The first quarter of 2024 has been an exciting time for Banyan Security. Since joining SonicWall, we have continued to update and develop our innovative Security Service Edge (SSE) solution. 

Below, you’ll find highlights from the releases that have gone out in Q1 of 2024. You can also find past release notes and other product documentation here.

Generally Available Features

Here are some of the highlights from our GA feature releases thus far in Q1 2024:

• Enable Private Resources Discovery

• • • Admins can enable private resource discovery in the Advanced Settings of their Access Tier configuration. Once enabled, private resources will be displayed in the Discovery section of the Command Center.

• Encrypting DNS via DoT

• • • With Banyan app versions 3.14+, devices’ DNS requests are resolved over TLS by default, and these requests are encrypted.

• Auto re-enablement of ITP

• • • Now, when an end user disables ITP enforcement from the desktop app, ITP is automatically re-enabled after 1 hour.

• Cloud Command Center User Interface (UI) Re-design

• • New navigation categories include Private Access, Internet Access, and Trust.

Early Preview Features

Get a sneak peek of what’s coming for the Banyan Security product, and be among the first to experience the new enhancements:

• [INTERNET ACCESS] Enable URL Filtering

• • • Admins can now inspect host URLs within domains that are not considered threats. They can also configure URL filtering within ITP settings using a PAC file that contains URL inspection rules.

• Event Charting

• • • Admins can now view trends related to user access and service usage within Banyan. Event charting provides a visualization of events within the Command Center.

• Support for Oracle Linux in the OS Version Trust Factor

• • • Banyan now supports Oracle Linux 8 and 9 as values in the OS Version Trust Factor.

• Create a Custom Public App

• • Admins can now define public apps that Banyan has not already pre-populated in the App Discovery list in the Command Center. This new feature allows admins to easily surface, secure, and monitor apps that are critical to their business.

Enhancements & Updates for Q1 2024

Some helpful features have been included in the Q1 2024 releases to help you optimize your time and improve your workflows:

• [INTERNET ACCESS] Active Roles in Internet Threat Protection (ITP) Policies

• • • Roles used in ITP policies now show as Active.

• Terraform Exemptions

• • • Terraform now supports exemptions within service configurations.

• Simplified Silent Cert Authentication

• • Silent cert authentication now works directly through the API in organizations that have the silent cert auth flow configured; admins no longer need to maintain the mdm-config file for this flow to work.

Test drive these new features with Team Edition

Are you ready to explore the latest features from our Q1 in 2024? Test drive the Security Service Edge (SSE) capabilities of the Banyan Security | SonicWall solution with our Team Edition — it’s free! 

Experience the full range of features available at your fingertips. See why so many organizations have chosen our comprehensive SSE and Zero Trust Network Access (ZTNA) security solution. Get access to Team Edition.

These are exciting times for Banyan. I’m pleased to announce that after eight amazing years as a standalone company, we have decided to join forces with SonicWall to write the next chapter of Banyan’s growth and scale as part of the SonicWall family.

Vision and Execution

When I started Banyan along with my amazing co-founders Yoshio and Tarun in 2015, we saw a huge opportunity to completely overhaul the network security market. With the big migration to cloud and the increase in remote employees and devices, the traditional network security tools used for remote work such as VPNs and firewalls, that were prevalent for the last 30 years, were slowly but surely falling apart. Our big vision was to connect the distributed workforce with dynamic cloud applications using a single platform that is easy to use, simple to manage, and highly secure. Over the years, this market took on many names and has currently settled on Security Service Edge (SSE), with Zero Trust Network Access (ZTNA) to replace VPNs as the common beachhead.

In this time period, we brought together an amazing group of individuals to build a first-of-its-kind product for enabling easy and secure remote access based on Zero Trust principles. This pioneering product was conceived and built for a work-from-anywhere world, well before Covid made this an immediate necessity, and has been proven to work seamlessly in several small SMBs to Fortune 500 companies with tens of thousands of employees. We were also recognized for being a ZTNA leader by several analyst firms.

For this next chapter, we are very excited to combine our flexible product with SonicWall’s stellar GTM engine and partner ecosystem to democratize easy and fast remote access. SonicWall has tens of thousands of loyal partners and hundreds of thousands of customers around the world. Getting the Banyan SSE platform into their hands is very exciting from GTM growth and technical scale perspectives. In addition, combining SonicWall’s security portfolio with that of Banyan’s enables us to provide a single, comprehensive platform from a single vendor. Both of us see a huge market opportunity ahead of us and are committed to bringing the best-in-class security solutions for the masses.

Many Thanks…

We’d like to thank all Banyan employees, both past and present, for their dedication and effort in building Banyan. The culture we created around urgency with excellence, love of solving hard technical problems, and humility and openness has held us together and enabled us to create something special. SonicWall has a similar culture built around integrity and collaboration making the union of the two companies a natural fit.

We’d like to thank our amazing customers and partners that have helped us shape this product every step of the way. Your feedback and constant demand for excellence has allowed us to battle-test our product in various environments and enabled us to start small and grow throughout your employee base. Your referrals and word-of-mouth have been a huge reason for our success.

Special thanks to our Board members and investors — right from pre-seed to Series B — who believed in us and helped us not just with capital but also sound advice to focus on things that matter at every stage in building a successful company. 

Thanks also go to our awesome advisors, especially Mendel Rosenblum and John Jack, who have helped with timely advice and support at various phases in our journey.

In a nutshell, I am super excited we’re joining forces with SonicWall, and looking forward to all the growth and scale the future has to offer. Onwards and Upwards!

Banyan Customers Speak

MFA (Multi-Factor Authentication) is a useful tool for security, and if implemented correctly, it can help to improve authentication and decrease risk. But I think it’s about time we talk about some of the ways that MFA is inherently broken. 

MFA Overview and History

The primary purpose of multi-factor authentication is to ensure that the person entering their username and password is the rightful owner of the account. This is crucial because passwords can be stolen, people can be tricked by phishing sites or social engineering, and credentials can be leaked.

The earliest forms of multi-factor authentication involved using a physical token device, like a card or key fob, to generate an additional code after entering your username and password. This was meant to prevent unauthorized access by those who did not have access to the physical device. Then, we moved on to soft tokens on phones or receiving codes via text messages. But even these methods have their limitations.

The Era of Frequently Changing Passwords (Running from the Bear)

We’re also living in the era of regularly changing passwords in order to protect accounts. This process was initially implemented in an attempt to stay ahead of attackers who may have obtained the username and password but hadn’t had a chance to use them yet. The concept of a 900-day password rotation was under the understanding that that would be the longest a bad actor would have your account credentials. This approach is far from foolproof.

The whole concept of frequently changing passwords is flawed. It’s like trying to outrun a bear – you just need to be faster than the slowest person. There are countless passwords out there that attackers can try, and you’re just hoping they don’t get to yours before you change it. It’s an unreliable system.

The traditional username-password-MFA process is definitely better than NOT utilizing multi-factor authentication, but it falls behind the evolving threats in cybersecurity. So, let’s delve into the flaws of the current MFA system and explore how we can do better.

Where MFA Fails Us

There are multiple ways that attackers can bypass multi-factor authentication, including social engineering, phishing, hijacking web sessions, or cloning phone numbers on different devices. I’m sure you’ve read about the recent MGM breach in the news. The breach occurred as a result of socially engineered admin credentials. As helpful as multi-factor authentication may be, there’s a risk in assuming that we can lower our other defenses if we’ve implemented those security methods. 

With the prevalence of MFA now being required across multiple accounts, it can become a type of white noise or familiar annoyance that we fast-forward through as users. This creates a vulnerability known as MFA fatigue, which attackers can exploit.

You’ve probably experienced MFA fatigue yourself, whether receiving a code while trying to troubleshoot technical issues or being interrupted while working on an important project. We often don’t stop and take the time to ensure the authentication method is valid, especially when SO many accounts require various forms and steps for multi-factor authentication.

I’ve personally had a scary experience myself when someone cleverly switched my phone number to their own device through tricks with my phone carrier. Luckily, I caught it quickly, but it’s a stark reminder that even having a secure phone isn’t foolproof. 

The Biggest Reason MFA is Broken

Here’s the most critical way that MFA fails us – when you successfully get to a step where MFA is required, it confirms that your username and password are valid. This gives attackers the ability to identify which credentials are valid and potentially target you further. Let’s think about that for a moment. The attacker could have gotten massive amounts of credentials from a dark web dealer, and then used automated methods to throw multiple sets of credentials at different sites. 

Initially, they might not know which of the credentials they’ve purchased are still valid. While they may not have access to your multi-factor authentication method (i.e., your phone, authenticator app, biometrics), if they get an indication that your username and password have gotten to that MFA step… BOOM, they now know that the credentials are valid.

And it doesn’t end there. If you reuse passwords across multiple accounts, attackers can use the validated credentials on other systems where MFA isn’t enabled. We all know that we shouldn’t reuse passwords and that we should turn MFA on for all accounts that allow it, but the reality is that most users don’t consistently follow those best practices.

How Banyan Security Can Help

When I speak about MFA at conferences (or with my family at Thanksgiving, lol), there’s always a big “Aha!” moment when they realize the point about multi-factor authentication allowing an attacker to know which credentials are valid. It’s a scary thought, and while I don’t want anyone to be fearful, it’s important to be aware of what’s involved when using these methods and how they can potentially be exploited. 

But here’s the exciting part. With Banyan Security, you get the benefit of our device certificate, which is a pre-authentication MFA. It’s a game-changer in terms of security.

If someone gets a user’s valid credentials, including MFA, they can do damage to your systems and/or steal sensitive information. Luckily, with our setup (our team uses Banyan Security in front of Okta), using my credentials to access Okta is not possible without physical possession of my device, my laptop. 

Now, I bet you’re curious if we still use multi-factor authentication for Okta (especially since the title of this blog is “MFA is Broken”). The answer is yes! We use MFA after authentication. But here’s the deal: you wouldn’t even get to the point of MFA if you didn’t physically have our device. My laptop and phone act as pre-authentication MFA devices.

It’s all about finding that balance between security and usability. We make the process as smooth and seamless as possible. All while increasing security without adding additional burdens on your users. I host a live demo of the Banyan Security platform each week, so if you’d like to see a specific use case in action, or if you want to chat about MFA and zero-trust architectures, drop in and say hello: https://info.banyansecurity.io/weekly-live-demo-2

In the rapidly evolving digital infrastructure landscape, companies are continually searching for solutions that not only provide robust security, but also offer the flexibility required to adapt to dynamic business needs. Banyan Security’s innovative Flexible Edge was created to be able to simply answer “Yes” when asked if our solution fits into an organization’s deployment scenario. This transformative technology not only addresses the limitations seen in other vendors’ offerings but also introduces a new era of connectivity that seamlessly combines flexibility and security.

Limitations of Other Vendors

Many vendors in the market provide connectivity solutions, but a common theme among them is a lack of flexibility. These vendors typically offer a singular means of connecting to their infrastructure and services, limiting the adaptability of organizations. Furthermore, the reliance on a single traffic flow can lead to potential security concerns, as traffic may need to be decrypted at certain points.

Another drawback with some vendors is the restriction to specific points of presence (PoPs) within designated cloud service providers (CSPs). This limitation can hinder organizations that require a more diverse and distributed network. Additionally, some vendors may confine their PoPs to a limited number of data centers, restricting the geographical reach of their services.

Flexible Edge: A Paradigm Shift

Banyan stands out by introducing the concept of Flexible Edge, which goes beyond the constraints imposed by other vendors. This innovation encompasses both Global Edge and Private Edge, providing unparalleled flexibility in connectivity options.

Global Edge

Banyan’s Global Edge facilitates quick connector deployments in a matter of seconds.

This agility in deployment ensures that organizations can establish connections rapidly, responding to the need for swift and efficient deployments. The flexible nature of Global Edge also allows for the deployment of Access Tiers and Connectors anywhere, empowering organizations with a truly global reach.

Private Edge

On the other hand, Private Edge emphasizes security, offering a more robust and controlled environment for deployments.

With Private Edge, organizations have the ability to maintain full control of the data plane, enhancing privacy and ensuring that traffic is not unnecessarily inspected in the vendor’s cloud. This added layer of security is crucial for organizations dealing with sensitive data or operating in regulated industries.

Enhancing Security Through Flexibility

Banyan’s Flexible Edge not only provides unprecedented flexibility but also enhances security in the process. By offering the option to choose between Global Edge for faster deployments and Private Edge for more secure deployments, Banyan empowers organizations to strike the right balance between speed and security.

The ability to deploy both Global Edge and Private Edge simultaneously sets Banyan apart from other vendors. This unique feature enables organizations to achieve the fastest productivity while seamlessly transitioning into the most secure deployment. In an era where the cybersecurity landscape is constantly evolving, having the ability to adapt without compromising on security is a significant advantage.

Simplicity Redefined with Flexible Edge

In addition to its groundbreaking capabilities, one of the most compelling aspects of Banyan’s solution is its user-friendly interface (try a self-driven demo here). The ease with which organizations can implement and manage Flexible Edge makes it a viable choice for businesses of all sizes. Banyan has successfully combined advanced technology with simplicity, ensuring that even non-technical users can harness the power of Flexible Edge without extensive training.

Moreover, unlike some vendors, Banyan doesn’t charge based on the type of edge used, connectors, gateways, or throughput. This means deploying a leading solution while significantly saving an organization time and money.

Flexible Edge is not just a connectivity solution; it’s a paradigm shift in how organizations approach secure and flexible connectivity. By addressing the limitations seen in other vendors’ offerings and introducing a unique blend of flexibility and security, Banyan has positioned itself as a leader in the industry. As businesses continue to navigate the complex landscape of digital transformation, having a solution that provides both speed and security is not just an advantage – it’s a necessity. Banyan’s Flexible Edge meets this demand head-on, setting a new standard for what organizations can achieve in the realm of secure connectivity.

Ensuring Compliance When Your Employees Skirt the Rules

Shadow IT refers to the use of information technology (IT) systems, devices, software, applications, or services within an organization without explicit approval or oversight from the IT department or management. Shadow IT typically occurs when employees use their own devices or software to perform work-related tasks without the knowledge or consent of the IT department. This practice can lead to security vulnerabilities, compliance issues, and inefficiencies within an organization.

Protection Against Shadow IT

To protect against shadow IT, organizations can take several measures:

1. Educate and Communicate

Raise awareness among employees about the risks associated with shadow IT. Help them understand the importance of using approved IT systems and the potential consequences of using unauthorized applications.

2. Establish Clear Policies 

Develop and communicate IT policies that clearly outline which tools, software, and applications are approved for use within the organization. Ensure these policies are easily accessible and understandable for all employees.

3. Monitor Network Traffic 

Employ network monitoring tools that can identify and track the use of unauthorized applications or devices within the organization’s network. This can help detect instances of shadow IT.

4. Provide Approved Alternatives

Offer employees approved and secure alternatives to the unauthorized applications or tools they might be using. Ensure that these alternatives are user-friendly and meet the needs of the employees.

5. Implement Security Measures 

Strengthen the overall cybersecurity measures by using firewalls, encryption, and access controls to protect against potential security threats that could arise from the use of unauthorized software or devices.

6. Regular Audits and Reviews 

Conduct periodic audits or reviews to identify any unauthorized IT usage within the organization. This can help in understanding the extent of shadow IT and taking appropriate measures to address it.

7. Encourage Feedback

Foster an environment where employees feel comfortable providing feedback about the tools they need. This could help in identifying gaps and understanding why employees turn to shadow IT.

8. Collaborate with Departments

Work closely with different departments to understand their specific needs and requirements. This collaboration can help in providing suitable IT solutions and reducing the likelihood of employees resorting to shadow IT.

Combat Shadow IT with Banyan Security

By employing a combination of these measures, organizations can better manage and mitigate the risks associated with shadow IT while also ensuring that employees have access to the tools they need to be productive in their roles.

Banyan Security’s Public and Private Resource Discovery features make it super easy for admins to quickly see which sanctioned and unsanctioned applications are being used and start protecting against them. 

Naturally, the next question would be, so what can we do once we see unsanctioned applications? Step one may be to simply block the entire category of applications, say AI tools, while doing some more investigation. You may find that a specific tool needs to be allow-listed while blocking the rest of the sites in the category. 

The next step will be to ensure that all authentication of sanctioned applications is done via your identity provider (IdP), which also validates devices using Banyan Security’s Device Trust. It may be necessary to redirect all traffic over a Service Tunnel for a limited time to further monitor where your users are going, resulting in even more applications being discovered. Your users will not need to do anything different, which makes it even better.

Will employees try other methods to use unsanctioned apps? They may. Will you be able to find these unsanctioned apps? Possibly. As an IT or IS leader, you may have to look at corporate expenses submitted by users or groups to discover shady behavior. If your expense system has the “Software/Licenses” category, you may be able to identify shadow IT that’s being used and expensed on machines that aren’t registered or corporate-owned. While this may be an extreme case, it is still possible. To help reduce corporate risk, it may be a step you consider doing.

To learn more about Public and Private Resource Discovery, visit https://docs.banyansecurity.io/docs/visibility-logging/service-tunnel-discovery/

November 2023 has been a busy month for the Banyan Security product and development teams, and we’re excited to share some highlights from our recent product updates. We’ve boiled down key pieces of information from our October and November release notes. We also welcome you to subscribe to our updates so you can stay informed of what’s new and what’s ahead on the Banyan Security roadmap.

Highlights from our October and November releases can be found below (you can also find past release notes here):

Generally Available Features

Some exciting GA features have been released over the past few months. Here are some of the highlights from our October and November GA feature releases:

• App-based routing for Service Tunnel
• • • Admins can now configure specific apps to tunnel through or block from their Service Tunnels.

• Zero Touch Install for Chrome Browser extension

• • • Banyan Security now supports zero touch installation for the new Chrome Browser extension.

• Private Resource discovery

• • • Admins can now view a comprehensive list of private resources (including domain name, IP address, and port) accessed via Service Tunnel by users in their organizations.

Early Preview Features

Get a sneak peek of our early preview features! Take a look at what’s coming for the Banyan Security product, and be among the first to experience the new enhancements:

• Security Actions for Public Apps
• • • Discovered public apps now offer guidance on Security Actions admins can take; Security Actions are specific to the app.
    • Security Actions include guidance on configuring ITP policies, DLP policies, Banyan IDP federation, and routing via Service Tunnel.

• AI-Assisted Admin Search
• • • Admins can now use Banyan’s AI-Assisted Admin Search in the Command Center to perform quick searches related to the Banyan Security product.

Enhancements & Updates for November 2023

Valuable tools and features have been included in the November 2023 release. These feature enhancements should help you optimize your time and improve your workflows:

• Let’s Encrypt Wildcard Support
• • • Admins can now protect multiple hosted websites with a single wildcard Let’s Encrypt certificate, procured and managed by Banyan Security.

• Terraform Import Tool

• • • A command-line utility that allows admins to import existing resources from the Banyan API and generate Terraform configuration files for managing those resources.
    • This tool simplifies the process of managing Banyan Security resources through Terraform, making it easier for admins to automate infrastructure setup.

Test Drive the New Features with Team Edition

Are you ready to explore the latest features available in our November 2023 release? Try out the device-centric and SSE capabilities of the Banyan Security solution with our Team Edition — it’s absolutely free! 

Take a test drive and see the full range of features available at your fingertips. See why so many organizations have chosen Banyan Security for a comprehensive SSE and ZTNA security solution. Give it a try and see the powerful result. Get access to Team Edition.

I’ve been an Okta customer for over 15 years; both my Enterprise Security teams at Adobe and Cisco deployed their services and partnered with Okta on external facing services. Now, I’m a happy customer as we (Banyan) also leverage their services.

With all of the mud being slung regarding the Okta breach recently, I found it important to state that I’ve got huge respect for Todd and the team, as well as David Bradbury, their CSO. So, reading their post on the latest breach, I was pleased to see transparency and an effort to keep the faith. The reality is we are all under attack, and the greater your success, the bigger a target you become.

Okta Breach Takeaways for the Broader Community

A few things jumped out to me that I think would make common sense for not just Okta, but all of their customers:

1. The opening sentence, “Okta Security has identified adversarial activity that leveraged access to a stolen credential to access Okta’s support case management system.” Wait a minute, stolen credentials? If Okta (or your company) deployed device registration, passwordless, and device posturing, then stolen credentials are useless. I was sure Okta even sells this dream to their customers. It’s something that my team deployed in Adobe in 2017 as part of our ZEN project. In 2019, we refined the architecture as part of becoming a customer of Banyan Security.
2. Storing data unnecessarily is a topic security and privacy professionals talk about a lot. This incident is a reminder not to store data if you can help it. If the case is closed, could the data be deleted, or at least could the higher-risk data be protected? Similar to “just in time” (JIT), the data can be erased once it’s been leveraged for its function. There’s certainly a balance of running the business with the least amount of friction, especially in a customer support scenario. But, deleting any files uploaded by customers once the ticket is closed would be something worth investigating.
3. It was also mentioned that “Okta recommends sanitizing all credentials and cookies/session tokens within a HAR file before sharing it”. Is this displayed to the customer before they submit the HAR file? In addition to protecting higher-risk data and deleting files after a ticket is closed, we have to let the customer know to sanitize the HAR file from cookies and session tokens that can be used to impersonate a valid user. Even if an attacker was able to access the file, they would not have access to the customer’s sensitive information.

To repeat, I’m a huge fan of Okta, so this isn’t a pile on them; we’re all under attack. Rather, if step one is to use stolen credentials, then let’s move faster to blocking that attack vector. This was something my Enterprise Security team at Adobe tackled in 2017, replacing passwords with certificates tied to the user and device, requiring a device be registered in order for a user to log in, and enforcing a security posture on the device.

This means a bad actor is unable to log in as your users, even with stolen credentials. It’s how my Adobe team met Banyan and something Banyan has delivered to its customers for over six years. So, as a kind of rant I guess, this sh*t doesn’t need to happen… oh, and we integrate seamlessly with Okta, but also any other SAML or OIDC IDP.

If you need some strategic guidance on getting started down this path, drop me a line.

Den Jones

CSO, Banyan Security

The healthcare sector is no stranger to cyberattacks, data breaches, and the dire consequences that come with such healthcare security issues. With sensitive patient data, critical infrastructure, and life-saving devices at stake, it is imperative for healthcare organizations to adopt robust security measures. Zero Trust and Zero Trust Network Access (ZTNA) have emerged as crucial components in the defense against cyber threats in this high-stakes environment. 

In this blog, we’ll explore why Zero Trust and ZTNA are critical for healthcare organizations, focusing on their relevance to remote offices and interconnected branch networks. We’ll also highlight notable healthcare breaches that could have been thwarted with these security paradigms in place while examining how they can enable compliance with HIPAA (Health Insurance Portability and Accountability Act).

The Zero Trust Paradigm

Zero Trust is a cybersecurity framework that fundamentally challenges the traditional perimeter-based security model. Instead of blindly trusting users and devices within the network, Zero Trust assumes that threats may exist both inside and outside the network. As a result, access controls and security checks are applied rigorously, regardless of the user’s location or device.

In the healthcare context, this means that every user, device, and application must be continuously authenticated and authorized, reducing the attack surface and mitigating the risks associated with insider threats while simultaneously enabling HIPAA compliance.

Zero Trust Network Access (ZTNA) for Remote Offices

Healthcare organizations often have remote offices and staff who require secure access to patient records and systems. ZTNA provides a solution by allowing authorized users to access specific resources based on strict identity verification and contextual factors. This ensures that remote workers can only access the data and applications they need, improving healthcare security.

In 2019, the American Medical Collection Agency (AMCA) suffered a massive data breach, compromising the personal and financial information of millions of patients. Attackers exploited vulnerabilities in the web application, gaining unauthorized access to sensitive data. With ZTNA in place, the breach could have been mitigated by limiting access to sensitive databases based on strict user authentication and authorization.

Protecting Interconnected Branch Networks

Healthcare networks often consist of interconnected branch locations, including clinics, hospitals, and administrative offices. These networks are ripe targets for attackers looking to move laterally within an organization. Zero Trust principles help segment these networks, ensuring that even if one part is compromised, the rest remains secure.

The WannaCry ransomware attack in 2017 paralyzed the UK’s National Health Service (NHS) and affected healthcare systems worldwide. This attack exploited a vulnerability in Windows systems and spread rapidly within the network. Had Zero Trust policies been implemented, the lateral movement of the ransomware within the network could have been thwarted, limiting the impact and preventing the widespread disruption of healthcare services.

Mitigating Insider Threats in Healthcare Security

Healthcare organizations must be cautious about insider threats, which can result from unintentional mistakes or malicious actions by employees. Zero Trust’s continuous authentication and authorization mechanisms help monitor user behavior, detect anomalies, and respond to potential threats swiftly.

The UCLA Health breach in 2015, where employee data was compromised, could have been mitigated by implementing Zero Trust protocols to monitor and control user access more effectively. In this case, the breach stemmed from an insider who used unauthorized access to exploit vulnerabilities, highlighting the need for continuous monitoring and strict access controls.

Enabling HIPAA Compliance

HIPAA mandates stringent security measures to protect the confidentiality and integrity of patient health information. Zero Trust and ZTNA align perfectly with these requirements by ensuring that data access is granted based on the principle of least privilege. They enable healthcare organizations to implement robust access controls, encryption, and audit trails necessary for HIPAA compliance, reducing the risk of data breaches and costly regulatory penalties.

Zero Trust and ZTNA for Healthcare Security

The healthcare sector faces relentless cyber threats, making it essential to adopt modern security strategies like Zero Trust and ZTNA. These paradigms provide a robust defense against breaches, especially in the context of remote offices and interconnected branch networks. Notable healthcare breaches in the past could have been averted or minimized with the implementation of Zero Trust principles. Moreover, Zero Trust and ZTNA help healthcare organizations navigate the complex landscape of compliance, ensuring that patient data remains confidential and secure. As healthcare organizations continue to evolve, embracing Zero Trust and ZTNA is not just a choice; it’s a critical necessity to safeguard patient data and ensure the uninterrupted delivery of care while meeting HIPAA’s stringent security requirements.

Learn more about Banyan Security’s Zero Trust clientless solution for secure remote access in the healthcare industry → Read the Press release

In the world of cybersecurity, the name Den Jones commands respect, especially with his insightful and entertaining time on stage. A former Novell administrator in the ’90s, Den has remained committed to evolving and growing with the ever-changing landscape of information security. Recently, his insights were on full display during a Fireside Chat at CyberArk’s IMPACT 23 World Tour in San Jose, where he shared his experiences and wisdom as the CSO of Banyan Security, a journey that took him from the humble beginnings of an administrator to a prominent leader in the field. 

Fireside Chat with Den Jones and Santosh Prusty

Den Jones, the Banyan Security CSO, known for his previous roles at industry giants like Cisco and Adobe, took the stage alongside Santosh Prusty, a Senior Leader from Cisco’s Enterprise Team. This dynamic duo’s Fireside Chat delivered a plethora of information about identity security and deploying CyberArk, the solutions they’ve had to deploy, and valuable insights from other customers and partners.

The chat kicked off by emphasizing that deploying identity solutions is not just a one-time implementation but rather a continuous journey. While at Cisco, Den gave the task of implementing identity security to Santosh and the new team he was hiring. Santosh’s focus extended beyond internal governance processes to encompass external partners. In today’s complex ecosystem, solutions must cater to on-premises and cloud applications, cloud services, and even non-human users. Santhosh began with a small use case, eventually expanding its operations to include 300+ administrators and overseeing 60,000 identities, including supply chain partners.

Holistic Approach to Security

Den Jones highlighted the importance of solutions being not only technologically robust but also user-friendly. He stressed that the ease of training and adoption is crucial. Cybersecurity teams should be able to sell the solution to executives by demonstrating how it can save money, reduce risk, and increase operational efficiency. This holistic approach to security also involves making the process as streamlined as possible, allowing businesses to concentrate on their core activities. Automation is key to achieving this efficiency.

During the chat, it was mentioned that Santosh and team had developed short videos to share during service calls, making the end-user experience more engaging and educational. These videos served as a proactive measure to address common issues, enhancing the overall security posture.

Essential Criteria for Modern Security Solutions

A question from the audience spurred an interesting conversation: “What is the most challenging aspect of implementing cybersecurity solutions today?” Den’s response was crystal clear. Every solution must meet three key criteria: it must be more secure, less expensive, and less complex. These are not just desirable features; they are essential for the modern cybersecurity landscape. Cybersecurity measures should add to an organization’s safety, not its complexity or cost.

Den’s chat highlighted that while implementing technology is one challenge, getting stakeholders to adopt it is an entirely different hurdle. The adoption process can take 2 to 3 years and is often fraught with obstacles. With today’s rapidly evolving environment, the adoption process has doubled in complexity due to factors such as mergers and acquisitions of cloud-born companies. Artificial Intelligence (AI) was identified as one of the most significant challenges faced by cybersecurity professionals today. The adaptability of AI, both for good and ill, poses unique difficulties in protecting critical systems.

Beyond the Fireside Chat

Interestingly, the discussion at the Fireside Chat extended beyond the formal setting. During lunch, I was also engaged in fascinating conversations about recent cybersecurity incidents. The Okta breach and the MGM breach were hot topics. These real-world examples emphasize that even organizations with robust security measures in place can be vulnerable to unexpected threats.

In conclusion, the Banyan Security CSO, Den Jones, illuminated the Fireside Chat with his wealth of knowledge and practical insights. His journey from a Novell administrator in the ’90s to a CSO leading the charge in cybersecurity showcases the ever-evolving nature of the field. His emphasis on secure, cost-effective, and streamlined solutions, as well as the importance of AI in today’s cybersecurity landscape, serves as a valuable guidepost for those navigating the complex and dynamic world of information security. The Fireside Chat left the audience with much to ponder, reinforcing the vital importance of staying informed and adaptive in the face of ever-evolving cyber threats.

John Chambers is a prominent figure in the world of technology and business, best known for his significant contributions to Cisco Security. Serving as the CEO of Cisco Systems, Inc. from 1995 to 2015, Chambers played a pivotal role in transforming the company from a small networking equipment manufacturer into a global technology powerhouse.

Cisco Security Expansion

Under his leadership, Cisco Security expanded its product portfolio, focusing on networking, cybersecurity, and cloud solutions. Chambers’ visionary approach and strategic thinking were instrumental in shaping the future of the internet and communication technology. His commitment to innovation, customer-centric approach, and emphasis on corporate social responsibility earned him recognition and respect throughout the industry. John Chambers is not only a seasoned executive but also a thought leader who has left an indelible mark on the tech world.

John Chambers is currently a venture capitalist and the founder and CEO of JC2 Ventures, which invests in a wide range of start-ups.

During Chambers’ time at Cisco Security, he oversaw billions of dollars in security-related acquisitions. I was an employee at Cisco, in the security business units, at that time and saw the good and the bad when it came to those acquisitions.

Recent Acquisitions by Cisco Security

Here is a list of some of the most recent security-related acquisitions by Cisco Security after Chambers departed:

1. Talos (formerly Sourcefire VRT) (2013)
2. Sourcefire (2013)
3. OpenDNS (2015)
4. Umbrella (formerly OpenDNS Umbrella) (2015)
5. Lancope (2015)
6. Portcullis Computer Security (2015)
7. Observable Networks (2017)
8. Duo Security (2018)
9. Sentryo (2019)
10. Kenna Security (2021)
11. Valtix (2023)
12. Lightspin (2023)
13. Oort Inc (2023)
14. Splunk (2023): Their largest acquisition to date, paying $28B for Splunk.

Some tech companies pursue acquisitions primarily for the technology and customer base they acquire, and in some instances, this can result in the termination of existing employees. When a company identifies a smaller firm with valuable technology or a substantial customer base that aligns with its strategic goals, it may choose to acquire the assets and intellectual property while discontinuing the acquired company’s operations. This approach can help the acquiring company expand its market reach and bolster its technological capabilities swiftly.

However, it can also raise concerns about job security and disrupt the lives of the employees of the acquired company. It is essential for companies to approach such acquisitions with sensitivity, considering the impact on the affected employees and taking steps to provide support or opportunities for them where possible. Balancing technological gains with the well-being of the workforce is a critical consideration in these situations.

Potential Pitfalls

Acquisitions can be challenging to integrate for several reasons:

1. Cultural Differences: Companies often have distinct corporate cultures, values, and ways of doing things. Merging these cultures can be difficult and may lead to resistance or conflicts among employees.
2. Organizational Complexity: Integrating two organizations with different structures, processes, and systems can be complex and time-consuming. Streamlining operations and aligning workflows can take a significant effort.
3. Technology Integration: If the acquired company uses different technologies or software, integrating these systems into the acquiring company’s IT infrastructure can be a major hurdle, often requiring substantial time and resources.
4. Talent Retention: Acquiring companies may struggle to retain key talent from the acquired company, which can impact the success of the integration and the long-term performance of the merged entity.
5. Communication Challenges: Effective communication is crucial during an acquisition, both internally and externally. Miscommunication or a lack of transparency can lead to misunderstandings and anxiety among employees and stakeholders.
6. Regulatory and Legal Compliance: Complying with various regulatory and legal requirements, such as antitrust laws or industry-specific regulations, can be complex and may necessitate careful planning and legal expertise.
7. Customer and Vendor Relations: Maintaining customer and vendor relationships during the integration process is critical. Changes in ownership can raise concerns among customers and suppliers, potentially impacting business relationships.
8. Financial Integration: Combining financial systems, reporting, and budgets can be intricate, especially if the companies have different accounting methods or fiscal calendars.
9. Strategic Alignment: Ensuring that the strategic goals of both companies align and that the acquisition adds value to the acquiring company can be challenging. Failure to align strategies can lead to integration difficulties.
10. Human Resources and Employee Morale: Managing workforce issues such as layoffs, role changes, and compensation adjustments can impact employee morale and productivity, making it crucial to handle these aspects with care.

The success of an acquisition’s integration depends on careful planning, effective leadership, and a deep understanding of the challenges involved. Companies that prioritize these factors and invest in a well-thought-out integration plan are more likely to navigate these complexities successfully. What happens more times than most CEOs will tell you is that the acquisition integration doesn’t go well, and most of the folks with the knowledge leave once their contractual obligations are over. This leads to a product that never evolves.

Acquisition Challenges

Several cybersecurity companies or products have faced challenges or have been discontinued after being acquired by larger organizations. These outcomes can occur due to a variety of reasons, including integration issues mentioned above, strategic shifts, or changes in market conditions. Here are a few examples:

1. FireEye’s Mandiant Redline: FireEye, a prominent cybersecurity company, acquired Mandiant in 2013. While Mandiant’s services continued to thrive, its standalone product, Redline, was discontinued after the acquisition.
2. Websense: Websense, a web filtering and cybersecurity company, was acquired by Raytheon and Vista Equity Partners in 2015. The Websense brand was eventually merged into Raytheon Cyber Products.
3. McAfee EMM (Enterprise Mobility Management): McAfee acquired several companies over the years, and some of their products underwent changes or discontinuation. For instance, McAfee EMM, a mobile device management solution, was transitioned to another vendor after the company’s acquisition by Intel.
4. Intel Security Group (formerly McAfee): Intel acquired McAfee in 2011 and later rebranded it as the Intel Security Group. In 2016, Intel sold a majority stake in the security division to TPG Capital, and the McAfee brand was reinstated. The complex changes during and after the acquisition impacted some of its product lines.
5. Symantec’s Norton IoT Security: Symantec’s acquisition of Norton LifeLock (formerly known as Norton by Symantec) led to changes in its product offerings. Symantec’s IoT (Internet of Things) security product line was discontinued as the company shifted its focus.
6. RSA Security (BSAFE and Data Protection Manager): RSA Security, a division of Dell Technologies, acquired various companies and product lines over the years. Some products, such as BSAFE (cryptography toolkit) and Data Protection Manager, have undergone changes or discontinuation.

It’s important to note that these outcomes may vary, and some acquired products may continue to evolve or be incorporated into the acquiring company’s broader cybersecurity offerings. The fate of a cybersecurity company or product after acquisition depends on numerous factors, including the acquirer’s strategy and market conditions. It is also worth noting that some of the above have been spun-in and spun-out several times, which ultimately leads to unhappy customers and demoralized employees.

Small, Nimble, Customer-focused

Large organizations like Cisco Security often make grand announcements that get the market thinking. However, it may take years for what was promised in the announcement to come to fruition, if it ever does. Smaller and more nimble organizations such as Banyan are extremely customer-focused and are at the stage where we develop a true, direct partnership with each customer.

To learn more about how our solution can work for you today and how we can help you achieve your vision for security and access, set up a meeting with one of our Zero Trust experts.