The technology isn’t yet perfected, but it has evolved to a point that enterprise use is growing. We’ll address its pros and cons and review some of the top facial recognition solutions.

Benefits and Uses of Facial Recognition

The application of facial recognition technology in operations was primarily in law enforcement organizations until the last decade, when a massive advance in AI and deep learning allowed it to be more broadly applied. With facial recognition algorithms averaging about a 0.08% chance of error recently, according to a 2021 NIST report, compared to the former output at 4.1%, the vision for this technology is closer to being realized, and the combination of software development kits (SDKs) and application programming interfaces (APIs) has brought about a number of possible uses.

Most importantly, facial recognition technology promises a solid amount of internal and external security advantages in the day-to-day activity of enterprises, making it a key technology for passwordless authentication. With nothing more than an employee’s face needed to gain access, accounts can be set up and access levels changed relatively easily, without the hassle or insecurity of improperly saved passwords.

Also read: Passwordless Authentication 101

False Negatives, Deepfakes and Other Concerns

The data on facial recognition technology suggests that the technology has a promising future for the security aspects of enterprises. However, there are a few noteworthy concerns. One is the issue of insecure data privacy, which can occur due to improper data scrubbing, data storage, and data sharing on the internet, which can expose individuals to malicious misuse of their personal data.

Another concern is that of false negatives in identification, which can deny the right person access. That’s one of the biggest issues with the technology, but as the algorithms get better at identifying people of all ethnicities, the numbers will continue to improve.

Another major challenge for the emerging technology is the apparent susceptibility of some well-known facial recognition APIs to deepfakes, which may limit the technology’s use for the most sensitive applications in environments where deepfakes could be used to gain unauthorized access.

Still, as the limitations of passwords are well-documented, FRS technology has a number of promising cybersecurity applications that will grow as the technology improves.

Also read: Top Single Sign-On (SSO) Solutions

What to Look for in Facial Recognition Software

Despite facial recognition software’s limitations, the technology is evolving to a point where enterprises are consulting FRS vendors like AWS, Kairos AR, Megvil, and others.

When looking at facial recognition software, make sure it will work in your environment and give it a trial if possible. Other features to look for in an FRS product are whether it is scalable, adaptable, trained, and possesses an accurate algorithm.

Best Facial Recognition Software for 2022

Amazon Rekognition

Amazon Rekognition has been well regarded by government agencies and other secure users.

Amazon Rekognition software detects, analyzes, and identifies people in images and videos. It can also identify objects, texts, and scenes by tagging them through scalable deep learning technology. This is made easier because you do not need to possess any unique skill in ML or other related areas.

Moreover, its facial recognition technology possesses an accurate algorithm due to its enormous database. This helps Amazon Rekognition carry out facial recognition, analysis, and verification for a wide variety of tasks including user recognition, people counting, and more.

Amazon Rekognition’s ability to offer personal protective equipment (PPE) detection helps it stand out among the competition. Not only does it cover the safety of enterprises, it can also manage the personal safety and risk of employees by alerting employees to the importance of their personal protective equipment (PPE).

BioID

Multinational enterprises can incorporate BioID into their system, which enables its biometrics authentication service to be GDPR-compliant. It combines liveness detection, which is compliant with ISO/IEC 30107-3, and facial recognition technology to verify faces, eyes, and photos of individuals. This has proven effective against malicious online activities.

BioID will further benefit companies like banks, telecommunications, and e-commerce that use facial recognition technology and biometrics to execute Know Your Client (KYC) programs. And its customer support is strong enough to assist you because of its massive online documentation of APIs.

Kairos

With this software development kit, Kairos offers its customers the chance to integrate an FRS that runs a faster verification process into their system. Enterprises can also use this facial recognition technology for a more thorough means of authentication. Kairos’ facial recognition technology can determine the age and gender of a scrutinized individual as well as detect multiple faces in crowds, audiences, and groups.

Kairos’ FRS is great for enterprises that need this technology in their systems but fear infringing on user rights. With a commitment to the privacy of its customers, it promises an ethical approach to facial recognition.

Face++

Face++ prides itself on its proprietary deep learning framework. With this, the company’s FRS has achieved about 97% accuracy in recognizing facial attributes, even when wearing caps or shades. And the speed at which it produces search results takes only an impressive few seconds to present a match from a billion-face database.

Face++ also offers a wide variety of technology, which includes tracking, face clustering, liveness detection, key point detection, face attributes estimation, and more. And with advanced deep neural networks, it can be deployed on cloud, mobile, and edge computing platforms. Enterprises that will benefit from this software technology are automotive industries, online marketing, and mobile phone industries, among others.

Face First

Face First is an enterprise-based FRS that is fast, precise, and built on transparency and ethical use of AI. It focuses on emotion, behavior, age, voice, and gender recognition to provide surveillance and security solutions. These solutions involve access control and authentication processes using biometrics. While it does this, Face First prevents loss, fraud, and identity spoofing attacks using real-time alerts.

Enterprises will use this technology with ease since its API and SDK allow for flexible integration into other third-party software and hardware like cameras, terminals, and more. Face First will benefit retailing enterprises, transportation firms, and event management while ensuring that user rights and privacy are protected.

Read next: Best Identity and Access Management (IAM) Solutions

The post Best Facial Recognition Software for Enterprises appeared first on eSecurity Planet.

MITRE recently issued a call for participation for ATT&CK Evaluations for Managed Services, designed to reveal how managed security service providers (MSSPs) and managed detection and response (MDR) respond to adversarial attacks. Except unlike its Enterprise evaluations, managed services participants won’t know the adversary emulated until the testing is complete, “though it will be based upon publicly available threat intelligence.”

The services evaluation will be focused entirely on understanding adversary activity, and remediation/prevention will be prohibited, the call for participation said.

“During a post-mortem purple team, MITRE Engenuity will disclose the adversary emulated, all behavior performed, and disclose how MITRE Engenuity mapped participant provided analysis to that behavior,” MITRE said. “MITRE Engenuity will work with participants to enhance their detection capability during this period, as participants are encouraged to ask questions regarding the execution.”

MITRE also announced the new ATT&CK Evaluation Trials, in which MITRE will evaluate technologies that don’t fall into its current evaluation programs. First up will be deception tools.

Tests Aren’t Competitive

MITRE’s assessments do not include a competitive analysis. There are no rankings, scores, or ratings. Rather, they demonstrate how each vendor handles threat detection using the ATT&CK knowledge base. They are able to give an unbiased assessment of detection and protection capabilities, as well as identify potential gaps, by selectively picking adversaries and freely sharing results.

In 2018, MITRE Engenuity ATT&CK Evaluations were launched, focusing on the endpoint protection and detection markets. During the evaluations, it became evident that while other types of security solutions were beneficial, they did not meet the project’s standards.

Also read: Top Endpoint Detection & Response (EDR) Solutions

Testing Deception

As a result, MITRE devised the new ATT&CK Evaluations Trials program to assess the capabilities of each technology. The trials project is a research-focused expansion to the ATT&CK Evaluations landscape, involving a collaboration with vendors to develop new evaluation methodologies that will better capture their value propositions in an open manner. Each trial will have its own set of objectives, designs, and outcomes that will showcase the benefits of each technology.

MITRE is developing a deception approach that will provide end-users with relevant findings, define important distinctions in vendor product strategies, and do so in “a fair and open manner.”

According to MITRE, “Deception technology offers a unique value to organizations seeking to understand adversary behavior. It can dramatically increase analyst confidence in detection via high-fidelity tripwires, causing the adversary to waste time, money, or capability, and potentially provide us critical new insights into adversary behavior. Each of these use cases starts to put power into the defenders’ hands when they have long since been forced to be reactionary.”

The trails will attempt to answer two fundamental questions:

1. Did the adversary encounter the deception (i.e., could the deception capability affect the adversary)?
2. Did the adversary engage the deception?

Determining whether or not the adversary encountered deception is a straightforward question that can be answered from a threat-informed perspective. It can be determined by using the adversary technique and documenting whether or not it notices anything different from a scenario that does not use deception.

Engagement, on the other hand, can be more difficult to quantify due to the human factor. MITRE is taking into account a number of factors in this regard, including:

• Did the adversary engage it out of happenstance, or did they make the conscious decision to pick it because it seemed like the better target?
• Would they have engaged the deception again if they were presented with the same choice again?
• Would a different tester make the same choice?
• Would that choice change if they were aware, or not, that there was deception technology deployed?
• Was the effect a short-term inconvenience, or did it affect their long-term mission?

There are some challenges when it comes to representing results, how to do so in a way that is uniformly fair. This is because vendors assess success in different ways due to the wide range of products on the market.

MITRE will need to identify common measures that will allow them to talk about products in a similar language while still recognizing each vendor’s unique capabilities and use cases, given the diversity of the outcomes. Deception has a variety of value propositions, which is why MITRE is exploring it as a research project. The following are some of the areas they will assess:

• Detection based on a high level of confidence tripwires
• Interaction that keeps the attackers engaged and wastes their time and resources

Attivo and CounterCraft Sign Up

Attivo Networks and CounterCraft Security have confirmed their participation in the ATT&CK Evaluations Trials program.

According to Frank Duff, General Manager of ATT&CK Evaluations, Deception is the only current Trials program underway, There have also been talks with a number of other vendors about other partial research opportunities, some of which could look at similar threats but with a different value propositions (e.g., NDR), others could be extensions/improvements for their current methodology (e.g., fairly and effectively evaluating false positives).

MITRE also has one other evaluation going on, an emulation of the Wizard Spider and Sandstorm threat groups. Thirty endpoint security vendors have signed up for that one, with results expected in 2022.

Further reading: Latest MITRE EDR Evaluations Contain Some Surprises

The post MITRE Expands Security Testing to Services, Deception Tools & More appeared first on eSecurity Planet.

Now, remote work is likely here to stay even after the pandemic is gone. That means that the temporary solutions put in place over the last 18 months will need to give way to more permanent solutions.

Application access and device and network security are concerns that will remain for remote work. Application security can be improved through zero trust principles. Employee devices can be secured with endpoint security.

But what about home networks? Security and networking vendors have been rolling out solutions for home networks, and some are pretty attractively priced. The arrival of Wi-Fi 6 couldn’t have been better timed because secure Wi-Fi 6 routers are popping up everywhere, and some are being offered from some of the top cybersecurity companies.

The Best Wi-Fi 6 Routers for Small Offices

Wi-Fi 6 offers better concurrency capacity and low network latency, with the ability to accommodate many devices and activities on the router stress-free. Congestion tends to be the biggest problem with wireless networks, and Wi-Fi 6 promises relief there in addition to greater performance.

Not surprisingly, the Wireless Broadband Alliance (WBA) expects mass adoption of Wi-Fi 6/6E technology over the next year. Wi-Fi 6E builds on Wi-Fi 6 and has all of the functionality plus access to a new 6 GHz wireless band. By the end of 2022, the overwhelming majority of service providers, equipment manufacturers, and businesses throughout the world will have deployed Wi-Fi 6/6E, or plan to do so, according to the Wireless Broadband Alliance. Here, then, are our picks for the best Wi-Fi 6 routers for small offices, including specs, special features, and security protections.

Netgear Nighthawk RAXE500

Netgear’s Nighthawk RAXE500 is viewed by many as the best Wi-Fi 6E router. One of the reasons is its ability to quickly send and receive data in the 2, 4, 5, and 6 GHz bands. When in close proximity, with the combination of a 1.8 GHz quad processor and the new 6 GHz band, it has an edge that makes it the router with the fastest speed available on the market. Users who need more coverage at home can add the Nighthawk mesh extenders and still get an impressive amount of speed.

Remote workers who wish to simultaneously connect work-related systems and leisure appliances to the internet can now do so, with the ability to manage saturations with up to 200% greater available spectrum than dual band Wi-Fi routers. The RAXE500 also comes with five gigabit ports and two USB 3.0 ports for faster streaming, data backup, and painless access to stored files.

Even if you have to pay $99.99 annually after the first 30 days to get Netgear’s security, it offers a wide range of protection from cyber attacks and also includes a new security solution. For one, the Netgear Armor powered by Bitdefender—our top consumer antivirus pick and a top enterprise endpoint security tool too—scans all devices connected to it regularly, with the ability to predict, detect, and prevent any unusual attempt when you are surfing the internet. Other benefits of the  Bitdefender technology include VPN; protection even when users are connected to public Wi-Fi; and the ability to  track, lock, or wipe all data when stolen or lost.

Netgear’s Nighthawk RAXE500 comes at a starting price of $599. While it’s not the most affordable solution on the market, for home employees working with corporate data, it’s money well spent.

Netgear Orbi Whole Home Mesh Router (RBK853)

Remote workers in large buildings need look no further than Netgear’s whole home Orbi Mesh router (RBK853). This device has the ability to cover 7,500 square feet. With a power speed up to 6 Gbps—double that of 5 GHz and 2.4 GHz processors—about 100 devices in the home could connect simultaneously and still get an impressive internet experience. Those specs make it useful for small offices too.

The router offers a better CPU processor than other Netgear Orbi Mesh routers, with a powerful 2.2 GHz quad-core processor. It also comes with five ports that include one WAN port and four ethernet ports. As for its memory, it comes with a 512 MB NAND flash and 1 GB RAM.

With comprehensive antivirus and data theft protection for all connected devices, the security is almost as good as Netgear’s NightHawk RAXE500, but at no additional cost. At $999, though, it comes in on the high end of the market.

ASUS ROG Rapture GT AX11000

This router, which is the first 10 gigabit Wi-Fi 6 router, is the best gaming router for a reason. It was specifically made for gamers. Hence, it can also serve a strong purpose for remote workers who are power users. The router’s quality includes a quad-core CPU, eight antennas, 2.5G ports and DFS band. All these give the router all it needs to offer a powerful internet performance when in close range for a large number of devices connected simultaneously. Even when operating from a distance, its coverage of about 3,500 square feet lets it outperform many routers. This is something only a mesh designed router can do.

Its AI protection from Trend Micro—another favorite of ours—offers routine security assessments, malicious site blocking, two way IPS, and infected devices prevention. At $549, it appears pricey, but many users recommend this device because of its ability to cope with heavy usage.

TP-Link Archer AX6000

As much as the router is affordable compared to its counterparts, this dual-band router offers high-speed performance and 75% latency improvement to manage many devices connected in the house. Although it is not as fast as other expensive routers, it can still serve a strong purpose and maximize profit by saving costs for business users with home offices.

The TP-link mesh gives it the flexibility to create a seamless whole home coverage, with the ability to cover 4,000 square feet, at an affordable price of $272. It comes with an extremely powerful 1.8GHz 64-bit quad-core processor with two distinctive co-processors. It also comes with Trend Micro security that offers lifetime protection at no cost.

TP-Link Deco X20

At $219, the TP-Link Deco X20 stands as the most affordable mesh Wi-Fi router kit on this list.

Even at that, remote workers can enjoy an advanced mesh powered by Wi-Fi 6 that deliver an enhanced home coverage, speed, seamless roaming, and greatly reduced latency issues when connected to about 150 devices.

The router also comes with Trend Micro security for free, plus WPA3 and WPA2 PSK security protocols.

Palo Alto Okyo

The just-released Okyo Wi-Fi 6 security and router system is highly suitable for small business and home markets.

It’s priced at $349 a year and offers many benefits, such as malware, ransomware, phishing and remote attack protection, online activity monitoring, Wi-Fi 6 performance, support for 30 devices (or more for a modest fee), and the ability to discover devices on a network. The subscription pricing adds up over time, but since Palo Alto Networks has the best security on the enterprise market, it is well worth the investment in our judgement. You can sleep peacefully at night with Okyo powering your network.

Editor’s note: As of late 2022, the Okyo has been discontinued, but Fortinet, a Palo Alto rival with strong enterprise security, also offers a Wi-Fi 6 router worth considering.

ASUS RT-AX86U

Businesses that need something close to what the ASUS ROG Rapture GT-AX11000 offers but at a more affordable rate should check out the RT-AX86U. With Wi-Fi 6, enterprises in the hybrid job model can fully depend on the router for simultaneous transfer of  heavy data files in large quantities with minimum latency. The dual-band gaming router operates at an ultra fast speed of up to 5,700 Mbps, so it’s an impressive solution for users demanding a fast wireless network.

Even for larger premises, it leaves no dead spots. Its ASUS AI mesh support creates a flexible and easy whole home network using AI mesh supported routers. The remote concern for many arises when routers have to accommodate other home appliances. However, it isn’t an issue, since the dedicated gaming port on RT-AX86 series automatically prioritizes any wireless network connected to it. In addition to this solution, the adaptive QOS in the router removes all network bottlenecks and keeps the network running smoothly.

In terms of security, the ASUS AI protection is powered by Trend Micro technology with lifetime free commercial grade security for all devices connected to it at home. Generally, it’s worth noting that the ASUS RT-AX86U is more renowned for its capabilities and affordability than other gaming routers. Many users have expressed satisfaction and very few regrets; hence, the RT-AX86U is worth its price of $318.

Eero Pro 6

Whether in the family room, bedroom, or the study, being able to work from any range without much difference in the performance of network connectivity is what many mesh routers offer. Eero Pro 6, however, is unique because it offers these services with an unbeatable convenience.

With the true mesh technology, Amazon, the producer of the Eero Pro 6, says true mesh scans the home and optimizes for its layout, connected devices, and overall network usage. And with a tri-band enough to manage over 70 connected devices, the result is faster speed and greater coverage. This makes it a reliable choice for home and even small offices.

Unlike many Wi-Fi 6 routers that go through system adjustments when the bands or signal slips, the Eero Pro 6 automatically corrects itself. This is mainly with the aid of the true mesh technology, which steps in to balance the signal, ensuring it stays strong and undisputed. The router technology also maintains smart network privacy by using the latest WiFi security to provide individualized  encryption for keeping network and data safe.

Finally, it offers a number of specs that include: seven antennas, two ethernet ports, a 1.4 GHz quad-core processor and 1 GB RAM. A single unit goes for $229, the double pack goes for $339, and the three pack Eero Pro 6 is available at $599. Security costs extra, however.

The post The Best Wi-Fi 6 Routers Secure and Fast Enough for Business appeared first on eSecurity Planet.

VPNs, an important security tool in an era of widespread remote work, are entry points into secured networks that bad attackers frequently try to use in malicious assaults. Because of VPNs’ vulnerabilities – a recent example involved a massive leak of Fortinet users’ passwords – a number of security vendors have been pushing zero trust network access as a potential replacement for VPNs.

The Sept. 28 NSA-CISA document (PDF download) urges buyers to use standards-based VPNs from vendors with a track record of swiftly addressing known vulnerabilities and using strong authentication credentials. The VPN can be further hardened through authentication and strong cryptography configuration, enabling the most essential features, and protecting and monitoring access to and from the VPN. What might be most striking about the document is how many security steps and solutions it takes to properly secure VPN connections.

Nation-state advanced persistent threat (APT) actors have used VPN device vulnerabilities for credential harvesting, remote code execution, traffic hijacking, data leaking, and to compromise the security of encrypted traffic sessions. According to the document, these effects usually lead to further malicious access through the VPN, resulting in large-scale compromise of the corporate network or identity infrastructure and sometimes of separate services as well.

Choosing a VPN

The guide offers a number of issues to consider and pitfalls to avoid when choosing a VPN.

• Selecting non-standard VPN solutions, such as Secure Sockets Layer/Transport Layer Security (SSL/TLS) VPNs, is a bad idea. These solutions include special, non-standard capabilities to tunnel traffic using TLS. Even if the TLS parameters used by the products are secure, using custom or non-standard features exposes you to additional danger. NSA and CISA propose standardized Internet Key Exchange/Internet Protocol Security (IKE/IPsec) VPNs that have been evaluated against standardized VPN security requirements.

• Read the vendor documentation carefully to make sure that products support IKE/IPsec VPNs. Some product documentation may be lacking in detail on the protocols that they support for establishing VPN tunnels. Avoid products that do not explicitly state which standards they adhere to or that claim to use proprietary methods to establish VPNs.

• When an IKE/IPsec VPN cannot be established, determine whether the product employs SSL/TLS in a proprietary or non-standards-based VPN protocol. Recognize the scenarios that could lead to IKE/IPsec discussions failing. If possible, disable the SSL/TLS proprietary or non-standards-based VPN fallback.

• Make sure that any potential products employ FIPS-validated cryptographic modules and that they may be set to only use approved cryptographic algorithms.
• Examine whether a product offers strong authentication credentials and protocols by default, as opposed to weak credentials and protocols. Use multi-factor authentication and choose products that are compatible with the credentials you’ll be using.
• Investigate and choose a provider who has a track record of supporting products with regular software updates and speedy fixes for identified flaws. Ascertain that support duration covers the product’s complete expected usage lifetime, and replace the product before it reaches end-of-life.
• Request and validate a product’s Software Bill of Materials (SBOM) in order to determine the risk of the underlying software components. Because many vendors utilize obsolete versions of open-source software in their products, many of which have known vulnerabilities, this risk must be managed carefully.
• Ensure that the product has a reliable way for validating the integrity of its own code, and that code validation is performed on a frequent basis. VPN gateways are frequent targets for an attacker as a security device on a network’s perimeter. It is often impossible to identify intrusions without the capacity to confirm a device’s integrity.
• Recognize the dangers of not being able to inspect the product independently. Some VPN providers encrypt devices in such a way that fast incident response is impossible. Products that do not allow the product owner to fully check the item pose an added risk, and can lead to the manufacturer becoming a product support bottleneck. Delays in the incident response procedure may give sophisticated actors enough time to hide their tracks.
• Examine the device’s additional characteristics in light of your company’s risk tolerance. While many extra features, such as remotely accessible administrative pages or web-based access to internal services, can be beneficial, they also pose a danger since they expand the product’s attack surface, which is frequently targeted and exploited by adversaries. Choose products that focus on safeguarding the core VPN operation and don’t include a lot of extra features, or at the very least, make sure that extra functions can be turned off and, ideally, are turned off by default.
• Ensure that the product has anti-intrusion features such as:
  • Signed binaries or firmware images
  • A safe boot procedure that validates boot code before it is executed
  • Validation of runtime programs and files for integrity

Hardening a VPN

Once you’ve settled on VPN, you need to configure it so it’s as safe as possible. The NSA and CISA document recommended the following steps to further harden the VPN against compromise.

Cryptography and Authentication

Only use strong cryptographic methods, algorithms, and authentication credentials that have been approved, the agencies said.

• The algorithms in the NSA-Approved Commercial National Security Algorithm (CNSA) Suite must be used by National Security Systems (NSS). Non-NSS U.S. government systems must employ NIST-specified algorithms, which include those approved to safeguard NSS. Other systems should employ the cryptographic methods specified in the CNSA Suite.
• Disable SSL/TLS VPN capability and fallback settings if possible, and configure the VPN to use IKE/IPsec.
• Use trusted server certificates for server authentication and update them on a regular basis, such as annually. Self-signed and wildcard certificates should be avoided since they should not be trusted or are trusted for an excessively broad scope.
• Use client certificate authentication if it is available. It’s a stronger type of authentication than utilizing passwords, and may be supported by some VPN solutions for remote customers attempting to access the VPN, for example, by using a smartcard. Use client certificate authentication whenever possible so that the VPN doesn’t allow connections from clients who don’t have valid, trustworthy certificates. Use other supported kinds of multi-factor authentication if client certificate authentication is not available to prevent bad actors from authenticating with compromised passwords.

Reduce the Remote VPN Attack Surface

• Apply fixes and updates as soon as possible to mitigate known vulnerabilities that are frequently – and often quickly – exploited.

• External access to the VPN device should be limited by port and protocol.

• Allowlist recognized VPN peer IP addresses and ban all others if possible. Note that if unknown peer IP addresses are expected to access the VPN, this may be difficult.
• Disable complex features and non-VPN-related capabilities that are more likely to be vulnerable.
• Using a VPN, restrict access to the management interface. Malicious cyber actors who gain access to administrator credentials may attempt to log in to administration interfaces and take privileged actions. Allowing VPN administrators to access the management interface over a remote access VPN is not recommended; instead, administrative access should be limited to specialized internal management networks. Investigate any attempts to access the remote access VPN using administrator credentials.

Protect and Monitor VPN Access

• Inspect session negotiations and detect unauthorized VPN traffic with an intrusion prevention system deployed in front of the remote access VPN.

• Using web application firewalls (WAFs) is a good idea. When possible, work with WAF and VPN providers to test compatibility.

• Enable enhanced web application security. Some remote access VPN solutions may include capabilities for increased web application security, such as the fraudulent reuse of users’ past session information to overcome authentication, to prevent compromise attempts against VPN web apps. When these features are available, turn them on.

• Use suitable network segmentation and access controls to restrict access to only those services that are required remotely. When determining access decisions, consider other factors (such as device information, the environment of the originating access request, the strength of credentials, and access path dangers).

• Enable local and remote logging to record and track VPN user activities, including login and access attempts, configuration changes, and network traffic metadata. Monitor and analyze all logs for unauthorized access, malicious configuration changes, abnormal network activity, and other indicators of penetration on a regular basis.

Further reading:

Best Enterprise VPN Solutions

Remote Work Security: Priorities & Projects

The post NSA, CISA Release Guidance for Choosing and Hardening VPNs appeared first on eSecurity Planet.

Remote work poses unique risks not addressed by traditional corporate network security, so it’s only natural that enterprise security vendors have been targeting work-at-home employees with more advanced security solutions than you’d typically see in a home office.

Remote workers often use personal devices for work and to connect to enterprise networks. The goal for vendors and security teams has largely been to provide these employees with secure connections that they can access remotely in order to mitigate security risks and protect sensitive data from leaks. Even those using company-owned devices require a level of security beyond that of an average home office.

The Internet of Things, cloud computing, smartphones and global teams have already pushed corporate network boundaries, so remote work is also part of the larger problem of the expanding network edge (see SASE: Securing the Network Edge).

According to a recent State of Hybrid Workforce Security survey, 61% of companies have struggled to provide the remote security needed to support employees who work from home.

It’s unclear to what extent enterprises are prepared to replace the patchwork of networking and security tools and services put in place to accommodate employees working from home at the onset of the pandemic. With many workers anticipated to continue working from home into 2022 and beyond, enterprise IT teams are now faced with the challenge of providing at-home employees with a simple plug-and-play solution that provides connectivity that supports the capabilities needed for protecting enterprise data on home and mobile devices.

In the last week, Palo Alto Networks and Fortinet, two top cybersecurity companies and firewall vendors, have both announced products aimed at bringing enterprise-class security to remote workers.

See our picks for The Best Wi-Fi 6 Routers Secure and Fast Enough for Business

Fortinet and Linksys HomeWRK Solution

Fortinet and Linksys, well known for its home and small office routers, announced a joint secure “first of its kind” enterprise solution to support remote and hybrid work.

“Linksys HomeWRK for Business | Secured by Fortinet” lets enterprises give employees secure network connectivity for both corporate and personal needs. This makes for a safer internet experience by protecting people, devices and data. Harry Dewhirst, CEO at Linksys, said the solution will help employees to thrive in a remote environment and operate with peak productivity and efficiency.

The companies say the product offers a number of benefits.

Fast, Secure Wi-Fi Mesh Connectivity

HomeWRK enables high-performance, secure corporate and personal networks for users at home via a single device, all thanks to the latest Wi-Fi 6 tri-band technology and Linksys’ Velop Intelligent Mesh software. This means that employees can now enjoy a fast and consistent whole-home Wi-Fi connection without worrying about a weak signal or dead spots.

“Our goal was two-fold,” said John Maddison, EVP of products and CMO at Fortinet. “First, make it very simple for anyone to set up a fast and reliable home Wi-Fi network. Second, provide enterprise IT with the ability to secure and manage the business aspects of that work-from-home Wi-Fi network just as they do with any other device attached to the network. The Linksys and Fortinet joint venture is not just a simple OEM agreement of two distinct parties, it’s the start of a completely new market.”

Enterprise-level Security

To protect against cyber threats introduced by home networks, the solution is integrated with Fortinet security, which automatically blocks suspicious malware, prevents intrusions, filters harmful content, and more.

Zero-touch Provisioning

With plug-and-connect devices that don’t require physical assistance from corporate IT teams to install, the zero-touch provisioning solution streamlines the employee onboarding experience.

Remote Management

Enterprise IT managers can use a single portal to monitor and diagnose the performance of all devices connected to the corporate network in real-time, thanks to what the vendors say is an intuitive management console. The solution will be natively integrated with Fortinet management systems, allowing existing Fortinet customers to manage their networks even more efficiently. Employees can also manage their own network from a separate console, which gives them visibility and control over all of their personal devices.

Privacy Protection for Employees

While the IT team manages the corporate network, employees have complete control over their personal network and security settings, allowing all members of the household to enjoy a fast and secure connection for non-corporate devices like laptops and gaming consoles. Corporate and personal networks are kept separate, with corporate IT teams having no visibility or access into personal data.

Palo Alto’s Complete SASE Solution

Palo Alto Networks unveiled the Prisma Secure Access Service Edge (SASE) platform, which combines its existing access control and software-defined wide area network (SD-WAN) capabilities into a single solution. The announcement follows last week’s unveiling of Palo Alto’s Okyo Wi-Fi 6 secure router.

Anand Oswal, senior vice president of products for Palo Alto Networks’ firewall-as-a-platform, said Prisma SASE combines Prisma Access and Prisma SD-WAN into a cloud-based service that allows IT firms to implement zero-trust policies regardless of where workers work.

Prisma Access was previously positioned as Palo Alto Networks’ SASE platform, with a distinct SD-WAN solution. Now, according to Oswal, the company is working to merge those capabilities in a way that it claims is the first to tightly integrate all five of Gartner’s requirements for a SASE platform.

SASE is a Gartner-defined platform that integrates SD-WAN with a secure web access gateway (SWG), cloud access security broker (CASB), firewall as-a-service (FWaaS), and zero-trust network access. One goal is to integrate network and security operations into a single platform that allows remote users to access applications running in the cloud or on-premises IT environments without having to route all network traffic from cloud services through a local data center. End users can then access those services from anywhere without having to use virtual private network (VPN) software, increasingly viewed as a legacy technology in the age of zero trust.

The Palo Alto platform also offers compatibility for wireless 5G networks. In certain cases, these networks are beginning to take the place of Wi-Fi networks. Traditionally, wireless 4G networks have been used as a backup for Wi-Fi networks in the event of a connectivity issue. However, with the advent of 5G, some companies are abandoning Wi-Fi networks in remote offices, according to Oswal.

Further reading:

Cybersecurity Risks of 5G – And How to Control Them

3 Tests to Ensure Zero Trust Network Security

The post Securing Home Employees with Enterprise-Class Solutions appeared first on eSecurity Planet.

And even when discovered, zero-day vulnerabilities can take weeks to fix, leaving those who use the affected software at risk. And once a fix is available, the onus is on users to have a strong patch management program in place to apply the fix.

Zero-day vulnerabilities can range from simple bugs to new and undocumented risks in the software. Why do these vulnerabilities pose such a major security risk? The basic answer is because the risk is unknown to potential victims, and the attackers using zero day vulnerabilities are often sophisticated, sometimes operating with nation-state backing.

Hackers can write code to exploit that vulnerability and access your most critical data, stealing it and taking control of your systems. Or they can package malware that can be directly installed on your machine or come through an email attachment disguised as something trustworthy, like a document or link from your boss. If opened, the contents may be capable of corrupting files and stealing sensitive information, sometimes leaving you with no other option but to pay a ransom to recover the data.

Some of the more noteworthy recent zero day attacks happened to SolarWinds and its customers, when vulnerabilities in the Orion IT management platform left them exposed for months, and a massive ransomware attack on Kaseya’s customers also happened via an unknown vulnerability.

What Are Zero Day Threats?

Zero day threats are based on previously unknown vulnerabilities that surface either because they’re discovered by hackers – in which case no one will know about them until they become zero day attacks or exploits – or are found by the company that owns the software or by “white hat” hackers or security researchers who notify the company before publicizing their findings, sometimes through bug bounty programs.

Zero day threats are so named because the developers have “zero days” from the time the vulnerability is first known to prepare a patch before an attack can potentially be carried out by hackers, and in many cases they’re trying to fix a vulnerability while an attack is underway. The effects of this type of attack can be devastating, as they can cause major damage to a system due to their nature, as well as the sophistication of the adversary carrying out the attack.

How Dangerous Are Zero Day Threats?

Zero day threats are a major problem for businesses today. They can cause serious risks, with the damage sometimes irreversible.

A good example is the infamous WannaCry ransomware attack in May 2017 that hit corporate networks running Microsoft Windows throughout the world as part of a larger global cyberattack. WannaCry affected thousands of systems quickly due to a security hole known as EternalBlue. Microsoft quickly issued a patch – but slow updates by users left the hole open for NotPetya, a huge cyber attack that disabled systems and made them inaccessible just two months later.

In July 2021, another wave of attacks hit SolarWinds. This time, some security flaws in its Serv-U Managed File Transfer and Serv-U Secure FTP tools were exploited against “a limited, targeted set of customers.” The attack was linked to Chinese hackers, after earlier attacks were linked to both Russian and Chinese threat actors, thus demonstrating the immense threat that zero day attacks represent.

How Are Zero Day Threats Discovered?

Zero day vulnerabilities are discovered by various methods. This includes attacks, vulnerability tools, by developer or security teams, or by security researchers and bug bounty hunters who search for bugs in software.

Both “black hat” and white hat hackers often use common vulnerability scanning tools to find these security holes. These tools scan a network looking for potential vulnerabilities that can be exploited. Once they have been found, they need to be patched as soon as possible to keep the threat from spreading to other computers and devices on a network, as well as to other organizations.

Zero day threats are discovered by many people and organizations. The list below shows some other methods cybersecurity experts use to discover new zero day threats:

• Monitoring the news on social media and the internet, watching for sudden changes in cyber activities
• Tracking recent trends in malware code and technique updates
• Monitoring domain name registrars, looking for domains with similar characteristics or patterns that may be tied to a threat actor or group
• Monitoring infrastructure like Domain Name Servers (DNS) and web servers for malicious activity
• Applying predictive analysis and modeling to look for anomalies in traffic data

Some code debugging and code security tools use machine learning, AI and predictive analytics to find vulnerabilities based on previous patterns.

Some firms hire security researchers and bug bounty hunters to find vulnerabilities in software and operating systems in exchange for cash rewards. Other useful strategies for discovering these attacks include scanning the internet for malware, monitoring the dark web, and monitoring security forums. The more these processes can be automated via AI and other tools, the better informed and prepared security teams will be.

How to Prevent Zero Day Attacks

Zero day threats and attacks can be quite difficult to detect and stop. With prevention being the best cure, there are cybersecurity approaches organizations can use to stop security threats before they happen.

Use endpoint security tools

Endpoint protection software such as EDR tools go way beyond traditional antivirus software to offer advanced features like incident response and vulnerability management.

Behavioral detection

More and more, security teams need to be using tools that offer behavioral detection and machine learning-based detection that can identify attacks based on patterns rather than traditional signatures. These may be the best way to stop zero day attacks, and many EDR tools offer behavioral detection (and so do some consumer antivirus tools these days).

A UEBA engine can detect malware that is still unknown to the signature database by scanning files and data flows using advanced algorithms to identify malicious traffic patterns, and UEBA can also be used as an additional layer of protection for high-risk critical assets, such as IoT devices, by monitoring their network activity in real-time and detecting any unusual behavior from them.

Employee training

Employees clicking on malicious links or downloading malicious files are still one of the biggest sources of attacks, so repeat employee cybersecurity training often.

Put recovery strategies in place

Incident response and a clean air-gapped backup copy of your data are critical cybersecurity tools these days.

Ensure your systems are up to date

Patch, patch, and patch again. It’s amazing how many companies don’t get that simple task right.

Trust no one

With all the threats out there, it’s inevitable that most organizations will be breached, so instead of relying solely on “perimeter” defenses like firewalls, assume that you’ll be breached at some point and try to limit the damage through technologies like zero trust and microsegmentation. Such technologies can protect your most critical assets even if bad guys breach the perimeter.

Prepare for Zero Day Attacks

An unfortunate reality of cybersecurity in 2021 is that you can’t anticipate every possible attack. The best any organization can do is to have the tools and training in place to prepare for the inevitable. The results of a cyber attack can be severely damaging, so your preparation should be equal to the threat.

Further reading: Top Breach and Attack Simulation (BAS) Vendors

The post Zero-Day Threats: Preparation is the Best Prevention appeared first on eSecurity Planet.

One way of handling all this is with fuzzing. The fuzzing process throws random input at code or software, looking for bugs that might not have been found with traditional testing techniques. In recent years, approaches like neural fuzzing have emerged to make application security testing faster and more accurate.

What is Fuzzing?

Fuzzing is a technique used to discover the presence of bugs in software or computerized systems. The purpose of using fuzzing techniques is not only to create an effective way of testing but also to identify any vulnerabilities in the code and address them before they become a serious problem for a company’s network security.

Barton Miller developed the concept of fuzzing in the late 1980s for a graduate-level university operating system class, and this has since gained rapid popularity among security researchers and those conducting application security evaluations.

Generally, fuzzing works by providing an invalid input such as random data, malformed data or any combination thereof and attempts to force the program into generating errors. This is to see how it responds and then identify potential bugs. Fuzzing can be done manually or automatically, with the latter being the most common method.

Fuzzing Methods

Fuzzing is broadly classified into three categories: Blackbox fuzzing, Whitebox fuzzing, and Greybox fuzzing.

• Blackbox Fuzzing: Blackbox fuzzing is a type of testing that involves brute force and random data input. In this case, the tester knows nothing about the internal structure of the target software.
• Whitebox Fuzzing: Testing that relies on knowledge of the application’s methods. It can be done through binary modification and code instrumentation. Here, the person has some knowledge of the internals and can use that knowledge to create more effective inputs.
• Greybox Fuzzing: Greybox Fuzzing is quite similar to Blackbox Fuzzing. The testers have no knowledge of the target program’s structure, but they employ a feedback loop to direct their search based on observed behavior from past runs. It also involves limited source code evaluation, such as calculating code coverage with the use of lightweight code instrumentation. Greybox fuzzing strategies based on random mutations have resulted in fuzzers such as AFL (American Fuzzy Lop), which has been successful in detecting a large number of real-world problems in complex programs.

How Does a Fuzzer Work?

A fuzzer is a program that automatically injects data (be it random or mutated data) into a program to find problems. It is often begun with a set of seed input files that are continuously modified to generate malicious inputs via random mutations or constraint-solving.

Because malicious input formats can be quite complex, generating malicious inputs often necessitates millions of mutations. As a result, the fuzzing process can be viewed as a massive search problem to find a good set of mutations that will result in higher code coverage and more crashes.

The Limits of Traditional Fuzzing

Traditional fuzz testing has numerous obstacles, which include how to successfully alter input seed files, boost code coverage, and avoid format verification, all while testing thousands of lines of code.

This has prompted the need to develop an accurate and efficient fuzzing technique to replace traditional fuzzers. To address these issues, machine learning techniques have been proposed as a new method in fuzz testing.

Enter Neural fuzzing.

What is Neural Fuzzing?

Neural fuzzing is a new approach to testing software security that does not rely on black-box techniques. It instead relies on machine learning and neural networks.

For example, with artificial Intelligence rapidly gaining popularity, Microsoft researchers have been able to improve fuzzing techniques using deep neural networks and machine learning to detect bugs better by learning from previous experience. The neural models develop a function to anticipate favorable (and bad) positions in input files so that they can perform fuzzing mutations based on previous mutations and relevant data.

Neural fuzzing is very similar to the more traditional process of fuzzing where developers write test data to find bugs. The difference is that neural fuzzing uses machine-learning techniques to generate the data so there is less need for human input.

Neural fuzzing is a process that invokes neural networks to generate random input data to find vulnerabilities in software. It is a method for automated security testing of software. It makes use of artificial neural networks to mutate program instructions and then examines the crash reports for an indication of a potential vulnerability.

Neural fuzzing is a relatively new concept that has been gaining traction with the introduction of deep neural networks, opening possibilities for developing methods to identify vulnerabilities in software and networks using machine learning techniques to generate inputs that trigger bugs.

Neural fuzzing will identify some errors that would have been impossible to find with more traditional methods because the errors only happen when the input data sent to the program is not what was expected.

Pros and Cons of Neural Fuzzing

Neural Fuzzing is an innovative way of finding bugs in a program’s code. It is especially useful when it comes to finding exploitable bugs that are not found by traditional fuzz testing methods.

A major advantage of neural fuzzing is that it can explore different parts of the system, including paths where the testers may not have explored. In this way, neural fuzzing can find bugs that humans may have missed and increase the efficiency and accuracy of the testing process.

This technique can quickly find many problems with a piece of software’s code, but it can also cause instability due to the constant crashing and reopening of applications, resulting in data loss and security vulnerabilities.

Developers can benefit greatly from neural fuzzing as it not only identifies the issue, but also reveals the source and how an attacker might interact with it in a real-world attack. It establishes the existence of a vulnerability, allowing for the detection of issues without having to go through false positives.

A test version would let them know if they have overlooked any other vulnerabilities, making it easier to create an accurate model for the software they are trying to fuzz, and avoid the potential instability of working on a live application.

Open Source Neural Fuzzing Tools

Cybersecurity vendors have yet to do much with neural fuzzing, but there are a number of automated and open source fuzzing tools. These include:

• OneFuzz: OneFuzz is an open source self-hosted developer platform currently being developed by Microsoft, replacing the previous MSRD (The Microsoft Security Risk Detection) Fuzzing service.
• ClusterFuzz: This open source fuzzing infrastructure from Google automates the entire process, from bug discovery to triage (correct deduplication, bisection), bug reporting, and automatic bug report closure.
• Fuzzbuzz: This is an automated intelligent platform that makes fuzzing developer friendly, as it doesn’t require code-testing.
• Defensics: This is a comprehensive, adaptable, and automated black box fuzzer that helps enterprises find and fix security flaws in software quickly and effectively.
• Gitlab Protocol Fuzzer: Formerly known as Peach Fuzzer, this fuzzer recently acquired by Gitlab provides a platform to use protocol fuzz testing to discover vulnerabilities and bugs a lot of other tools will not.
• Other tools include libFuzzer and honggfuzz.

Further reading:
Top Code Debugging and Code Security Tools
FBI, CISA Reveal Most Exploited Vulnerabilities

The post Neural Fuzzing: A Faster Way to Test Software Security appeared first on eSecurity Planet.