Infosec Cloud
Solutions. Services. Training.

Are your legacy software applications letting hackers in?

Guest Post: Chris Lund
SecurEnvoy

It’s a real challenge for any IT administrator to stay on top of network security against a constantly changing threat landscape.

The traditional network edge is now all but non-existent thanks to BYOD, homeworking and cloud-based software, and there are inevitable compromises to the hardness of network security as a result.

While it’s a considerable task to keep up to date with the various patches and updates for the newer tools, when breaches do happen, it’s often through older legacy tools that hackers gain access. 

It’s hardly surprising: business software and infrastructure has evolved enormously in the last few years. Those platforms on which businesses have been reliant on for 10, 15 years or more, were conceived for a different – dare I say a more innocent – era. They were designed to be housed in closed networks with less devices and as a result their security features fine for the times – are now no longer fit for purpose.

Exacerbating the problem, if those platforms are no longer the backbone of your business software stack, but now fulfill a supporting role, then it’s quite feasible they’ve not received the attention they should from your system admins.

And this is exactly the weakness which hackers thrive on, and through which so many large-scale breaches have been instigated.

Now you might be thinking that old database of outdated customer contacts is of no value to a hacker. But to do so is to misunderstand the dynamics of a hacking attack completely.

The truth is, legacy platforms are often the gateway into the system that eventually leads to a far more serious breach.

Credentials based attacks primarily involve hackers gaining access to weaker parts of the network, such as those legacy applications, using stolen credentials. They then use these as a platform to move laterally through the network, often over an extended period of time, eventually gaining access to core systems and critical business data through re-used passwords, sloppy integrations, or by installing key loggers on unsuspecting users’ machines. In unprotected networks, this can cause havoc, leaving the door open to subsequent follow-up attacks or crippling loss of data.

Scary stuff. So, what can be done about it?

Multifactor authentication solution providers (MFA) make much of their abilities to easily protect the latest web apps and end point devices with a tokenless, single-sign-on MFA solution.

But that’s not where our partner, SecurAccess’ protection capabilities end. Far from it. SecurAccess is designed to integrate with all major firewall, VPN and network infrastructure tools to enable you to ensure network-wide security MFA protection.

Plus, the beauty of implementing tokenless MFA at the network level is that it works in tandem with your firewall.

In doing so, not only does it enable authentication at the network edge, it allows multiple SSO access levels for different user groups, or enforces authentication when access to other, higher value areas of the network is requested. By authenticating at the traffic level, using a solution such as this means that even where the attacker has managed to obtain correct username and passwords, they are blocked from establishing further access.

From a security perspective this is powerful stuff: It’s not quite the silver bullet in dealing with sloppy password practices and malicious phishing attacks, but it’s a powerful tool in your armoury.

Learn more about how SecurAccess works with Cisco, Citrix, Palo Alto and other infrastructure providers to deliver network-wide security, by requesting a call with one of our consultants here.

  • Employee GDPR Awareness Training

  •  Identity-as-a-Service (IDaaS) solution

  • Tokenless Strong Authentication (MFA)

  • Next Gen Endpoint Security

  • Enquiry LinkedIn Spiceworks

    Multi factor authentication made easy

    There was a time when two-factor authentication was a major undertaking. New servers had to be installed, security tokens had to be purchased, distributed and registered to their owners and then Support Desks had to be created to handle queries from users and to service requests for replacements for lost tokens.

    The whole process was expensive, and took a great deal of time and planning. It could take months or years to put in place and then required a substantial level of support to keep going.

    But since SecurEnvoy launched Tokenless authentication, that has all changed. Now it is possible to set up authentication for a whole organisation in just an hour or two.

    No more Specialist Tokens

    Instead of needing to carry specialist tokens, users can nominate the device of their choice – usually a mobile phone or tablet they already possess – to receive their one-time passcodes.

    In addition, user registration is done using information already stored in the organisation’s own network directory. So there is no need for new special servers to run the service. This means that from a standing start, it is possible to register up to 100,000 users per hour.

    Single Sign-on

    The SecurEnvoy service also integrates easily with a wide range of commonly used applications, such as Salesforce. This means that when a user logs on remotely from anywhere in the world, having keyed in their username, password, and their one-time passcode, they gain access to the full range of corporate applications.

    In other words, a single sign-on gives them full access as if they were sitting in the office on the corporate network.

    Simple User Registration

    For the individual user, registration is perfectly simple. Each user receives a 6-digit code to their nominated device which they key in when logging on for the first time, and the process is complete. If they later decide to change their phone or switch to a tablet, they can manage the process themselves easily without having to call a support desk.

    Dual Protection from Password Thieves

    Most 2FA providers create cryptographic keys called seed records when they distribute OTPs, and these keys contain fundamental security loopholes. In contrast SecurEnvoy has added an extra level of security where they do not themselves generate or save the seed records at any time.

    Find out why SecurEnvoy is ‘The Lord of the Keys’

    Access the whitepaper to read how two-part seed records solve all safety concerns regarding two-factor authentication.

     

     

    Request your copy of the Whitepaper:

    Full Name (required)

    Job Title (required)

    Company Name (required)

    Business Email (required)

    Phone Number

    Enter these characters below: captcha