The mission for Banyan Security Service Edge (SSE) has been the same since day one; enable the modern workforce to securely, safely, and easily access the applications and services they need, while working from anywhere. This means the good guys get access to what is needed, and the adversaries get access to nothing.
With today’s computing being truly perimeter-free, this is a challenge, since organizations don’t have 100% control over their data storage or application systems. Moreover, remote employees and contractors may be in coffee shops, airports, and homes accessing internal applications running in multiple public clouds, connecting to other cloud applications and enterprise data centers. Mobility, containers, and public and private clouds have unleashed innovation like never before, as well as unique security challenges.
Our job is to ensure that the ROI for attacking us or our customers doesn’t make sense for adversaries, and that they need to look elsewhere for an easy target. Look at it from the perspective of the attacker’s wallet: an attack has overhead costs that attackers incur when launching their plans, just like legitimate businesses. These costs can include acquiring or developing hacking tools, conducting reconnaissance, hiring skilled individuals, participating in cybercrime forums, and maintaining infrastructure like command-and-control servers. All of this must be staffed and automated (and people and tools cost money). Additionally, attackers may need to invest in techniques to obfuscate their activities and evade detection. These attackers are motivated by various factors, such as financial gain, political motivations, espionage, or simply causing disruption. The potential gains can include stealing sensitive data, accessing financial information, extorting victims, disrupting operations, or gaining a competitive advantage. Attackers may monetize the stolen data by selling it on the dark web or using it for identity theft or blackmail.
Let’s be honest, hacking organizations is getting easier in some ways, especially in the age of ChatGPT spearphishing or other AI-driven attacks. Weak cybersecurity measures, including inadequate passwords, lack of encryption, unpatched software, absence of multi-factor authentication, and insufficient network security controls, make organizations vulnerable to attacks. Inadequate employee awareness and training in cybersecurity best practices contribute to successful social engineering attacks. Organizations with insufficient incident response capabilities struggle to detect and respond effectively to breaches. Complex IT infrastructure poses challenges in securing systems, while limited resources and budget constraints hinder cybersecurity initiatives. Additionally, third-party risks introduce vulnerabilities. While determined attackers can breach any organization, addressing these vulnerabilities and implementing robust cybersecurity practices significantly reduces the risk and makes it more difficult for attackers to exploit systems and data.
Understanding the economics of cybersecurity attacks helps us develop strategies to allocate resources effectively and prioritize investments in prevention, detection, and response to mitigate the risks associated with cyber threats. And since one should also plan for when an attack is successful, Banyan’s SSE solution should also limit the damage and allow for forensics.
Reducing the Attack Surface for Adversaries
Reducing the attack or threat surface is usually step one. All corporate resources, data, and applications that do not need to public or reachable…shouldn’t be. This includes documentation and instructions that can possibly be used for social engineering. Also, this assumes that the attacker is an outsider. For internal bad actors or just unwitting employees, the introducing of least privilege access (LPA) and east-west traffic controls are also important. Software that is running on the insider’s computer may be doing thing that the insider isn’t even aware of, making them an “accidental insider.”
Banyan’s approach to reducing the attack surface can be seen in many ways. This includes the microservices we deploy for our own SSE solution along with all of the customer premises software we deploy (such as the connector.) The Banyan connector is only communicating outbound: it’s not exposing DNS names, external IP addresses, or pin-holing ports on the firewall. As far as outsiders are concerned, the connector doesn’t exist. Banyan also ensures that policies are LPA, meaning that even known users on known and compliant devices can only access the bare minimum applications, resources, and data needed to get their work done.
Brute Force Attacks
To counter brute force attacks and unauthorized access attempts, several measures can be taken to enhance system security. These include implementing strong password policies, enabling account lockouts, utilizing multi-factor authentication (MFA), rate limiting and delaying login attempts, monitoring and analyzing login activity, deploying intrusion detection/prevention systems (IDS/IPS), employing account lockout policies, using CAPTCHA or challenge-response mechanisms, regularly updating and patching systems, and conducting security awareness training. By implementing these measures, the risk of successful brute force attacks can be significantly reduced, strengthening overall system security and staying ahead of evolving threats.
Banyan’s solution can remove the password completely, which enhances security and provides a better end user experience. Passwords become an issue for organization especially when policies require changing passwords frequently. By using passwordless authentication policies, credentials that are acquired on the dark web are useless.
SIM Swapping
To prevent SMS attacks following a SIM swap, it is important to take proactive steps to protect your accounts and enhance mobile number security. These steps include using strong and unique passwords, implementing alternative 2FA methods like app-based authenticators or hardware security keys, utilizing app-specific passwords where possible, installing mobile security apps with SIM card change alerts, setting a PIN/password for your mobile account, enabling account notifications and alerts, contacting your mobile service provider if you suspect a SIM swap, monitoring account activity, being cautious of phishing attempts, and maintaining device security. By implementing these measures, you can reduce the risk of SMS-based attacks and ensure the ongoing security of your accounts and data.
Banyan’s solution allows for multi-factor authentication. This is beyond your standard two-factor authentication (2FA). By using certificates, along with system information, and combining then push notifications or one-time time-based passcodes, organizations can disable all SMS-based authentication methods to completely prevent SMS-based leaks and attacks.
To mitigate social engineering attacks and minimize the risk of successful hacking, organizations should implement the following measures: educate employees on social engineering tactics and promote skepticism, enforce strong password policies and implement multi-factor authentication, develop and update an incident response plan, conduct security awareness campaigns and encourage reporting of suspicious incidents. This will go hand-in-hand with the deployment of email and web filtering solutions. IT organization should also regularly update software and apply patches to prevent the use of known vulnerabilities. These measures enhance defenses against social engineering attacks, but it’s crucial to remain proactive and informed about evolving tactics used by attackers.
Banyan’s approach of using MFA, third-party inputs, and device-specific information to come up with a Trust Score means that even if an attacker happens to get a username, password, and MFA token, they still don’t have enough information to access a machine. Banyan’s security service edge (SSE) solution knows that the access request isn’t coming from the correct end user device.
Banyan further protects against phishing with our Internet Threat Protection (ITP) capabilities, ensuring that even when employees attempt to click on links that lead to bad sites, the connection is intercepted and not allowed. This protect also stops connections to command-and-control servers.
Logging and Forensics
Logging is vital for post-breach forensics as it provides valuable insights into network and data security breaches. To leverage logging effectively after a breach, organizations should take the following steps: preserve and secure logs by restricting access, making backups, and preserving relevant network device and server logs. It is also necessary to establish a logging policy aligned with industry best practices and regulatory requirements as well as analyze logs for indicators of compromise by identifying abnormal or suspicious activities and creating a timeline of events. Most organizations will utilize SIEM and log analysis tools to automate log analysis, identify patterns, and determine the scope of the breach. More advanced organizations conduct timeline reconstruction to identify the root cause, affected systems, and potential data exfiltration or tampering. Tools that identify compromised accounts or credentials by analyzing authentication and access control logs and correlate log data with external threat intelligence to identify known malicious entities may also be required. It’s important to recognize that log analysis is just one aspect of a thorough forensic investigation.
Banyan SSE vs the Adversaries
Banyan’s app and administrator console collect lots of logs for processing by Banyan or using your organizations SIEM. The logs include granular details that will provide digital forensic researchers valuable insights into system activities, user actions and device state, network traffic, and other events that may be relevant to an investigation. Logs can be exported in different formats to easily be used without needed to be converted using another tool.
To learn more about why adversaries hates and to see why administrators (and end users) love us, schedule a custom demo today or attend our weekly live demonstration.
