MID-YEAR FOLLOW UP: 2021 Security Anti-Predictions

Back in January, we took a slightly different approach to the annual trend prediction blog post and instead sounded off about what the cybersecurity community predicted would NOT happen in 2021. At the time, industry veteran and Vice President of Security Strategy at Lightstream, Rafal Los took to social media to ask, “What’s the thing that probably won’t happen in cybersecurity in 2021?” Now that we’re midway through the year, we wanted to check in and see how accurate their anti-predictions were.

Tied for #1: Password Elimination & Meaningful Asset Management

Raf’s social media followers resoundingly agreed in January that we wouldn’t see an end to passwords as a means to protect our assets, and it shouldn’t come as a surprise to anyone that this forecast was 100% accurate. We still don’t have a better way to protect our personal and enterprise data, as thumb print and facial recognition technology have not yet evolved to ironclad status.

And though the work-from-home trend is not as strong as it was at the start of the year, the unpredictability of the COVID-19 virus continues to cause skepticism about re-implementing a full-time, on-site work strategy. That means remote workers continue to be at risk for identity-related breaches, and maintaining control of computer-related assets, including software, unauthorized devices and loss of security is still a major priority for corporate IT.

Asset management remains a significant challenge, particularly for the mid-sized business market that lacks the deep pockets to afford the security measures that large corporations have in place. Therefore, IT professionals must utilize the remainder of the year to adopt new ways to improve the identification, tracking and management of employees, applications and devices that access resources.

#2: Widespread Zero Trust Adoption

Most of Rafal Los’s respondents shared the sentiment early in 2021 that while the adoption of Zero Trust principles was imperative for the advancement of cybersecurity, they weren’t confident about it being widely adopted in the immediate future. As it turns out, we’re happy to report that this prediction may have been short sighted.

It’s possible that they underestimated COVID-19’s ability to accelerate the adoption of a Zero Trust model. It seems that the pandemic and resulting rise in cybersecurity attacks have fueled investments in new cybersecurity strategies as well as the buzz surrounding Zero Trust security.

According to CISO Mag, a recent report highlighted that more than three-quarters (78%) of companies around the world say that Zero Trust has increased in priority and nearly 90% are currently working on a Zero Trust initiative (up from just 41% a year ago).

The security of every organization depends on a new way of thinking, and the Zero Trust model of “never trusting, always verifying” is profoundly beneficial in an environment where remote working continues to be a trend. Lightstream’s Managed Security Services platform incorporates automation, Zero Trust concepts, best practices and industry-specific compliance to help IT leaders manage costs effectively, reduce complexity and improve the efficiency and efficacy of data center, network and cloud security.

#3: Fully Patched Environments/Systems

At the outset of 2021, Rafal Los’s social media followers were spot-on in their prediction that fully patched environments and systems would be highly unlikely this year. A perfect example of this is Microsoft’s so-called Printnightmare vulnerability that continues to be an issue as of the date of this blog post. Microsoft released a patch for this Print Spooling vulnerability in June of 2021. However, as we explained in January, much like how water usually finds a way to break through that patch in your garden hose, attackers are experts in finding ways to circumvent applied patches when the underlying cause is not fully remediated.

This patch, like so many others released by software providers, can be bypassed in certain scenarios, effectively defeating the security protections and permitting attackers to run arbitrary code on infected systems.

The process of identifying, categorizing, prioritizing, and resolving vulnerabilities in operating systems, enterprise applications (whether in the cloud or on-premises), browsers and end-user applications is an ongoing process that requires considerable time and resources. Therefore, we stand by our advice for enterprise IT to consider outsourcing this initiative to a trusted provider.

#4: Elimination of Phishing

We were far from shocked when many of Raf’s social media followers were emphatic that phishing scams would continue to haunt corporate IT in 2021. In fact, Digital Information World reported that a recent study found that phishing site volume in Q1 of 2021 outpaced Q1 of 2020 by 47 percent. They further reported that phishing is an ever-growing problem particularly for e-commerce and cryptocurrency platforms, but that social media and other sites and platforms that offer financial services also continue to experience phishing at a high rate.

According to the Federal Trade Commission (FTC), scammers were increasingly causing a threat to online retail shoppers, the rental car market, job searchers, and those seeking mortgage relief. They also warned against government imposter scams. The FTC recently issued the following alert:

COVID opened the door for scammers to double down on their worst practices, while preying on consumers during an unprecedented pandemic.

Moreover, Harvard Business Review recently reported that 2021 has seen a dramatic increase in business-related phishing scams, with high-profile ransom attacks against critical infrastructure, private companies, and municipalities grabbing headlines on a daily basis. Lightstream recommends that IT professionals take a multi-faceted security approach to lessen the number of phishing attacks and reduce the impact when attacks do occur.

#5: Unification of C-Suite & Security Professionals

Some of Raf’s respondents forecasted that there would continue to be a dangerous rift between security professionals and the executives/boards they support. A June 2021 Security Magazine article stated that because the majority of security leaders are three steps away from the CEO, only 37% of security professionals believe their organization values and effectively leverages the expertise of the cybersecurity leader. Furthermore, cybersecurity leaders shared they have assumed more accountability and risk, but struggle to achieve the desired security posture, because they are not seen as influential or valued members of their peer group. If you ask us, the next six months represent a major opportunity for companies to develop strategies to ensure accountability “goes both ways.”

#6: Effective Use of Machine Learning

Despite the skepticism expressed by Rafal Los and his social media respondents earlier this year, it seems that enterprise budgets for Artificial Intelligence (AI) and Machine Learning (ML) have been on the rise in 2021. Inside Big Data reported in July that The AI industry is growing and we’re seeing a shift in priorities to more organizations viewing deployment of practical AI as a core strategy and moving away from mere experimentation. Several media outlets are reporting an uptick in the use of machine learning in healthcare and finance, with AI and ML being used to improve consumer experience and engagement, automate business practices, predict cardiovascular disease and mortality, and translate brain signals from paralyzed patients.

Contact Lightstream to find out how we can help you unify strategies to build secure, generational capabilities that can help your organization accomplish its goals in 2021 and beyond.

Overcoming Security Challenges at Mid-Market Organizations

When it comes to cybersecurity, mid-market organizations are uniquely challenged. They encounter many of the same issues that large enterprises do, but in most cases are forced to try to remedy them without the substantial budgets and IT departments that major corporations have.

According to first quarter 2021 Middle Market Business Index data from advisory firm RSM, 28% of middle market executives reported a data breach at their company in the last year, the highest level since RSM began tracking data in 2015 and a significant increase from 18% in 2019. Larger middle market organizations were most at risk, with 42% of executives at those companies reporting a breach, compared to 16% at smaller counterparts.

As attacks and adversaries ramp up, mid-market businesses find themselves in a battle to sustain their growth and security budget. Facing a shortage of security talent without the deep pockets to pay the high salaries demanded by top-level security professionals, these positions often go unfilled and the responsibilities associated with them are assigned to other staff members who are already overworked and wearing too many hats. In other cases, these positions get filled by less-qualified candidates. Either way, the organization is at risk of increased vulnerability to security breaches.

Another challenge is the siloed nature of security tools. The effectiveness of an organization’s security program on the operational side is often inversely proportionate to how many times IT professionals have to switch screens to figure out what’s going on. If you do not have a highly scalable and optimized security infrastructure backed by a qualified team to analyze threats in near real-time and respond, it puts you at significant risk and disadvantage – no matter how much technology you buy.

The pandemic and resulting economic downturn of 2020 exacerbated these issues. When countless companies throughout the world were forced to shut down, mid-market organizations with outdated infrastructure were unable to scale down in response. They overpaid for technology, licenses and features they no longer needed at a time when they couldn’t afford to waste valuable budget dollars. Moreover, with the majority of staff forced to work from home, users were accessing the network and data from everywhere, making the challenges of protecting assets even greater and requiring an increasing number of resources.

Outsourcing and the evolution of security service providers

What is a security threatened, budget constrained, short-staffed mid-market company to do? Many organizations are led to the decision to fully or partially outsource the day-to-day operations of their security program. For the past 20 years, this meant hiring a Managed Security Service Provider (MSSP). While doing so took some of the security management responsibilities off of the in-house IT team, it was not without its flaws. In order to remain profitable, most MSSPs rigidly deliver “cookie cutter” solutions. They are paid to monitor a dashboard and if there are any concerns, they simply alert the company to the issue. It is a best-effort model wherein the customer still remains very much engaged – thus delivering little real value.

Today, the MSSP is slowly being replaced by Security as a Service (SECaaS). With this new and improved “all-inclusive” delivery model, the service provider integrates their security services into the corporate infrastructure on a subscription basis. In most cases this is more cost effective than it would be for the midsized organization to manage its own security, particularly when total cost of ownership is considered. With SECaaS, the organization no longer has to worry about purchasing and managing infrastructure, tools and licenses. Instead, it is protected by a provider that partners directly to provide everything needed – tools, expertise, staffing – to deliver a next generation security services in a pay-as-you-go model.

This new model delivers immediate value by completely lifting the day-to-day security management off the IT department. And when the business needs to scale up or down quickly in response to seasonal or other shifts in demand, they can simply add to or remove services and scale up or down as business requires while delivering desired security outcomes.

In today’s world where the unpredictability of life comes at you fast, organizations must have the mindset that “IT comes at you faster.” IT must have the ability to immediately respond, support and thrive under whatever circumstances the organization is experiencing. It is imperative that organizations adopt a zero trust model, which trusts no one and requires continuous verification and multi-factor authentication for anyone trying to access the network. Mid-market companies that partner with the right SECaaS provider can gain peace of mind by relying on their vendor to update settings based on current threats.

For advice on how your midsized business can overcome its security challenges and adopt a zero trust model, contact the experts at Lightstream. As a networking and cloud company that integrates security into everything we build, we specialize in 24x7x365 network monitoring, detecting, protecting, analyzing and remediating security issues. We’ll help you manage costs effectively, reduce complexity and improve the efficiency and efficacy of your data center, network and cloud security.

MSSPs have failed us, now what?

 

Managed Security Service Providers (MSSPs) have been around for over twenty years. That’s long enough for Lightstream’s V.P. of Security Strategy Raf Los to explain (with conviction) why the model isn’t working anymore. Raf makes a case for “Security as a Service,” what this really means and why this is the new paradigm the industry should be – and is — shifting towards. Here’s a hint: CISOs need to get out the of business of managing security infrastructure.

On Apple

On Spotify

Lightstream Achieves Palo Alto Networks Prisma Cloud Specialization

NextWave Prisma Cloud Specialization will help Lightstream bring Advanced Cloud Security Expertise to Customers 

Salt Lake City, UT, June 3, 2021– Lightstream announced today that it has achieved a Palo Alto Networks NextWave Prisma Cloud Specialization Status. Lightstream has met the key specialization criteria around performance, capabilities, and engagement established by Palo Alto Networks’ NextWave 3.0 Partner Program.

As businesses expand their cloud footprints to innovate and go to market faster, cloud security must keep pace with the needs of both agile software development practices and hybrid and multi-cloud environments. Customers need the expertise and tools to ensure that their entire cloud native application lifecycle is protected and compliant while enabling full stack protection across public or private clouds for hosted, container, and serverless workloads.

Lightstream’s achievement of Palo Alto Networks’ Prisma Cloud Specialization adds further value to its robust cloud and security practice. The practice emphasizes architectural excellence as well as ongoing technical optimization, remediation, and cost performance for core, virtual, and remote infrastructures.  It further validates the capabilities of Lightstream Security Managed Services product portfolio to address the ongoing operational needs of customers.

“Lightstream Cloud Defense, built on Palo Alto Networks Prisma Cloud, pairs a flexible platform approach with cloud and security engineering expertise and remediation through our 24/7 security operations center (SOC),” said Jeff Collins, chief strategy officer for Lightstream. “Customers benefit from the power of Palo Alto Networks Prisma Cloud in a pay-as-you-grow managed service designed to fit their needs.”

“The partner of tomorrow will differentiate itself by building security expertise where that need is greatest,” said Karl Soderlund, SVP of Worldwide Channel Sales at Palo Alto Networks. “As a Prisma Cloud Specialized partner, Lightstream will bring expertise and cloud security to our customers who don’t always have the tools or resources to manage integrated DevOps security or secure complex, hybrid-cloud environments. This Cloud specialization is also our commitment to identify and bring high-value opportunities to partners backed by our leading security platform, with the incentives, enablement and support services that will help them establish innovative new solutions.”

About the NextWave Partner Program

The Palo Alto Networks NextWave partner program includes approximately 6,500 partners who help 80,000 customers around the world succeed with Palo Alto Networks Technologies. Its pre-sales, sales, and post-sales capabilities and enablement are instrumental in helping our partners create an optimal customer experience and serve as trusted security experts. Partners’ achievements in the program are proactively monitored and annually assessed.

NextWave 3.0 is a comprehensive set of program specializations, incentives, and enablement initiatives launched by Palo Alto Networks to Enable partner differentiation; enhance partner profitability, expand partner opportunities; and empower partner success.

To learn more about Lightstream’s Security Managed Services, visit our Security Practice page on lightstream.tech.

About Lightstream

Lightstream provides full-service cloud, connectivity, and security solutions to enterprises worldwide with a focus on managed services for all three, as well as cloud infrastructure implementation, security, and support.

Lightstream is an AWS Security Competency Partner, an AWS Advanced Consulting Partner, a Microsoft Cloud Platform Gold Partner with Security Competency, and was named Palo Alto Networks Public Cloud Partner of the Year in 2018 and 2019. Visit us at http://www.lightstream.tech or LinkedIn.

Media Contact

Cynthia.Lawton@lightstream.tech

 

SOC 2 isn’t your problem. It’s your network.

Information security is a reason for concern for all organizations, including those that outsource key business operations to third-party vendors like SaaS and cloud providers. But beware! Don’t let your network be an afterthought when it comes to achieving SOC 2 compliance.

Lightstream’s Chief Strategy Officer Jeff Collins discusses the basics of SOC 2 and offers concrete advice on what to consider when preparing for an audit or undertaking a digital transformation initiative.

On Apple

On Spotify

A Large Design-Build Construction Company Saves Azure Cloud Migration with Help from Lightstream

Security gaps threatened the company’s cloud migration, but crisis was averted with services from Lightstream.

Business Challenge

A desire to stay innovative, modern, and operationally effective—three critical attributes in today’s competitive construction industry—led a large design-build construction company in the Midwest to explore the cloud. The company’s IT leadership team chose Microsoft Azure as their platform and purchased Prisma Cloud, a multi-cloud security offering from Palo Alto Networks, to provide added security protection for their cloud environments.

Once its Azure environment was implemented, the company began migrating applications. The team’s goal was to move as many applications as possible to the cloud, knowing some applications would have to remain on-premises, and their operating environment would result in a hybrid configuration.

After months of moving applications and deploying them into production, however, the company discovered problems. A security assessment revealed there were serious security gaps in the way Azure and Prisma Cloud had been implemented. If not addressed, the gaps would allow external entities to gain access to their environment, leaving the company’s systems vulnerable to breaches. This forced the company to stop its cloud migration and move applications back into its own data center.

Solution

With its cloud migration on hold, the company looked for a solution to solve its security problems and contacted Lightstream for help.

Once engaged, Lightstream Azure Cloud experts began gathering information. They reviewed the company’s business requirements, technology environment (infrastructure, data services, security landscape, application portfolio, and operations tools), and processes to gain a clear understanding of the company’s operating environment.

Next, the team evaluated the company’s existing Azure environment. They reviewed the company’s core cloud configurations, standards and governance, identity and access management (IAM), network interconnectivity, security, and monitoring, provided recommendations for changes to address issues, and then created an operational run-book with as-built documentation.

The next step was to review the Palo Alto Networks NGFW (next-generation firewall) configuration. The team reviewed the overall design of the appliances, assessed the Azure routing configurations, network placement, and connectivity, and recommended changes to remediate issues and ensure high availability.

The last step was to address the Palo Alto Networks Prisma Cloud implementation. The team evaluated the existing deployment, including policies and settings for resource configurations, user activities, network traffic, and host vulnerabilities, and made changes to resolve problems and ensure the environment operated correctly.

Business Outcomes

Remediation of Security Gaps and Reduced Business Risk

After completing the project with Lightstream, the company was able to eliminate its security gaps. External entities were no longer able to gain access to the company’s Azure environment through the known security vulnerabilities. This increased the confidence in the company’s cloud platform and lowered the risk of security breaches to the organization.

Secure Azure Environment with Next-Generation Firewalls

The company gained a secure Azure environment protected by Palo Alto Networks NGFWs in a high availability configuration. This enabled the company to resume migrating applications safely to the cloud and ensured its firewalls would be resilient.

Successful Prisma Cloud Implementation

With help from Lightstream experts, the company was able to overcome its initial problems and successfully implement Palo Alto Networks Prisma Cloud in its environment. This provided added security protection for the company’s cloud infrastructure and cloud-native applications.

A Large Dairy Co-operative Turns to Lightstream to Help Save Its ERP Migration in Azure

Microsoft Azure and Palo Alto Networks NGFW design and implementation services from Lightstream help the company overcome edge security issues and deploy ERP in the cloud.

Business Challenge

Dairy is a complex, regulated industry. Since the 1930s, the U.S. government has regulated milk prices. Minimum prices are set for fluid milk (based on several factors, including the price of butter, cheese, nonfat dry milk, and dry whey), and all processors must pay it. Different prices are set for milk used as an ingredient in dairy products, though the process is the same: the government sets the price, and processors pay it.

In addition, milk is a perishable product. As a result, the government sets strict standards on its use. Processors are unable to stockpile product to meet fluctuating consumer demand, which in recent years has been shifting to dairy alternatives like oat and soy milk.

These market realities put pressure on dairy processors. To address these challenges, a large dairy co-operative in the Pacific Northwest decided to expand its operations beyond its regional customer base with the goal of becoming a national brand. But to do that, the company first needed to modernize its systems by moving away from its on-premise legacy enterprise resource planning (ERP) system to Microsoft Dynamics 365 to establish a more flexible operating platform.

Midway through the project, however, the company ran into security problems. It turned out the company didn’t fully understand how to implement native cloud security controls available in Microsoft Azure and did not have proper edge security protection in place to satisfy governance and compliance regulations. After months of trying to correct the problem with the help of a 3rd -party firm, the company was unable to deploy its ERP solution and was faced with either seeking additional help or shutting down the project.

Solution

Prior to contacting Lightstream, the company had attempted to implement Palo Alto Networks NGFW (next-generation firewall) in Azure to provide edge security for its users. The company’s IT team was committed to the solution and its capabilities, but they had struggled with the implementation.

Once engaged, the Lightstream team reviewed the company’s requirements. They evaluated the existing Palo Alto NGFW configuration, executed an ingress and egress assessment, developed a security plan for implementing the company’s ERP system in the cloud using Azure native controls and Palo Alto NGFW as the edge inspection point, and architected the design to ensure high availability and resiliency. This was done by performing a customized Cloud Foundation Framework engagement.

After the design was completed, Lightstream built the Azure environment per the design blueprint, including VNets, network security groups, platform logging, and all native security controls. Then, the team implemented the Palo Alto NGFWs in a high availability configuration.

The final step was testing and validation. Lightstream’s Azure Cloud engineering experts helped test traffic flow, routing, and connectivity, as well as security functionality to ensure the solution provided the edge security protection the company needed.

Business Outcomes

Next-Generation Edge Security Protection

The company now has next-generation security to protect its systems. This includes IPS (intrusion prevention system) that examines network traffic to prevent vulnerability exploits, APT (advanced persistent threat) intelligence and detection, and other security capabilities that help keep data safe from cyber attacks.

Successful Migration to Microsoft Dynamics 365

With edge security in place, the company was able to move forward with its ERP project. Now, the company has replaced its legacy ERP solution with Microsoft Dynamics 365, providing the enhanced computing platform the company needs to expand its operation.

Reducing the Complexity of Securing SD-WAN Environments

In today’s remote-working world, many enterprises are transitioning to software-defined networking in their wide area networks, or SD-WAN, in place of traditional MPLS-based WANs. Is it any wonder network and IT professionals are fully embracing SD-WAN? Where they once had to deal with the challenges caused by an architecture overwhelmed by an ever-increasing load of data and devices, IT departments now are able to increase bandwidth, improve connectivity, and enable multicloud applications via a single, centrally managed WAN edge platform.

MPLS-based wide area networks allowed for centralized security policy and enforcement across the organization. While SD-WAN enables lower latency and faster access to cloud and SaaS applications, it also raises significant security issues. If a corporate enterprise has 200 locations, transitioning to an SD-WAN topology now expands the footprint of locations that must be secured, audited and monitored from a handful of data centers in the MPLS world to all 200 locations in an Internet-based SD-WAN architecture. That’s a tremendous burden for IT leaders to take into consideration as they are not only deploying a new WAN architecture, but they also must make sure it is properly secured. So as SD-WAN fosters tremendous transformation, it also increases the potential for major vulnerabilities within the organization.

SD-WAN topologies enable greater network visibility and centralized management of the distributed network This in turn allows IT personnel greater insight into the applications traversing the WAN between locations as well as to the Internet. When properly secured, SD-WAN enables “internal” network segmentation on an organization’s WAN without forcing all Internet-based traffic to flow through the headquarters location. However, it is imperative that additional security tools be implemented. Networking and security technology have come a long way, but still there is significant room for advancement. No cybersecurity infrastructure is perfect, and that fact is proven daily by the number of successful cyberattacks experienced by businesses worldwide.

As organizations increasingly move to the cloud, many have turned to a cloud access security broker (CASB) or one of the cloud-based caching, proxying, and security devices to confront data security and governance challenges. Secure access service edge (SASE) frameworks have been gaining traction as these are designed to connect and secure geographically dispersed branches and other endpoints to an enterprise’s data and application resources, whether internal, cloud-based, or Internet-based. Despite – or perhaps due to – this rapidly emerging technology, it is more important than ever for IT teams to come together to determine where to do the appropriate level of security introspection and inspection.

The Convergence of Security and Networking

Where security and network procurements were once handled separately, network and security decisions increasingly are being made at the same time and more often with the same solution, according to Gartner. It predicts that as part of a desire to minimize branch sprawl, more customers will look to partner with vendors that offer a combined security and networking solution or as part of a broader ecosystem.

Likewise, this convergence is prompting convergence of networking and security teams. Frequently the question is who owns the SASE product set? The answer: it doesn’t matter.

Securing SD-WAN can be a complex and overwhelming undertaking, and one that should not be initiated without networking and security teams joining forces long before the SD-WAN is deployed. The two teams must collaborate on how to take the organization’s architecture and security posture from its current state to where it needs to go for future growth and success. Three steps to get started include:

  1. Evaluate Your Services Chain
    Analyze your edge services chain to identify what network functions need to be supported and integrated into the SD-WAN. By analyzing what components need to be physical, virtualized or combined/collapsed, your organization can determine if a single SD-WAN appliance will meet the need or whether a more complex deployment model is needed. Be sure to look at it from the lens of security, including regulatory compliance.
  2. Identify Must-Have SD-WAN Security Capabilities
    Learn the different security features of various SD-WAN vendors and line them up against your organization’s requirements. Some must-have security capabilities include policies for on-demand security, encryption, distributed denial-of-service DDOS protection, unified threat management (UTM)/firewalls, and threat intelligence.
  3. Fill Security Gaps
    Address missing security needs with managed services. These services can range from Managed SD-WAN solutions to Managed Security Services that address security from the network’s edge all the way to the cloud, and incorporate automation, Zero Trust, and best practices for security and industry-specific compliance. The key is to make sure you work with a partner who understands clearly how to secure SD-WAN solutions effectively with clear KPIs that work well with your IT organization.

The Case for Outsourcing

As SD-WAN adoption expands, there is a surge in managed service providers augmenting the enterprise IT staff. Organizations are finding that they must refocus valuable internal IT resources to carry out their core goals. The software-defined nature of SD-WAN lends itself to leveraging third-party providers that can alleviate the burden on overworked IT staff. The smartest IT leaders will turn to a provider with expertise in network, security, and cloud to gain 360-degree visibility into network and security actions as well as cloud governance