Posted on Apr 19, 2018
You probably remember the headlines from around this time four years ago, when a data breach at Target resulted in the capture of thousands of payment cards and personal data (and in Target paying nearly $70 million to financial institutions to cover their losses and the cost of reissuing all those cards). Or perhaps you more easily remember the recent data breaches at major health insurers that resulted in the compromise of nearly 80 million medical records across the country.
These breaches forced businesses to ask some tough questions about payment card technology, network security and personal privacy; however, there’s another aspect to these breaches that have far more serious implications for you as a private citizen.
With all these breaches, it means that for millions of Americans it’s almost a guarantee that a cyber thief somewhere in the world has your social security number and address information, as well as your medical history, including daily medications.
Up until now, criminal organizations operating online have mostly targeted businesses, as they are provide a more profitable opportunity. One popular method of attack is practice known as “cryptolocking,” where criminals will breach a network and lock (encrypt) the organization’s files. To make money, they will then proceed to blackmail the organization, threatening to delete vital information if the fine is not paid.
Now that so much personal data is in criminal hands thanks to the healthcare breaches, I am left wondering how long it takes before these thieves figure out how to scale their blackmailing techniques to the individual person. It isn’t happening right now because, frankly, it’s pretty time consuming, but the lure of big blackmail dollars means these thieves are motivated to find ways to threaten individuals on a mass scale.
Current security protocols at health care companies aren’t anywhere near what they need to be, because they haven’t been a target up until now. They’re making changes, sure—but this is a classic case of closing the barn door after the data has already gotten out. The good news is that the security market is making rapid advancements, and we at Tempered Networks are working daily to build security and trust into the backbone of global business and communications. We’re taking away the excuses for inadequate security that usually accompany these headlines, with the end goal of making the internet more secure for all of us.
Posted on Apr 17, 2018
Cybersecurity Journalist at HackRead, Waqas Amir said it best, “The Internet of Things (IoT) has transformed the way we use everyday objects such as appliances, thermometers, and even lighting”. IoT is increasing in popularity as it is implemented in more businesses and households every day. Unfortunately, the easier IoT devices make our day-to-day lives, the easier it gets for hackers to perform a potentially devastating breach.
When IoT devices are connected via a flat Layer 2 network, all bets are off. These devices leave the network exposed, and hackers are able to get in through the vulnerable device in order to access sensitive data across the network.
This fact is a bitter truth to Target, who suffered an attack of this nature during the widely-publicized breach of 2013. Hackers stole the payment card info of 41 million customers after infiltrating the network through the exposed HVAC system, costing the corporate giant $18.5 million in damages.
While hacks of large companies such as Target dominate media coverage, they certainly aren’t the only ones suffering from these kinds of attacks. According to data from Altman Vilandrie & Company, “Nearly half of U.S. firms using an Internet of Things (IoT) network have been hit by a recent security breach”. In fact, a North American Casino was recently hacked through their fish tank!
Something as mundane as a fish tank might not seem like a risk but when connected to an IoT device such as a smart thermometer, like this casino tank was, all bets are off.
While the thermometer was only intended to track the temperature of the water, its connection to the flat network made it an enticing target for hackers. By compromising the IoT device they hit the jackpot – gaining access to the casino’s database of high-rollers.
In this case, the casino has remained anonymous, but with the rise of IoT any casino may be at risk for a similar attack. Whether or not your network is next shouldn’t be left to the luck of the draw! If you’re using smart devices, you need to get smart with your network too. Had this casino implemented Identity Defined Networking (IDN) with Tempered Networks, their sensitive data would have been protected.
IDN allows casinos and other IoT connected businesses to cloak and segment their network, so that access to a fish tank doesn’t result in access to customer information.
The cost of a breach is high, so don’t gamble with sensitive data. Contact us to learn how to make a sure bet with Identity Defined Networking.
Posted on Apr 12, 2018
According to the Identity Theft Resource Center, in 2017 alone there were 1579 data breaches, resulting in nearly 179 million records exposed. 163 million of these involved general business exposures, but even the supposed hardened security bunkers of financial institutions saw over 3.1 million record exposures across 134 breaches.
The Verizon 2018 Data Breach Investigations Report is also now out and the results, while not necessary shocking, paint an ugly picture of data and network security. The report talks about breaches – actual confirmed disclosure of data to an unauthorized party and stats tell the tale: over 2,216 confirmed data breaches to date. What’s perhaps even scarier, is that the stats provided do not take into account the 43,000 successful accesses to personal data from botnet attacks.
Just this past week or so, a ZDNet article – A new Mirai-style botnet is targeting the financial sector – got our attention! PCI DSS compliance is a framework that defines baseline physical, technical, and operational security controls – defined as requirements and sub-requirements – necessary for protecting payment card account data. It covers the merchants, payment processors, issuers, acquirers, and service providers. Within this bucket are the financial institutions that are being targeted with botnets and live-person breach attempts.
The increased sophistication of attacks that bypass traditional defenses has accelerated breaches over the years forcing organizations to spend more time on security than ever before. However, the unfortunate reality is that even if an organization is deemed PCI DSS compliant, its network and assets are not necessarily protected against cyberattacks and breaches. So what to do?
Our Identity Defined Networking (IDN) solution, enables you to easily remove sensitive systems and assets from prying eyes through cloaking, micro-segmentation, machine authentication and authorization, and end-to-end encryption. With our comprehensive, defense-in-depth approach, we not only facilitate industry compliance, but also delivers hardened security, resource resiliency, and network elasticity. And best of all (at least for the folks in IT), it’s quick to deploy and saves money! In fact, we think you can decrease CapEx and OpEx by as much as 50 percent, reduce networking and resource provisioning time by 97 percent, all while reducing your attack surface by up to 90 percent.
Coalfire, an independent cyber risk management advisor, did an in-depth analysis of our IDN solution specifically for PCI DSS compliance and came to this conclusion:
In Coalfire’s opinion, Tempered Networks Identity-Defined Networking (IDN) is effective in providing significant support for the key requirements and controls of PCI DSS and can assist in a comprehensive program of cyber-security for merchants, issuing banks, processors, services providers, and other entities required to comply with PCI DSS 3.2.
The IDN solution is highly effective in supporting the key requirements and controls of PCI DSS and ensuring your PCI assets are secure. We give you control of the audit scope for PCI systems and assets and provide a level of isolation and containment previously unattainable. Removing systems and devices that do not belong ‘in scope’ can be done in a few mouse clicks. And that will make not only IT happy, but just about everyone you do business with!
Posted on Apr 6, 2018
In a shockingly short period of time in 2017, HBO, Equifax, and the U.S. Securities and Exchange Commission landed in what FoxBusiness labeled the Cyber hack hall of shame. Yahoo reported that a 2013 hack that was thought to expose 1 billion user accounts had in fact impacted all 3 billion accounts that existed at that time. And a reported hack of a global consulting and accounting firm is said to have compromised emails of multinational firms and government agencies.
More recently, a security researcher discovered that a flaw in the WPA2 security protocol that protects most modern Wi-Fi networks “can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos … Depending on the network configuration, it is also possible to inject and manipulate data.”
The attack surface for most enterprises is growing by leaps and bounds, and to a large degree we can blame it on the IP addressing scheme that provides hackers with a veritable roadmap to wreak havoc. Can you envision how many points of access your organization may need to defend? Frankly, it’s simply too much for your folks in network security to handle or manage!
This from Enterprise Strategy Group:
IP addresses essentially changed the world—from communication to commerce—but they were designed only to identify location and enable reliable connectivity. They were not built to establish identity or deliver security. As a result, in this age of limitless hacking and cyber-attacks, IT organizations must turn themselves inside out with complex solutions—combinations of firewalls, VPNs, routing policies, ACLs, VLANs, etc.—to try to make ubiquitous networked devices secure.
Consider this (frightening) scenario if you’re responsible for network security… your typical coworker probably has a smartphone, a tablet, a laptop, a streaming media device, a printer, router, a wireless gateway, and maybe even a smart thermostat. These devices may interact with other devices that your coworker’s spouse or kids have. Each of these devices represent a potential enterprise attack vector. So, with say 1,000 employees, you likely have between 5,000 and 50,000 vectors. All this before you even factor in enterprise desktops, servers, printers, etc. Then, of course, you include cloud connections, DevOps resources, VoIP phones, and anything else that may connect to your network and you begin to realize just how unmanageable network security really is! Definitely pretty scary. The only way to truly shrink this growing attack surface is to find a way to make your devices invisible to potential hackers.
With HIP, an IP address can be cloaked or hidden with a unique, non-spoofable identity-based address. It’s like retinal scanning of your network devices. This means a device or an entire network becomes invisible by default—you can’t breach what you can’t see.
We use HIP to provide products and services that comprise an encrypted Identity Defined Networking (IDN) fabric that protects every connected resource with a unique crypto identity, instead of a spoofable IP address, so enterprises can cloak any IP or serial-enabled endpoint, machine, or network—with no IP modifications.
IDN can help you overcome the threatening and ever-expanding attack surface. Contact us for a no obligation demo and we’ll guide you all the way to safety.
Posted on Apr 3, 2018
From Public Safety to Parks and Recreation, city governments have a lot to manage with minimal resources. Unfortunately for the already-busy officials, cyber security needs to be a top priority as well, a fact made evident by the recent 9 day attack on Atlanta, Georgia.
People in all walks of life rely on digital recordkeeping, and the government is no exception. Cutting off this flow of information is like severing a main artery. Catastrophic! A lot is at stake.
This past week, ransomware used to encrypt and lock files in Atlanta city offices crippled the city’s ability to access their critical records – sending government staff members back in time as they had to resort to pen and paper. No longer business-as-usual, some staff members lost as much as 16 years worth of data; keeping them from serving the public.
Humans are another hurdle
Let’s face it. We can’t stop cybercrime by outsmarting the bad guys with ‘next-generation’ firewalls or other traditional security technologies. Why? Most security products require a small army of skilled IT pros. Case in point. Firewalls typically require between 100 and 1,000 entries for configuration, and each entry is an opportunity to introduce an error. As more and more devices come online and the demand for security increases by one or two orders of magnitude, there is simply not enough people to do the job, and existing practices will fail to keep up.
Albert Einstein famously said, "We cannot solve our problems with the same level of thinking that created them.” If the root cause of Internet insecurity is the reliance on a trust-based model that is inherently insecure and can’t be properly managed, how do we fix it? Ideally, we’d design a new, secure Internet that isn’t based on TCP/IP, but it’s too late for that. The TCP/IP ship has sailed, and we’re all onboard. But make no mistake: we absolutely need a fundamental change in our approach to security.
Redefining trust with the Host Identity Protocol (HIP)
We can fix the problems associated with IP communications by shifting the model from IP address routing to a simple system based on trust between cryptographic identities. Enter HIP (Host Identity Protocol), an open IETF standard for encrypted communications. At Tempered Networks, we’re building the foundational elements of a secure private Internet and are doing this by inserting a cryptographic identity into the communications stack: the Host Identity. This on its own only gets us so far. Orchestrating trust, at scale, between these identities is where it gets interesting. We must do this today to ensure business critical infrastructure, data, systems, and other high value assets are safe.
The smart approach is to be secure by default, rather than relying on bolted-on components to become secure. We’ll show you how simple it is to not only get started, but also create a sustainable and scalable way to stay on the right track with micro-segmentation that works.
Contact us at email@example.com to learn how IDN can keep hackers (and paper record keeping) out of your office.
Posted on Mar 27, 2018
When my son was an infant we used to play ‘peekaboo’... you know, the game where either you or your child covers your eyes or face, and the other person “disappears”. Then you pop back into view and say Peekaboo!, I see you! The game uses the fundamental structure of all good jokes – surprise, balanced with expectation.
As my son grew older, we advanced from peekaboo, to hide and seek. Most of the time, I knew where he was, but pretended to look elsewhere to prolong the game. That was fun in a wide open room without any true perimeters-it was actually impossible for him to hide. But as he grew up, he eventually figured out how to really hide, and anyone who’s had kids knows how upsetting it is to ‘lose’ one.
Like my son, hackers have grown up and enterprises can no longer afford to play games with them. Appropriately, many enterprises have concluded that trying to secure the perimeter with firewalls is like playing peekaboo - installing the firewall is like covering your eyes, provisioning is like spreading your fingers so your eyes can be seen.
Other security tools such as intrusion and anomaly detection may elevate the game to hide and seek, but that too is insufficient. Hacking is actually big game played by people who might have climbed mountains in a different era. 'Why did I hack you? Because you’re there’. It’s also a big business practiced by professionals and nation-states, so network security is a very serious business. Enterprises need to change the ‘game’.. and they can.
Identity Defined Networking introduces ‘invisibility’ to the games of hacker peekaboo and hide and seek, making it effectively ‘game over’. If you’d rather spend your time building your business than playing games with hackers, we invite you to try IDN and add ‘invisibility’ to your game plan.
Contact us to keep those hackers from playing peekaboo!
Posted on Mar 23, 2018
Each year, it seems as if we are seeing increasingly clever exploits, and hackers are outdoing themselves when infiltrating our critical infrastructure. While compliance requirements have become stronger, trends point to the fact that they are not stopping these advanced attacks that hackers throw our way.
Unfortunately, we’re all witness to these exploits on a daily basis, and we’re all suffering the consequences. Over a year after the US Presidential election, the hack-related buzz is still surrounding our nation’s voting systems. Voting technology is vulnerable and becomes even more so as legacy systems get older and older. In order to maintain and protect one of our most cherished rights as citizens, we need State governments to be prepared and proactive in defending networks and voting systems against cyber breaches. With the midterm elections looming around the corner, many wonder what can be done – a topic addressed in this Huffington Post article. In the article, Huffington Post editor, Jennifer Gomes, cites the ability to ‘cloak’ voting machines ‘so that bad actors cannot find them’ and potentially manipulate the outcome of our elections.
That’s where Tempered Networks comes in.
We offer Identity Defined Networking (IDN) that cloaks or hides networked devices and systems. Even if a hacker had all of a user’s login names and passwords for the targeted voting system, they could not breach the voting overlay network, since device trust is based on a unique cryptographic identity. The hacker would not even be able to see the voting system. You can’t hack what you can’t see.
Our mission is to help protect critical infrastructure like the voting systems in question. We are committed to helping government agencies who are managing these systems, as well as other sensitive networks, that may be seen as huge targets for cyber attacks.
The founding fathers didn’t want our nation’s decisions to be made by someone overseas, so why should we?
So if you’re interested in protecting voting systems and outsmarting the hackers, contact us and we will gladly help you.