Category: News and Events

Secure your Hybrid Workforce with Citrix Secure Internet Access

Arby News and Events , ,
Secure your Hybrid Workforce with Citrix Secure Internet Access

The landscape of business in the Philippines has changed. Despite some offices slowly resuming to normalcy, many are now still more open to allowing a hybrid or even pure remote work schedule. This increase of remote work has helped increased mobility but could have security implications if not addressed properly.

Remote workers may be connecting to cloud-hosted or SaaS applications with commodity Internet. This scenario lacks consistent, fast and secure access to applications. There may even be some cases when employees often disconnect from their VPN clients when accessing web and SaaS applications which leaves them unprotected and vulnerable to threats.

Hence, security measures can be increased by backhauling the traffic to the data center to mitigate these threats. However, these can come at the cost of application performance as it bottlenecks traffic.

The challenge of remote access is balancing the user experience and security. Users want to be able to access applications through any device at any time. To create an environment to facilitate this while maintaining corporate security standards is required.

This is where Citrix Secure Internet Access (SIA) can help. It offers a comprehensive, cloud-delivered security architecture to protect your users, regardless of their location.

Network Security for Remote Access

Citrix SIA can secure all access to your Internet and SaaS apps. Web applications such as Google Drive, Salesforce, LinkedIn, Workday, YouTube, Facebook or even just Internet browser traffic are within the scope of SIA’s securing capabilities. It does this through the following:

Inspect all Internet traffic

Personal devices are great for user experience but do not have the safety mechanisms found in corporate devices. Threat actors take advantage of this through Internet browsing or SaaS traffic as they use compromised devices. By allowing a proxy to inspect all incoming traffic, it greatly reduces the risk of malicious attacks to your network through a multitude of security checks before it reaches your datacenter.

Allowing the proxy to do this also allows it to focus more on load balancing requests which results in a better user experience. This is crucial as the increased number of requests coming from outside the network will typically need to do both security checks and grant access requests, which results to a bottleneck that slows down performance.

Block malware attacks to the network

By leveraging Citrix SIA’s database of known threats, detecting malicious activities becomes faster and remediations to it are applied sooner. Website access can also be allowed or blocked by comparing requested URLs with a filtering database that is defined per organizational policy.

Malware is a big factor when considering a security solution, as knowing what kind of attack on your system is a big advantage when you are inspecting incoming traffic. This is something that can save your business time and expenses in the long run.

Isolate new and unknown threats through sandbox

When considering the nature of threats, there will come a time when your security check will encounter a threat not part of any known database. This is something to be expected as many new threats are being made everyday and updates don’t come fast enough to the database. Citrix SIA handles this through sandboxing suspicious traffic or files. By isolating the suspicious activity or file in a simulated environment, you allow your network to test in real time what could happen in the real environment through simulation. This can help determine the nature of the suspicious file or activity and greatly minimize the risk it would have to your network.

Provide secure direct Internet access for better user experience

With Citrix SIA acting as the proxy for the data center to ensure these security policies are enforced, users will be able to directly access the Internet and SaaS applications instead. This greatly improves the response time of applications and Internet browsing experience.

Companies no longer have to route their user’s Internet traffic back to their data center for security checks to prevent users from accessing potentially dangerous or unproductive web pages that can cause sub-optimal performance for applications due to the roundabout way traffic is routed. With a direct Internet access, users remain consistently protected no matter where they are.

Consolidate your network security products for simplified management

Businesses have increased the number of security products implemented into their infrastructure over the years to address different security measures. However, these solutions can increase the complexity of your IT infrastructure because of the lack of visibility and scalability.

Citrix SIA can help consolidate your network security and monitor activities by providing you a single dashboard to monitor all network security which can be monitored through the cloud. It also is easily deployable to users needing no need for IT assistance while maintaining a simple and intuitive user interface. With a cloud-delivered architecture, you can easily scale up even as new applications, users or locations are added.

Click here and discover how to roll out secure browsers and isolate Internet browsing in your digital workspace.

Citrix SIA is just one service in a bigger solution offering that Citrix just launched. We will be discussing the other services within the Citrix SASE offering in other articles to come, so please look forward to it!

 

Security Advisory: Multiple Microsoft Exchange exploits being used by Threat Actor Hafnium

Arby News and Events , , , , ,
Security Advisory: Multiple Microsoft Exchange exploits being used by Threat Actor Hafnium

Microsoft has recently just announced a security update with regards to a set of new exploits found being primarily used by a state-sponsored threat actor based in China which Microsoft has called Hafnium. The previously unknown exploits used by Hafnium targets on-premise exchange server software to gain initial access to the network by disguising themselves as someone with access privilege. They then create what is known as a web shell to gain control over the compromised server remotely, making it easy to steal data.

Affected Servers and the Remediation

The exploits used by Hafnium targets Microsoft Exchange Servers, so users of Microsoft Exchange Online are not affected. Below are the versions that can be targeted by the exploits:

  • Microsoft Exchange Server 2013 
  • Microsoft Exchange Server 2016 
  • Microsoft Exchange Server 2019

Microsoft highly recommends that businesses with the affected Exchange servers immediately update them with the latest security updates to ensure protection against the exploits. If you are unable to immediately do so for all servers, Microsoft has said that you need to first prioritize external facing servers as they are the most vulnerable to these attacks but ultimately you would need to update them all to stay safe. Listed below are the security patches released by Microsoft for each exploit:

Is it possible to check if I have been already affected by these exploits?

Microsoft has released a detailed guide on ways to check you network logs to see if you have been affected, you may refer to this link if you would like to read more on it.

Enhance your VPN security with Multifactor Authentication!

Arby News and Events , , , , , , , ,
Enhance your VPN security with Multifactor Authentication!

Today, traditional username and password is no longer enough to ensure the security of your network. As users are likely to reuse passwords, credentials are vulnerable to leakage, which become additional potential entry points for threat actors.

This is because cyberattacks now indirectly target networks through your users and their devices. In the Philippines where virtual private network (VPN) is widely used to remotely access the corporate network, this becomes a prime target. With only traditional username and password as security in place, it is difficult to verify if the access request is from a legitimate user, and thereby, easily granting unrestricted access to your network.

So what can companies do to mitigate these threats? This is where multi-factor authentication (MFA) solutions like RSA SecurID come in.

Confidently authenticate users with RSA SecurID

To achieve a higher level of security for your network, you need an adaptive way to verify user identity before authenticating. By having an MFA solution in place, it minimizes the risks of allowing compromised user accounts into your network, especially with the huge repercussions as VPNs usually provide users a full access. This is done through authentication steps like approving via push notifications, biometrics, and one-time passwords. Access requests are also screened by SecurID’s risk analysis before access is granted.

When using a VPN, companies are unable to get the control and visibility that they need to ensure security of their network if user convenience is in consideration and vice versa. RSA SecurID eliminates this dilemma through the following:

Creating a single platform to access and authenticate when accessing the VPN, which eliminates the need of multiple MFA solutions on an on-app basis while maintaining compatibility for your legacy or modern (whether its on-prem, private, or public) applications.

Providing a high level of identity assurance that gives your security a strong mechanism for confirming users are who they say they are

Giving users a choice over how they authenticate (either through push notifications, biometric or one-time password)

Granting users a way to authenticate quickly and intuitively with real-time responses at no expense of productivity

On top of these, It is easy to deploy and manage. Users only need to download the SecurID app through their preferred app store (IoS, Android, or Windows) while administrators are able to manage all account through a single window.

If your company is looking for ways to improve your access gateway security whether it be for legacy applications, on-premise or cloud apps, SecurID has the capabilities to ensure identity assurance.

To learn more about RSA SecurID and multi-factor authentication solutions, fill out the contact form below and we will get back to you as soon as we can!

Improve your Zero trust Strategy with Pulse Zero Trust Access!

Arby News and Events , , , , , , , , ,
Improve your Zero trust Strategy with Pulse Zero Trust Access!

Digital transformation is changing the business norms. Access and connectivity are becoming more flexible as devices, users, applications, and infrastructure adapt to a new era of hyper-connectivity. This has prompted enterprises to consider how to secure access for their users and applications while managing cybersecurity risks in a network with little to no boundaries. This is where Zero Trust solutions like Pulse Zero Trust Access (PZTA) comes into play.

The PZTA platform enables diverse users from any location to access public, private, and multi-cloud applications as well as data center resources securely while staying user friendly. Be it a hybrid cloud or pure cloud strategy, PZTA can help organizations enhance their security, productivity, and compliance while also improving administrative and user experience.

Below are a few key areas in which PZTA can help improve:

On-premises, SaaS and Hybrid Cloud Applications

PZTA allows you to have Zero Trust Secure access remotely or on-site to your corporate applications whether they are located in your network perimeter or in the cloud (private or public). Users and devices are authenticated continuously while maintaining secure entry points for your network and user device through the use of encryption channels.

Keeping user and application traffic
within the corporate network

Organizations can be confident when users from any location access any application using any device. All user traffic is directed to PZTA which acts as a middleman where user requests are fulfilled by PZTA accessing data from the corporate network on their behalf. Since data are not accessed directly by users, this lowers the area of attack of compromised accounts and devices.

Difficulty of managing
resources in the cloud

The PZTA cloud-based service emulates the same access and management experience as an on-prem solution. This means that you can enable the same level of visibility, compliance, enforcement, and analytics as you would in an on-prem solution.

Visibility, Enforcement and Compliance Reporting

PZTA provides a single pane-of-glass visibility of all users connecting to your network, regardless of the location of the user, application, or resource.

Visibility gaps

From the PZTA dashboard, administrators can get holistic visibility of users, devices, infrastructure, and applications as all access is authenticated and authorized by it. These are also logged in the dashboard for reporting and auditing purposes.

Ensuring user endpoint compliance

PZTA first goes through a set of policies during authentication to see if devices trying to access the corporate network are compliant. Users can then follow pre-defined remediation given set by the administrators so that they may access the network.

Measuring users’ risk factors

User activities are measured and given a “risk score” based on users’ behavioral patterns. Stricter authentication or restrictions can be dynamically applied to verify the user’s identity once there is behavior outside the norm detected. This continuous anomaly and malicious activity detection is used to ensure the network’s security.

These are just a few ways in which Pulse Zero Trust Access can help companies improve their visibility and security. If you would like to learn more about Pulse Secure solutions, you may fill out the form below and we will contact you as soon as we can!

Protect Confidential Data outside the office with Microsoft AIP!

Arby News and Events , , , ,
Protect Confidential Data outside the office with Microsoft AIP!

Data is the cornerstone of a business; this is why security is a major factor in any IT environment. However, security does not safeguard your data once it leaves the network perimeter, whether it was shared within or outside the network. Many companies are aware of this and are now looking into ways to solve it. This is where Rights Management solutions such as Azure Information Protection comes in.

What is AIP?

AIP is a cloud-based solution that gives organizations the ability to classify and protect its sensitive data such as documents and emails by using labels. Labeling can be done automatically by either administrators who define rules and policies, manually by users, or even a combination where users are given recommendations.

Labeling can be used to classify which files in your organization are confidential. Depending on the level of sensitivity, several restrictions can be placed on data that leave the network control. These are some examples on how the restrictions can be applied::

Limiting access to users of your organization or those who are granted permission.

Users cannot forward an email or copy information from it that contains news about an internal reorganization.

Locking the forwarding option, adding recipients on replies and copy paste functions on emails.

Setting a time limit for accessing files (such as for price lists)

Besides protecting your data, AIP’s labeling can also help a company’s visibility over its data. This is done through the data classification page which shows how data is being used by the users and how users are applying labels. Below are some of the information you can get through the page:

The number of items that are classified as sensitive and what they are classified as

A summary of actions users did with the sensitive data

The location of sensitive data

With AIP, organizations using Office products can rest assure that they will have a maintained level of visibility on their data and that these will stay confidential. Now, collaboration can be empowered from inside and outside your organization by protecting sensitive information such as emails and documents with encryption, restricted access and rights, and integrated security in Office apps.

If you are interested in learning more about AIP or Office 365, fill out our contact form below and we’ll get back to you as soon as we can!

Protect users from browser based-attacks with Citrix Secure Workspace Access

Arby News and Events , , , , , ,
Protect users from browser based-attacks with Citrix Secure Workspace Access

The way we work has changed. The imposed strict social distancing rules due to the global pandemic, combined with the growing representation of the digital-savvy millennials in the workforce were catalysts in moving organizations forward in their digital transformation journey to increase employee mobility.

However, this shift in workplace culture has increased the security risks brought about by the proliferation of BYO devices of employees that access resources via VPN. When not secured properly, these devices serve as additional entry points for cybercriminals to the organization’s network.

Key challenges in traditional security controls

Mishandling of data and misuse of network access have become a growing concern, increasing the demand for more control and visibility over the users’ granular access to permissions to data.

Threats that may come from malicious websites, such as spoofing web conferencing sites, should be isolated from the corporate network to protect corporate data.

Employees may knowingly (or unknowingly) access restricted websites such as pornographic or social media web pages. The organization must block those attempts to protect its assets.

To address these challenges is a big step forward for organizations to improve their digital transformation journey. Although this is easier said than done, Citrix may have the answer to help you address these challenges.

Citrix Secure Workspace Access

The Citrix Secure Workspace Access service provides a unified experience by integrating single sign-on, remote access, and content inspection into a single solution for an end-to-end Secure Workspace Access. It does this by providing your administrators the ability to:

Configure a workspace to securely add, manage and deliver access to apps from any device

Configure web filtering to allow/block websites that can be accessed by the end-user

Isolate web browsing to protect the corporate network from browser-based attacks with no user device configuration needed

With these, administrators can rapidly roll out secure browsers, providing instant time-to-value. By isolating internet browsing, IT administrators can offer end users safe internet access without compromising enterprise security.

This is only the tip of what Citrix Secure Workspace Access can provide to your organization, if you would like to learn more, you may fill out the form below and we will get back to you as soon as we can!

Protecting your Data: 4 Key Reasons on Why You Should Have a Backup Solution

Arby News and Events , ,
Protecting your Data: 4 Key Reasons on Why You Should Have a Backup Solution

Data is something all businesses would agree is their most important asset, this is why they take multiple steps to ensure its security. However, when it comes to data protection, most companies are lax in its measures in the Philippines. This is alarming as data loss is not as uncommon to businesses as most seem to believe. Below are a few common scenarios in which a Backup solution can immediately address:

User Error

One of the highest reason of data loss can be attributed to user mistakes or error. In multiple surveys, human error is at 25% of data loss. This could be from accidental deletion or even accidental overwrites. With a proper backup, you can always revert to it to find the data or even go through different versions of files.

Data Corruption

Files can become corrupted due to bugs or even malware without a moments notice. Backup solutions can help safeguard your data from this spontaneous data loss.

Hard Drive Failure

Just like data corruption, your hard drive can fail due to multiple reasons. With no proper backup in place, this can mean important data can be lost indefinitely.

Retention and Archiving

Some businesses need long data retention or historical archiving of files. This is to ensure proper auditing, or a need arises that the data must be pulled out for review. Backup solutions can be customized to solve these requirements.

Does BCDR = Backup?

There are multiple steps in creating a data protection strategy, the first step being to put a backup solution in place and the last step being to have a BCDR plan. This goes without saying, you should not jump in steps when you are implementing a data protection strategy.

BCDR strategy is not a replacement for a backup solution. The key difference between the two is how the recovery is done. Without the initial backup solution, how can you plan for a disaster recovery when the first step of protecting your data for day-to-day activities is not yet in place?

BCDR is reserved only for cases when disasters occur that would cause business operations to halt. An example of this would be from natural disasters such as fires that would cause your servers to become inoperable, and the entire database will need to be recovered.

While preparing for a disaster is important, ensuring that your data is protected from more common and recurring threats should come first. Short term goals should first be implemented to help achieve your long term goals in data protection.

To learn more about Backup solutions, you may send us a message via the form below!

Images are courtesy of Freepik (1, 2, 3, 4) and Vecteezy

CT Link Partners with RSA Security!

Arby News and Events , , , , ,
CT Link Partners with RSA Security!

The new year has finally arrived, and we are starting our year by introducing a new solution to help your mobile workforce securely access your corporate data remotely. We are happy to announce that CT Link Systems, Inc. has partnered with RSA Security to better our security portfolio to address the growing concern of identity assurance and to complement our remote access and workspace solutions.

RSA alleviates this problem through its wide variety of security solutions such as SIEM (Netwitness) and multifactor authentication (SecurID).  With over 30 years of experience, RSA has continually grown and adapted its technology to improve its user experience while maintaining a high level of security. It also has a wide selection of authentication methods that organizations can choose from to authenticate their users.

About RSA

RSA Security is a leading provider of cybersecurity solutions for businesses and organizations worldwide. The company offers a range of products and services designed to help customers manage and mitigate risks related to information security.

One of RSA Security’s core offerings is its SecurID platform, which provides two-factor authentication solutions to help protect against unauthorized access to corporate networks and applications. The company also offers a variety of other security solutions, including identity and access management tools, threat detection and response services, and encryption solutions.

RSA Security was founded in 1982 and is headquartered in Bedford, Massachusetts. The company has a global presence, with offices and operations in North America, Europe, Asia, and the Middle East.

In addition to its commercial offerings, RSA Security is also a leading provider of security standards and guidelines. The company has been involved in the development of numerous industry standards, including the Secure Sockets Layer (SSL) protocol, the Public Key Infrastructure (PKI) standard, and the Security Assertion Markup Language (SAML) standard.

If you are interested in learning more about the RSA Security portfolio, please visit our RSA product page to see what it has to offer for your business. You may also contact us directly via the form below and we will contact you shortly!

CloudSec 2020: Register Today!

Arby News and Events
CloudSec 2020: Register Today!

CLOUDSEC 2020 is the must-attend business and technology experience, delivering a content experience unlike any other virtual event with access to a community of cloud and cyber security pioneers, leaders and technical experts. 72 hours of non-stop innovation, you’ll connect with experts from around the world while personalizing your own experience.

About CLOUDSEC

Founded in 2011, CLOUDSEC has established itself as a global community for cyber security experts and professionals. The event aims to inspire technology professionals and users to embark on a continuous learning journey to explore and learn about industry trends, best practices and new technologies to secure the digital infrastructure and manage the technological risks of their organizations in safely supporting their corporate goals. 

Registration is now open, there is no cost to attend this virtual event, Save the Date for November 24th to 26th and secure your spot today to stay connected, informed and on track with your #CloudSecurity journey.

About Trend Micro

Trend Micro is a global leader in cybersecurity solutions, dedicated to making the world safer for exchanging digital information. Founded in 1988, Trend Micro has grown to become a trusted provider of cutting-edge security solutions for businesses and consumers alike.

Trend Micro’s comprehensive range of cybersecurity solutions includes endpoint security, network security, cloud security, and security management services. These solutions are designed to protect against a wide range of threats, including malware, ransomware, phishing attacks, and other forms of cybercrime.

One of Trend Micro’s core strengths is its ability to stay ahead of emerging threats. The company employs a team of experts who constantly monitor the latest cyber threats and develop innovative solutions to counter them. Trend Micro’s solutions are designed to provide proactive, real-time protection against both known and unknown threats.

Trend Micro’s commitment to cybersecurity extends beyond its products and services. The company is also dedicated to raising awareness about the importance of online safety and promoting best practices for cybersecurity. Trend Micro regularly publishes research and insights on the latest cybersecurity trends and hosts events to help educate businesses and individuals about the importance of cybersecurity.

Security Advisory: Zerologon, a level 10 Critical Vulnerability

Arby News and Events ,
Security Advisory: Zerologon, a level 10 Critical Vulnerability

It was recently discovered that a new Critical vulnerability, named Zerologon, has been found for windows which is so severe that the Common Vulnerability Scoring System (CVSS) has given it a score of 10 out of 10 and Microsoft itself has rated it as a severe vulnerability.

What is Zerologon?

The vulnerability was found in Netlogon which is the protocol used by Windows systems to authenticate against a Windows Server running as a domain controller. The vulnerability in Netlogon allows for attackers to:

  • Impersonate the identity of any of computer on your network during an authentication attempt on a domain controller
  • Disable security features in the Netlogon authentication process
  • Change a computer’s password on the domain controller’s Active Directory

The only limitation for the vulnerability is that the attack can only be done if the threat actors already have gotten into your network.

What can I do?

Firstly, it is highly recommended that you update your Microsoft security to avoid this vulnerability. This is the most important step into making sure that your network is not affected by this critical vulnerability. You can find the Microsoft security advisory CVE-2020-1472 here.

If patching cannot be done immediately, one way to help mitigate an attack is to prevent attackers from getting into the network. As stated above, the limitation of this attack is centered on them getting inside the network, however, once they do, it means that they will be able to take control of your whole network.

Trend Micro Solution

For our Trend Micro customers, Deep Security or Apex One can be used to do virtual patching to help mitigate the attacks to help ensure that your network is safe. Below are the IPS rules that may help you strengthen your defense if patching cannot be done immediately:

IPS Rules

Deep Security and Cloud One – Workload Security, Vulnerability Protection and Apex One Vulnerability Protection (iVP)

  • Rule 1010519 – Microsoft Windows Netlogon Elevation of Privilege Vulnerability (CVE-2020-1472)
  • Rule 1010521 – Microsoft Windows Netlogon Elevation of Privilege Vulnerability Over SMB (CVE-2020-1472)

Please note that both rules are already set to Prevent.


Other Inspection / Detection Rules

Deep Discovery Inspector

  • Rule 4453: CVE-2020-1472_DCE_RPC_ZEROLOGON_EXPLOIT_REQUEST
  • Rule 4455: CVE-2020-1472_SMB2_ZEROLOGON_EXPLOIT_REQUEST

For those interested in learning more about the attacks, Trend Micro is also hosting a webinar this coming September 29, 2020 to talk more in detail about the vulnerability. You can register for the free webinar here.

If you have any questions with regards to either Zerologon or the Trend Micro solution to help prevent the attacks, please just contact us via email (rcruz@www.ctlink.com.ph) or through our landline 88939515 and we would be happy to answer your inquiries!

Texture vector created by macrovector