How To Cure The Patchwork Security Blues

Posted on

Short Summary: New threats arise as networks grow, and companies respond by adding new security products in a piecemeal fashion. The result is a patchwork of stitched-together systems rather than a well-crafted, strategically architected solution.

Securing computer networks is far more complex today that it used to be. Internet of Things (IoT) devices add unseen access points to networks, while the cloud and BYOD practices move access points outside network boundaries.

New threats arise as networks grow, and companies respond by adding new security products in a piecemeal fashion. The result is a patchwork of stitched-together systems rather than a well-crafted, strategically architected solution.

Patchwork Security Is Poor Security

All too often, a patchwork security approach is complex, difficult to manage, and frankly, frightening. Products don’t interoperate and are not easy to manage in a centralized way. Security products aren’t optimized because companies don’t have the resources to understand and support them fully; so companies end up disabling certain features in these tools when they don’t know how they’ll impact network performance or end users.

At the end of the day, product benefits and efficiencies are lost, leaving companies with dangerous gaps in their overall security.

Tightly Woven Fabric Of Security Closes Security Gaps

You can help your customers solve those problems by recommending Fortinet’s ground-breaking approach to seamlessly integrating different security products and functions. Called the “Security Fabric,” it’s a powerful architecture that simplifies security management and enhances overall network visibility by weaving together the loose threads that hinder the performance of patchwork security platforms.

Fortinet, our partner, created the Security Fabric to relieve customers of the struggles of getting separate security products to interoperate and trying to manage them in a cohesive way. To help customers overcome these challenges, Fortinet designed the fabric with a number of goals in mind, including:

  • Enabling security devices to easily collaborate, share threat intelligence and coordinate incident response actions
  • Segmenting networks and quarantining threats to achieve comprehensive traffic visibility and contain risk 
  • Centrally coordinating security policy across, in and out of network environments — from the cloud to the data center to mobile and on premise endpoints

The security fabric architecture achieves these goals by improving 5 core security capabilities:

  1. Scalability: Protection that is both broad, scaling from internal networks to the cloud, and deep, scaling to address traffic volumes and meet performance demands.
  2. Awareness: Seamless interoperability between security devices that now function as a single entity. These devices take a deep look at the network’s traffic, not only when it enters an organization’s network, but also as data moves within the network to improve detection of advanced persistent threats.
  3. Security: Easier sharing of real-time threat intelligence across all security devices, by enabling them to work together and be managed in a holistic way.
  4. Actionable: Shared intelligence doesn’t add to security if it can’t be acted upon. By coordinating information from Fortinet’s big data systems with local network data, threat information can be correlated to local circumstances and lead to a meaningful response.
  5. Open: Through the use of APIs, other vendors can integrate their security products into the Security Fabric, extending its capabilities without complicating management.

Upgrade Customers to a Simpler Security Solution

As a partner of Fortinet, you can help customers that already use Fortinet security solutions upgrade to the Security Fabric to optimize their effectiveness — and introduce the benefits of Fortinet’s holistic approach to cybersecurity to new customers. With its flexible, open architecture, it will support your customers as new threats arise and their security needs change.

Fine Tec is a value-added distributor of Fortinet network security solutions. Contact us to learn more about why Fortinet’s Security Fabric is the answer to your customers’ patchwork security blues.



How to prevent an attacker maintaining persistence through lateral movement in your network with Interguard

Posted on

AWARENESSHow to prevent an attacker maintaining persistence through lateral movement in your network with Interguard

What is Lateral Movement?

After an initial device is compromised, an attacker will try to extend access to other machines in the network. Lateral movement helps an attacker maintain persistence in the network, gain control of an administrator’s machine and the privileges and data associated with it, or move closer to valuable assets up to and leading to your network’s Domain Controller.

Because attackers want to stay beneath the radar, they often avoid malware and obvious exploits that will trigger signature-based intrusion alarms. Instead, they will attempt to steal or guess passwords and then login to remote machines using standard admin tools and remote desktop apps. They may also compromise additional hosts by installing malicious code on network file shares or manipulating computer logon scripts.

IT security teams can detect lateral movement by looking for credential abuse and excessive failed logins. If multiple devices share the same credentials or if a single device logs in to network resources from distinct accounts in a short period of time, an attack may be in progress.

Admin Tools

Attackers often use administrative utilities to conduct lateral movement. Attackers use a variety of command line shells to remotely administer machines. While primarily used for lateral movement, admin tools can be used for many purposes including exfiltration and reconnaissance.

The most popular admin tool that hackers use for lateral movement 28.48% of the time is:  SecureCRT (an SSH and Telnet client ).

How can Interguard help?

Interguard’s agents are deployed onto the target device or VDI. We can set-up an application control policy to eliminate the possibility that threat actors are using SecureCRT to laterally move across your network:

Step # 1:  Search for SecureCRT

 Search for SecureCRT

Step # 2: Create a time schedule to block SecureCRT

Block SecureCRT

Step # 3: Select Block of time

 Block of time

It’s that easy!! You’ve created your policy!

In one fell swoop, you will be able to block the number #1 Admin tool threat vector that hackers use to gain credentials to your network’s Domain Controller.

Because Interguard’s agents are device-centric, you are assured that your end-point is protected and credentials are not mis-used.

For more questions, contact your Fine Tec sales rep or email us at marketing@finetec.com




End Your Customers’ Wi-Fi Security Headaches

Posted on

Wi-Fi is the de facto network choice for most organizations — large and small, across all industries.  It’s easy to see why: Ease and speed of deployment for the organization and personal convenience for employees. Furthermore, recent iterations of the standard, such as 802.11ac, solve performance issues, bringing wireless throughput fully on par with a cabled Ethernet. Continue reading End Your Customers’ Wi-Fi Security Headaches



Fortinet leads fight against application level DDoS attacks

Posted on

Application-layer attacks are getting smarter — and more common.

For businesses with outward-facing Internet services — which is to say, nearly all of them these days — distributed denial of service (DDoS) attacks have been a major threat for over a decade now. Various strategies exist to defend against conventional attacks.

But as is usual in the cybersecurity arms race, DDoS attackers have evolved in parallel with the defenders. An example is in the way DDoS attacks have increasingly focused on the application layer, which is also known as layer seven in the standard OSI network model. Continue reading Fortinet leads fight against application level DDoS attacks



What Do Your Customers Know About the 2016 Top Threat Predictions?

Posted on

As cyber attackers continue to become more sophisticated, the changing threat landscape continues to bring new challenges to companies. The never-ending “cat and mouse” game between cyber criminals and security practitioners means companies have to be on high alert 24/7. The ongoing expansion of attack surfaces makes it all the more difficult.

With the cyber threat environment in a state of constant flux, it’s helpful to ask: “Are my customers’ cybersecurity solutions and strategies still aligned as closely as they should be with key trends?” A look at some of the threats expected to become more prominent as we get deeper into 2016 is a good place to start. Continue reading What Do Your Customers Know About the 2016 Top Threat Predictions?