The Impact of the ONC Cures Act on API Security

In March 2020, the US Department of Health and Human Services issued the 21st Century Office of the National Coordinator (ONC) Final Rule, also known as the ONC Cures Act Final Rule. This Final Rule supports secured, limitless access, exchange, and use of Electronic Health Information (EHI).

ONC Cures Act Final Rule, apart from providing patients and their healthcare providers secure yet seamless access to health information, aims to increase innovation and trigger competition. With more competition comes innovation, as new entrants offer much wider healthcare choices and solutions for patients.

Summary of the ONC Cures Act Regulations

Due to the COVID-19 pandemic, the US Department of Health and Human Services provided an extension for compliance to the ONC Cures Act Final Rule. This extension ended on April 5, 2021.

According to the National Law Review, organizations subject to the Cures Act should have the following in place:

  • An efficient configuration of digital patient portals to provide electronic health information (EHI) to patients without needless delay
  • An up-to-date release of information policies
  • A thorough assessment of contracts and arrangements involving EHI with any third parties should be conducted to achieve compliance with information blocking prohibitions
  • Preparation of real-world testing plans, EHI data export, Application Programming Interfaces (APIs) with latest HL7 Fast Healthcare Interoperability Resources (FHIR) capabilities, and various other capabilities targeted for 2021 and 2022

ONC Cures Act Final Rule calls on the healthcare industry to adopt standardized APIs that allow individuals or patients to access and better use of EHI using smartphone applications securely and quickly.

Identity and Security Requirements of the Regulations

ONC Cures Act Final Rule, as explained in the Federal Register, lays out conditions for the compliance certification of healthcare providers. Those conditions include support for standards and published APIs that allow health information “to be accessed, exchanged, and used without special effort” and “access to all data elements of a patient’s electronic health record to the extent permissible under applicable privacy laws.” The aim of the Final Rule is nationwide transparent data portability with standardized yet agile data exchange processes.

Along with that, ONC Cures Act Final Rule can avoid many security risks associated with healthcare APIs, such as inadequate SSL certification validation, the vulnerability of Simple Object Access Protocol (SOAP), and accountability issues, to name a few.

The following are the specific identity and healthcare security requirements of the ONC Cures Act Final Rule:

ONC Cures Act Final Rule that allows agility of EHI also puts limits on information blocking and anti-competitive practices of the healthcare providers. The Code of Federal Regulations, with a few exceptions, allows patients to decide upon the healthcare applications that can access their EHI.

Vulnerabilities of the APIs

ONC Cures Act Final Rule ushers in an era of the widespread adoption of standardized APIs by the healthcare industry all over the globe. On the one hand, it helps individuals or patients securely access and easily makes use of EHI using smartphone applications. On the other hand, since APIs deal with sensitive data that can be easily accessible over the internet, they are vulnerable to sophisticated cyberattacks. Without question, healthcare organizations need enhanced digital healthcare security and vigilant monitoring to protect sensitive and private patient information.

More than anything else, implementing and maintaining enhanced API security is an exhaustive process. It also incurs extra expenditure on updating features or fixing bugs. This scenario demands a significant part of the API development lifecycle to maintain security.

Another concern is the consistent testing of API security. This complicated process requires hiring the right talent to identify and expose API security issues before the launch of the application.

Leveraging Cloud Solutions

According to IBM, The widespread global cloud migration can amplify the cost of cybercrime damage by nearly $300,000. As more enterprises migrate to the cloud, sensitive corporate data becomes vulnerable to cyberattacks, technical glitches, and data storage issues.

However, the increased technical difficulties, expenses, and larger talent pools associated with the integration, management, and dissemination of EHI can be overcome by cloud solutions. Today, many healthcare providers have embraced the power of healthcare cloud computing to meet the ONC Cures Act Final Rule requirements and to future-proof their Information Technology (IT) environment.

Cloud solutions eliminate the additional time and cost associated with traditional storage systems. An integrated data ecosystem that can feed multiple data centers can be easily deployed within a short period with lesser complications using cloud solutions.

Additionally, cloud solutions can empower healthcare providers to scale up and scale down their data processing resources as demands fluctuate. As an added benefit, the pay-per-use business model implemented by most cloud solutions providers worldwide makes the expensive resource procurement associated with traditional storage systems a thing of the past.

Another advantage of cloud computing infrastructure is that it provides access to data through open-source tools. That means no more data locked in silos and unwanted license expirations common with other proprietary storage solutions.

Cloud Is the Future of Healthcare

The future is healthcare cloud computing. ONC Cures Act Final Rule is the call from the future. EHI should flow smoothly and safely. Healthcare IT should provide more portable, interoperable, and patient-centric healthcare solutions. And cloud solutions are the only way forward.

RedSeal, a hybrid cloud security solution provider, helps you identify all your resources and how they are connected in your complex network environment. It allows easier validation of your security policies and prioritizes the security issues that can breach your most valuable network assets. RedSeal constantly monitors your network to find out glitches in your networking setup and ensure whether it meets the compliance standards and organizational policy.

RedSeal Stratus is a Software as a Service (SaaS)-based Cloud Security Posture Management solution that provides your cloud solutions security team with increased visibility and understanding of the provider’s infrastructure. RedSeal Stratus can help you manage the increased digital healthcare security risks with an up-to-date visualization of cloud solutions infrastructure and detailed identification of digital resources exposed to the internet. Your security team will also be bestowed with updated knowledge of Kubernetes accounts and policies.

Register for a demo to see RedSeal Stratus in action.

Understanding What’s In My Cloud

Today’s business applications run in an environment that would be unrecognizable to IT professionals 10 years ago. The rise of virtualization and the cloud has finally cut the ties to specific hardware, and all but the most exotic workloads can now be run anywhere — on virtual machines in your physical buildings, or on a cloud vendor of your choice. The underlying cloud technologies are powerful, but with that power comes great responsibility. Security teams struggle to keep up, because the new technologies focus on agility, rapid rate of change, and dynamic response — all of these are positive buzzwords to most people in a business, but all of them are bad news to security. Ask any military commander — defense is far easier when your resources are home in a well-built fort, and far harder when your troops are constantly moving, shifting location into unfamiliar terrain.

It’s not all doom and gloom, however. Cloud innovation takes away certain legacy risks — after all, you can’t leave an open password on a key router in the middle of your network infrastructure if you don’t control the routers any more! The trouble is that the change to new ways of building and managing modern apps (often referred to as DevOps) closes out some old challenges, but opens just as many new ones. Cloud gives you new kinds of rope, and it’s different from the old rope, but you can still get just as tangled up in the complexities.

Some security fundamentals remain, though. No matter what kind of infrastructure you own or rent, you still need to pursue the basics:

1.    Find all your stuff

2.    Categorize it so you know what’s most important

3.    Harden the individual elements to avoid easy compromise

4.    Map out and run your defenses as a system, so you can be a hard target

The most basic discipline of all is inventory — cyber security experts and industry guidance all agree that you must start there. Inventory in cloud is not like inventory in conventional networks, though, so the same old principle has to be thought about differently in a cloud world.

The good news with the cloud is that each virtual network has a “God of the Cloud” — a central controller, run by the cloud provider that you can talk to via a proprietary API. I call it a “God”, because no endpoints can exist in that small virtual network that the controller did not create. This means you can always find a completely reliable resource for each virtual network — someone who knows the inventory. Problem solved, right? Well, not so fast — it’s certainly very different from legacy on-premises networks, but that’s hardly all there is to it. There are three major problems when talking to each cloud controller — finding the controllers, speaking their language, and keeping up with the changes.

The good news is a cloud account comes with an API you can talk to and get a complete inventory of the assets it knows about. The bad news is your company has many, many accounts. And even once you locate them all, they will speak a proprietary and changing language — the Amazon language for the AWS API is different from Microsoft’s for Azure, or Google’s, or Oracle’s. You need a network linguist to make sense of it all, and pull together a single view of your clouds — in all flavors. And since security is central by its nature (because it needs to look at the complete picture), that means security has the unenviable task of needing to speak all the languages — fluently — at once. This is hard, but it’s a great job for automated software.

Equally, the rate of change in the cloud is something automated software can tackle far more effectively than humans can. Cloud assets have ugly names — often just a long stream of gibberish assigned by a robot, to make it easy for other robots. You’ll need your own robot interpreter to even identify one asset, let alone track it as it moves and changes. The nature of the cloud is highly dynamic — instances are spun up and killed on demand, and they move far faster than, say, a classic vulnerability scanner can keep up with. If you want to see your final as-built infrastructure (and you need to, since this is what your adversary is looking at too), you need software to keep up with all the changes, track the assets, and untangle the myriad ways that cloud assets are marked. There are tags, there are labels, there are unique ID’s, and there are security groups. Every vendor has subtly different rules, and just to add to the confusion cloud vendors don’t even agree on what a cloud network should be called, but they all offer the same idea.

At the end of the day, security is about adapting and keeping up, as the pace of change keeps speeding up. Cloud is just the latest evolution, where names change, details shift, but the core principles remain — first and strongest of all is inventory. This is why we at RedSeal build software to automate all the communication and mapping, so that you can visually scan your cloud footprint, understand your security posture, and make optimal moves to increase your security and reduce your risk.

For more information, check out our overview of RedSeal Stratus Maps and Inventory capabilities to learn more about how you can Map Your AWS Infrastructure Including Connectivity Paths.

RedSeal and Cloud Security Posture Management

According to Gartner’s Innovation Insight for Cloud Security Posture Management, this year (2021), “50% of enterprises will unknowingly and mistakenly have exposed some applications, network segments, storage, or APIs directly to the public internet”. And by 2023, “…at least 99% of cloud security failures will be the customer’s fault.”

What do these statistics say about the changing face of cybersecurity? Twenty years ago, the most common source of security failures was naïve user behavior, typically clicking on a malicious email attachment or link. In on-premise environments, this is still a common vector of infection, but in the cloud the problem is not naïve users, it is overwhelmed administrators. 99% of cloud security failures will be the customer’s fault, because cloud platforms and applications will simply be misconfigured. Let that sink in. Simple misconfigurations were never the primary source of security failures in the past.

Administrators aren’t stupid; they misconfigure systems because they are overwhelmed. Of course, there is a chronic shortage of security talent, but that has been true for decades. What has changed, with the advent of cloud computing, is the overwhelming complexity of the systems. Cloud security controls and best practices are very different from those used in on-premise environments. Those available in AWS are similar, but different from those in Azure, or Google Cloud. Kubernetes has a unique security model of its own, and all these environments are changing constantly.

To deal with this complexity and constant change, a new family of technology has emerged broadly referred to as Cloud Security Posture Management (CSPM). The goal of these technologies is to help admins understand what resources they have in their cloud environments, what security controls are in place, how it is all really configured, and whether it meets various compliance standards.

For more than a decade, RedSeal has been in the business of helping customers understand their on-premise networks i.e. what devices are on the network, how they are connected, and the security implications of their configuration. We do this by creating a detailed model of their network that can be compared against best practices, compliance standards, and the customer’s intended network design (customers are almost always surprised with how different their network is from what they originally intended). Put simply, customers use us to find and correct network misconfigurations.

With data centers and networks moving to the cloud, our customers are increasingly asking us to help them find and correct cloud misconfigurations as well. They need an accurate model of their cloud environments to understand questions like how many cloud accounts they really have, what resources are in each, what security controls are in place, what is the aggregate effect of all those security controls on resource access, and are any resources inadvertently exposed to the internet. They often have a basic design for their cloud but are unsure if their implementation is consistent with their intentions. The truth is, it never is, and they need a product that can provide them with a reality check.

At RedSeal, our mission is to provide organizations with technology that allows them to understand their network, hybrid, and cloud security posture. Because cloud technology is so complex, and changing so quickly, organizations need powerful technology to understand their implementation. They need to model their environment, so they can easily spot flaws. Our tag line is “See and Secure” because you can’t secure what you don’t understand.

For more information on RedSeal Stratus, our new CSPM solution, click here.

For more information of ways that RedSeal can help avoid unintended internet exposure, check out our Solution Brief.

If you’re concerned about your EKS Security, click here.

CISA and FBI Publishes List of Top Vulnerabilities Currently Targeted by Foreign Sponsored Hacking Groups

RedSeal Cyber Threat Series

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have jointly released a report on the top 10 vulnerabilities consistently being scanned, targeted, and exploited by foreign sponsored hacking groups.

All 10 of the vulnerabilities are known and have patches available from their vendors.

Exploits for many vulnerabilities are available publicly and have been used by various malware and ransomware groups and other nation-state actors.

RedSeal customers should:

  1. Create and run daily reports until all systems with the 10 vulnerabilities are patched
  2. Contact your RedSeal sales representatives or email info@redseal.net for additional details

References:

https://us-cert.cisa.gov/ncas/alerts/aa20-133a

Cyber Readiness Pillars and RedSeal

Cybersecurity readiness is an excellent tool that has the ability to provide you with the right services. It has the ability for identifying, preventing and responding to cyber threats. This tool is required by organizations all over the world, and organizations that lack this strategy are prone to more cybersecurity threats.

The Cybersecurity and Infrastructure Security Agency (CISA) suggested and developed the Cyber Essentials for small businesses. Along with these businesses, the local government leaders are also provided with ideas on how to successfully make an actionable understanding of how to implement organizational cybersecurity practices.

CISA leaders offered a detailed awareness of how the pillars of Cyber Essentials are important. Building a corporate culture is required for cybersecurity and the organization which fails to do so faces cyber-attacks. During a webinar with the U.S. Chamber of Commerce on June 29, CISA provided a starting point for better flexibility considering cyber readiness.

“From human resources to marketing to sales and procurement, it is almost guaranteed that you rely on one or more digital platforms to facilitate the success of your business operations. The Cyber Essentials are a series of tools and practices that we have assembled to provide what we consider to be the basics of cyber organizational readiness,” Trent Frazier, deputy assistant director of the Stakeholder Engagement Division at CISA, said.

Every team requires to have a safe cybersecurity practice. If you don’t have a holistic approach towards it, then, you are one organization that is in danger. Great help from the global leader is what you require in this case. RedSeal is a company that you can depend on for sophisticated cybersecurity.

RedSeal as a force multiplier for every other security device within a network is indulged in cybersecurity. If you have short of skilled cybersecurity personnel, then, don’t forget to connect with us.

The 6 Pillars of Cyber Readiness 

Creation of Cyber Readiness Culture 

Pillar One 

Pillar one of cyber readiness is leadership. The leaders are always the backbone of an organization and a great help in maintaining the business culture.

That is why it is suggested that the leaders shouldn’t forget to keep the essential cybersecurity in mind. The leaders should not overlook the essential investment required in cybersecurity. They should also determine how much work is dependent on IT and have a trusted relationship with the sector partners and government agencies. It is required to have a trusted relationship so that the cyber threat information can get easily accessed.

Pillar Two

The second pillar of cyber readiness is the staff. The people associated with the organization’s system are an essential part of this readiness. This element’s task is developing awareness and alert about cybersecurity.

Systems and Data Environment in Cyber Readiness 

Pillar Three

The third pillar consists of systems and leaders being taught and trained on what is present in their network. Also, they are offered knowledge on how to maintain hardware and software assets inventories. It will help them in letting them know what is there and what things are at risk because of the attack.

Pillar Four 

The fourth pillar advises the leaders to have knowledge on:

  • The network
  • Maintenance of inventories of network connects including user accounts and vendors
  • Multiple-factor authentication for every user, starting with those who have privileged, administrative, and remote access

Pillar Five

The fifth pillar of cyber readiness is the data, intellectual property along with another delicate information present within the organization. In this case, the leaders and staff get tasked with learning how the data can get protected.

Respond to and Recover from a Crisis 

Pillar Six

Crisis response is the sixth and last pillar in the Cyber Essentials. It focuses on restricting the damage and rushing restoration of the normal operations after a cyber-attack.

The Cyber Essentials have given the authority and tasked leaders for the development of an incident response along with a disaster recovery plan. This plan should outline the roles and responsibilities and should get tested often for cybersecurity needs.

Leaders should know and be aware of the cybersecurity of the organization. Their assessment will influence the business impact as well. Also, the leaders should have proper security on which systems should be recovered at the earliest.

As a leader, the person should be well aware of who to call for help if they don’t have sufficient staff for it. Learn who should be the people that you should call for help first. These can include outside partners, government, technical advisors, and law enforcement.

If by any chance you are looking for cybersecurity services, then, our platform is the one. We offer the following cybersecurity services.

RedSeal Service Offerings 

  • Cloud Cyber Inventory Assessment
  • Cyber Visibility Assessment
  • Health Check Service
  • Secure Remote Work Assessment
  • Managed Service
  • Cyber Cloud Access Assessment

Our professional services are the solution to all your cybersecurity answers. We work as a team and offer skilled and trained cybersecurity personnel. Along with them, we offer cybersecurity products that make your investment more valued.

The Bottom Line 

Organizations need a cybersecurity strategy to protect both infrastructure and customer data from growing cybersecurity threats. The Cybersecurity and Infrastructure Security Agency (CISA) developed the Cyber Essentials as a guide for small businesses and local government leaders to develop an actionable understanding of where to start implementing organizational cybersecurity practices.

Automation, Integration and RedSeal

Automation is one of the trending topics in cybersecurity. The primary reason for automating mundane and repeatable tasks is to allow people to shift focus to problem-solving activities. Organizations can become more resilient to cyber-attacks by directing all the resources to these problem-solving activities.

Integration means the taking multiple tools and combining their processes, whether those tasks are automated or not.

Automation examples include change management collection across a network firewall. Going line by line manually is a tedious and ultimately futile task given the length of log files. Creating a script to identify changes is far easier and more accurate.

In RedSeal, most processes can be automated:

  • Save query
  • Run query
  • Anything scheduled is an automation

Without security automation, analysts must resolve threats manually. This often entails investigating the issue and comparing it against the organization’s threat intelligence to determine its legitimacy, deciding on a course of action, then manually resolving the issue — all on potentially millions of alerts and often with incomplete data.

That means automating individual tools leaves a lot to be desired. That is where the benefits on integration kick in. 30 years ago software applications were rigid and closed off from each other. Fifteen years ago, there were APIs which allowed data to flow easily from one application to another. As of, five years ago, things became more flexible.

Now, integrations are only limited by imagination.

ServiceNow

For security teams using RedSeal, most common integration is ServiceNow for not just ticketing, but identifying stale and missing network assets in the ServiceNow CMDB. RedSeal enriches the ServiceNow inventory data by adding specific location information about the network devices. ServiceNow provides back critical asset information into RedSeal, which in turn identifies risk to these assets—all while the operation is in the ServiceNow Service Management dashboard. RedSeal plus ServiceNow enables network and security teams to automate the resolution of change control requests in a matter of minutes rather than days. Click here to learn more about RedSeal and ServiceNow.

ForeScout

For users of ForeScout, integrating with RedSeal allows them to identify high-risk end points based on RedSeal’s risk score; use RedSeal to identify risk to critical assets; use ForeScout CounterACT to automate risk mitigation; and discover devices that have STIG or other configuration violations. Click here to learn more about RedSeal and ForeScout.

Splunk

The goal of Incident Response is to address and manage a security breach in a way that limits damage and reduces recovery time and costs. Your SIEM solution can identify an Indicator of Compromise (IOC) by analyzing and correlating the massive streams of machine data generated by your IT systems and technology infrastructure.

Through a seamless integration with the Splunk Adaptive Response framework, the combination of RedSeal and Splunk can result in a significant increase in network situational awareness and full visibility of network access paths to/from an IOC to critical assets and contain downstream risk, within minutes. Click here to learn more about RedSeal and Splunk.

Moreover, there are third party tools are custom applications that are grassroots tools that can create specific integrations that provide data exactly when and how they want to meet their enterprises specific requirements.

At the same time you must do what you can to detect and prevent network security incidents, you need a quick response to network attacks that do get through, quickly investigating and containing network security incidents to minimize (or prevent) loss.

Although SIEMs reduce a large volume of data, they still generate more indicators of compromise (IoC) than your team can quickly investigate.  Just locating a compromised device — physically or logically — can be a time-consuming, manual task.

RedSeal’s model of your network provides detailed options.

A RedSeal model of your network — across on-premise, cloud and virtual environments — gives you the detail you need to quickly accelerate network incident response. You will be able to quickly locate a compromised device, determine which assets bad actors can reach from there – and get information to stop them. Since RedSeal’s model includes all possible access paths, you will see the paths a network attacker could take to valuable assets. And, you’ll get specific containment options so you can decide what action to take — from increasing monitoring, to placing honey pots, to changing firewall rules, to simply unplugging the device — decreasing your network incident response time.

What is RedSeal’s Approach to Automation and Integration?

RedSeal has been called by CSO Magazine as a “force multiplier for your existing security products.”

To streamline security teams’ efforts, and further improve network security, RedSeal now integrates into the user interfaces of several leading security products.

The RedSeal security platform integration improves the efficacy of each of these security products, giving their users unprecedented network context within the tools, and in the format they’re already using.

Integrate your technology ecosystem.

RedSeal enhances your existing security investments by adding network topology and connectivity knowledge across all your network environments. You get a comprehensive network-wide view of your security posture.

View our Technology Integration Guide for details on supported devices and software.

Even advanced security systems depend on adjacent solutions to provide a comprehensive and current view into network risk. RedSeal works with Technology Integration Partners to develop deep integrations through integration apps. The apps add value to both products, providing users with exceptional network context within the tools, and in the format, they are already using.

Benefits:

  • Contextual and actionable insights by RedSeal within host applications
  • Relevant and focused data inside the application and the workflow that you are already familiar with
  • No need for another application on your already-crowded desktop
  • The power of RedSeal without additional training/IT resources required
  • Free of cost and available now

Click here to read more about RedSeal’s integrations.

Five Steps to Improve your Multi-Cloud Security

In 2021, the COVID-19 pandemic had a dramatic impact on how and where we do business. For many enterprises, the “where” became the cloud – immediately. This rapid adoption of the cloud – in most cases multiple clouds – created a rapid increase in security issues. Suddenly, enterprises had new cloud security requirements they needed to understand and deploy without the benefit of time to learn. The complexity continued to increase, and this triggered new security issues with potentially costly consequences. These included:

  • Data leakage/exfiltration – Unauthorized movement of sensitive data from inside the enterprise to outside can be accidental or deliberate. Often the discovery that data has been leaked occurs days, weeks, or months later, and can result in a damaged brand, lost customer trust, and fines.
  • Ransomware – Enterprises can pay thousands to millions of dollars to access encrypted data and systems in order to restore operations. Additionally they can be extorted to pay for the recovery of stolen sensitive information.  If they refuse to pay,  enterprises can lose days or weeks of revenue trying to recover their systems, and risk having sensitive data posted on the internet.
  • Non-compliance – Enterprises not adhering to mandatory regulations (PCI-DSS, CMMC, HIPAA) or voluntary cybersecurity frameworks (NIST, GDPR) can incur costly penalties and potential shutdowns that limit their ability to conduct business. Customer relationships may be damaged by the perception that security isn’t a priority.
  • Team collaboration/staffing shortages – DevOps is highly distributed across the enterprise and many teams acknowledge the lack of cloud platform security expertise. Cloud security practices should encourage significant collaboration that leverages both internal and external expertise.

To maintain cloud security and reduce–if not totally eliminate–the impact of these serious security issues, enterprises need a proven cybersecurity framework to address these issue directly.

Steps to strengthen your cloud security

Cloud environments are dynamic and constantly evolving. These 5 steps provide a proven framework to improve your enterprise’s cloud security using a technology driven approach, even in a multi-cloud environment.

  1. Visualize/maintain an accurate inventory of compute, storage and network functions
    Security teams often lack visibility across multi-cloud and hybrid environments. Cloud environments are often managed in disparate consoles in tabular forms. Security teams need to understand controls that filter traffic, including cloud native controls (network security groups and NACLs), and third-party infrastructure (SASE, SD-WAN and third-party firewalls). A single solution that provides a detailed visual representation of the multi-cloud environment is critical.
  2. Continuously monitor for exposed resources
    It is important to understand which cloud resources are publicly accessible or Internet-facing. Unintentional exposure of resources to the Internet is a major cause of cloud breaches. This includes any data resources like AWS S3 buckets or AWS EC2 instances. Security teams need to easily identify and report on exposed resources, and then provide remediation options that include changes to security groups or firewall policy.
  3. Continuously validate against industry best practices
    There are many industry best practice frameworks that can be used to validate cloud security. CIS Benchmarks and Cloud Security Alliance are two of these frameworks. Security teams should continuously validate adherence to best practices and quickly remediate findings to eliminate misconfigurations and avoid excessive permissions.
  4. Validate policies – segmentation within/across clouds and corporate mandates
    Many security teams create segmentation policies to minimize attack service and reduce the risk of lateral movement. Examples may be segmenting one Cloud Service Provider from another (AWS cannot talk to Azure) or segmenting access across accounts in the same CSP. Both segmentation and corporate policies should be continuously monitored for violations and provide detailed information that enables rapid remediation.
  5. Conduct comprehensive vulnerability prioritization
    All vulnerability management solutions provide a severity score, but more comprehensive prioritization can occur by identifying which vulnerabilities in the cloud are Internet-facing (including the downstream impact of these vulnerabilities).

Implementing success

While the risks grew for many enterprises this past year as they rapidly moved to the cloud, several have dodged the bullet. RedSeal has helped many successfully adopt a strong security framework and gained actionable insights into their cloud environments. These insights were often an eye-opener.

  • Underestimated VPC[1] inventory in the cloud – A healthcare customer expected “a few VPCs” in their cloud environment. The implementation of RedSeal revealed they had over 200 VPCs. This helped them see their overall cloud footprint and reduced their attack surface.
  • Exposed cloud resources– An enterprise customer incorrectly believed that all of their cloud resources were protected by a third-party firewall. Consequently, many resources were directly exposed to the Internet. RedSeal identified the exposed resources and the misconfigurations before any exploitation occurred.
  • Risky shadow IT – A technology company’s business unit had cloud instances that did not pass the company’s access security mandate. RedSeal identified these resources and helped determine that employees had bypassed process and created unauthorized cloud resources. The company’s shadow IT with respect to cloud security is now under control.
  • Zone-based segmentation as required by PCI-DSS – A payment card provider validated that card holder data was segregated and protected after their cloud migration. They modeled and monitored their segmentation policy, enabling their audit to be completed quickly and confidently.
  • VPC/VNET without subnets or subnets without instances – A healthcare customer discovered 100s of empty VPC/VNET subnets and subnets without instances in their cloud environment. The default configuration: “ANY/ANY” could have been easily exploited by malicious actors and industry best practices indicate they should be deleted or actively monitored.

 

With RedSeal, all these enterprises, and more, have utilized a multi-cloud security methodology that highlights: Visualization/Inventory, Exposure, Industry Best Practices, Policy Validation, and Vulnerability Prioritization. These 5 steps can bring peace of mind to security teams who have had to act quickly and without warning in response to this most unprecedented year.

Learn More

Looking for more details on how 3rd party firewalls may impact your cloud security framework? Download our whitepaper “How Should I Secure My Cloud?

RedSeal’s Cloud Security Solution -Ensure Your Critical Cloud Resources Aren’t Exposed to the Internet

[1] AWS uses the term VPC (Virtual Private Cloud) and Azure uses the term VNet (Virtual Network). Conceptually, they provide the bedrock for provisioning resources and services in the cloud. However, there is variability in implementation.

The Real Reason for Breaches (and How to Avoid Them)

Security is a tough job – we invest so much effort, and yet the breaches keep on happening.  Why?  In a word, complexity. 

The digital world brings so many great efficiencies and innovations – the pressure to move fast and exploit opportunities is irresistible to every organization.  But crossing all these online frontiers brings the unavoidable frontier challenges – lawlessness, chaos, and rapid change.  Security is easiest in mature, well understood, and above all, in simple infrastructures.  Every added bit of complexity and change moves away from security, and towards chaos.  The security professional has a thankless task – we cannot simply demand that our employers be more orderly or cease changing.  Instead, we have to adapt constantly, and try to keep up with all the new territory that is constantly opening up, with new threats and new ways to get it all wrong.

When you analyze any of the major breaches in detail, you find they are always multi-component – there is never just one simple, single cause.  Attackers are stealthy, persistent, and they move from one foothold to another.  This means that when a breach happens, it’s a system-level failure, not just one component that could have been isolated and fixed.  Worse, even if you put all your effort into fixing as many components as possible, you’ll never get to 100% secure and impervious to attack.  The bad guys will search and search for anything you missed, then exploit it, gain a new foothold, and work outwards from there.

Clearly, the road to security doesn’t come from finding and fixing everything – it’s impossible to fix every issue in your network today, and even if you could, there will be new defects tomorrow, because the rate of change is so high.  Instead, we have to learn to thrive in a world with inherent vulnerability, just the way animals and people do in the biological world.  Biological systems are resilient rather than perfectly protected – they can adapt and bounce back from infection, since Mother Nature long ago learned that blocking every pathogen just wasn’t going to work.  Of course, this doesn’t mean you should give up and just accept every possible attack – biological systems still aim to be hard targets, they just actively maintain an immune system so they can detect, isolate, and remove the inevitable successful attacks.

So the way forward is to find what you have, in the cloud and across your physical sites, see how it’s all connected, and understand where you can block incoming attacks, as well as thwart lateral movement for attackers who do make it past your defenses.  The first goal is a complete inventory – in itself, that’s a hard challenge because of the diverse and changing fabric we use to get the work done.  The second goal is to harden any assets that are exposed.  The third goal is based on recognizing that perfect hardening at step two won’t happen, so instead, it’s essential to understand what is connected to what, so that you can stay ahead of attacks and block them before they get a chance to spread.  This is why RedSeal focuses on these three disciplines – gather and map the network in all its hybrid complexity, then harden the individual elements, then help our customers conduct war games where they can think at a system level, and prioritize their defensive efforts to become a resilient hard target.

For further details on how RedSeal tackles cloud security, check out our solution brief: “Redseal Ensures Your Critical Cloud Resources Aren’t Exposed To The Internet”

Experts Warn of Attacks on a Cisco ASA Security Flaw due to a new Proof-of-Concept Exploit

RedSeal Cyber Threat Series            

Researchers at Positive Technologies have created a proof-of-concept (PoC) exploit that leverages a 2020 Cisco ASA vulnerability. A Cisco administrator would have to click on a link that takes the unsuspecting user to a web page where the malware is downloaded and the Cisco ASA must not be patched. Cisco released a patch for a Medium Severity web services vulnerability that affects the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software CVE-2020-3580. This security flaw can allow an unauthenticated attacker to remotely conduct a cross site scripting (XSS) attack against a user of the web services interface.

Enterprises should patch their Cisco ASA Software and Firepower Software as soon as possible.  A successful attack could allow the attacker to execute code or access sensitive browser information.   

RedSeal customers should:

  1. Run a custom best practice check to receive a list of vulnerable devices
  2. Create and run daily reports until all affected systems are patched.

For additional details, contact your RedSeal sales representatives or email info@redseal.net

Cybersecurity Best Practices 

  • Keep your devices patched and up to date 
  • Ensure you are using TLS v1.2 or above; disable lower versions of TLS and HTTP 
  • Disable WebVPN or AnyConnect if not in use on your device  

References 

https://securityaffairs.co/wordpress/119442/hacking/cisco-asa-under-attack.html 

https://nvd.nist.gov/vuln/detail/CVE-2020-3580 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-multiple-FCB3vPZe   

Zero Trust Is Here to Stay, So How Can I Prepare My Network?

Whether you agree or not with the concept–zero trust architecture is here for the foreseeable future.

Unless your organization is cloud-native, you are going to have to prepare to implement zero trust on your existing enterprise. If you are the one responsible for deploying and maintaining networks for the Federal government, zero trust is most likely at the top of your to-do list.

The President’s latest executive order, dated May 12, 2021, compels Federal agencies to move to zero trust architectures and adoption of cloud services. This is meant to modernize departmental and agency IT infrastructures, and the security technologies that protect them. However, Federal agencies are not cloud-native companies. Most have large on-premise networks that will need to have their networks inventoried, along with all their applications and services identified, prior to implementing zero trust. Like any good implementation strategy, you are going to have to plan.

Zero trust is not a destination, but a continuous journey that is going to require rigorous configuration management and continuous monitoring.  RedSeal is not a magic zero trust platform, but it can help you on your journey to prepare and maintain specific aspects.

One major step of this journey is just understanding what you have (network devices, mobile, desktops, IOT, etc.) and how your data moves through the network, as well as existing segmentation policies to comply with standards and regulations. One of the first steps in this journey will require enumeration of all the possible pathways, from every source to every destination, and you will have the challenge of also having to account for NAT IP address, along with load balancers. That is a daunting task by itself.

This is where the power of RedSeal’s Netmap analysis comes in. RedSeal automatically calculates every possible path through the network accounting for the effect of NATs and load balancing. Then you can ask RedSeal to show you these pathways to determine if they are approved and needed for business and mission success.

A side benefit of this analysis is RedSeal creates an inventory of all your network gear and IP space, as well as your cloud and software defined network (SDN) assets.  You cannot secure it if you do not know about it, and the output of RedSeal gives you a great start on understanding what you have.  Remember, with zero trust you are going to have to identify not only who, but what can, or should have access, so an inventory is an absolute must have.

As you move along this journey, and if your journey takes some, or most of your assets to the cloud, you can test the network segmentation of your cloud configuration in RedSeal before you deploy to the cloud to verify it is configured securely. Finally, RedSeal can continuously monitor your network segmentation and micro segmentation policies to make sure they stay compliant with your zero-trust architecture goals.

If you’d like to learn more about securing both your cloud and on-premise networks, visit our Cloud Security page.

We’ve also partnered with MeriTalk on a new infographic report on “Braving the Cloud Storm” – a look at how agencies are addressing cybersecurity across a multitude of clouds and on-premise environments.