The Rising Significance Of Australian Signals Directorate 8 In Cybersecurity

The Rising Significance Of Australian Signals Directorate 8 In Cybersecurity

Frequently, we encounter headlines about yet another organisation succumbing to a cyber-attack. Despite the abundant news coverage and the industry’s clear emphasis on cyber security, 48% of Australian executives still expressed low confidence in their organisation’s capability to subjectively evaluate cyber risks. To enhance your organisation’s cybersecurity stance and shift towards a proactive rather than reactive approach, it is imperative to adopt the ASD Essential 8. By doing so, you can be assured that your confidential data remains secure, and your reputation remains intact.

What is Essential 8?

The Australian Signals Directorate (ASD) Essential 8 is a set of eight security controls that organisations can implement to protect themselves against cyber threats. The Essential 8 was first published in 2016, and it has since become a widely accepted benchmark for cyber security best practices.

The growing importance of the Essential 8 stems from various factors, primarily driven by the rapidly evolving threat landscape. In recent years, attackers have adopted highly sophisticated methods to infiltrate organisations’ systems and compromise data. The ACSC received over 76,000 cybercrime reports, an increase of nearly 13 per cent from the previous financial year. This equates to one report every 7 minutes, compared to every 8 minutes last financial year. In response to these escalating threats, the Essential 8 offers a comprehensive set of controls that empower businesses to effectively counter and mitigate such risks. Consequently, the following reasons highlight why the Essential 8 has emerged as a crucial component in bolstering cybersecurity:

  • Empowers businesses to remain current and proactive in countering emerging threats.
  • Encompasses an extensive array of controls, effectively mitigating diverse security risks.
  • Endorsed by multiple government and industry organizations, lending it unwavering credibility and legitimacy.
  • Effortlessly implementable and maintainable, rendering it an ideal solution for organisations of any scale.

While the Essential 8 does not function as an impenetrable titanium shield and cannot ensure absolute immunity to cyber-attacks for organisations, its implementation can significantly raise the bar for attackers, making their success far more challenging. For those seeking to enhance their organisation’s cyber security posture, the Essential 8 serves as an excellent starting point. By adopting the Essential 8 practices, organisations can substantially bolster their defences against potential attacks.

Implementation of the Essential Eight Maturity Model

The Essential Eight Maturity Model comprises of four maturity levels (0 to 3). The higher levels of maturity protect entities against moderate-to-high degrees of sophistication in adversary tradecraft and targeting. As of July 2022, it is a core requirement of the PSPF that entities implement the Essential Eight strategies to at least Maturity Level 2.

The Essential Eight Maturity Model comprises the following eight strategies:

  • Application control: ensures only corporate approved software applications can be executed on a computer, protecting against the execution of malicious applications.
  • Patch applications: applying vendor patches or other vendor mitigations prevents known vulnerabilities in applications from being exploited.
  • Configure Microsoft Office macro settings: limits macro programs embedded in Microsoft Office files from executing, thereby preventing potential malicious activity.
  • User application hardening: limits the use of potentially exploitable user application functionality to only what is required and removes particularly vulnerable software altogether.
  • Restrict administrative privileges: limits the unnecessary provision of administrative privileges, reducing the potential for these to be exploited by adversaries to gain full access to computers and data.
  • Patch operating systems: applying vendor patches or other vendor mitigations prevents known vulnerabilities in operating systems from being exploited.
  • Multi-factor authentication: requires users to present multiple authentication credentials to log in, rather than just using a passphrase, thereby preventing adversaries logging in as a user if they know the user’s passphrase.
  • Regular backups: making a copy of data, software, and configuration settings, storing it securely and periodically testing the ability to restore it, enables data and computers to be restored after an incident such as ransomware or computer hardware failure.

The Essential Eight Maturity Model recommends that organisations implement the Essential Eight using a risk-based approach. Where the strategies cannot be implemented, these exceptions should be minimised, and compensating controls should be used to manage the resulting risk. If the gap is effectively mitigated, the entity may self-assess their maturity against that strategy.

The Essential 8 is a valuable set of security controls that can help organisations protect themselves against cyber threats. By implementing these controls, organisations can make it much more difficult for attackers to succeed.

If you are interested in learning more about the Essential 8 or would like a no obligation chat contact us now.

Find out more about Oreta’s cybersecurity services here.

7 signs that your IT infrastructure is vulnerable to a cyber-attack

7 signs that your IT infrastructure is vulnerable to a cyber-attack

Ransomware attacks have witnessed a staggering surge of nearly 500% since the commencement of the COVID-19 pandemic, highlighting the urgent need for Australian businesses to reassess their IT infrastructure and bolster their security measures. This will enable them to enhance their defences against meticulously targeted cyber-attacks. To determine whether your business requires a security reassessment, here are seven indicators that your IT infrastructure is susceptible to a cyber-attack:

1. Outdated software and hardware
2. Weak passwords
3. Lack of employee training
4. Insufficient network segmentation
5. Lack of patching
6. Lack of back-up and recovery plans
7. Data encryption

Outdated software and hardware

One of the primary methods utilized by hackers to infiltrate a network involves leveraging End of Life (EOL) and End of Service (EOS) hardware and software. EOL and EOS refer to situations where vendors cease providing support for a particular software, resulting in the discontinuation of updates and security patches beyond a specified date. As cyber-attacks continue to evolve and become increasingly targeted, failure to keep hardware and software up to date with rapid changes creates vulnerabilities within the IT infrastructure. For instance, among the approximately 230,000 globally infected computers, it was reported that 98% were running an unpatched version of Windows 7. As Windows 8 was released, the support and patching for Windows 7 naturally diminished, leading some businesses to delay the update due to their busy day-to-day operations. This delay in adopting updated software and hardware exposes businesses to successful attacks.

Organizations must prioritize and proactively manage their software and hardware upgrades. It is imperative to have a dedicated IT team that remains vigilant in conducting regular compliance checks to ensure the company remains ahead of the curve.

Weak passwords

Were you aware that ‘123456’ ranked among the top 10 most common passwords worldwide? According to research conducted by Cyber News Investigation, a total of 15,212,645,925 passwords were analysed, with only 2,217,015,490 of them being unique. Weak and easily guessable passwords pose the quickest and simplest route for cyber-attacks to breach a business’s IT infrastructure. A notable example occurred in 2012 when Dropbox experienced a security breach due to an employee reusing a password at work, resulting in the theft and online sale of 68 million user credentials to malicious hackers. Various companies, including Yahoo, LinkedIn, Adobe, and Equifax, have also faced similar breaches due to inadequate password security protocols.

It is crucial for passwords to be complex, incorporating uppercase and lowercase letters, special characters, and numbers, while avoiding dictionary words. Additionally, it is important to encourage employees not to reuse passwords across multiple sites. Here are some steps that businesses can take to ensure their employees use strong and secure passwords:

  • Employee education
  • Don’t share passwords
  • Get a password manager
  • Change password regularly through business wide policies
  • Make passwords stronger
  • Use two factor authentication

Lack of employee training

Effective training and awareness programs tailored to specific demographics are crucial to prevent successful cyber-attacks. Without such programs, employees may lack the knowledge and skills needed to identify and report potential cyber threats. According to IBM, human error accounts for more than 85% of cyber breaches, making people the primary gateway to such attacks. Employees with low levels of cyber security awareness are particularly susceptible to clicking on malicious links or opening attachments in phishing emails.

In 2020, Marriott Hotels & Resort experienced an internal compromise where hackers accessed two employee passwords, resulting in unauthorized access to 5.2 million private records. Unfortunately, it took two months for Marriott’s cybersecurity systems to detect the breach, highlighting the importance of regular regulatory compliance and cyber security training to prevent such incidents from occurring. With third-party assessments and consultation such as Oreta’s Cyber Training and Awareness solution, Marriott Hotel & Resorts could have reduced the chances of the breach overall.

Insufficient network segmentation

The outbreak of COVID-19 has brought about significant changes in the working landscape, with 50% of companies in Australia adopting hybrid work models. This shift to remote work introduces new challenges, as employees connect to their own unprotected networks, increasing the likelihood of successful cyber-attacks. One vulnerability arises from having a flat network, which provides a large attack surface. When an organization’s network lacks appropriate segmentation, a single compromised device can grant a hacker access to the entire system.

However, by dividing a large network into smaller sub-networks through network segmentation, the attack surface is reduced. This segmentation isolates network traffic within the sub-networks, impeding lateral movement. If a network perimeter is breached, the sub-networks act as barriers, preventing attackers from spreading laterally throughout the entire network. With cyber-attacks growing increasingly sophisticated, network segmentation becomes a vital measure to limit the impact of an attack by making it more challenging for cyber criminals to navigate through your network.

Lack of patching

Over time, it is often necessary to update and test the vulnerabilities of most downloaded software. Security patches are designed to address security gaps that were initially overlooked when the software was launched. It is alarming that approximately 95% of cyber-attacks specifically target unpatched vulnerabilities. Patching plays a crucial role because these vulnerabilities can be exploited by cyber criminals to gain unauthorized access, steal sensitive information, or disrupt operations. By promptly applying patches, organizations can minimize downtime, reduce their exposure to threats, and enhance their overall security posture. On the other hand, neglecting to apply patches can have severe consequences for organizations, including data breaches, system failures, damage to reputation, and financial loss.

Lack of back-up and recovery plans

Data serves as the lifeblood of any organization, underscoring the critical need for businesses to have a comprehensive backup and recovery plan in place. Such a plan ensures operational continuity in the face of unexpected events, which can range from natural disasters and human errors to cyber-attacks. According to the 2020 Cost of a Data Breach Report by IBM and the Ponemon Institute, Australia ranked 13th out of 18 countries in terms of total data breach costs.

Without a backup and recovery plan, organizations lack a clear understanding of recovery times (recovery time objective or RTO) and recovery points (recovery point objective or RPO), both of which are crucial in the event of an attack. RTO represents the maximum acceptable downtime for an application, computer, network, or system following an unforeseen disaster, failure, or similar event. On the other hand, RPO defines the acceptable period within which an enterprise’s operations must be restored following a disruptive event.

Failing to proactively plan for these contingencies exposes businesses to greater losses and long-term consequences, including diminished customer loyalty and damage to brand reputation. Therefore, having a backup and recovery plan in place is essential for safeguarding against potential disruptions and minimizing the impact on the organization.

Data encryption

According to recent statistics from the Office of the Australian Information Commissioner (OAIC), there have been five data breaches in 2022 that have affected one million Australians. This highlights the increasing volume of sensitive data being shared and stored, making encryption a paramount concern for businesses. Encryption plays a vital role in safeguarding sensitive data against unauthorized access, ensuring confidentiality, and meeting regulatory requirements. While no security method is foolproof, data encryption is a crucial component in securing an organization’s data both during transmission and at rest.

Cyber-attacks pose a significant threat to businesses and organizations of all sizes, with cybercriminals showing no discrimination. Recognizing the signs of vulnerability in your IT infrastructure can help you take proactive measures to protect your systems and sensitive data. By identifying weaknesses, implementing robust security measures, and training employees in security best practices, you can reduce the risk of a cyber-attack and mitigate potential damages. It is essential to stay informed about the latest threats and security trends, regularly review, test, and update security plans such as Incident Response Plans (IRP), Business Continuity Plans (BCP), and Disaster Recovery Plans (DRP). Remaining vigilant is key to ensuring the ongoing protection of your IT infrastructure.

If you want to be proactive rather than risking on having to be reactive with your security, contact us now and have a no obligation chat with out security team.

Find out more on Oreta’s cyber security services here.

6 Cyber Security challenges to watch out for in 2023

6 Cyber Security challenges to watch out for in 2023

Australia, like many other parts of the world face numerous cyber security trends and challenges, including:
1. Increased Cyber-attacks
Cyber threats and attacks are on the rise globally with the pacific region becoming a hot spot with malicious actors targeting governments, organisations, and individuals. During the 2020–21 financial year, over 67,500 cybercrime reports have been made in Australia, an increase of nearly 13 per cent from the previous financial year.

2. Lack of Cyber Security Awareness
There is a significant lack of awareness amongst individuals and organisations regarding the importance of Cyber security thus, making them more vulnerable and prone to cyber-attacks. Australian Cyber Security Centre reported that 82% of all breaches involved ‘the human element’ (the use of stolen credentials, phishing, misuse, or human error) in 2022.

3. Resourcing shortage
Australia has a shortage of cyber security experts and trained professionals. The lack of skilled cyber security professionals makes it difficult for organisations to implement and manage effective cyber security measures. There is an anticipated 38% growth in workforce shortages in Australian cybersecurity, outstripping forecasts for care and software development.​

4. Inadequate IT infrastructure
Many businesses in the pacific region have outdated cyber security infrastructure thus making them an easy target for cyber-attacks. 40% of Australian IT leaders admitted to failing the security compliance audit in the Thales cyber report, 2021.

5. Continuous compliance​
As cyber-attacks are becoming more advanced and ever evolving, this reflects in constant change and updates of the security regulations and laws. This makes it difficult for organisations to keep up and meet the changing requirements of insurance. Cyber insurance premiums soar 80% in 2022 as claims surge, following a 20 percent increase in the cost of cover in each of the previous two years.

6. Digital transformation
With digital transformation technologies such as Internet of Things (IOT), Artificial Intelligence (AI) and Blockchain being adopted at a rapid pace, businesses are now more vulnerable than ever. Integrating newly established systems and platforms provides a levy for new cyber risks and challenges. Annual Cyber Threat Report found that the cost of a security breach cost $39,000 for small businesses, $88,000 for medium businesses, and over $62,000 for large businesses. An average increase of 14% per cyber-crime report.

To address these cyber security challenges, organisations in the pacific region need to invest in security education, strategy re-evaluation and most importantly a team of security experts. Prioritising the development and implementation of effective cyber security policies, regulations, and infrastructure can position organisations to improve and reinforce their security posture. Keeping up to date and sharing information among cyber security experts and like-minded businesses in the region is also crucial in helping organisations stay ahead of cybersecurity risks and threats.

At Oreta we believe in being proactive than reactive, protect your data and reputation and contact us now.

Do you have 100% faith in your employees to not click on a phishing mail?

Do you have 100% faith in your employees to not click on a phishing mail?

How does phishing mail work and what impact does it have on businesses?

Consider this scenario: It is the end of the week on a Friday, John has several projects he is juggling, and he receives an email from Microsoft to update his software. Under the time constraint of the busy day, he opens the email as knee-jerk behaviour to a regular task and downloads a virus. He exposes the confidential information of all his customers which in turn costs the company millions of dollars and long-term damage to their brand.

In the era of the technological boom, phishing scams are no longer badly formatted emails, but precisely targeted attacks (Spear Phishing) backed with the analysis of human behaviour in getting people to click. Fraudsters have taken cyberattacks to new levels of success, fooling even the savviest of employees. With the widespread phenomenon of automated click behaviour, it becomes hard for staff to police every email increasing the chances of a security breach. Employee errors are the #1 gateway to ransomware disasters, leading top tier businesses to adopt Endpoint Detection and Response to solidify their security posture.

“Phishing, the most common threat vector, is involved in 36% of data breaches.”

According to Verizon’s 2021 Data Breach Investigations report.

What is EDR and why is it the best?

Endpoint Detection and Response (EDR) is a term that was coined by Anton Chuvakin as “records and stores endpoint-system-level behaviours, uses various data analytics techniques to detect suspicious system behaviour, provides contextual information, blocks malicious activity, and provides remediation suggestions to restore affected systems.”

EDR is an integrated solution that records real-time activities and events taking place on endpoints and all workloads with rule-based automated response and analysis capabilities. This provides the security teams with in-depth visibility they need to uncover incidents that may not otherwise been detected. An EDR solution provides continuous and comprehensive visibility into what is happening on endpoints in real time.

Modern EDR architecture tightly integrates with mail gateway solutions and firewall systems to detect, analyse, and block advanced threats before they reach employee inboxes. This in turn provides unified platform experience, including ransomware and other email viruses and URL’s. Organisations can detect malicious behaviour across all vectors and rapidly eliminate threats with autonomous response capabilities across enterprise attack surfaces.

The sophistication of modern malware is evolving at an increasing speed to which the traditional Antivirus (AV) signature-based detection is no longer effective. AV solution relies on the coded database of “bad” files to which they try match the recognised threat. However, due to the unique and everchanging malware infrastructure that is being pushed by scammers, these files can bypass antivirus undetectably. EDR on the other hand incorporates AV and other endpoint functionalities and can detect trends and other indicators of a successful incursion.

Companies have less than 30 minutes after employee error to prevent malicious ransomware moving laterally and infecting other devices.  EDR has a quick response capability and can create an alert within a short time frame. For example, if an end user opens a spear phishing email and inputs their credentials to a seemingly legitimate website, the EDR solution will be able to monitor, alert the security team and prevent the attacker from logging into the endpoint- even under the guise of a legitimate sign in.

What should you look for in EDR solutions?

A powerful EDR solution should have:

  1. Endpoint Visibility: Real-time visibility across all your endpoints allows you to view adversary activities, even as they attempt to breach your environment, and stop them immediately.
  2. Threat Database: Effective EDR requires massive amounts of telemetry collected from endpoints and enriched with context so it can be mined for signs of attack with a variety of analytic techniques.
  3. Behavioural Protection: Relying solely on signature-based methods or indicators of compromise (IOCs) lead to the “silent failure” that allows data breaches to occur. Effective endpoint detection and response requires behavioural approaches that search for indicators of attack (IOAs), so you are alerted of suspicious activities before a compromise can occur.
  4. Insight and Intelligence: An endpoint detection and response solution that integrates threat intelligence can provide context, including details on the attributed adversary that is attacking you or other information about the attack.
  5. Fast Response: EDR that enables a fast and accurate response to incidents can stop an attack before it becomes a breach and allow your organization to get back to business quickly.
  6. Cloud-based Solution: Having a cloud-based endpoint detection and response solution is the only way to ensure zero impact on endpoints, while making sure capabilities such as search, analysis and investigation can be done accurately and in real time.

To take your EDR a step further SentinelOne’s ActiveEDR  provides analysts with real-time, actionable correlation and context and lets security analysts understand the full story of what happened in their environment. Storyline automatically links all related events and activities together an attack storyline with a unique identifier. This allows security teams to see the full context of what occurred within seconds rather than needing to spend hours, days, or weeks correlating logs and linking events manually. It is the most talked about solution in the cybersecurity world due to being the first EDR that is truly active.

ActiveEDR constantly draws stories of what is happening on the endpoint. Once it detects harm, it is capable of mitigating not only malicious files and operations but the entire ‘storyline’. ActiveEDR knows the full story, so it will mitigate this at run time, before encryption begins. It works by giving each of the elements in the story the same TrueContext ID. These stories are then sent to the management console, allowing visibility and easy threat hunting for security analysts and IT administrators.

Who can help me improve my security posture with EDR?

At Oreta, we believe that Security should be proactive than reactive. Majority of the time companies establish a full-spectrum security solution only after a severe breach. We believe in solidifying your security posture against the constantly evolving malware so you can always be sure that your data is safe.

Partnered with wide spectrum of security experts Oreta provides you with a catered solution aligned with your business requirements and holistic vision. We do not consider ourselves a separate entity but an extension of your business with hand in hand guidance into the world of security.

Contact us now to find the perfect EDR solution for you.

Firewalls as a Service (FWaaS); the future of network security

Firewalls as a Service (FWaaS); the future of network security

Does your organisation still have a physical (or virtual!) appliance for a firewall? Its days may be numbered. Developments in cloud solutions are creating an upward trend toward cloud-based security services. Cloud firewall deployments are becoming the norm in many enterprises. Firewall as a Service (FWaaS), otherwise known as ‘Cloud Firewalls’, has surfaced as a standalone product and a key element of the overarching Secure Access Service Edge (SASE) architecture. FWaaS is helping meet enterprise security requirements and improve network connectivity and end-user response times.

Here we help build your understanding of what FWaaS is, why companies are considering it as part of their security strategy, and why it is an integral part of the SASE architecture.

What is FWaaS?

Much like a fire-proof wall prevents flames from travelling through a building, network firewalls prevent unauthorised access to, or through, an organisation’s network. They act as an inspection gateway, stopping malicious data from entering or exiting the secured network.

Firewalls have been an essential element of network security since their invention in late 1980, just before the launch of the web browser in August 1991. The rest, they say, is history. As companies move their applications and data to the cloud and people work remotely, firewalls continue to evolve.

FWaaS is the latest version of the Next Generation Firewall (NGFW). It operates the same way as an ordinary hardware-based firewall; however, instead of installing a firewall appliance on a physical server, it puts the same capability to the cloud. FWaaS provides a centrally managed exit point for all staff’s internet access (e.g., corporate headquarters, remote and branch offices, mobile users) without backhauling the traffic through the corporate data centre. It leads to end-user performance improvement, reduced network and link costs, and removal of the DC bottleneck. As a result, FWaaS permits the data centre firewall to focus on its primary role – protecting the corporate servers and data.

As a corporation no longer manages the infrastructure or software patching, security staff can focus more on performing a role that creates real business value – protecting the corporate data. By centralising administration, a consistent security policy can apply across all staff traffic.

How Does FWaaS Work?

Firewalls enforce rules developed by the organisation’s IT administrators that ‘gate’ what staff can access (e.g., Web sites/categories, IP addresses). When prohibited behaviour is detected, users are blocked and alerted accordingly. As mentioned above, this is very similar to a legacy on-premises firewall; however, it is conducted “in the cloud” using an FWaaS provider.

Installing the firewall is comparatively easy, often only involving changing a company’s router settings. As soon as the network links to the FWaaS provider, network traffic travels through the provider instead of the company’s firewall.

Why do companies need FWaaS? 

With more companies adopting the cloud, and an increase in remote workers, network complexity is intensifying. As a result, the network permitter has changed. Where corporate data was previously on-premise, data is now in “the cloud”. A centralised firewall introduces latency due to backhauling data to the central corporate firewall, which may require high network bandwidth to improve performance, which in turn flows on to needing a larger firewall to accommodate the extra traffic flowing.

FWaaS addresses these inhibitors by providing dedicated, corporate-controlled security services located close to the end-users and the data they seek to access. Shorter paths mean lower latency and better response times. Corporate security is enhanced with a firewall to user access and lets the data centre firewall focus on its original function of protecting the corporate data centre.

T teams can now build customised cloud-friendly security models protected by enterprise-grade firewalls as a vital part of a cloud strategy.

The Benefits

FWaaS is the answer for companies looking for enterprise-level network security solutions but is still in the early stages of deployment. In September 2019, Gartner estimated that less than 5% of distributed companies deploying cloud-firewalls took advantage of FWaaS. However, as the benefits become more widely known, the number will likely quadruple to 20% by 2024(1).

Here are some of the reasons an increasing number of companies are leaning towards FWaaS:

Simpler architecture – FWaaS manages corporate user traffic by leaving the current data centre based physical firewall to handle only data centre related traffic, thus simplifying the firewalls’ configurations by dedicating them to specific tasks.

Scalability – FWaaS scales “on-demand” compared to the physical firewall, requiring life cycle management and capacity planning. When additional throughput is needed, it can be enabled within hours or days at incremental pricing with no disruption to service.

Unified Security Policy – FWaaS provides a single egress point for all staff, whereby enforcing a standard policy without addressing the potential multiple egress points that may exist today.

Easy to install and manage – Companies can easily integrate FWaaS into their existing IT infrastructure – no complex implementation.

Easier maintenance – FWaaS firewalls are always current, so there are no risks of late or missed software updates. IT staff have more time to plan the infrastructure’s future needs rather than on routine maintenance.

Complete network visibility – Together, FWaaS and SD-WAN can implement a single logical managed platform. Companies have full visibility and control over their user internet and WAN traffic from one centralised location. In turn, companies can get consistent delivery of critical security information (e.g., data breach).

Cost-effective: Business units can configure and manage FWaaS remotely. Thus, eliminating the need to purchase, license, install, maintain, and update hardware and software. Simply put, FWaaS is ideal for businesses of all sizes as it can reduce costs significantly while maintaining the safety of all their data.

Challenges of FWaaS

The following are challenges (not disadvantages!) companies may face when they adopt FWaaS :

  • Resistance to Adoption: Enterprise businesses may be hesitant to move a critical function like security into the cloud. They may be willing to forego all the cost savings and operational conveniences of FWaaS and continue to stay with legacy firewall appliances.
  • Concerns about Network Latency: As mentioned above, integrating SD-WAN and other cloud services with FWaaS makes it a more attractive solution for enterprises. While doing this, FWaaS providers need to guarantee a network latency comparable to or better than that of legacy firewalls.
  • Data Centre Traffic: Corporate servers in data centres have different access requirements linking inbound connections. FWaaS are maturing in this space, but it’s not there yet. Currently, the data centre still needs its own firewall/internet service. We expect this limitation to reduce over time. Telstra has released their Secure Edge product, which addresses these constraints.

FWaaS & SD-WAN

FWaaS provides several benefits as a standalone solution; however, when it converges with other technologies such as Software-Defined Wide Area Networking (SD-WAN), companies can restructure their network and route it directly to its destination without sacrificing security and visibility. FWaaS and SD-WAN can significantly enhance performance and serviceability and reduce the dependency on the corporate WAN. Together, FWaaS and SD-WAN are essential components of the emerging cloud-based networking architecture known as Secure Access Service Edge (SASE).

FWaaS & SASE 

When aligning to the SASE framework, FWaaS connects with other cloud-based security components to develop an architecture that provides inline protection and access control at the network edge. SASE is becoming the framework for securing organisations. SD-WAN’s capabilities address connectivity constraints, restricting heavy end-user access by creating a reliable firewall connection for office, branch, remote and mobile locations.

Together with FWaaS and SD-WAN, the SASE framework incorporates Cloud Access Security Brokers (CASE), Secure Web Gateways (SWG), and Zero Trust Network Access (ZTNA) to defend the network from potential threats.

Making the Switch to Firewall as a Service (FWaaS)

Is your organisation ready to adopt FWaaS? The answer is ultimately dependant on where your company’s network strategy is going. An SD-WAN strategy aligns with cloud-based FWaaS. SD-WAN with FWaaS will reduce the load and complexity on the centralised corporate firewall whilst providing a better end-user experience to corporate users due to better egress pathing.

Companies with a complex firewall deployment will still need to maintain an on-premises firewall; however, Telstra’s Secure Edge FWaaS is a new option that places the firewall on the edge of your existing MPLS network. This solution provides a Next-Gen Firewall which protects both corporate users and the systems in the data centre.

FWaaS, either cloud-based or Telstra’s network-based solution, should be considered when you review your network or firewall strategy.

Oreta partners with vendors to offer customers cloud-based FWaaS solutions that have Next-Gen functionality. Our strategic partners include Palo Alto Networks, Checkpoint and Cisco. With our advisory, delivery and managed service capabilities, we can ensure that our customers benefit from a SASE or FWaaS solutions. Contact us today for a non-obligatory conversation about your company’s security requirements.

Resources

  1. Top 4 firewall-as-a-service security features and benefits (techtarget.com)
Getting sassy with SASE?

Getting sassy with SASE?

SASE – It’s revolutionising network and security architecture. It’s shaking up how we connect. But what exactly is all the talk about? What does it mean for your organisation? Is your organisation sassy enough to conquer a SASE makeover?

Focus Points

  • The future of our network and security infrastructures being cloud-centric is imminent.
  • SASE has several advantages over traditional architectures, not the least of which include greater scalability and flexibility for your organisation
  • Now is the perfect time to assess where on the SASE journey your organisation is at and what this means for your existing networking infrastructure.

What’s sassy about SASE?

Disruptive and transformational are just a few words that come to mind. Gartner defines SASE – pronounced “sassy” and shortened for ‘Secure Access Service Edge’ – as ‘an emerging cybersecurity concept combining comprehensive WAN capabilities with comprehensive network security functions…to support the dynamic secure access needs of digital enterprises’.

Unlike the legacy WAN, SASE shifts the focus from a network where each branch connects to a central office to access data and security services to the concept where an entity (e.g. user, group of people (branch), a single device, IoT system or edge computing location) is connected directly from the edge to cloud-based services bypassing the need for a centralised WAN.

SASE has several advantages over traditional architectures, not the least of which include greater scalability and flexibility for your organisation, potentially reduced network costs, and better performance for the end-user. SASE done right will open the door to enhanced security features, moving the management of your security to a cloud access security broker (CASB) whilst:

  • protecting your users, regardless of where the device or user is located, from threats through secure web gateways (SWG) and remote browser isolation,
  • securing your applications and data through zero-trust network access (ZTNA), firewall as a service (FWaaS) and protecting your web API’s (WAAPaaS).

Why is it the trend?

The era of centralised network and security architectures is fading. Today’s enterprises are hyper-distributed. More and more businesses are moving to a Software-as-a-Service (SaaS), cloud-based services and edge compute platforms, where there is an increased reliance on SDWAN connectivity, and remote user access is the new normal. As a result, the traditional reliance on enterprise data centres for routing and security is becoming obsolete.

We are at the forefront of a new transformation. We are shifting from relying on location as the core of networking and security to the end-user. With 2020 being a tumultuous year, with a massive exodus of users working from home, the need for such change has never been so evident. Whilst 81% of the population is now working from home, Gartner has predicted post-COVID that 41% of employees will remain working from home. The question is – is your security prepared for this – are you getting sassy with SASE?

The future of our network and security infrastructures being cloud-centric is imminent. Users need to have more confidence in a consistent and secure experience everywhere, anywhere.

If you are ready to get sassy with SASE, now is the perfect time to assess where on the SASE journey your organisation is at and what this means for your existing networking infrastructure.

Are you the sassy-type?

Ask yourself – Are you ready to revolutionise your network? Are you willing to embrace disruption to stay relevant? If so, you are ready to get sassy with SASE.

Enterprises of all sizes are discovering their reasons for needing to transform to SASE, including;

  • Corporate services are changing to cloud-based providers
  • The move from centralised MPLS networks to the Internet at the edge
  • More user traffic from branches directed to public clouds, detouring the data centre
  • The need to protect remote users as they perform work outside of the enterprise network and on their own devices
  • Consolidating network and security
  • Optimising cloud-based applications that are being accessed from the edge

If you tick any of the boxes above your organisation is also ready to embrace the change.

Get your SASE-on?

Adopting SASE should be part of your organisation’s IT journey. It is not something that has to be deployed all in one go. The goal is to ensure that you integrate it seamlessly, and you provide an optimal experience for the user.

The first step should be to identify the journey and the different phases within. Determine what is already in place and are already performing well, and what needs transforming.

Once you have done this, you will need to consider how to;

  • Position the adoption of SASE as a digital business enabler to ensure speed and agility.
  • Change focus from managing security boxes to delivering policy-based security services.
  • Engage with network architects to discover your SASE capabilities. Use SD-WAN, and MPLS offload projects to evaluate integrated network security services.
  • Identify ways to reduce the complexity on your network security

To help your organisation map out its journey to SASE contact Oreta today.