Expert(s):
Director of Audit and Compliance feature_status*/ ?>
Plixer

Comments Dotted : 4
March 19, 2020

Skyrocketing VPN Usage – Experts Input
Organizations that are building out their VPN capabilities need to be sure to properly deploy and patch their systems.
As the number of employees working from home continues to rise, businesses must ensure that their VPN is in a position to offer their employees the same experience as though they were working in the office. Bandwidth can be a serious strain for businesses not used to a majority of their users connecting from home. IT must be sure to educate their users, so they are aware of the impact on everyone and to limit their bandwidth-heavy activity, like Netflix streaming, to outside of office hours......Read More
As the number of employees working from home continues to rise, businesses must ensure that their VPN is in a position to offer their employees the same experience as though they were working in the office. Bandwidth can be a serious strain for businesses not used to a majority of their users connecting from home. IT must be sure to educate their users, so they are aware of the impact on everyone and to limit their bandwidth-heavy activity, like Netflix streaming, to outside of office hours. This will ensure that productivity doesn’t drop and that users don’t try to forgo the VPN altogether, which could have dire consequences for the security of the business. Organizations that are building out their VPN capabilities need to be sure to properly deploy and patch their systems to prevent vulnerabilities from opening up their corporate network to malicious actors. By taking advantage of network traffic metadata, businesses can measure user experience over the VPN, detect malicious activity, and maintain visibility even when employees are no longer in the physical office.  Read Less
January 02, 2020

Expert Advise On DNS-Over-HTTPS Traffic On The Network
DNS-Over-HTTPS (DoH) and DNS-Over-TLS (DoT) are important advancements to the overall security of the internet.
DNS-Over-HTTPS (DoH) and DNS-Over-TLS (DoT) are important advancements to the overall security of the internet. However, these technologies can create blind spots in corporate networks. By preventing businesses from seeing DNS queries, individuals can become victims to DNS leak attacks if their systems are compromised. While encrypted DNS is important to prevent internal eavesdropping, those within the organizations should use company-approved DoH or DoT servers instead of publicly available.....Read More
DNS-Over-HTTPS (DoH) and DNS-Over-TLS (DoT) are important advancements to the overall security of the internet. However, these technologies can create blind spots in corporate networks. By preventing businesses from seeing DNS queries, individuals can become victims to DNS leak attacks if their systems are compromised. While encrypted DNS is important to prevent internal eavesdropping, those within the organizations should use company-approved DoH or DoT servers instead of publicly available servers like those offered by Cloudflare and Google. This will provide the encryption for individuals, but maintain security for the company. As was recently reported, organizations should look for long-lived TLS connections with payloads that don’t exceed a kilobyte. Network traffic analytics is the best way to see these connections without relying on packet capture as this information is easily accessible in network metadata. Additionally, organizations should consider deploying DNS servers that allow those within the organization to connect via DoT and DoH. This will give users the security they want and the visibility the organization needs.  Read Less
November 22, 2019

Security Expert Comments On NSA Publishes Advisory Addressing Encrypted Traffic Inspection Risks
Additionally, organizations should monitor TLS certificate metadata with network traffic analytics.
Organizations that plan to, or are currently, using TLSI to detect malicious activities on the network must be sure to maintain the certificate validation process that would normally happen between the client and the server. Additionally, organizations should monitor TLS certificate metadata with network traffic analytics. These details such as certificate common name, Certificate Authority (CA) information, and expiration date, will give security and network professionals information they need .....Read More
Organizations that plan to, or are currently, using TLSI to detect malicious activities on the network must be sure to maintain the certificate validation process that would normally happen between the client and the server. Additionally, organizations should monitor TLS certificate metadata with network traffic analytics. These details such as certificate common name, Certificate Authority (CA) information, and expiration date, will give security and network professionals information they need to detect when TLSI systems are not properly validating certificates. An example of this would be when there are connections to sites with expired certificates or untrusted CAs are allowed to connect instead of returning an error. By leveraging this information from the network, organizations can verify that they are validating TLS connections in the most secure manner which ensures that information security is maintained throughout the connection.  Read Less
September 23, 2019

On Privilege Escalation Flaw Found In Forcepoint VPN
By having a baseline of normal user behavior, organizations can understand how compromised machines have taken data off the network.
Software vulnerabilities, like the one found in Forcepoint VPN Client for Windows, can mean real problems for organizations. Once a hacker has exploited the vulnerability, they gain significant power over the end-user’s system. While it is not clear if the vulnerability also gives access to corporate resources, businesses should be certain to have access to network traffic analysis to understand how machines across the network are behaving. By having a baseline of normal user behavior,.....Read More
Software vulnerabilities, like the one found in Forcepoint VPN Client for Windows, can mean real problems for organizations. Once a hacker has exploited the vulnerability, they gain significant power over the end-user’s system. While it is not clear if the vulnerability also gives access to corporate resources, businesses should be certain to have access to network traffic analysis to understand how machines across the network are behaving. By having a baseline of normal user behavior, organizations can understand how compromised machines have taken data off the network or compromised other systems. For organizations with Forcepoint VPN Clients, it is important to update the software to the latest release and to monitor devices with the compromised client. By looking at their network traffic patterns, it will be easy to spot the exploited devices.  Read Less