Search results

Hospitals are increasingly becoming a favored target of cyber criminals. Yet if you think about medical equipment that is vulnerable to... Cyber Attacks & Incident Response Checking the cybersecurity pulse of medical devices Prof. Avishai Wool 2 min read Prof. Avishai Wool Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 6/14/16 Published Hospitals are increasingly becoming a favored target of cyber criminals. Yet if you think about medical equipment that is vulnerable to being hacked at a hospital, you might not immediately think of high-end, critical equipment such as MRI and X-ray scanners, and nuclear medicine devices. After all, these devices go through rigorous approval processes by the US Food & Drug Administration (FDA) before they are approved for safe use on patients. Yet today many, if not most, medical devices, have computers embedded in them, are connected to the hospital network, and often to the internet as well, so they provide a potential attack vector for cyber criminals. In late 2015 security researchers found that thousands of medical devices were vulnerable to attack and exposed to the public Internet. Interestingly, these researchers also found that many of the devices in question were running Windows XP – which is no longer supported or updated by Microsoft – and did not run antivirus software to protect them against malware. This combination raises an obvious security red flag. Ironically, these security vulnerabilities were further exacerbated because of the very FDA approvals process that certifies the devices. The approval process is, quite rightly, extremely rigorous. It is also lengthy and expensive. And if a manufacturer or vendor makes a change to a device, it needed to be re-certified. Until very recently, a ‘change’ to a medical device meant any sort of change – including patching devices’ operating systems and firmware to close off potential network security vulnerabilities. You can see where this is going: making simple updates to medical equipment to improve its defenses against cyberattacks was made that much more difficult and complex for the device manufacturers, because of the need for FDA re-certification every time a change was made. And of course, this potential delay in patching vulnerabilities made it easy for a hacker to try and ‘update’ the device in his own way, for criminal purposes. Hackers are usually not too concerned about getting FDA approval for their work. Fortunately, the FDA released new guidelines last year that allowed equipment manufacturers to patch software as required without undergoing re-certification—provided the change or modification does not ‘significantly affect the safety or effectiveness of the medical device’. That’s good news – but it’s not quite the end of the story. The FDA’s guidelines are only a partial panacea to the overall problem. They overlook the fact that many medical devices are running obsolete operating systems like Windows XP. What’s more, the actual process of applying patches to the computers in medical devices can vary enormously from manufacturer to manufacturer, with some patches needing to be downloaded and applied manually, while others may be pushed automatically. In either case, there could still be a window of weeks, months or even years before the device’s vendor issues a patch for a given vulnerability – a window that a hacker could exploit before the hospital’s IT team becomes aware that the vulnerability exists. This means that hospitals need to take great care when it comes to structuring and segmenting their network . It is vital that connected medical devices – particularly those where the internal OS may be out of date – are placed within defined, segregated segments of the network, and robustly protected with next-generation firewalls, web proxies and other filters. While network segmentation and filtering will not protect unpatched or obsolete operating system, they will ensure that the hospital’s network is secured to the best of its ability . Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Insecure Service Protocols and Ports Okay, we all have them… they’re everyone’s dirty little network security secrets that we try not to... Risk Management and Vulnerabilities Removing insecure protocols In networks Matthew Pascucci 2 min read Matthew Pascucci Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 7/15/14 Published Insecure Service Protocols and Ports Okay, we all have them… they’re everyone’s dirty little network security secrets that we try not to talk about. They’re the protocols that we don’t mention in a security audit or to other people in the industry for fear that we’ll be publicly embarrassed. Yes, I’m talking about cleartext protocols which are running rampant across many networks. They’re in place because they work, and they work well, so no one has had a reason to upgrade them. Why upgrade something if it’s working right? Wrong. These protocols need to go the way of records, 8-tracks and cassettes (many of these protocols were fittingly developed during the same era). You’re putting your business and data at serious risk by running these insecure protocols. There are many insecure protocols that are exposing your data in cleartext, but let’s focus on the three most widely used ones: FTP, Telnet and SNMP. FTP (File Transfer Protocol) This is by far the most popular of the insecure protocols in use today. It’s the king of all cleartext protocols and one that needs to be smitten from your network before it’s too late. The problem with FTP is that all authentication is done in cleartext which leaves little room for the security of your data. To put things into perspective, FTP was first released in 1971, almost 45 years ago. In 1971 the price of gas was 40 cents a gallon, Disneyland had just opened and a company called FedEx was established. People, this was a long time ago. You need to migrate from FTP and start using an updated and more secure method for file transfers, such as HTTPS, SFTP or FTPS. These three protocols use encryption on the wire and during authentication to secure the transfer of files and login. Telnet If FTP is the king of all insecure file transfer protocols then telnet is supreme ruler of all cleartext network terminal protocols. Just like FTP, telnet was one of the first protocols that allowed you to remotely administer equipment. It became the defacto standard until it was discovered that it passes authentication using cleartext. At this point you need to hunt down all equipment that is still running telnet and replace it with SSH, which uses encryption to protect authentication and data transfer. This shouldn’t be a huge change unless your gear cannot support SSH. Many appliances or networking gear running telnet will either need the service enabled or the OS upgraded. If both of these options are not appropriate, you need to get new equipment, case closed. I know money is an issue at times, but if you’re running a 45 year old protocol on your network with the inability to update it, you need to rethink your priorities. The last thing you want is an attacker gaining control of your network via telnet. Its game over at this point. SNMP (Simple Network Management Protocol) This is one of those sneaky protocols that you don’t think is going to rear its ugly head and bite you, but it can! escortdate escorts . There are multiple versions of SNMP, and you need to be particularly careful with versions 1 and 2. For those not familiar with SNMP, it’s a protocol that enables the management and monitoring of remote systems. Once again, the strings can be sent via cleartext, and if you have access to these credentials you can connect to the system and start gaining a foothold on the network, including managing, applying new configurations or gaining in-depth monitoring details of the network. In short, it a great help for attackers if they can get hold of these credentials. Luckily version 3.0 of SNMP has enhanced security that protects you from these types of attacks. So you must review your network and make sure that SNMP v1 and v2 are not being used. These are just three of the more popular but insecure protocols that are still in heavy use across many networks today. By performing an audit of your firewalls and systems to identify these protocols, preferably using an automated tool such as AlgoSec Firewall Analyzer , you should be able to pretty quickly create a list of these protocols in use across your network. It’s also important to proactively analyze every change to your firewall policy (again preferably with an automated tool for security change management ) to make sure no one introduces insecure protocol access without proper visibility and approval. Finally, don’t feel bad telling a vendor or client that you won’t send data using these protocols. If they’re making you use them, there’s a good chance that there are other security issues going on in their network that you should be concerned about. It’s time to get rid of these protocols. They’ve had their usefulness, but the time has come for them to be sunset for good. Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Cloud-native organizations need an efficient and automated way to identify the security risks across their cloud infrastructure. Sergei... Cloud Security CSPM essentials – what you need to know? Rony Moshkovich 2 min read Rony Moshkovich Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 11/24/22 Published Cloud-native organizations need an efficient and automated way to identify the security risks across their cloud infrastructure. Sergei Shevchenko, Prevasio’s Co-Founder & CTO breaks down the essence of a CSPM and explains how CSPM platforms enable organizations to improve their cloud security posture and prevent future attacks on their cloud workloads and applications. In 2019, Gartner recommended that enterprise security and risk management leaders should invest in CSPM tools to “proactively and reactively identify and remediate these risks”. By “these”, Gartner meant the risks of successful cyberattacks and data breaches due to “misconfiguration, mismanagement, and mistakes” in the cloud. So how can you detect these intruders now and prevent them from entering your cloud environment in future? Cloud Security Posture Management is one highly effective way but is often misunderstood. Cloud Security: A real-world analogy There are many solid reasons for organizations to move to the cloud. Migrating from a legacy, on-premises infrastructure to a cloud-native infrastructure can lower IT costs and help make teams more agile. Moreover, cloud environments are more flexible and scalable than on-prem environments, which helps to enhance business resilience and prepares the organization for long-term opportunities and challenges. That said, if your production environment is in the cloud, it is also prone to misconfiguration errors, which opens the firm to all kinds of security threats and risks. Think of this environment as a building whose physical security is your chief concern. If there are gaps in this security, for example, a window that doesn’t close all the way or a lock that doesn’t work properly, you will try to fix them on priority in order to prevent unauthorized or malicious actors from accessing the building. But since this building is in the cloud, many older security mechanisms will not work for you. Thus, simply covering a hypothetical window or installing an additional hypothetical lock cannot guarantee that an intruder won’t ever enter your cloud environment. This intruder, who may be a competitor, enemy spy agency, hacktivist, or anyone with nefarious intentions, may try to access your business-critical services or sensitive data. They may also try to persist inside your environment for weeks or months in order to maintain access to your cloud systems or applications. Old-fashioned security measures cannot keep these bad guys out. They also cannot prevent malicious outsiders or worse, insiders from cryptojacking your cloud resources and causing performance problems in your production environment. What a CSPM is The main purpose of a CSPM is to help organizations minimize risk by providing cloud security automation, ensuring multi-cloud environments remain secure as they grow in scale and complexity. But, as organizations reach scale and add more complexity to their multi- cloud cloud environment, how can CSPMs help companies minimize such risks and better protect their cloud environments? Think of a CSPM as a building inspector who visits the building regularly (say, every day, or several times a day) to inspect its doors, windows, and locks. He may also identify weaknesses in these elements and produce a report detailing the gaps. The best, most experienced inspectors will also provide recommendations on how you can resolve these security issues in the fastest possible time. Similar to the role of a building inspector, CSPM provides organizations with the tools they need to secure your multi-cloud environment efficiently in a way that scales more readily than manual processes as your cloud deployments grow. Here are some CSPM key benefits: Efficient early detection: A CSPM tool allows you to automatically and continuously monitor your cloud environment. It will scan your cloud production environment to detect misconfiguration errors, raise alerts, and even predict where these errors may appear next. Responsive risk remediation: With a CSPM in your cloud security stack, you can also automatically remediate security risks and hidden threats, thus shortening remediation timelines and protecting your cloud environment from threat actors. Consistent compliance monitoring: CSPMs also support automated compliance monitoring, meaning they continuously review your environment for adherence to compliance policies. If they detect drift (non-compliance), appropriate corrective actions will be initiated automatically. What a CSPM is not Using the inspector analogy, it’s important to keep in mind that a CSPM can only act as an observer, not a doer. Thus, it will only assess the building’s security environment and call out its weakness. It won’t actually make any changes himself, say, by doing intrusive testing. Even so, a CSPM can help you prevent 80% of misconfiguration-related intrusions into your cloud environment. What about the remaining 20%? For this, you need a CSPM that offers something container scanning. Why you need an agentless CSPM across your multi-cloud environment If your network is spread over a multi-cloud environment, an agentless CSPM solution should be your optimal solution. Here are three main reasons in support of this claim: 1. Closing misconfiguration gaps: It is especially applicable if you’re looking to eliminate misconfigurations across all your cloud accounts, services, and assets. 2. Ensuring continuous compliance: It also detects compliance problems related to three important standards: HIPAA, PCI DSS, and CIS. All three are strict standards with very specific requirements for security and data privacy. In addition, it can detect compliance drift from the perspectives of all three standards, thus giving you the peace of mind that your multi-cloud environment remains consistently compliant. 3. Comprehensive container scanning: An agentless CSPM can scan container environments to uncover hidden backdoors. Through dynamic behavior analyses, it can detect new threats and supply chain attack risks in cloud containers. It also performs container security static analyses to detect vulnerabilities and malware, thus providing a deep cloud scan – that too in just a few minutes. Why Prevasio is your ultimate agentless CSPM solution Multipurpose: Prevasio combines the power of a traditional CSPM with regular vulnerability assessments and anti-malware scans for your cloud environment and containers. It also provides a prioritized risk list according to CIS benchmarks, so you can focus on the most critical risks and act quickly to adequately protect your most valuable cloud assets. User friendly: Prevasio’s CSPM is easy to use and easier still to set up. You can connect your AWS account to Prevasio in just 7 mouse clicks and 30 seconds. Then start scanning your cloud environment immediately to uncover misconfigurations, vulnerabilities, or malware. Built for scale: Prevasio’s CSPM is the only solution that can scan cloud containers and provide more comprehensive cloud security configuration management with vulnerability and malware scans. Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Introduction Imagine your sensitive business data falling into the wrong hands. A data breach can be devastating, leading to financial... Cloud Security What Is Cloud Encryption? Your Key to Data Security Asher Benbenisty 2 min read Asher Benbenisty Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 12/16/24 Published Introduction Imagine your sensitive business data falling into the wrong hands. A data breach can be devastating, leading to financial losses, legal headaches, and irreparable damage to your reputation. Cloud encryption is your key to protecting your valuable data and ensuring peace of mind in the cloud. In this article, we'll explore cloud encryption and how AlgoSec can help you implement it effectively. We'll cover the basics of encryption, its benefits, the challenges you might face, and best practices to ensure your data stays safe. What Is Cloud Encryption? Cloud encryption is like creating a secret code for your data. It scrambles your information so that only authorized people with the key can read it. This process ensures that even if someone gains unauthorized access to your data, they won't be able to understand or use it. Cloud encryption is essential for protecting sensitive information like customer data, financial records, and intellectual property. It helps organizations meet compliance requirements, maintain data privacy, and safeguard their reputation. Encryption in Action: Protecting Data at Rest and in Transit Cloud encryption can be used to protect data in two states: Data at Rest: This refers to data that is stored in the cloud, such as in databases or storage buckets. Encryption ensures that even if someone gains access to the storage, they can't read the data without the encryption key. Data in Transit: This refers to data that is moving between locations, such as between your computer and a cloud server. Encryption protects the data while it travels over the internet, preventing eavesdropping and unauthorized access. How does it work? Cloud encryption uses algorithms to transform your data into an unreadable format. Think of it like this: Symmetric encryption: You and the recipient have the same key to lock (encrypt) and unlock (decrypt) the data. It's like using the same key for your front and back door. Asymmetric encryption: There are two keys: a public key to lock the data and a private key to unlock it. It's like having a mailbox with a slot for anyone to drop mail in (public key), but only you have the key to open the mailbox (private key). Why Encrypt Your Cloud Data? Cloud encryption offers a wide range of benefits: Compliance: Avoid costly fines and legal battles by meeting compliance requirements like GDPR, HIPAA, and PCI DSS. Data Protection: Safeguard your sensitive data, whether it's financial transactions, customer information, or intellectual property. Control and Ownership: Maintain control over your data and who can access it. Insider Threat Protection: Reduce the risk of data breaches caused by malicious or negligent employees. Multi-Tenancy Security: Enhance data security and isolation in shared cloud environments. Cloud Encryption Challenges (and How AlgoSec Helps) While cloud encryption is essential, it can be complex to manage. Here are some common challenges: Key Management: Securely managing encryption keys is crucial. Losing or mismanaging keys can lead to data loss. AlgoSec Solution: AlgoSec provides a centralized key management system to simplify and secure your encryption keys. Compliance: Meeting various regional and industry-specific regulations can be challenging. AlgoSec Solution: AlgoSec helps you navigate compliance requirements and implement appropriate encryption controls. Shared Responsibility: Understanding the shared responsibility model and your role in managing encryption can be complex. AlgoSec Solution: AlgoSec provides clear guidance and tools to help you fulfill your security responsibilities. Cloud Encryption Best Practices Encrypt Everything: Encrypt data both at rest and in transit. Choose Strong Algorithms: Use strong encryption algorithms like AES-256. Manage Keys Securely: Use a key management system (KMS) like the one provided by AlgoSec to automate and secure key management. Control Access: Implement strong access controls and identity management systems. Stay Compliant: Adhere to industry standards and regulations. Monitor and Audit: Regularly monitor your encryption implementation and conduct audits to ensure ongoing effectiveness. Conclusion Protecting your data in the cloud is non-negotiable. Cloud encryption is a fundamental security measure that every organization should implement. By understanding the benefits, challenges, and best practices of cloud encryption, you can make informed decisions to safeguard your sensitive information. Ready to protect your cloud data with encryption? AlgoSec helps businesses ensure data confidentiality and drastically lower the risk of cloud security incidents. Dive deeper into cloud security: Read our previous blog posts, Unveiling Cloud's Hidden Risks, A Secure VPC as the Main Pillar of Cloud Security, Azure Best Practices and Kubernetes Security Best Practices to uncover the top challenges and learn how to gain control of your cloud environment. These articles will equip you with the knowledge and tools to strengthen your cloud defenses. Subscribe to our blog to stay informed and join us on the journey to a safer and more resilient cloud future. Have a specific cloud security challenge? Contact us today for a free consultation. Want to learn more about how AlgoSec can help you secure your Kubernetes environment? Request a free demo today! Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Safeguarding the network architecture is the need of the hour. According to a study, the average cost of a data breach is at an all-time... Network Security Policy Management Network segmentation vs. VLAN explained Tsippi Dach 2 min read Tsippi Dach Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 8/9/23 Published Safeguarding the network architecture is the need of the hour. According to a study, the average cost of a data breach is at an all-time high of $4.35 million. And this figure will only increase with governments and regulators becoming ever stricter on data breaches. The go-to method IT administrators adopt to safeguard their networks is network segmentation. By segmenting a larger network into smaller chunks, it becomes much more manageable to secure the entire network. But network segmentation is a broad concept and doesn’t refer to a single procedure. In fact, there are several segmentation processes — one of them being VLAN. Instead of simplifying, this adds to the complexity. In this article, we will explain the core difference between network segmentation and VLAN and when you should opt for a particular one over the other. What is network segmentation? Let’s start with the definitions of network segmentation and VLAN. By definition, network segmentation is the practice of compartmentalizing a network according to firewall rules . In other words, it’s about dividing a computer network into subnetworks. The subnetworks, at the IP level, are known as subnets. Each of the subnets then works independently and in isolation. Think of how a nation is split into various states and provinces for better management at the local level. Running an entire nation at the federal level is too much work. In addition to subnetting, there are other segmentation options like firewall segmentation and SDN (Software Defined Network) segmentation. But for this article’s sake, we will focus on subnets since those are the most common. What is VLAN? VLAN or Virtual LAN (Virtual Local Area Network) is also a type of network segmentation approach where the main physical network is divided into multiple smaller virtual networks. The division is done logically or virtually, not requiring buying additional physical resources. The same resource is divided using computer logic. There are several benefits to dividing the parts of the network, either using VLAN segmentation or subnet techniques. Some of them are: Broadcast domain isolation Both subnets and VLAN isolate broadcast domains. This way, broadcasting network traffic is contained in a single segment instead of being exposed to the entire network. This reduces the chance of network congestion during peak hours and unnecessary server overload, thereby maximizing efficiency. Enhanced security The isolation by subnets or VLAN enhances the IT network’s security policies. This is achieved through various factors that are at play. But primarily, the creation of subnetworks makes the flat network more secure. With multiple subnetworks, you can regulate the security parameters. Thus, those subnets containing critical data (like that of healthcare) can have enhanced cybersecurity measures more than others, making them harder to crack. So, from a security perspective, both subnets and VLAN are a must. Better network management With digitization and IT modernization, the IT infrastructure is growing. Concurrently, it’s getting harder to manage them. Microsegmentation is one way of managing the ever-growing infrastructure. By segmenting, you can deploy teams to each segment, thereby strengthening their management and accountability. With the implementation of SDN, you can even configure and automate the management of some of the subnetworks. Flexibility in scalability Many network administrators face network performance and scalability issues expanding resources. The issues are a mix of technical and economical. Network segmentation offers a solution to such issues. By segmenting the entire data center network, you can choose which segments to expand and control the resources granted to each segment. This also makes scalability more economical. While both offer scalability opportunities, VLAN offers superior functionality than subnets. Reduced scope of compliance Compliance is another area that IT execs need to work on. And network segmentation, either via subnets or VLAN, can help in this regard. By having subnets, you don’t have to audit your entire segmented network as required by regulators. Just audit the necessary subnets and submit the reports to the regulators for approval. This takes far less time and costs significantly less than auditing the entire network. Differences between network segmentation and VLAN By definition, network segmentation (subnetting) and VLAN sound pretty similar. After all, there’s a division of the main network into subnetworks or smaller networks. But besides the core similarities mentioned above, there are a few critical differences. Let’s dive into the differences between the two. The primary difference between the two subnets are layer 3 divisions, while VLANs are layer 2 divisions. As you may recall, networks are layer 1 (device), layer 2 (data link), layer 3 (IP, routers), and so on, up to layer 7 (application). TCP/IP is the newer framework with four layers only. So, when you divide a network at a data link, you need to adopt VLAN. With VLAN, several networks exist on the same physical network but may not be connected to the same fiber switch. In subnets, the division occurs at IP level. Thus, the independent subnets are assigned their IP addresses and communicate with others over layer 3. Besides this significant difference, there are other dissimilarities you should know. Here’s a table to help you understand: VLAN Subnet 1 Divides the network within the same physical network using logic. Divides the IP network into multiple IP networks 2 VLANs communicate with other devices within the same LAN The communication between the subnets is carried out over layer 3 3 It is configured at the switch side It is configured at IP level 4 VLAN divisions are software-based terminology since they’re divided logically. Subnets can be both hardware- of software-based 5 VLAN provides better network access and tend to be more stable Subnets offer limited control When to adopt a subnet? There are use cases when subnets are more suited, while there are cases when you’re better off with Virtual LANs. As per the definition, you need to adopt a subnet when dividing different networks at IP level. So, if you want to create multiple IP addresses for each partition, implement subnets. The subnets are essentially networks within a network with their own IP addresses. Thus, they divide the broadcast domain and improve speed and efficiency. Subnets are also the go-to segmentation method when you need to make the sub-networks available over layer 3 to the outside world. With appropriate access control lists, anyone with an internet connection would be able to access the subnets But subnetting is also used to prevent access to a particular subnet. For example, you may want to limit access to the company’s software codebase to anyone outside the development department. So, only network devices with approved IP addresses used by the developer network are approved to access the codebase. But there are two downsides to subnets you should know. The first one is increased time complexity. When dealing with a single network, three steps are in place to reach the Process (Source Host, Destination Network, and Process). In subnets, there’s an additional step involved (Source Host, Destination Network, Subnet, Process). This extra step increases time complexity, requiring more time for data transfer and connectivity. It also affects stability. Subnetting also increases the number of IP addresses required since each subnet requires its own IP address. This can become hard to manage over time. When to adopt VLAN? Virtual LANs are internal networks within the same physical network. They interact with one another, not with other devices on the same network or outside the world. Think of VLAN as a private wireless network at home. Your neighbors don’t have access to it, but everyone in your home has. If that sounds like your desired result, you should adopt VLAN. There are three types of VLANs (basic, extended, and tagged). In basic VLAN, you assign IDs to each switch port or PCI . Once assigned, you can’t change them. Extended VLAN has more functionalities like priority-based routing. Lastly, tagged VLAN enables you to create multiple VLANs with IEEE 802.1Q. The main advantages of different VLANs over subnet are speed and stability. Since endpoints do not have to resolve IP addresses every time, they tend to be faster. But there’s a significant disadvantage to VLANs: It’s easier to breach multiple partitions if there’s a malicious injection. Without proper network security controls, it is easier to exploit vulnerabilities using malware and ransomware , putting your entire network at risk. Having ACLs (access control lists) can help in such situations. Furthermore, there are issues arising out of physical store requirements. Connecting two segments in VLAN requires you to use routers and IoT. Routers are physical devices that take up space. The more segments you create, the more routers you need to use. Over time, management can become an issue. The bottom line Both subnets and VLANs are network segmentation approaches that improve security and workload management. It’s not a given that you can’t have both. Some companies benefit from the implementation of VLAN and subnets simultaneously. But there are specific times when IT service providers prefer one over the other. Consider your requirements to select the approach that’s right for you. Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

The goal of the AlgoSec Professional Services Team is to partner with you and enable you to meet your budget, time and resource constraints AlgoSec professional services Service offerings We offer a variety of à la carte Professional Services to help you quickly benefit from your AlgoSec investment. AlgoSec JumpStart packages View detailed information Through our new JumpStart packages we will deploy your AlgoSec products quickly and cost-effectively within your environment, so that you can start generating value from your AlgoSec investment as soon as possible Basic deployment of the AlgoSec security management suite View detailed information This service includes installing your AlgoSec appliances with the most recent build of the AlgoSec Security Management Suite including AlgoSec Horizon Security Analyzer and/or AlgoSec Horizon FireFlow and/or AlgoSec BusinessFlow, then verifying connectivity and defining devices. We will also verify that the reporting functionality works properly for each deployed device, and will provide sufficient knowledge transfer to enable you to perform basic operations in your AlgoSec environment. AlgoSec technical audit View detailed information Get a technical audit of your running AlgoSec environment – remotely or on-premises. Make sure you are optimally configured to get the best performance and functionality. Identify critical issues, receive insights and actionable suggestions to help you improve your network, identify issues that may have arisen since deployment, as well as recommendations for architectural improvements and optimization. AlgoSec Technical Audit is recommended once a year, and at least 6 months following initial deployment. Integration with existing Change Management Systems (CMS) View detailed information We can seamlessly integrate with any existing CMS including ServiceNow, Remedy, ServiceDesk and others. We can integrate your CMS system with AlgoSec via a Web Services call, as well as import historical change requests into AlgoSec. Advanced configuration View detailed information Suitable for complex, enterprise environments, this service includes verifying requirements and designing the appropriate topology for: High-Availability or Disaster-Recovery modes Load Distribution mode Geographical Distribution or Central-Manager / Remote-Agent mode Develop custom reports View detailed information We can create custom risk profiles and baseline configuration reports to meet your unique needs. Develop custom change workflows View detailed information While AlgoSec includes several out-of-the-box workflows, we can develop custom workflows to meet your unique needs. Customization options include creating the different steps in a change process, managing the ticket lifecycle based on your processes, dynamically routing tickets to required approvers and changing request form fields and appearance. Project management and customer success management View detailed information We can provide on-going project management to support your AlgoSec implementation. We provide regular status updates and meetings to ensure that the project is on schedule and meets your requirements. Schedule time with one of our experts Schedule time with one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* Long answer Send message

The aim of this post is to provide a very high-level illustration of the DNS Tunneling method used in the SolarWinds supply chain attack.... Cloud Security DNS Tunneling In The SolarWinds Supply Chain Attack Rony Moshkovich 2 min read Rony Moshkovich Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 12/23/20 Published The aim of this post is to provide a very high-level illustration of the DNS Tunneling method used in the SolarWinds supply chain attack . An Attacker compromises SolarWinds company and trojanizes a DLL that belongs to its software. Some of the customers receive the malicious DLL as an update for the SolarWinds Orion software. “Corporation XYZ” receives the malicious and digitally signed DLL via update. SolarWinds Orion software loads the malicious DLL as a plugin. Once activated, the DLL reads a local domain name “local.corp-xyz.com” (a fictious name). The malware encrypts the local domain name and adds it to a long domain name. The long domain name is queried with a DNS server (can be tapped by a passive DNS sensor). The recursive DNS server is not authorized to resolve avsvmcloud[.]com, so it forwards the request. An attacker-controlled authoritative DNS server resolves the request with a wildcard A record. The Attacker checks the victim’s name, then adds a CNAME record for the victim’s domain name. The new CNAME record resolves the long domain name into an IP of an HTTP-based C2 server. The malicious DLL downloads and executes the 2nd stage malware (TearDrop, Cobalt Strike Beacon). A Threat Researcher accesses the passive DNS (pDNS) records. One of the long domain names from the pDNS records is decrypted back into “local.corp-xyz.com”. The Researcher deducts that the decrypted local domain name belongs to “Corporation XYZ”. Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Cloud Security is a broad domain with many different aspects, some of them human. Even the most sophisticated and secure systems can be... Cloud Security CSPM importance for CISOs. What security issues can be prevented\defended with CSPM? Rony Moshkovich 2 min read Rony Moshkovich Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 6/17/21 Published Cloud Security is a broad domain with many different aspects, some of them human. Even the most sophisticated and secure systems can be jeopardized by human elements such as mistakes and miscalculations. Many organizations are susceptible to such dangers, especially during critical tech configurations and transfers. Especially for example, during digital transformation and cloud migration may result in misconfigurations that can leave your critical applications vulnerable and your company’s sensitive data an easy target for cyber-attacks. The good news is that Prevasio, and other cybersecurity providers have brought in new technologies to help improve the cybersecurity situation across multiple organizations. Today, we discuss Cloud Security Posture Management (CSPM) and how it can help prevent not just misconfigurations in cloud systems but also protect against supply chain attacks. Understanding Cloud Security Posture Management First, we need to fully understand what a CSPM is before exploring how it can prevent cloud security issues. CSPM is first of all a practice for adopting security best practices as well as automated tools to harden and manage the company security strength across various cloud based services such as Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). These practices and tools can be used to determine and solve many security issues within a cloud system. Not only is CSPM critical to the growth and integrity of your cloud infrastructure, but it’s also mandatory for organizations with CIS, GDPR, PCI-DSS, NIST, HIPAA and similar compliance requirements. How Does CSPM Work? There are numerous cloud service providers such as AWS , Azure , Google Cloud, and others that provide hyper scaling cloud hosted platforms as well as various cloud compute services and solutions to organizations that previously faced many hurdles with their on-site cloud infrastructures. When you migrate your organization to these platforms, you can effectively scale up and cut down on on-site infrastructure spending. However, if not appropriately handled, cloud migration comes with potential security risks. For instance, an average Lift and Shift transfer that involves a legacy application may not be adequately security hardened or reconfigured for safe use in a public cloud setup. This may result in security loopholes that expose the network and data to breaches and attacks. Cloud misconfiguration can happen in multiple ways. However, the most significant risk is not knowing that you are endangering your organization with such misconfigurations. That being the case, below are a few examples of cloud misconfigurations that can be identified and solved by CSPM tools such as Prevasio within your cloud infrastructure: Improper identity and access management : Your organization may not have the best identity and access management system in place. For instance, lack of Multi-Factor Authentication (MFA) for all users, unreliable password hygiene, and discriminatory user policies instead of group access, Role-based access, and everything contrary to best practices, including least privilege. You are unable to log in to events in your cloud due to an accidental CloudTrail error. Cloud storage misconfigurations : Having unprotected S3 buckets on AWS or Azure. CSPM can compute situations that have the most vulnerabilities within applications Incorrect secret management : Secret credentials are more than user passwords or pins. They include encryption keys, API keys, among others. For instance, every admin must use encryption keys on the server-side and rotate the keys every 90 days. Failure to do this can lead to credentials misconfigurations. Ideally, part of your cloud package must include and rely on solutions such as AWS Secrets Manager , Azure Key Vault , and other secrets management solutions. The above are a mere few examples of common misconfigurations that can be found in your cloud infrastructure, but CSPM can provide additional advanced security and multiple performance benefits. Benefits Of CSPM CSPM manages your cloud infrastructure. Some of the benefits of having your cloud infrastructure secured with CSPM boils down to peace of mind, that reassurance of knowing that your organization’s critical data is safe. It further provides long-term visibility to your cloud networks, enables you to identify violations of policies, and allows you to remediate your misconfigurations to ensure proper compliance. Furthermore, CSPM provides remediation to safeguard cloud assets as well as existing compliance libraries. Technology is here to stay, and with CSPM, you can advance the cloud security posture of your organization. To summarize it all, here are what you should expect with CSPM cloud security: Risk assessment : CSPM tools can enable you to see your network security level in advance to gain visibility into security issues such as policy violations that expose you to risk. Continuous monitoring : Since CSPM tools are versatile they present an accurate view of your cloud system and can identify and instantly flag off policy violations in real-time. Compliance : Most compliance laws require the adoption of CIS, NIST, PCI-DSS, SOC2, HIPAA, and other standards in the cloud. With CSPM, you can stay ahead of internal governance, including ISO 27001. Prevention : Most CSPM allows you to identify potential vulnerabilities and provide practical recommendations to prevent possible risks presented by these vulnerabilities without additional vendor tools. Supply Chain Attacks : Some CSPM tools, such as Prevasio , provides you malware scanning features to your applications, data, and their dependency chain on data from external supply chains, such as git imports of external libraries and more. With automation sweeping every industry by storm, CSPM is the future of all-inclusive cloud security. With cloud security posture management, you can do more than remediate configuration issues and monitor your organization’s cloud infrastructure. You’ll also have the capacity to establish cloud integrity from existing systems and ascertain which technologies, tools, and cloud assets are widely used. CSPM’s capacity to monitor cloud assets and cyber threats and present them in user-friendly dashboards is another benefit that you can use to explore, analyze and quickly explain to your team(s) and upper management. Even find knowledge gaps in your team and decide which training or mentorship opportunities your security team or other teams in the organization might require. Who Needs Cloud Security Posture Management? At the moment, cloud security is a new domain that its need and popularity is growing by the day. CSPM is widely used by organizations looking to maximize in a safe way the most of all that hyper scaling cloud platforms can offer, such as agility, speed, and cost-cutting strategies. The downside is that the cloud also comes with certain risks, such as misconfigurations, vulnerabilities and internal\external supply chain attacks that can expose your business to cyber-attacks. CSPM is responsible for protecting users, applications, workloads, data, apps, and much more in an accessible and efficient manner under the Shared Responsibility Model. With CSPM tools, any organization keen on enhancing its cloud security can detect errors, meet compliance regulations, and orchestrate the best possible defenses. Let Prevasio Solve Your Cloud Security Needs Prevasio’s Next-Gen CSPM solution focus on the three best practices: light touch\agentless approach, super easy and user-friendly configuration, easy to read and share security findings context, for visibility to all appropriate users and stakeholders in mind. Our cloud security offerings are ideal for organizations that want to go beyond misconfiguration, legacy compliance or traditional vulnerability scanning. We offer an accelerated visual assessment of your cloud infrastructure, perform automated analysis of a wide range of cloud assets, identify policy errors, supply-chain threats, and vulnerabilities and position all these to your unique business goals. What we provide are prioritized recommendations for well-orchestrated cloud security risk mitigations. To learn more about us, what we do, our cloud security offerings, and how we can help your organization prevent cloud infrastructure attacks, read all about it here . Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Common Firewall Threats Do you really know what vulnerabilities currently exist in your enterprise firewalls? Your vulnerability scans... Cyber Attacks & Incident Response Top 10 common firewall threats and vulnerabilities Kevin Beaver 2 min read Kevin Beaver Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 7/16/15 Published Common Firewall Threats Do you really know what vulnerabilities currently exist in your enterprise firewalls? Your vulnerability scans are coming up clean. Your penetration tests have not revealed anything of significance. Therefore, everything’s in check, right? Not necessarily. In my work performing independent security assessments , I have found over the years that numerous firewall-related vulnerabilities can be present right under your nose. Sometimes they’re blatantly obvious. Other times, not so much. Here are my top 10 common firewall vulnerabilities that you need to be on the lookout for listed in order of typical significance/priority: Password(s) are set to the default which creates every security problem imaginable, including accountability issues when network events occur. Anyone on the Internet can access Microsoft SQL Server databases hosted internally which can lead to internal database access, especially when SQL Server has the default credentials (sa/password) or an otherwise weak password. Firewall OS software is outdated and no longer supported which can facilitate known exploits including remote code execution and denial of service attacks, and might not look good in the eyes of third-parties if a breach occurs and it’s made known that the system was outdated. Anyone on the Internet can access the firewall via unencrypted HTTP connections, as these can be exploited by an outsider who’s on the same network segment such as an open/unencrypted wireless network. Anti-spoofing controls are not enabled on the external interface which can facilitate denial of service and related attacks. Rules exist without logging which can be especially problematic for critical systems/services. Any protocol/service can connect between internal network segments which can lead to internal breaches and compliance violations, especially as it relates to PCI DSS cardholder data environments. Anyone on the internal network can access the firewall via unencrypted telnet connections. These connections can be exploited by an internal user (or malware) if ARP poisoning is enabled via a tool such as the free password recovery program Cain & Abel . Any type of TCP or UDP service can exit the network which can enable the spreading of malware and spam and lead to acceptable usage and related policy violations. Rules exist without any documentation which can create security management issues, especially when firewall admins leave the organization abruptly. Firewall Threats and Solutions Every security issue – whether confirmed or potential – is subject to your own interpretation and needs. But the odds are good that these firewall vulnerabilities are creating tangible business risks for your organization today. But the good news is that these security issues are relatively easy to fix. Obviously, you’ll want to think through most of them before “fixing” them as you can quickly create more problems than you’re solving. And you might consider testing these changes on a less critical firewall or, if you’re lucky enough, in a test environment. Ultimately understanding the true state of your firewall security is not only good for minimizing network risks, it can also be beneficial in terms of documenting your network, tweaking its architecture, and fine-tuning some of your standards, policies, and procedures that involve security hardening, change management, and the like. And the most important step is acknowledging that these firewall vulnerabilities exist in the first place! Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

Fortinet partner solution brief Download PDF Download PDF Add a Title Add a Title Add a Title Schedule time with one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue Talk to a Skybox transition expert. Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue

Cloud security is one of the big buzzwords in the security space along with big data and others. So we’ll try to tackle where cloud... Information Security Cloud Security: Current Status, Trends and Tips Kyle Wickert 2 min read Kyle Wickert Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam. Tags Share this article 6/25/13 Published Cloud security is one of the big buzzwords in the security space along with big data and others. So we’ll try to tackle where cloud security is today, where its heading as well as outline challenges and offer tips for CIOs and CSOs looking to experiment with putting more systems and data in the cloud. The cloud is viewed by many as a solution to reducing IT costs and ultimately has led many organizations to accept data risks they would not consider acceptable in their own environments. In our State of Network Security 2013 Survey , we asked security professionals how many security controls were in the cloud and 60 percent of respondents reported having less than a quarter of their security controls in the cloud – and in North America the larger the organization, the less security controls in the cloud. Certainly some security controls just aren’t meant for the cloud, but I think this highlights the uncertainty around the cloud, especially for larger organizations. Current State of Cloud Security Cloud security has clearly emerged with both a technological and business case, but from a security perspective, it’s still a bit in a state of flux. A key challenges that many information security professionals are struggling with is how to classify the cloud and define the appropriate type of controls to secure data entering the cloud. While oftentimes the cloud is classified as a trusted network, the cloud is inherently untrusted since it is not simply an extension of the organization, but it’s an entirely separate environment that is out of the organization’s control. Today “the cloud” can mean a lot of things: a cloud could be a state-of-the-art data center or a server rack in a farm house holding your organization’s data. One of the biggest reasons that organizations entertain the idea of putting more systems, data and controls in the cloud is because of the certain cost savings. One tip would be to run a true cost-benefit-risk analysis that factors in the value of the data being sent into the cloud. There is value to be gained from sending non-sensitive data into the cloud, but when it comes to more sensitive information, the security costs will increase to the point where the analysis may suggest keeping in-house. Cloud Security Trends Here are several trends to look for when it comes to cloud security: Data security is moving to the forefront, as security teams refocus their efforts in securing the data itself instead of simply the servers it resides on. A greater focus is being put on efforts such as securing data-at-rest, thus mitigating the need to some degree the reliance on system administrators to maintain OS level controls, often outside the scope of management for information security teams. With more data breaches occurring each day, I think we will see a trend in collecting less data where is it simply not required. Systems that are processing or storing sensitive data, by their very nature, incur a high cost to IT departments, so we’ll see more effort being placed on business analysis and system architecture to avoid collecting data that may not be required for the business task. Gartner Research recently noted that by 2019, 90 percent of organizations will have personal data on IT systems they don’t own or control! Today, content and cloud providers typically use legal means to mitigate the impact of any potential breaches or loss of data. I think as cloud services mature, we’ll see more of a shift to a model where it’s not just these vendors offering software as a service, but also includes security controls in conjunction with their services. More pressure from security teams will be put on content providers to provide such things as dedicated database tiers, to isolate their organization’s data within the cloud itself. Cloud Security Tips Make sure you classify data before even considering sending it for processing or storage in the cloud. If data is deemed too sensitive, the risks of sending this data into the cloud must be weighed closely against the costs of appropriately securing it in the cloud. Once information is sent into the cloud, there is no going back! So make sure you’ve run a comprehensive analysis of what you’re putting in the cloud and vet your vendors carefully as cloud service providers use varying architectures, processes, and procedures that may place your data in many precarious places. Schedule a demo Related Articles Q1 at AlgoSec: What innovations and milestones defined our start to 2026? AlgoSec Reviews Mar 19, 2023 · 2 min read 2025 in review: What innovations and milestones defined AlgoSec’s transformative year in 2025? AlgoSec Reviews Mar 19, 2023 · 2 min read Navigating Compliance in the Cloud AlgoSec Cloud Mar 19, 2023 · 2 min read Speak to one of our experts Speak to one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Schedule a call

AWS best practices WhitePaper Download PDF Download PDF Add a Title Add a Title Add a Title Schedule time with one of our experts Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue Talk to a Skybox transition expert. Work email* First name* Last name* Company* country* Select country... Short answer* By submitting this form, I accept AlgoSec's privacy policy Continue