Anna Kolenda-Parakiel, NACVIEW: “people often forget that attacks can come from the local network”
When it comes to data breaches, most of the incidents that break the news are carried out by outsiders. Unfortunately, that is not always the case.
While ensuring protection against outsider attacks seems to be the main focus for organizations nowadays, it is the insider threats that are more difficult to prevent and detect in the first place. Some experts believe that for a threat actor, all it takes is just to simply connect to the office WiFi.
To ensure strong network security, organizations need to shift their attention towards internal threats, according to today’s guest, Anna Kolenda-Parakiel, the Product Manager at NACVIEW.
Tell us more about your story. What inspired you to create NACVIEW?
The idea for the NACVIEW system was born in 2014 during the tests of various NAC systems at one of the technical universities. At that time, NAC solutions did not offer the functionality that was required by the university, the interface was complicated and the price was very high.
Our main goal was to provide a NAC system that has rich functionality and offer it at a reasonable price point. In addition to the basic functionality of network access control, it offers a wide range of additional functions, including related to the visibility of the managed network. All this is available from one management console, which is intuitive and simple to configure and use. Exactly like our motto: “Your network – your rules.”
What are the main challenges your services help solve?
There are several main challenges that NACVIEW solves:
- Unauthorized network access
NACVIEW is a tool that allows detailed control and management of access rights to the company network for users and devices, regardless of whether they connect to the LAN, Wi-Fi, or VPN connections.
- Lack of network visibility
NACVIEW allows for full and detailed knowledge of what is happening in your network. What users and devices are connected, on what network devices, in which ports, what rule allowed them in, what subnets they finally got access to. Everything is available in a nice and clear graphical preview.
- Management of heterogeneous network
NACVIEW is a vendor-independent solution. The system integrates with all network devices and most identity servers from a different network solution.
- Guest access
NACVIEW provides guess access management through a customizable portal that allows guest registration, guest sponsoring, and access to the corporate network.
- Insecure operating systems
NACVIEW evaluates the security posture and ensures better security compliance.
- OT/SCADA environments
NACVIEW allows to control the access of different devices in a production environment.
For those who might not be familiar with this technology, can you briefly explain what NAC systems are and why are they needed?
NAC (Network Access Control) is one of the cybersecurity systems. The NAC solution allows you to increase the security of corporate networks by controlling and managing access to it. The solution forces a user or endpoint device to prove their identity and health before they gain access to a network and its resources.
The NAC system provides network access only to those devices that are authorized and compliant with the security policies of a given company. On the other hand, it can deny network access to non-compliant devices, put them in a quarantine, or on a subnet with limited access to corporate resources. Networks that do not implement NAC may be accessed by any device that is plugged into a switch port or connects to a WiFi network.
Even if password protection is enabled, a user may still log into the network with an unapproved device. This carries a substantial risk of introducing malware into the network. The NAC system can strengthen the network security infrastructure.
How do you think the pandemic affected the cybersecurity industry? Did you add any new features to your services as a result?
We have noticed that remote work has become popular in many companies. Companies allowed their employees to do this by enabling remote connections via VPN to the corporate network. This way of connecting to company resources is generally considered a safe method.
Unfortunately, VPNs can be a target for attackers looking to gain access to sensitive corporate data. It’s essential that organizations take steps to secure VPNs to protect against unauthorized access and data breaches.
That is why many of the customers started to use our OTP (One Time Passcodes) functionality offered in NACVIEW to protect VPN connections. The OTP functionality is a form of multi-factor authentication (MFA) to add another layer of authentication security. Hardening VPN connections with additional authentication ensures only the right people have access to corporate resources.
In your opinion, which industries should be especially concerned about securing their network?
When it comes to security, we should not consider it in the context of a specific industry. Generally, the implementation of the NAC system should be of interest to all companies and organizations that want to increase the level of security of corporate resources.
Of course, the primary group showing high interest in NAC solutions is large organizations. This is due to the demands enterprises have in regards to a large number of employees, visitors, and third-party suppliers. As the risk of breaches for these groups of users becomes very probable, the demand for NAC solutions is higher. But not only do large companies and organizations show greater awareness in the field of security, but a similar increase in interest is also visible among small and medium-sized enterprises.
What are the most common misconceptions people tend to have regarding network security?
Currently, we observe a significant increase in awareness of security breaches. Very often, it is the awareness of threats coming from the Internet. Unfortunately, many companies focus on protecting their resources from outsider attacks, often forgetting that attacks can come from the local network at the company’s premises.
A lot of companies are still exposed to various types of dangers due to the possibility of non-controlled access to the corporate network. Such threats can be easily and effectively reduced by using NAC solutions, just like the NACVIEW system. NACVIEW becomes the door to the company that allows only known users and devices to enter the corporate network.
Which cyber threats are we going to see more of in the next few years?
In the near future, it seems that targeted attacks will become more common. They can be based on acquired personal data about specific individuals and contain more elements of social engineering. They will become more and more sophisticated as well.
One example of a social engineering attack, which we often notice among our clients, is the innocent request of a guest who shows up to a meeting at the office and asks for access to the network to download an e-mail. By accessing the corporate network, a threat actor has the opportunity to take advantage of the company’s resources.
Other threats that may become more common could be attacks targeting devices operating in OT/SCADA environments. These are very sensitive environments where any interruptions or delays can lead to serious consequences. In such environments, the devices usually have rather weak operating systems since they only serve one purpose – measure certain parameters in the production network and send information to a central point. That is why securing access in such networks is a little bit harder than on traditional IP networks. Fortunately, we have been observing a continuous increase in customer security awareness regarding OT/SCADA networks.
In the age of remote work and online learning, what would you consider to be the essential security measures organizations should implement?
The bare minimum that should be implemented in the company is the protection of the interface in the age of remote work and online learning between the corporate network and the Internet using NGFW, protection of terminals (antivirus), and the NAC system that allows you to control access to the corporate network.
In the case of remote work, the NAC system enables additional authentication of the VPN connection through the OTP functionality. The NAC system also allows for integration with other security systems implemented in the company and automatically responds to threats detected by them. In case of an incident, the action plan should consist of an immediate and automatic cutting off from the network or moving the compromised devices to quarantine. The immediate reaction is crucial so that the detected threat does not spread in the internal network, and thus the risk of a data leak is mitigated.
And finally, would you like to share what’s next for NACVIEW?
We are constantly observing the global interest in cloud solutions. Customers are starting to prioritize cloud services, and this is probably due to the lack of IT specialists on the market. Therefore, in the near future, we want to expand the functionality of the cloud version in NACVIEW.