Tag: Cybersecurity

Mastering Oversight in SSE Implementation

Posted on by CyberRatings.org

In the realm of Security Service Edge (SSE) solutions, the transition from operational management to strategic oversight presents new challenges for organizations. This blog post delves into the essentials of effectively overseeing SSE implementations, highlighting key strategies and considerations.

Understanding the Shift to Oversight

The adoption of SSE shifts the focus from day-to-day management to oversight. This involves:

  • Ensuring the SSE provider maintains the system effectively.
  • Assessing the impact of policy changes on security.
  • Verifying the effectiveness of the SSE solution within the organization’s security framework.

Strategic Oversight Recommendations

  1. Conduct Regular Audits: Regularly audit your SSE service to confirm it is up to date with the latest threats and aligns with organizational policies. This helps identify any gaps in the security framework and ensures compliance with security standards.
  2. Analyze Policy Impact: Evaluate how changes in security policies influence the SSE solution. Utilize SSE’s analytics and reporting tools for real-time insights and adjust policies as needed to maintain a strong security posture.
  3. Engage in Third-Party Assessments: Independent assessments from specialist firms can provide an unbiased evaluation of the SSE solution’s effectiveness. This step is crucial for organizations to gain an external perspective on their cybersecurity measures.
  4. Focus on Training: Educate staff about the importance of SSE oversight. Training should include how to interpret analytics from SSE solutions and understand the implications of policy changes.

Key Considerations

  • The effectiveness of SSE is contingent on how well it’s integrated and managed within the existing security policy framework.
  • Regular communication with the SSE provider is essential to stay informed about system updates and security enhancements.
  • Monitoring and adapting to the evolving cybersecurity landscape is crucial to ensure that the SSE solution remains effective.

Conclusion

Navigating the oversight aspects of SSE is crucial for organizations to ensure robust cybersecurity. By focusing on regular audits, policy impact analysis, third-party assessments, and employee training, organizations can effectively manage and optimize their SSE solutions.

Stay tuned for more insights and strategies on SSE implementation and management in our ongoing blog series.

Inside Cybersecurity: Nonprofit cyber testing firm introduces tool for assessing cloud security solutions

Posted on by CyberRatings.org

The nonprofit cyber assessment firm CyberRatings.org is launching a tool for testing cloud security solutions that is designed to increase visibility into vendor management of cloud vulnerabilities.

The “Spot Check” tool provides a “step customers can take proactively to help manage their relationship with their [cloud security] service providers,” CyberRatings CEO Vikram Phatak told Inside Cybersecurity. The tool specifically tests “Security Service Edge” threat protection in cloud environments.

The nonprofit announced the tool today in a press release highlighting capabilities that will be tested through the new service. The announcement describes CyberRatings as a non-profit “dedicated to providing confidence in cybersecurity products and services through its research and testing programs.”

Read the full article here.

CyberRatings.org Announces “Spot Check” for Security Service Edge (SSE).

Posted on by CyberRatings.org

Austin, TX – January 31, 2024 – CyberRatings.org (CyberRatings), the non-profit entity dedicated to providing confidence in cybersecurity products and services through its research and testing programs, has launched “Spot Check,” a verification of Security Service Edge (SSE) Threat Protection to help enterprises answer the question, “How do you know?”

Cloud delivered security such as SSE provides users with seamless secure access to applications and data regardless of location. Being a cloud technology, organizations are no longer burdened with day-to-day operational management. However, since a third party is now delivering security, oversight is key. This involves:

  • Ensuring the SSE provider maintains the system effectively.
  • Assessing the impact of policy changes on security.
  • Measuring the effectiveness of the SSE solution within the organization’s security framework.

“Often times cybersecurity is a black box; and SSE is a black box in a black box,” said Vikram Phatak, CEO of CyberRatings.org. “How do they know that their SSE is defending against the latest threats, or their policy modifications aren’t adversely impacting their security?” adds Phatak.

SSE solutions leverage the cloud’s scalability, flexibility, and operational benefits to deliver security – Access Control, Authentication and Identity, Data Loss Prevention (DLP), DNS Protection, Encryption (TLS/SSL), Exploit Detection and Prevention, Malware and Phishing Protection (including via Browser Isolation), Cloud Access / Application Control (CASB), and the ability to implement Zero Trust Network Access (ZTNA). It’s a lot harder to test SSE than traditional network security products, and many enterprises don’t have the time or expertise to build a test environment.

What will be tested:

  • Cipher Suite Support: Which cipher suites are supported?
  • False Positive Rate: What is the rate at which the SSE blocks legitimate traffic?
  • Exploits & Malware Delivered Over HTTP: What is the rate at which exploits & malware delivered over HTTP are blocked?
  • Exploits & Malware Delivered Over HTTPS: What is the rate at which exploits & malware delivered over HTTPS are blocked?
  • Evasions: Threat actors use evasion techniques to disguise and modify attacks at the point of delivery to avoid detection by security products. Which ones can be used to bypass protection?

“Spot Check” operates as a virtual employee that is added to the SSE policy being used by an organization. Using the customer’s SSE configuration and CyberRatings’ live network and targets of exploits, malware downloads and evasions, the testing service provides an independent evaluation of SSE solutions, verifying that they are delivering on their promise of protection.

CyberRatings Members with a Premium Membership will receive one free “Spot Check” annually.

CyberRatings has an active test program in 2024 with group test results on Cloud Network Firewall to be announced in early February. Test programs are also currently underway for SD-WAN, SSE Threat Protection, ZTNA, and Enterprise Firewall.

Additional Resources:

What is Security Service Edge (SSE)?

Posted on by CyberRatings.org

In the ever-evolving cybersecurity landscape, Security Service Edge (SSE) has emerged as a pivotal component, especially in the context of Zero Trust architectures. Let’s dive into what SSE is, understand why it’s increasingly relevant in today’s cloud-centric world, and its integral role in supporting Zero Trust Network Access (ZTNA).

SSE in the Cloud Era

The shift from traditional, on-premises security models to cloud-based solutions has been a significant evolutionary step in cybersecurity. Driven by the increasing reliance on cloud services, remote workforces, and the strategic shift to cost-effective operations, this transition necessitates a more flexible and comprehensive approach to security.

Technical Overview of SSE

SSE, as part of the Secure Access Service Edge (SASE) framework, offers an array of security functions vital for cloud environments:

  1. Access Control: Manages who can access network resources, ensuring that only authorized users and devices gain entry.
  2. Authentication: Verifies user and device identities, serving as a gatekeeper for accessing network resources.
  3. Identity Management: Integrates with third-party services like Okta, Ping, and Microsoft AD, managing user identities and permissions.
  4. Data Loss Prevention (DLP): Protects sensitive data from unauthorized access and breaches.
  5. DNS Protection: Secures against threats exploiting Domain Name System vulnerabilities.
  6. Encryption (TLS/SSL): Encrypts data in transit, ensuring secure communication over the internet.
  7. Threat Protection: Defends against exploits and malware, two critical and pervasive cyber threats.

SSE and Zero Trust Network Access

The Zero Trust model, predicated on the principle of “never trust, always verify,” aligns perfectly with SSE’s capabilities. Zero Trust Network Access (ZTNA) is a security solution that provides secure remote access to applications and services based on defined access control policies. SSE’s integration of Access Control, Authentication, Identity Management, along with its advanced threat protection and DLP capabilities, forms a strong foundation for implementing ZTNA.

By incorporating these elements, SSE facilitates a Zero Trust approach where access is strictly controlled and monitored based on user identity and context. This ensures that users have the necessary permissions and that their activities are continuously authenticated, authorized, and encrypted.

Conclusion

In conclusion, SSE is more than just a set of security tools; it represents a comprehensive approach that is crucial for adapting to the cloud-based, digitally transformed era. Its role in supporting Zero Trust Network Access further underscores its significance in today’s cybersecurity landscape. Understanding and effectively implementing SSE is key to maintaining robust and flexible security postures, especially as organizations navigate the complexities of modern digital environments and the challenges they pose. With its integration of essential security functionalities and support for Zero Trust principles, SSE is at the forefront of evolving cybersecurity strategies, ensuring organizations can confidently and securely operate in the cloud era.

Dr. Allan Friedman of CISA and Vikram Phatak Discuss Secure by Default

Posted on by CyberRatings.org

CyberRatings’ CEO, Vikram Phatak, and CISA’s Senior Advisor and Strategist, Dr. Allan Friedman, discuss why enterprises need to harden defenses and what the impact will be when security vendors build their products to be Secure by Default. CISA, along with its US and International cyber partners, outlined joint guidance last year on Secure by Design and Secure by Default standards.

Watch the webinar here.

Why Firewalls Should be Secure by Default

Posted on by CyberRatings.org

Today, we’re addressing a critical issue that often goes unnoticed but plays a significant role in safeguarding your digital infrastructure – firewall configuration.
The Problem with Products that are not “Secure by Default”

It’s a common misconception that firewalls, as configured by vendors, are fully equipped to fend off advanced cyber threats when, in fact, the default configuration in many firewalls is designed for general applicability, not optimized protection. This generic setup can leave gaps, particularly in defending against sophisticated evasion techniques. In our continuous efforts to assess and enhance cybersecurity measures, we’ve observed a significant need for tailored firewall configurations to activate stronger defenses.

Our Initiative: Empowering You with Knowledge

At CyberRatings.org, we believe in empowering our community with the tools and knowledge to fortify their cyber defenses. We’re excited to announce that we’re developing a series of comprehensive guides focusing on “Best Practices for Firewall Configuration.” These documents will serve as your go-to resource for:

  1. Step-by-Step Configuration Instructions: We’ll provide detailed, step-by-step instructions on configuring your firewall for optimal security, tailored to various popular firewall vendors.
  2. Best Practices and Expert Tips: Learn from the experts. Our guides will include best practices, tips, and tricks to keep your network secure.
  3. Visual Aids and Screenshots: For ease of understanding, we’ll include clear visuals and screenshots to guide you through each step.
  4. Example configurations and policies: We will export the policies and configurations the vendors used during testing and make them available to you online.

Why Is This Important?

Configuring your firewall to enable strong defenses, especially evasion defenses, is not just an option; it’s a necessity. By following our upcoming guides, you’ll be able to:

  • Maximize your firewall’s capabilities.
  • Protect your network against advanced threats and evasions.
  • Ensure compliance with security standards.
  • Gain peace of mind knowing your network is more secure.

Stay Tuned

These guides are being developed with members’ security needs in mind. We understand the complexities involved and are committed to providing clear, concise, and actionable information. Stay tuned to our website and social media channels for the release of these essential guides.

Let’s work together to build stronger, smarter defenses against cyber threats.

Stay safe,

CyberRatings.org

SDxCentral: How SASE shows that the industry needs standardization for innovation and growth

Posted on by CyberRatings.org

In the ever-evolving networking and security services landscape, standardization of new technologies is essential for innovation to thrive. It drives quicker market adoption and, most importantly, the adopters’ ability to evaluate, compare, contrast, and ultimately select the best technology that meets their needs. So, what happens with networking technology that doesn’t have a foundation in standardization?

SD-WAN technology was a highly anticipated development in the networking industry that emerged in 2012. However, it didn’t follow a clear path until its standardization by MEF in 2019. This caused market confusion and slowed down its adoption and growth.

Read the full post on SDxCentral.

CyberRatings.org Announces SD-WAN Test Results for Fortinet

Posted on by CyberRatings.org

Austin, TX – October 3, 2023 – CyberRatings.org/ (CyberRatings), the non-profit entity dedicated to providing confidence in cybersecurity products and services through its research and testing programs, has issued a Recommended Rating for Fortinet’s Software-Defined Wide Area Network (SD-WAN) Fortigate 100F model as a high availability pair at the head-end, along with Fortigate 70F models at corporate headquarters, a regional office, and a retail outlet. A product with the “Recommended” rating has the highest rating assigned by CyberRatings.

SD-WAN technology helps organizations achieve operational savings by enabling remote configuration of new locations rather than requiring engineers to be on site. Many vendors, such as Fortinet, offer zero-touch provisioning, where on site engineering expertise is optional other than the ability to power up the device and connect to the appropriate internal and external links. Once online, the device will call “home” through a cloud configuration service to gather the configuration details.

An SD-WAN offers traditional routing and policy control features including basic application identification, policy controls, stateful network controls and a virtual private network (VPN). It prioritizes applications, has remote configuration capabilities and should have a predictable performance experience for users. SD-WANs have highly resilient remote office connectivity.

To assess the SD-WAN, the traffic content, throughput, transport, and impairments were tailored for each use case to provide insight into how the SD-WAN would perform under various conditions. Management, routing and stateful access control, encryption, application identification and prioritization, WAN maximum capacity, stability and reliability, and rated throughput were all rigorously tested.

“The Fortinet SD-WAN handled all use cases with ease and proved to be highly reliable and capable. It should be on everyone’s short list,” said Vikram Phatak, CEO of CyberRatings.org.

SD-WAN is a component of the Secure Access Service Edge (SASE) security model which integrates multiple security services in a cloud-native platform. The SD-WAN report published today by CyberRatings is part of the independent, third party testing program that CyberRatings provides to the industry at large.

In addition, CyberRatings and MEF, a global industry association of network, cloud, security and technology providers, signed an agreement in August to launch a new SASE Certification Program for MEF technology and service provider members worldwide. The SASE certification program, based upon CyberRatings’ methodologies and test programs, will issue a rating on product and service effectiveness of SD-WAN, Security Service Edge (SSE Threat Protection), Zero Trust Network Access (ZTNA) and SASE. Participants in the beta program were announced today.

CyberRatings members can read Fortinet’s SD-WAN report here.

MEF and CyberRatings Kick-Off Beta Program of the SASE Certification Designed to Increase Market Confidence in Cybersecurity Solutions

Posted on by CyberRatings.org

Dallas, Texas, 3 October 2023 – MEF, a global industry association of network, cloud, security, and technology providers accelerating enterprise digital transformation, and CyberRatings.org (CyberRatings), dedicated to providing confidence in cybersecurity products and services through its research and testing programs, today announced the kick-off of its beta program for certification of Secure Access Service Edge (SASE) products and services. Participants in the beta program include MEF Technology Advisory Board (TAB) member companies Cisco, Fortinet, Juniper Networks, Palo Alto Networks, Versa Networks, and VMware. The SASE certification program is supported by MEF’s Board of Directors which includes senior executives from AT&T Business, Colt Technology Services, Comcast Business, Liberty Latin America, Lumen, Microsoft, PCCW Global, Orange, Sparkle and Verizon Business.

Read the full press release here.

CISA’s “Secure by Design, Secure by Default” gets it right

Posted on by Vikram Phatak

I was recently at Black Hat and DefCon in Las Vegas and was excited to reconnect with Dr. Allan Friedman from the Cybersecurity and Infrastructure Security Agency (CISA). Among the many cyber issues being addressed by CISA today, it was reassuring to hear that their “Secure by Design, Secure by Default” initiative is gaining traction.

I have been testing cybersecurity products since 2007 – first at NSS Labs, and now at CyberRatings.org – and continue to be surprised when some vendors ship products to customers without including a secure configuration as a default baseline.

Research indicates that most customers expect cybersecurity vendors to ship with a high level of protection enabled by default. CISA’s publication states the following:¹

“Secure-by-Default” means products are resilient against prevalent exploitation techniques out of the box without additional charge. These products protect against the most prevalent threats and vulnerabilities without end-users having to take additional steps to secure them. Secure-by-Default products are designed to make customers acutely aware that when they deviate from safe defaults, they are increasing the likelihood of compromise unless they implement additional compensating controls.

A secure configuration should be the default baseline. Secure-by-Default products automatically enable the most important security controls needed to protect enterprises from malicious cyber actors, as well as provide the ability to use and further configure security controls at no additional cost.

The complexity of security configuration should not be a customer problem. Organizational IT staff are frequently overloaded with security and operational responsibilities, thus resulting in limited time to understand and implement the security implications and mitigations required for a robust cybersecurity posture. Through optimizing secure product configuration—securing the “default path”— manufacturers can aid their customers by ensuring their products are manufactured, distributed, and used securely in accordance with “Secure-by-Default” standards.

Manufacturers of products that are “Secure-by-Default” do not charge extra for implementing additional security configurations. Instead, they include them in the base product like seatbelts are included in all new cars. Security is not a luxury option but is closer to the standard every customer should expect without negotiating or paying more.²

CyberRatings.org has been and will continue to test every product with the vendor default (pre-defined recommended) policies and configurations. In addition, there will be a requirement that the security products have all options for evasion defenses enabled by default in the shipped product. We continue this tradition with our upcoming test of Cloud Network Firewalls. Our latest methodology was released today.

We are glad that we are in alignment with CISA and look forward to expanding our efforts to support their “Secure by Design, Secure by Default” initiative.

Vikram Phatak

CEO, CyberRatings.org

¹ https://www.cisa.gov/resources-tools/resources/secure-by-design-and-default

² https://www.cisa.gov/sites/default/files/2023-06/principles_approaches_for_security-by-design-default_508c.pdf