Leaked API keys allow threat actors to perform a variety of unauthorized actions
Daily Archives: December 19, 2022
What is SASE
Secured Access Service Edge (SASE) is an evolving cloud-focused architecture that was released by Gartner in 2019. SASE is designed to solve the problem of network performance and limited security visibility for distributed corporate business systems (infrastructure, platforms, and applications) in the cloud or in the corporate data center as well as the distributed workforce. SASE is complex and resource intensive but can be transformative and provide cost savings with the right partners, like AT&T Cybersecurity, to execute this type of strategic initiative. SASE benefits include the networking technology called Software Defined Wide Area Network (SD-WAN) and four security capabilities called the Secure Service Edge (SSE).
SD-WAN
SD-WAN operates on top (overlay) of an existing Internet circuit. Unlike a dedicated/private WAN circuit, SD-WAN can break out Internet destined traffic closer to where the distributed workforce is located. Internal traffic is backhauled through the SD-WAN network to the data center or cloud where the corporate business systems reside.
Components of the Secure Service Edge
Security Services Edge (SSE) incorporates four main security components used to protect business systems and workforce. These capabilities are cloud-based to support distributed systems and workforce. SSE capabilities include the following:
Zero Trust Network Access (ZTNA) – Provides segmentation of business systems and users through access control policies.
Firewall as a Service (FWaaS) – Centralized security policy enforcement that can be applied across multiple business locations to give security greater visibility into the network traffic and provide consistent policy enforcement across business systems and users.
Secure Web Gateway (SWG) – Centralized web-based policy enforcement that blocks unapproved Internet traffic while protecting the distributed workforce.
Cloud Access Security Broker (CASB) – Helps security understand where company data is stored (on-premise or in the cloud) and enforce the business data compliance policies.
How SASE works
The traditional cybersecurity model operated by building security perimeters around the corporate office and data center where the workforce and applications reside. Security controls were located inside a DMZ between the corporate office and data center so that traffic could be efficiently monitored, managed, and inspected.
Today, business systems and users have moved out of the corporate office and data center into a distributed environment. This creates the following risks.
Business systems
Lack of centralized visibility and control.
Difficulty tracking and securing sensitive data.
Additional costs for security solutions.
Non-compliance with regulatory or industry requirements.
Swivel-chair tasks between network and security to support the organization.
Inefficient routing of network traffic.
Users
Unknown (home/public Wi-Fi) networks accessing the corporate network.
Employees accessing business systems from unmanaged devices.
Inconsistent security profiles between office and VPN users.
Difficult to enforce principle of least privilege.
New training requirements for users.
SASE addresses these risks by moving security capabilities out of the data center and into the cloud while deploying an SD-WAN network that aligns with the distributed business environment. This approach provides better network performance, greater security visibility, and a better overall user experience.
How can my business benefit from a SASE model?
Companies that match the profile for SASE have distributed business systems (cloud-based infrastructure, platforms, and applications) and workforce. SASE is designed to solve the problem of network performance and limited security visibility into the company’s distributed environment while also providing these additional benefits.
Cost and support benefits
Reduced complexity – Lowering the number of individual solutions in favor of a single system that integrates multiple features together.
Increased scalability and faster deployment – Align with the dynamic needs of the company and its customers as the network and business systems move, expand, and contract to support the organization.
Outsource maintenance and administration overhead – As an extension of the security and IT team, support the continuous business operations and monitoring required.
Consolidated support contracts – Ensure faster response and recovery by consolidating the number of vendors and partners supporting the SASE environment.
Compatibility with existing business systems – Network and security tools should integrate with distributed businesses systems to control access and protect company data anywhere.
Real-time security prevention – Reduce risk at the WAN edge by gaining greater visibility into network traffic, centralizing security controls, and monitoring through the MSSP.
Optimization benefits
Enhanced user experience – The focus of success in SASE is measured by the improved user experience. These are measured in terms of ease of access and the speed and efficiency of using distributed business systems.
Centralized security controls management – Utilizing the cloud-based security features of Secured Service Edge (SSE) to create a centralized security policy that is applied across the entire organization and workforce.
Log collection and forwarding to anywhere – Logs need to be sent to the where the security tools are located (data center, cloud, MSSP, 3rd party) so that security teams can research and detect events and incidents.
Configuration management and backups – Disaster recovery capabilities that are consolidated, can be used to restore business systems quickly, and are maintained by the MSSP.
Integration with existing security controls – Better security through sharing and collaboration between the tools.
Improved performance and resiliency – Efficient routing of network traffic and the ability to redirect traffic on-demand.
Challenges implementing SASE
Because SASE is strategic, it must be treated as a program with multiple projects that are being performed by different groups including 3rd parties and partners. Companies should be aware of the following challenges so they can avoid prolonged delays in deployment and utilize as many security features as possible to protect the business.
Maintain an up-to-date application inventory and document application traffic flows. This information is critical during the planning and design phase of the program to perform scaling and sizing estimates of the SASE environment.
Legacy VPNs need to be inventoried and then analyzed to determine if they are absorbed into the SD-WAN network or need to be recreated in the new environment. This must be completed before the legacy systems hosting VPNs can be decommissioned.
Organizations that do not have standard security policies, network architecture, and design models will extend the deployment timeline by either customizing SD-WAN per site or reconfiguring the site into a standard model.
During planning, identify integration with existing security and network tools and plan the tool consolidation so there are no gaps with security capabilities that are being replaced.
Cross-functional teaming within the organization and with partners is a requirement to successfully deploy a SASE environment. Organizations that have silos and waterfall methodologies will generally require significantly more time to complete the same activities.
Understand the industry compliance and regulations that could impact how the SASE environment is deployed.
Define which platforms provide which security features. Using the same security capabilities on two different platforms means double the configuration and twice as much time to troubleshoot when things go wrong.
Over 95% of Internet traffic is encrypted which cannot be inspected by security capabilities without being decrypted. Build and deploy a public key infrastructure (PKI) and Certificate Authority (CA) program to support SSL/TLS inspection.
Partner with a managed service provider (MSP) to provide 24/7/365 monitoring, support, visibility, and insight into the SASE environment.
SASE is suite of network and security capabilities that help companies adapt with today’s distributed business and workforce environment. It is complex, resource intensive, and takes time to complete a SASE transformation. Creating a strategy and bringing along the right partners, like AT&T Cybersecurity, who have experience planning, building, deploying, and operating SASE environments goes a long way to achieving success. Contact AT&T Cybersecurity to build your SASE roadmap and learn why we are trusted advisors for more than 7,000 organizations worldwide.
NIST to Scrap SHA-1 Algorithm by 2030
The agency said it will stop using SHA-1 in its last remaining specified protocols by December 31 2030
API Vulnerabilities Discovered in LEGO Marketplace
The vulnerabilities, which are now fixed, could have put sensitive customer data at risk
CVE-2016-20018
Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query.
ZDI-22-1676: Microsoft Excel SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-1677: Microsoft Office SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-1678: Siemens Solid Edge Viewer X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-1679: Siemens Solid Edge Viewer X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-1680: Siemens Solid Edge Viewer X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.