsetting their VPN concentrators in favor of more secure alternatives.
BlastShield™ is an alterantive to traditional, legacy VPNs by enabling secure remote access to your workforce without requiring passwords obviating the account takeover problem. Users leverage their own mobile phones and a QR code generated by the BlastShield application for authenticating to your internal network. Policies define what resources employees have access to that are secured in an enclave for their specific access using microsegmentation.
“The security of our data and our customers’ data is our highest priority and we needed a secure platform to provide access to our hybrid data services, hosted both in the cloud and on-premise. BlastShield filled both these needs for us with their patented solution.”- Emil Erlandsson, VP of Professional Services at A2iRead Case Study