In the early days of business computing, the industry catchphrase was “Nobody ever got fired for buying IBM.” During a time of rapid innovation and before there were industry standards to ensure interoperability, even if IBM didn’t have the best technological solution, it was a safe investment. Times have changed and IBM has changed its focus, but the catchphrase is often applied to new technologies, especially security. As business depends more and more on higher levels of digital information and internet connections, no one ever gets fired for having security that is too good…but plenty of people get fired for having security that isn’t good enough. Unfortunately, many don’t realize they have security blind spots until it’s too late.
At Clare Computer Solutions, we work with many different clients in dozens of industries. That puts us in a unique position to see what’s happening in the real world and advise on how to best invest in security. When we discover a new solution that works well for one client, we’re able to deploy it to other clients. When we discover a security vulnerability in one of our client’s infrastructure, we’re able to assess if that threat would apply to other clients and get a solution in place before an attack. In this month’s blog, we’d like to share some of our insights on security.
Passwords – Obsolete yet still critical
In today’s security environment, passwords are antiquated. Think about it: if anyone gains access to your username (often your email address today) and your password, they have full access to your account. The stolen password can be posted to a website where anyone in the world can now gain access to your account.
Attackers use three methods to steal passwords: brute force attacks that repeatedly enter common passwords, credential harvesting attacks that exploit the fact that people reuse login credentials across multiple sites, and phishing attacks that use carefully crafted emails requesting users to reset their password.
Passwords are responsible for 80% of security breaches. That’s why the industry has been trying to migrate away from passwords to multi-factor authentication (MFA). MFA uses up to three layers for authentication:
- Something you know (typically username or PIN)
- Something you have (a trusted device like a smartphone)
- Something you are (biometric information like a fingerprint)
We’ve all experienced MFA when we log into websites that then send a one-time passcode to our phone. That ensures that the person logging in not only knows the login information but also physically possesses something uniquely tied to that account. An attacker who knows the password but doesn’t have the phone won’t be able to log in. This is a game-changer for security and is why so many websites use this now. At this point, any savvy business should be asking, “If MFA is so critical that all the big websites are moving to it, why hasn’t our company moved to it?”
Microsoft Office 365 has offered MFA since 2014, yet many small and medium-sized companies haven’t turned it on. When set up properly, MFA is hardly noticeable to users. Microsoft also produced the Authenticator app for smartphones that uses the phone’s fingerprint or facial recognition to authenticate users without needing to enter a password. When we partner with a new client, this is often one of the first projects we initiate. It’s relatively easy to implement and offers a big increase in security. Is your company using MFA in Office 365 yet?
Remote Access – Quick fix or robust solution?
COVID-19 required businesses to shift to supporting remote working far faster and more extensively than anyone ever anticipated. Solutions like Zoom and GoToMyPC were suddenly being used in ways that they weren’t designed to be used. At the time, rapidly adopting any remote access solution was better than doing nothing. Now that the urgency has diminished, companies need to focus on long-term solutions.
Remote Desktop Protocol (RDP) allows a remote user to not only log in to a network but also to use processing and storage resources by mirroring the graphical interface of the on-site computer. With RDP, all processing occurs on the on-site computer. Only screen images, keystrokes, and mouse clicks are transmitted, which greatly reduces bandwidth requirements. Engineers and other power users often prefer RDP connections because they can access high-performance hardware at the office and process large data sets without sending that data across the internet. It does require two dedicated devices, one on-site to do the work, and a remote device for the user to interact with. Opening ports in the firewall to allow access, if not done properly, can introduce significant security vulnerabilities.
Virtual Private Network (VPN) creates a secure connection to the company’s internal network. Processing is performed on the remote device, so there is no need to have a dedicated on-site PC to support remote workers, but all data must be passed to the remote PC, which does require more bandwidth. VPNs are typically configured as part of the firewall, so IT can better control external access and reduce the number of externally facing servers that attackers have access to.
When we engage with new clients, we perform a perimeter security scan looking for vulnerabilities. During the past year, both RDP and VPN solutions were stretched beyond their initial designs to accommodate remote workers, and we are finding misconfigurations that are exposing companies to security risks. Now that things are stabilizing, it’s time for businesses to reassess their remote access solutions. VPN and RDP both have a unique value, and most companies will use a combination of the two. We help our clients determine which solution is best for each workload and ensure they are properly configured for maximum performance and security. How well do you think your current configurations are optimized for your performance and security needs?
Advanced Threat Detection
Once we have performed the security audit of a new client, added MFA, optimized remote access configurations, and addressed other security issues, the next step is to be able to detect new threats early.
The first step in this process is implementing a Security Information and Event Management (SIEM) solution. SIEM analyzes logs and event data in real time to provide threat monitoring, detect correlated events, provide incident alerts when a problem is detected, and provide reports for auditing and forensic purposes. Even in a well-run environment, the vast majority of events and alerts will be benign. The few real threats will be a tiny percentage of the total alerts, the proverbial needle in a haystack. SIEM systems use advanced statistical analysis to filter through the data to help IT know what they can safely ignore and what they absolutely must pay attention to. The integration of artificial intelligence will further enhance the power of SIEM solutions. When we onboard a new client, we deploy a regularly updated SIEM solution and monitor it from our security operation center. Because we use this same tool across all our clients, when the first company is attacked, our security experts are able to apply the data and learnings to all our other clients – many times before they have been attacked themselves. Does your current infrastructure include an advanced SIEM solution that is proactivity looking for problems? Do you have access to threat data from dozens of companies or only one company?
Building a winning team
Security is a lot like football. It doesn’t matter if you have the greatest quarterback if your offensive line lets the defenders through on every play. Just like putting together a winning sports team, a winning security solution requires the right combination of tools, each specialized on a specific role, that work together to become powerful. Our security experts evaluate products from multiple vendors and select the right tool for each layer of security to address the needs of our client base. We regularly learn how to improve our use of the tools and swap tools when a better solution is available. We go through this effort so our clients don’t have to. They get the benefit of our focus and expertise while they focus on what makes their business great. It’s a winning combination.