WiFi Security: If the security of the WLAN is not sufficiently important, dangers arise. More and more end devices are pushing into WLAN, which is due to increasing digitalization and the diverse additional device categories. In addition to laptops, tablets or mobile phones, there are also growing numbers of IoT devices integrated into the company’s internal radio network and endanger WLAN security.

WiFi Security: WLAN Security For Companies And Users

If not enough emphasis is placed on the WLAN security, potential hazards arise, mainly when unknown users log in with an infected device or are integrated into potentially insecure and easily attachable devices. However, companies with internally used WiFi infrastructure can provide more security both for the infrastructure and for their users’ devices if they consistently integrate WiFi security into their security strategy.

Holistic Approach Required

In a modern security infrastructure, the components at the endpoint and in the network are intelligently networked and act as a system to recognize threats and react automatically. The integration of the WLAN, including the access points in this concept, can significantly increase security. In this way, the data traffic in the entire company network can be continuously examined for harmful behavior, and the administrator has a complete overview of the current status of the network and the devices connected to it.

In addition, in the event of an irregularity, action can be taken immediately and automatically. For example, a notebook infected with ransomware or a mobile device with jailbreak/rooting that wants to connect to the WLAN is automatically isolated from the rest of the network to prevent the threat from spreading.

Danger From IoT Devices

When IoT devices are integrated into the WLAN, there is a potentially high-security risk. Many of these devices are fundamentally not geared towards security and thus represent a gateway for attackers to the wireless network. These include surveillance cameras, printers, displays or proprietary scanner devices such as those used in logistics. A company must meet the challenge posed by potentially insecure devices in its network by establishing WLAN security in several stages.

This includes that company, and BYOD devices can only connect to the network if they comply with company specifications. IoT devices should be “locked” in their WLAN. In this way, these devices are protected from attacks and cannot be used as a starting point for hackers to spread further into the company network.

Further Protective Measures For More WLAN Security

In addition to the integration of the WLAN in the security, further protective measures should be taken to ensure secure operation:

• Segmentation: Visitors who are provided with free WLAN access should under no circumstances be in the same sub-network as the company’s internal LAN or WLAN network. This prevents malware or hacking from directly reaching into other parts of the network and the endpoints located therein.
• Client Isolation: In the WLAN, the access point must isolate the clients connected to it from each other. This prevents an infected computer from connecting to other computers in the WLAN and infecting them as well.
• Automatic Detection And Isolation Of Infected Devices: Integrated and automated security protects both the WLAN operator and the user by automatically isolating devices infected with malware from the network and before other network participants are infected.
• Intelligent Malware Protection For Sensitive Data: Sensitive data of WLAN users must be protected from possible cyber attacks. Next-Generation Security provides significant support with EDR (Endpoint Detection and Response) and Artificial Intelligence (AI).
• Segment IoT Devices: Own WLANs for IoT devices prevent them from spreading in the network.

ALSO READ: IT Infrastructure: How Managed Platforms Reduce Effort And Risks

A modern IT infrastructure is a highly complex structure made up of computing, storage and network resources. Companies that want to use, modern applications have a lot of work to do. Not only do you have to draw up a concrete schedule of which hardware and software solutions are to be operated, the personnel required for this must also be available. There is also the question of the costs incurred for the IT infrastructure. To keep it low, many companies rely on Open Source Software (OSS). Still, despite the enormous advantages in terms of flexibility and expandability, even this thing has a catch: The use of OSS can also be very time-consuming and low-cost, not the cost per se.

Of course, open-source software usually costs neither acquisition nor license fees. However, these technologies practically never include models for support, deployment, management and continuous monitoring of the IT infrastructure put together in this way. Therefore, companies need new staff to cope with these tasks, which is associated with high costs.

IT Infrastructure: IT Service Providers Provide Support With Database Management

To save costs and employee resources, companies increasingly rely on external support, among other things. IT service providers, in this case, IT consultants, take on particular tasks, such as database management and hosting. The disadvantage of such service providers is a possible dependency, as the expertise explicitly acquired in the context of the respective company may become indispensable.

The need to give external employees access to internal data is also a problem for many companies. Buying pure support capacities for particular parts of the IT infrastructure, such as the database, is also not expedient: They logically lack an overview of the entire IT infrastructure. Managed platforms, on the other hand, combine all the advantages of the various models.

Managed Platforms: The Best Of Both Worlds

Perhaps the most important reason for hiring an external service provider is, of course, less personnel expenditure for the company itself. A managed platform is a collection of managed services that companies can control via a corresponding user interface (UI). In contrast to “conventional” managed service providers, a managed platform offers a specific service that the provider contains in total and a variety of interlocking technologies. In this way, organizations can relieve their employees by buying several services externally if necessary. The resources released can instead be used for more productive and innovative tasks.

Of course, managed platform providers also take on the provision and management of specific technologies for their users to a certain extent. However, they carry out these tasks minimally invasive, i.e. without access to the internal data. This aspect is essential for many potential users of managed platforms because financial service providers or companies in the healthcare sector, for example, are subject to strict regulations when it comes to protecting customer data.

Companies Retain Control Of The Data Layer

In addition to sovereignty over internal data, with managed platforms, control over the data layer lies with the company at all times and not with the provider of the service. The user interface of the managed platform represents the administrative level through which the users can manage their IT infrastructure. On request, companies can book or cancel new services or additional capacities in addition to their existing portfolio as required. This process is significantly cheaper and less complex than providing the appropriate hardware and software internally or putting it into operation. The high scalability, in particular, is an important point why organizations use managed platforms.

IT Infrastructure: Focus On Automation And Reliability

The high degree of automation that characterizes managed platforms at all levels is only possible through standardized processes and technologies. Open-source software is particularly suitable for this. As a rule, the higher the degree of automation, the higher the reliability. IT infrastructures operated in-house are not only very cost-intensive and involve a high level of personnel expenditure. In most cases, they are also significantly less reliable than outsourced variants.

Managed Platforms Offer Flexibility At All Levels

In addition to the advantages mentioned above, managed platforms are incredibly flexible. Companies can operate their IT infrastructure entirely in the cloud or even in hybrid or multi-cloud environments. If that is too uncertain for you, you can, of course, also use the managed platform on-premises. The use of open-source software offers a high degree of flexibility. Thanks to the open development processes, the managed platform provider can install updates for the IT infrastructure and fix bugs without these processes negatively affecting users and their business operations – for example, through a service failure.

In addition, IT solutions based on open source technologies can be integrated into practically any existing system. And that without having to make laborious architectural changes. Managed platforms that rely on open-source software are worth considering for SMEs but also for large companies. Because of the combination of saving acquisition costs for software, the freed-up employee resources and scalability, expandability and reliability are potent arguments for managed platforms.

ALSO READ: Security Teams Underestimate The Importance Of Networks

Security Teams- Today, the network is becoming more and more of strategic importance within IT. In addition to its original. A recent survey of 665 IT managers in security teams and CIOs and CISOs in the EMEA region showed in February 2020, 57 percent of those questioned see a challenge in achieving end-to-end visibility of their network. Forrester Research surveyed on behalf of VMware. The same can be seen in a study by IDC on the IT security strategy of European companies in July 2019. Almost half of the IT professionals surveyed consider this lack of transparency to be a problem.

Security Teams Need A Consolidated IT Strategy

Thirty-seven percent of the Forrester survey respondents also believe that the challenges associated with this lack of visibility have led security teams to bias. Twenty-nine percent of the IT and security managers surveyed admit no consolidated IT and security strategy plan. Only 38 percent of those responsible for the network are currently involved in the development of security strategies. Nevertheless, 60 percent of them actively implement security measures, which suggests that network teams are not seen as equal partners to the other IT teams when it comes to cybersecurity.

This is in contrast to the fact that network transformation is seen as essential to the robustness and security required by modern businesses. After all, 43 percent of those questioned in the IDC survey indicated that the robustness and security of their networks were a key priority for them.

Crucially, companies need shared thinking and shared responsibilities to establish a coherent security model to achieve their strategic goals. According to the survey, these goals are increased security (55 percent), technological progress (56 percent), and the ability to react faster (56 percent).

Role Of Networks In IT Security

In addition to the different perceptions of the role networks play in terms of security, even IT and security teams are divided on who is responsible for protecting the networks. “Companies that want to adapt to rapidly changing market conditions need to efficiently connect, run, and secure modern apps – reliably from the data center to any cloud or end device. And that is what the virtual cloud network does. The network must be recognized as the DNA of every modern security, cloud and app strategy, as a strategic weapon and not as a mere transport medium,” .

The Top Priorities For IT And Security Teams

The Forrester investigation also highlights the different priorities of IT and security teams. Globally, the top priority of IT is efficiency (51 percent), while security specialists concentrate on reactive problem solving (49 percent). New security threats require good visibility across the entire IT infrastructure. Still, currently, less than three-quarters of security teams are involved in developing and implementing security strategies in their company.

Forty-five percent of the Forrester survey respondents said a consolidated strategy could help reduce data breaches and identify threats faster. However, this doesn’t seem that easy, as 84 percent of security and IT teams say they don’t have an excellent relationship with one another. Over half of organizations would like to move to a “shared responsibility model” in the next three to five years, where IT security architecture (58 percent), cloud security (43 percent), and threat response ( 51 percent) are shared between IT and security teams. However, this requires much closer cooperation than is the case today.

Networks As The Basis For The Spread Of Multi-Clouds

“The exponential increase in network connections, the widespread use of multi-clouds, and the provision of applications from data centers to public and edge clouds would not be possible without functioning networks,”. “The key is the ability of the network to protect data across the organization. This can only be achieved if the network is delivered in the form of software and, secondly, a coherent, collaborative approach is implemented within IT. The virtual cloud offers consistent, ubiquitous connectivity and security for applications and data wherever they are. “

“Security should increasingly be seen as a team sport, but we still see organizations continue to take a functional, silo approach. The key to modern IT and security success lies in working together with shared responsibility and shared plans. Every element of security, including the network, must be built into the strategy from the start. Many of the problems that result from a foreclosure can be mitigated to some extent by a software-first approach, as embodied by the principles of a virtual cloud network. This will help organizations connect and secure applications and data across private, public, and edge clouds.

VMware recently introduced new network and security solutions that help companies connect and protect applications and data across private, public, and edge clouds. 

ALSO READ: Ransomware Attacks: 5 Steps To A Secure Corporate Network

Tired of being admonished to take ransomware Attacks security measures over and over again. And yet, it is primarily simple mistakes. Today, system administrators have to monitor a much more branched network than before the corona pandemic with significantly fewer home office spaces. Even if the colleagues now connect to the company with their PCs via the private Internet connection, it remains part of the company network and thus an attractive target for cybercriminals. One of the most dangerous and dramatic types of a network attack is ransomware.

“Even if companies are often convinced that they have taken care of all basic security measures and the constant admonition to these now trigger an escape or deep sleep reflex, the fact remains that ransomware attacks are usually successful when the victims are basic mistakes,”. “Very mundane analogies or donkey bridges can be very helpful against these signs of fatigue.”

Imagine, therefore, that the computer is a house and the ransomware is a gang of burglars. In this role-play, five typical mistakes are shown that endanger the protection of the house:

Ransomware Attacks: When Leaving The House, Close The Door But Leave The Windows Open

This does not bring much security. It is therefore essential to protect system portals. Cybercriminals often sneak in by looking for remote access portals like RDP (Remote Desktop Protocol) and SSH (Secure Shell) that are not adequately secured. Usually, these are only set up temporarily but then forgotten. It is essential to know how to scan and secure your network from the outside. It is necessary to ensure that open services and connections are precisely where they should be and on a security checklist. The crooks will do it for you if you don’t check the network for access holes accidentally left open.

The Key Under The Mat Is A Trick Known To Crooks

It is imperative to have good passwords installed. If you are in a hurry – especially in ​​the many additional remote accesses that have to be set up due to the corona pandemic – you prefer to choose the easy way to get everything working. Often with the excellent intention of checking all safety devices more closely later. But nothing is as durable as makeshifts, and the planned password change is forgotten. But whenever a large password dump occurs due to a data breach, weak passwords are involved. Therefore: companies should start with good passwords, including two-factor authentication, right from the start to increase security wherever possible.

A Security Guard Watches At Night And Writes Minutes That No One Reads

Reading existing system logs should be an everyday activity. Many, and perhaps most, ransomware attacks do not happen immediately or without warning. It usually takes the criminals some time, often days or more, to get an idea of ​​the entire network. This way, they ensure that the attack will produce the desired destructive outcome to obtain the ransom. Logs often contain numerous indications, such as the appearance of “gray hat” hacking tools that one would not expect. New accounts, actions at unusual times, or network connections from outside that do not follow the usual pattern are also tell-tale clues.

The Alarm System Goes Off Too Often And Is Therefore Switched Off

Warnings should also be heeded urgently. If an alarm system goes off all the time, a certain amount of alarm fatigue will undoubtedly set in, which means that the warnings will be clicked without paying much attention. But caution is advised here because important alarm messages can be easily overlooked, for example, if they indicate that potential ransomware attacks have already been blocked. Often, network threats are not just random occurrences. They are proof that cybercriminals are already cautiously snooping around to investigate the alarm systems – always in the hope of carrying out a significant and promising attack.

Repairs Are Necessary, But Now Also Annoying

It is the constant reminder of all security specialists: patch as often and as early as possible! It is negligent to deliberately expose yourself to security gaps that have been known for a long time, perhaps for the sake of convenience. Internet crooks systematically search networks for suitable loopholes. To do this, they also scan externally accessible services that are not patched. This helps the robbers to compile lists of potential victims to attack later automatically. The best option is not to be on such lists. 

ALSO READ: Zero Trust: Every Second Company Lacks The Knowledge To Do This

Authentication: One of the essential questions in digitization: How do I protect my data? More and more processes. It is difficult to enforce that employees use complex and, above all, unique passwords for each access, and even complex passphrases can be cracked. More and more services are therefore offering the option of 2-factor authentication, which provides a significant plus insecurity, but at the same time, is more time-consuming for employees.

Current technological developments aim to solve precisely this problem by ensuring that passwords do not become entirely obsolete, but input is less and less necessary. To enable largely password less authentication while at the same time guaranteeing IT security, a basic security approach is essential: ​​the zero-trust concept.

Authentication: Check All Accesses With Zero Trust

With the zero-trust concept, every data access is initially classified as untrustworthy. It does not matter whether the request is made inside or outside the company network. Every user, every app and every device has to be explicitly authorized for every access. In a certain way, Zero Trust is an alternative to previous security models because at least internal access from one’s network has often been automatically considered secure. But cybercriminals are becoming more resourceful in their methods, and both the frequency and the quality of their attacks are steadily increasing.

With Zero Trust, the foundation is laid to make access more secure. However, Zero Trust does not mean that the user has to authenticate himself manually with every login. In advance, guidelines are drawn up that determine when a user receives direct access, and additional authentication steps are necessary. The access request is assessed based on various factors.

Authentication: Take Security Factors Into Account

A decisive factor in authentication is the device used. If the device is known and managed by IT, the device can be rated as trustworthy. Conversely, unmanaged devices should be viewed with greater suspicion. The users themselves also serve as a factor. An employee who is entered in the Active Directory, for example, is generally classified as more trustworthy than an unknown user.

The applications represent a further security factor. If a company has its app store, it can continuously check the applications provided there and thus guarantee their security. When using such an app, there can be greater trust. However, in the case of apps downloaded from public app stores, a check is only possible to a limited extent, and the leap of faith is not recommended. Certificates can also be distributed to mobile devices that prove the device’s identity and thus play a role as a security factor.

Thanks to new technologies such as deep learning, assigning individual usage habits to individual users is now possible. For example, you can see how much pressure a user is exerting on display or how fast he is typing. If unusual behavior is discovered here, this can also affect the authentication.

Authentication: Implement Zero Trust With UEM

A suitable management system is required to define and enforce guidelines. Many companies, therefore, rely on a Unified Endpoint Management System (UEM). This allows various end devices – from cell phones to tablets to laptops – to be managed centrally. The UEM can distribute the established guidelines to the devices. If an employee then wants to access an application, the UEM checks the various factors and decides whether and in what form authentication must occur. The UEM can cover multiple security levels: If all elements are met, access can even occur entirely without a password.

Introduce Stronger Authentication Methods

If individual factors are not met, successively more robust authentication methods can be queried: If an employee is stored in the Active Directory, uses a device managed by IT with a secure certificate and works with a managed app, he is not asked for his password. However, if an employee tries to log in with a remote device, access can only be possible with 2-factor authentication, for example. This scaling of the authentication steps means that everyday work becomes significantly more user-friendly for employees – while at the same time, the data is better secured.

The Zero Trust concept increases the security of company data and IT processes on the one hand and user-friendliness on the other. With this approach, companies can protect their data much better against attacks and at the same time enable their employees to work effectively and productively, which has a significant effect on employee satisfaction and motivation.

ALSO READ: Backup Solutions: How Data Backup Will Look In The Future