Infosec Cloud
Solutions. Services. Training.

Are your legacy software applications letting hackers in?

Guest Post: Chris Lund
SecurEnvoy

It’s a real challenge for any IT administrator to stay on top of network security against a constantly changing threat landscape.

The traditional network edge is now all but non-existent thanks to BYOD, homeworking and cloud-based software, and there are inevitable compromises to the hardness of network security as a result.

While it’s a considerable task to keep up to date with the various patches and updates for the newer tools, when breaches do happen, it’s often through older legacy tools that hackers gain access. 

It’s hardly surprising: business software and infrastructure has evolved enormously in the last few years. Those platforms on which businesses have been reliant on for 10, 15 years or more, were conceived for a different – dare I say a more innocent – era. They were designed to be housed in closed networks with less devices and as a result their security features fine for the times – are now no longer fit for purpose.

Exacerbating the problem, if those platforms are no longer the backbone of your business software stack, but now fulfill a supporting role, then it’s quite feasible they’ve not received the attention they should from your system admins.

And this is exactly the weakness which hackers thrive on, and through which so many large-scale breaches have been instigated.

Now you might be thinking that old database of outdated customer contacts is of no value to a hacker. But to do so is to misunderstand the dynamics of a hacking attack completely.

The truth is, legacy platforms are often the gateway into the system that eventually leads to a far more serious breach.

Credentials based attacks primarily involve hackers gaining access to weaker parts of the network, such as those legacy applications, using stolen credentials. They then use these as a platform to move laterally through the network, often over an extended period of time, eventually gaining access to core systems and critical business data through re-used passwords, sloppy integrations, or by installing key loggers on unsuspecting users’ machines. In unprotected networks, this can cause havoc, leaving the door open to subsequent follow-up attacks or crippling loss of data.

Scary stuff. So, what can be done about it?

Multifactor authentication solution providers (MFA) make much of their abilities to easily protect the latest web apps and end point devices with a tokenless, single-sign-on MFA solution.

But that’s not where our partner, SecurAccess’ protection capabilities end. Far from it. SecurAccess is designed to integrate with all major firewall, VPN and network infrastructure tools to enable you to ensure network-wide security MFA protection.

Plus, the beauty of implementing tokenless MFA at the network level is that it works in tandem with your firewall.

In doing so, not only does it enable authentication at the network edge, it allows multiple SSO access levels for different user groups, or enforces authentication when access to other, higher value areas of the network is requested. By authenticating at the traffic level, using a solution such as this means that even where the attacker has managed to obtain correct username and passwords, they are blocked from establishing further access.

From a security perspective this is powerful stuff: It’s not quite the silver bullet in dealing with sloppy password practices and malicious phishing attacks, but it’s a powerful tool in your armoury.

Learn more about how SecurAccess works with Cisco, Citrix, Palo Alto and other infrastructure providers to deliver network-wide security, by requesting a call with one of our consultants here.

  • Employee GDPR Awareness Training

  •  Identity-as-a-Service (IDaaS) solution

  • Tokenless Strong Authentication (MFA)

  • Next Gen Endpoint Security

  • Enquiry LinkedIn Spiceworks

    Multi factor authentication made easy

    There was a time when two-factor authentication was a major undertaking. New servers had to be installed, security tokens had to be purchased, distributed and registered to their owners and then Support Desks had to be created to handle queries from users and to service requests for replacements for lost tokens.

    The whole process was expensive, and took a great deal of time and planning. It could take months or years to put in place and then required a substantial level of support to keep going.

    But since SecurEnvoy launched Tokenless authentication, that has all changed. Now it is possible to set up authentication for a whole organisation in just an hour or two.

    No more Specialist Tokens

    Instead of needing to carry specialist tokens, users can nominate the device of their choice – usually a mobile phone or tablet they already possess – to receive their one-time passcodes.

    In addition, user registration is done using information already stored in the organisation’s own network directory. So there is no need for new special servers to run the service. This means that from a standing start, it is possible to register up to 100,000 users per hour.

    Single Sign-on

    The SecurEnvoy service also integrates easily with a wide range of commonly used applications, such as Salesforce. This means that when a user logs on remotely from anywhere in the world, having keyed in their username, password, and their one-time passcode, they gain access to the full range of corporate applications.

    In other words, a single sign-on gives them full access as if they were sitting in the office on the corporate network.

    Simple User Registration

    For the individual user, registration is perfectly simple. Each user receives a 6-digit code to their nominated device which they key in when logging on for the first time, and the process is complete. If they later decide to change their phone or switch to a tablet, they can manage the process themselves easily without having to call a support desk.

    Dual Protection from Password Thieves

    Most 2FA providers create cryptographic keys called seed records when they distribute OTPs, and these keys contain fundamental security loopholes. In contrast SecurEnvoy has added an extra level of security where they do not themselves generate or save the seed records at any time.

    Find out why SecurEnvoy is ‘The Lord of the Keys’

    Access the whitepaper to read how two-part seed records solve all safety concerns regarding two-factor authentication.

     

     

    Request your copy of the Whitepaper:

    Full Name (required)

    Job Title (required)

    Company Name (required)

    Business Email (required)

    Phone Number

    Enter these characters below: captcha

     

    SecurEnvoy launches 2FA with NFC ‘tap and go’ and biometric fingerprint login

    Infosec Cloud partner, SecurEnvoy, the global leader of multi-device Tokenless® two-factor authentication (2FA), has today further increased the convenience of security with the launch of SecurAccess v8.1.

    This latest version of SecurAccess extends availability of 2FA to over 10 billion ‘everyday’ devices – including wearable devices, such as smartwatches.

    SecurAccess v8.1 offer a range of authentication options, including:

    *  NFC ‘tap and go’
    *  Biometric fingerprint login
    *  Push
    *  SMS
    *  Smartphone apps
    *  Tablet apps,
    *  Laptop apps
    *  QR codes

    Similar to ApplePay and SamsungPay, SecurEnvoy has patented the authentication equivalent of ‘tap and go’ using NFC technology, resulting in two factor authentication now being even quicker than passwords, both online and offline.

    From logging into VPN, SSL, remote desktop, Wi-Fi and web, SecurAccess v8.1 allows users to move their identity between devices whilst prioritising security.

    Two-factor authentication brings two of the following together providing a stronger level of security, should one of these methods become compromised:

    *  Something you know: Such as a password or PIN
    *  Something you are: Such as a fingerprint
    *  Something you own: Such as a mobile device or wearable device

    SecurEnvoy’s 2FA technology is built upon a ‘zero knowledge’ foundation using split keys where the second part is the device’s unique characteristics. Only part of a key is ever stored on the device thus malware cannot copy a key that isn’t present and cannot call external API’s as none are available. No customer sensitive data or keys are ever stored by SecurEnvoy.

    The solution can be implemented as an on premise software solution or hosted as part of a manged service or in the cloud. The solution is available to businesses at a fixed annual cost, flexible on a per user basis.

    Contact Infosec Cloud for more information and to arrange a short demo >>

    Tokenless 2FA Secures Vulnerable Public WiFi

    Guest Post: SecurEnvoy.

    WiFi has become a necessity of the digital age, and like everything, everyone loves it even more when it is free. Whether it’s used to access a presentation at a new client meeting, to host a video conference call, or edit and email important documents, public WiFi means nearly anywhere can become an office. Couple this with the fact that there are as many mobile devices on the planet as there are people, and businesses now have the most flexible and tech-saturated workforce in history.

    Recent studies have found that 37 per cent of office workers are regularly working remotely two or more days a week.

    Hotels, cafés, restaurants, trains and airlines allow visitors to remain online. Flexible working has put demands on employees to be connected to corporate systems for as long as possible – even 24/7. Yet these inviting and convenient free hotspots are plagued with vulnerabilities, leaving huge security implications for both users and businesses.

    The belief that employees aren’t capable of being trusted to remain secure at work is outdated and the days of scribbling passwords on Post-it notes are long gone. Yet there is still a need to educate when it comes to public WiFi and it remains one of many cyber threats to corporate systems and information.

    Most employees are now well aware of the dangers of bad password management and endpoint security, even if it is on a subconscious level, as they are used to undertaking their banking, shopping and multiple daily social interactions online. Problems arise when they simply don’t know how to remain secure when working and accessing company systems remotely or if they are not provided with an appropriate security method. By logging in to free WiFi networks – often mindlessly – employees are making information susceptible to yet another form of attack.

    The emergence of 2FA has allowed businesses to empower their staff when it comes to corporate security, and acts as an extra layer of protection.

    2FA requires not only a username and password, but also something that only the user has on them (i.e. a physical token) to generate a one-time passcode (OTP). With digital crime and internet fraud an increasing concern, such methods of authentication have become increasingly prevalent.

    However, whilst physical 2FA tokens can be easy to lose and expensive for companies to distribute and maintain, tokenless 2FA solutions just need an existing device, such as a phone or tablet, to provide employees with passcodes via e-mail, SMS or an app. In other words, workers don’t need to worry about carrying around an additional physical token; they can just make use of the devices they already have.

    Yet this is not just a convenience issue; this is a security one too. 2FA doesn’t necessarily guarantee bullet-proof security as any manufacturer that creates cryptographic keys, also known as a seed records, must trust that their copy of the keys can’t be accessed by hackers. This is why a zero knowledge foundation is important, as it makes it impossible for malware on a smartphone to capture the seed records because they are split into two parts: one created on the client server and one generated using characteristics of the mobile device.

    With the steep growth of remote working and online communication becoming a necessity, using public WiFi is sometimes a temptation employees can’t ignore, however by using tokenless 2FA employees are equipped with a consistent authentication method to remain protected against cybercrime, so that sensitive corporate information is no longer put at risk.

    Read more about tokenless 2FA >>