Tag Archive for: zerotrust

Safous Adds Browser Isolation to Its Zero-Trust Network Access Service

/in


TOKYO (PRWEB) SEPTEMBER 28, 2022 Internet Initiative Japan Inc. (TSE Prime: 3774), one of Japan’s leading Internet access and comprehensive network solutions providers, announced to add a new remote browser isolation function, “Browser Isolation” to the zero-trust network access (ZTNA) (*) service, “Safous”, which is mainly available for users in the U.S and Asia and will be available starting today.

The Safous platform is a zero-trust remote access service that provides application-level control over corporate applications and external software as a service (SaaS) access from a remote environment. This optional Browser Isolation function is Safous’ proprietary, sandbox-based virtual browser that allows users to access applications and SaaS virtually, eliminating browser-based threats and providing more secure access.

“Kasm Technologies is honored to provide Kasm Workspaces remote browser isolation, our web-native secure remote access and DevOps-enabled container streaming technology, to Safous’ Browser Isolation function. Browser Isolation is an industry-leading, cost-effective, and secure browser-based remote access solution,” stated Justin Travis, Co-founder and CEO of Kasm Technologies.

ZTNA is a zero-trust solution that provides seamless and secure remote access to internal applications. Instead of authenticating at the boundaries of the enterprise network, authentication is performed through a trusted broker system each time an application is accessed.

More companies have started using SaaS in recent years, including powerhouses like Microsoft 365 and Google Workspace, due to the popularization of hybrid work. Unfortunately, these cloud-based systems are critical targets for attackers. In several reported cases, company networks are infected with malware and ransomware through a remote environment, causing a data breach and the suspension of business operations.

Because the browser and network on the terminal side are not secure in remote environments – and are potentially infected with malware already – the need to access internal data from remote environments securely has become a more urgent issue for companies. To solve this problem, Browser Isolation protects…

Source…

IIJ adds “Browser Isolation” function to its zero-trust network access service “Safous”

/in


AsiaNet 98042

Tokyo, Sept. 28, 2022 (ANTARA/Kyodo JBN-Asianet) -

– This New Function Offers Secure Access to Corporate Applications and External SaaS through Virtual Browser -

Internet Initiative Japan Inc. (hereinafter “IIJ,” TSE Prime: 3774), one of Japan’s leading Internet-access and comprehensive network solutions providers, announced the addition of a new remote browser isolation function, “Browser Isolation,” to its zero-trust network access (ZTNA) (*) service, “Safous,” which is mainly available for users in the U.S. and Asia, starting September 28.

The Safous platform is a zero-trust remote access service that provides application-level control over corporate applications and external “software as a service” (SaaS) access from a remote environment. This optional Browser Isolation function is Safous’ proprietary, sandbox-based virtual browser that allows users to access applications and SaaS virtually, eliminating browser-based threats and providing more secure access.

“Kasm Technologies is honored to provide Kasm Workspaces remote browser isolation, our web-native secure remote access and DevOps-enabled container streaming technology, to Safous’ Browser Isolation function. Browser Isolation is an industry-leading, cost-effective, and secure browser-based remote access solution,” stated Justin Travis, Co-founder and CEO of Kasm Technologies.

(*) ZTNA is a zero-trust solution that provides seamless and secure remote access to internal applications. Instead of authenticating at the boundaries of the enterprise network, authentication is performed through a trusted broker system each time an application is accessed.

Background

More companies have started using SaaS in recent years, including powerhouses like Microsoft 365 and Google Workspace, due to the popularization of hybrid work. Unfortunately, these cloud-based systems are critical targets for attackers. In several reported cases, company networks are infected with malware and ransomware through a remote environment, causing a data breach and the suspension of business operations. Because the browser and network on the terminal side are not secure in remote environments — and are potentially…

Source…

NIST Releases Draft Zero-Trust Architecture Guide

/in


Agencies looking to adopt zero-trust security architecture can expect to see new guidance roll out throughout this summer.

The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) works with government agencies, industry organizations and academic institutions to create example solutions for pressing cybersecurity concerns, and in recent years turned its focus to zero trust, said NCCoE Security Engineer and Project Manager Alper Kerman during an RSA Conference panel.

Under its Implementing a Zero Trust Architecture project, NCCoE has been working to identify the core components of a zero-trust approach, as well as demonstrate different ways for achieving it, using commercially available technologies. The effort aims to show how a zero-trust architecture could work for different scenarios such as an employee or guest user trying to access online resources, or a contractor trying to access an on-premise resource, Kerman said.


Now in early June, NCCoE has released a draft guide, with more to follow.

“We want to be able to figure out what would be the minimum viable solution that would give us some level of zero-trust orchestration,” Kerman said.

There are three key aspects of a zero-trust architecture: enhanced identity governance (EIG), micro segmentation and software-defined perimeters, he said. Organizations may find it easier to focus more heavily on one or another, depending on their workflows, while still including elements of the other two, per NIST.

For the project, NCCoE is first demonstrating zero-trust example scenarios that focus on EIG techniques and is releasing preliminary drafts of its guidance on this method.

On June 3, NCCoE released a draft high-level overview document intended to help leadership consider their planning. NCCoE will be following up with two more detailed and technical guides, with those drafts slated for release in July and August.

WHAT’S ZERO TRUST AGAIN?

Zero trust isn’t a specific standard but rather “a set of principles used in designing and implementing and operating an infrastructure,” said NIST Computer Scientist…

Source…

Why edge and endpoint security matter in a zero-trust world

/in


We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

In February, Nvidia was hit with a cyberattack by Lapsus$, an international hacking group known for their cyberattacks on enterprises. The group was able to gain access to multiple systems and at least two code-signing certificates, giving the cyberattackers the option to digitally sign malicious code, bypass security defenses and compromise endpoints. Following the attack, at least two binaries not created by Nvidia were found online, signed with the stolen keys. The attack provides a sobering reminder of how machine identities are vulnerable to attack using stolen code-signing certificates. 

Stolen certs show edge and endpoint security’s widening gaps 

Developers use code-signing certificates to verify the authenticity of their apps’ code, endpoint security agents and integration points across networks. Cyberattackers, including Lapsus$ and others, put a high value on these certificates because they can use them to impersonate legitimate device drivers and code to take control of devices, endpoints and sensors. Cyberattackers use this growing technique to distribute malware across endpoints and enterprise networks. 

Modifying code-signing certificates is now one of the most sophisticated, popular approaches to controlling edge and endpoint security devices on a network while launching malware attacks. Cyberattackers continue using Nvidia’s stolen code-signing certificates to disguise malware code as legitimate while attempting to launch attacks. Last year, impersonating legitimate code was integral to the SolarWinds supply chain attack. 

Nvidia having terabytes of data exfiltrated and code-signing certificates stolen show how fragile edge and endpoint security can be. Using stolen code-signing certificates to make device drivers, executables and source code look legitimate is among the toughest endpoint breaches to stop. 

Longstanding gaps in endpoint security are getting wider, enabling more sophisticated breach attempts due to the following:

Source…