Use cases | Banyan Security https://www.banyansecurity.io VPN Alternative - Banyan Security Service Edge Wed, 29 Nov 2023 16:27:50 +0000 en-US hourly 1 https://www.banyansecurity.io/wp-content/uploads/cropped-favicon-1-32x32.png Use cases | Banyan Security https://www.banyansecurity.io 32 32 ChatGPT Security: Discovering and Securing AI Tools https://www.banyansecurity.io/blog/chatgpt-security-for-ai/?utm_source=rss&utm_medium=rss&utm_campaign=chatgpt-security-for-ai Fri, 16 Jun 2023 22:33:47 +0000 https://www.banyansecurity.io/?p=12915 Let’s talk about the darker side of the ChatGPT security story: a recent DarkReading report found that 4% of workers are leaking protected corporate information into AI tools by feeding schematics, statistics, instructions, and other intellectual property into large language learning models (LLMs). ChatGPT security took center stage in April 2023 when Samsung employees leaked […]

The post ChatGPT Security: Discovering and Securing AI Tools first appeared on Banyan Security.]]>

chatpgt-security-image

Let’s talk about the darker side of the ChatGPT security story: a recent DarkReading report found that 4% of workers are leaking protected corporate information into AI tools by feeding schematics, statistics, instructions, and other intellectual property into large language learning models (LLMs). ChatGPT security took center stage in April 2023 when Samsung employees leaked intellectual property into ChatGPT (including both confidential product information and meeting notes), leading to its ban by the company on May 2nd, 2023. Such risks are leading more and more organizations (such as Apple) to try to block these sites. As the number of generative AI and LLM tools and companies grows, the problem of ChatGPT security becomes more challenging.

ChatGPT Security is Simpler Than You Think

Of course, these AI systems can facilitate research and development efforts by simulating and generating ideas, designs, and prototypes, expediting innovation cycles. Unfortunately, they also create a wide range of security issues for companies because of the behaviors noted above, in addition to attackers searching LLMs for carelessly shared company data. (Side note: have you opted out of sharing your company and personal data with ChatGPT?)

There is a profound danger in reactive security without strategy, and much opportunity for overcorrection. Some of the solutions for ChatGPT security include blocking access by directing all traffic over a VPN, and then using an outbound security stack to inspect traffic. Eventually, though, employees find new ways to get around some of these blocks, or hunt for other tools that aren’t blocked. And drastic measures like the ones Samsung and Apple have taken leave security gaps of their own. Blocking AI tools completely from your organization isn’t necessary if you have the right security tools.

Discovering AI tools

Discovery is important and a crucial step to combating data exfiltration. Security for AI should be able to detect quickly, then categorize accurately where the data is going. With new AI tools popping up daily, this isn’t always so easy. Banyan’s solution looks at all DNS transactions and its real-time categorization engine assesses a range of information. Our security for AI also inspects traffic for sensitive data, such as PII, PHI, Secrets and Keys, PCI, using a modern cloud-based Data Loss Prevention (DLP) engine. As you can see below, the administrator sees where users are going, when, from what device this traffic originates, as well as what type of data is being sent:

It is worth noting that our solution is always-on, so end users will benefit from the protection without having to do anything. Administrators also gain visibility without needing to configure anything extra, or have their users do the same. As soon as the first user visits the first website, the administrator gets actionable insights. These are presented as applications and categories: much easier to use and create policies for those rather than just configuring policies around domains.

A single SaaS application can have hundreds or thousands of domains, so being able to quickly find a SaaS application (and how it’s been used) is the first step to creating a comprehensive policy:

Once you’ve Discovered Resources, you have options on what to do next. The most restrictive option: to completely block these types of sites (along with new domains and proxies) that may be used to circumvent blocks. Less restrictive options including proxying or tunneling the traffic to be able to further inspect or enable URL filtering.

As you can see, the end user is made aware of why access was denied, and is not being blackholed, which may lead to a call to IT’s Helpdesk and degraded productivity:

ChatGPT Security Banyan Product Image

 

 

The administrator also has the option to apply a Data Loss Prevention (DLP) policy. The policies may include blocking downloads or restricting sensitive data uploads, as shown here:

ChatGPT Security Banyan Product Image

 

Sensitive data inspection is based on known patterns across multiple regions and countries:

ChatGPT Security Banyan Product Image

In this example, a user tries uploading a social security number to ChatGPT. All other non-sensitive information interactions with ChatGPT, and other AI tools, are allowed:

ChatGPT Security Banyan Product Image

The end user is notified that the specific action is not allowed, and the interaction is blocked.

ChatGPT Security Banyan Product Image

Banyan ChatGPT Security

Generative AI introduces new cybersecurity threats by enabling the creation of highly sophisticated and realistic phishing attacks, capable of tricking even the most vigilant users. Additionally, malicious actors can leverage generative AI to automate the creation of advanced malware, making it harder for traditional security solutions to detect and mitigate these evolving threats. Employees are also leaking valuable corporate intellectual property in the hopes of getting work done quickly and easily. Effective security for AI must effectively address all of these facets.

In closing, focus on solutions that give the ability to block access to generative AI sites and tools effectively. By leveraging advanced web filtering capabilities and DLP inspection, SWGs like the Banyan SWG can detect and prevent users from accessing websites or tools specifically designed for generative AI. These solutions analyze and categorize web content based on predefined policies, allowing administrators to create rules that identify, then block sites related to generative AI. SWGs employ a combination of URL filtering, content inspection, and machine learning algorithms to accurately identify and categorize websites and tools associated with generative AI.

By blocking access to these resources, organizations can mitigate potential risks and prevent unauthorized or inappropriate use of generative AI technologies within their networks. SWGs provide a robust defense against potential security threats, ensuring that employees are unable to access generative AI sites or tools that may compromise data integrity, violate privacy regulations, or infringe upon intellectual property rights. In summary, SWGs offer an effective solution to block access to generative AI sites and tools, helping organizations maintain control and security over their network environments.

 

Learn more about ChatGPT security through Banyan SSE by scheduling a custom demo today.

The post ChatGPT Security: Discovering and Securing AI Tools first appeared on Banyan Security.]]>
ChatGPT Spearphishing: Social Engineering at Scale https://www.banyansecurity.io/blog/chatgpt-spearphishing/?utm_source=rss&utm_medium=rss&utm_campaign=chatgpt-spearphishing Sat, 27 May 2023 02:02:06 +0000 https://www.banyansecurity.io/?p=12463 Modern-day SDRs (sales development reps) perform acts of phishing for a living. Today’s business culture, especially in technology sales, accepts this as how business gets done. They do lead generation to identify their target company, cadence messaging to engage and interact with an individual at the target company, and finally, deliver the ‘payload’ — often […]

The post ChatGPT Spearphishing: Social Engineering at Scale first appeared on Banyan Security.]]>

ChatGPT Spearphishing

Modern-day SDRs (sales development reps) perform acts of phishing for a living. Today’s business culture, especially in technology sales, accepts this as how business gets done. They do lead generation to identify their target company, cadence messaging to engage and interact with an individual at the target company, and finally, deliver the ‘payload’ — often in the form of a calendar invite, a pdf spec sheet, or possibly a link to a product download.

An acquaintance of mine on LinkedIn recently inquired if anyone knew of a SaaS offering that was leveraging a Large Language Model (LLM) based AI to do lead generation, handle the cadence messaging, and set up delivery of the ‘payload.’ In the comments were several recommendations for such services with varying levels of maturity.

It bears repeating; this is phishing at its phinest and is perfectly legal!

ChatGPT is conversational AI leveraging vast amounts of training on linguistic data in order to perform a realistic discussion on a topic. This technology, still in its nascent form, is already quite useful. I have co-written blogs with it, students are co-writing term papers (ahem), and even my dad used it to help write some flowery poetry about a certain politician he doesn’t agree with. The usefulness is undeniable. Today it is quite expensive to run, but all such technologies will become dramatically cheaper with time, either by efficiency gains, less sophistication, or novel breakthroughs.

The security implications are profound and easy to imagine; it seems just a touch of paranoia is added to any discussion about conversational or generative AI.

 

A Phony Phish with ChatGPT + LinkedIn

Say you’re an employee at a corporation getting a LinkedIn message from a recruiter, one with an opportunity that matches your experience and is personalized with references to your specific background. There is even some flattery mixed in (all you have to do is ask ChatGPT, and it will come up with some clever and sincere-sounding words). The employee responds, interested to hear more, and the recruiter asks for their email address to set up a call. The recruiter then sends a link to a scheduling platform to the employee’s personal email address, attaching whatever payload they want to utilize.

This not entirely a speculative scenario; it can be fully automated with a conversational bot and some basic coding skills. ChatGPT may have guardrails, and the API may be gated, but do not expect this technology to remain in the hands of scrupulous entities.

The key to social engineering is context and gaining the confidence of the target. Pretending to be someone trusted, the bad actor convinces the target to do some act, sometimes appearing innocuous — at other times, coercive. The scale at which these attacks will be launched using AI will be incredible to witness. Imagine LLMs trained on breached data from enterprises, giving them even more context and credibility.

We already live in a world where social engineering and phishing are cited as the top security concern among CISOs, and soon the malicious actors will have dramatically more firepower than they do today.

 

Phishing Defense with Security Service Edge

Today, SSE, or Security Service Edge, is the primary defense against phishing when even the best corporate phishing awareness training is done annually. There are several ways SSE is implemented: 

  • Blocking malicious domains: 
    • If an employee gets a phishing email that uses the domain getcalendly.com, Internet Threat Protection (ITP) should block a device trying to hit this domain.
    • ITP can be configured to block known phishing domains that have been flagged globally. ITP can also block newly registered domains, which are often created to take advantage of trending domains.
  • Making sure the security posture of the device is sound:
    • The Banyan app can ensure that certain endpoint security applications are running. 
    • Easy ingestion of Endpoint Detection & Response (EDR) signals by an SSE solution prevents attackers from introducing new devices to access protected services.
    • An example EDR signal is one that confirms the device is registered with the EDR solution, which means it is running the EDR agent and successfully reporting its state.
    • A simple SSE policy can deny access to any services if a device is not running the EDR agent or if the device trust level itself is not in “good standing” with the EDR (e.g., out of compliance or otherwise compromised).
  • Leveraging certificates and Multi-Factor Authentication (MFA) to validate identities: 
    • A compromised admin device could not be switched to be used by a newly created Okta identity an attacker has generated if the existing device certificate already contains user claims.
    • The login certificate on a compromised admin device expires within a certain time period (e.g., 24 hours) and would need to be refreshed via a new logon.

 

Limit Exposure to ChatGPT Spearphishing

While email filtering can help minimize phishing email exposure, attacks coming from other applications (like LinkedIn or Twitter) should also be protected against. These sophisticated attacks are becoming harder to detect for even the sharpest cyber security practitioner, leading to a great dependence on solutions that work. With a solid SSE solution that focuses on least privilege access models and integrates with endpoint security products, enterprises can limit exposure to attacks and restrict damage when breaches occur or are attempted. Similar to how attackers are making use of AI-based tools, security vendors are also evolving their offerings to take advantage of next-generation AI to build intelligence in their threat detection and response models..

The post ChatGPT Spearphishing: Social Engineering at Scale first appeared on Banyan Security.]]>
VPNaaS 101: Part 3 – Tunnel Discovery and Configuration https://www.banyansecurity.io/blog/tunnel-discovery-configuration/?utm_source=rss&utm_medium=rss&utm_campaign=tunnel-discovery-configuration Tue, 09 May 2023 15:00:54 +0000 https://www.banyansecurity.io/?p=12060 When you're trying to configure a tunnel, you want to make sure that it's as specific and granular as possible to ensure least-privilege access. This 3-minute demo covers basic tunnel discovery and configuration to get your VPNaaS up and running as quickly as possible.

The post VPNaaS 101: Part 3 – Tunnel Discovery and Configuration first appeared on Banyan Security.]]>

In the third part of our VPN as-a-service (VPNaaS) video blog series, Ashur Kanoon takes us through a 3-minute tunnel discovery and configuration using Banyan Security.

[Transcript] In this video, we’re going to look at tunnel discovery for a VPN as-a-service (VPNaaS).

Tunnel Discovery

When you’re trying to configure a tunnel, you want to make sure that it’s as specific and granular as possible to ensure least-privilege access. You can see we have a few different tunnels configured. One of them is full tunnel, and this is typical for administrators, but you should not be using this for your standard users. For user tunnels, you wanna configure access to a specific server using IP address or domain, a specific protocol and a specific port only. We know organizations that deploy layer three often don’t know which of their users is accessing what internal resource. With tunnel discovery, you can learn exactly who’s accessing what, and then you can create a policy to lock down that network or access to that system. The tunnel discovery will find systems based on IP addresses and domains depending on how they’re being accessed.

VPN Configuration

It will also show the protocol and the port that is being accessed. Let’s look at an example here: you can see that there is access to a server with a 99 IP address, Using port 443 and the TCP protocol, we can also see who the user is and what device they’re coming from. Now we can go back to our Service Tunnel policies and either modify an existing one to add the system, or we can create a new one for a very specific set of users that allow access only to the system. Another option is to find systems based on DNS records or domains. This is especially helpful with SaaS applications. Here’s an example for Salesforce:

Banyan Security is here to make configuring VPNaaS easy to deploy in your organization – attend our weekly live demo to ask all your questions and see how we can help.

The post VPNaaS 101: Part 3 – Tunnel Discovery and Configuration first appeared on Banyan Security.]]>
VPNaaS 101: Part 2 – VPNaaS Tunnel Demo https://www.banyansecurity.io/blog/vpnaas-tunnel-demo/?utm_source=rss&utm_medium=rss&utm_campaign=vpnaas-tunnel-demo Mon, 08 May 2023 23:26:10 +0000 https://www.banyansecurity.io/?p=12053 In this 5-minute video blog, Ashur Kanoon takes us through VPN as-a-service (VPNaaS); see how easy it is from configuration to deployment in this short VPNaaS tunnel demo.

The post VPNaaS 101: Part 2 – VPNaaS Tunnel Demo first appeared on Banyan Security.]]>

In this 5-minute video blog, Ashur Kanoon takes us through VPN as-a-service (VPNaaS); see how easy it is from configuration to deployment in our VPNaaS tunnel demo.

[transcript] Welcome to the Banyan Security VPNaaS demo. In this demo, you’ll see from deployment all the way to end user experience. So first, let’s talk about how you quickly deploy this after you get a domain. The next thing that needs to be done is to either deploy an access tier or a connector. And I’m going to show you how to deploy a connector in any network you want…and how quickly it is.

 

Creating a Connector

So I select Create a Connector. I’ll just call it AshMacC2, and I’ll leave everything else as default. Select Continue, and I’ll go ahead and use the Docker Container install (but there is a TarBall Installer option). There’s ways to install this in Windows Server, and there are ways to install this in different cloud service providers. So in this case, there are a couple of commands to copy. I’m going to copy the first set, hit Enter, copy the second set, hit Enter, put my password. And it’s pulled all of the connector software that it needs, and it’s configured it. So we’ll see it in a second.

All right, so now that it’s connected and reporting, I’m going to say it’s done. So now we have a connector. This is running on my Mac in Docker. Uh, you can actually see it here, AshMacC2. So now I can start configuring services to make everything on my home network accessible. But since we already have this all configured, we’re gonna go ahead and take a look at how it’s working and we’re using the access tiers. These can be configured anywhere. We have a couple that are in aws, some that are in Google Cloud. But let’s take a look at how the stuff gets configured.

 

Service Tunnel

So first we’re gonna go to Manage Services > Service Tunnel, and we’ll look at something that’s already configured and running. So the one I’m going to look at is Datacenter: so once you go to Manage Services > Service Tunnel, there’s a few things to point out. This is the Service Tunnel Name. This will be AutoRun once I log in. And then at the bottom, these are all the things that should be accessible. So there’s a couple internal subnets, there’s a few private IP addresses, there’s some public stuff. So if we want to route things like Salesforce you can have it where all of that domain traffic is going over the tunnel. You don’t have to worry about IP addresses and so on. In terms of access permissions, this will be tied to a policy and we’ll show that in a second. We do have the service tunnel configured. Now let’s go look at the policy. In this case, the Datacenter restricted policy is the one that we are looking at.

 

Roles

And here we can create multiple roles: these roles could be based on device and user trust levels. It can also be done on roles. We can configure the port, the protocol IP addresses, CIDR or subnets and FQDNS that this particular access group can access. So there will be multiple access groups that are allowed to use this tunnel and you can configure each one differently. So in this case, these are admins and users. So they get access to a lot more than, let’s say, your contractor. And this example contractor: we have TCP access for specific ports for specific internal devices. That’s it. So it’s really granular what type of tunnel you can do. We never back haul everything. The tunnel is not always on. It’s really only specifically used for what’s needed.

So now let’s take a quick look at the end user experience. So I have my client here. This is my organization. I go to log in. Again, I don’t have to decide what I’m connecting to. I click on log in, it’ll log me in, and now my data center tunnel, which was the tunnel that we looked at earlier. Right here, this is what we’re connecting to. So now as a user with a high trust level, I’ll be able to access all the things that is available to my specific User Group, Device Identity and Device Trust. And another cool thing: if we go to dashboards, you can quickly see who’s accessing what. So here’s the Datacenter Tunnel:  Most of our connections are coming from a high level of device trust, and most of them are coming from MacOS. And if I need to get more information, I can click through all this stuff.

Thanks for watching this demo. In Part 3, we’re going to take a look at how you go from a layer three tunnel to really granular access using device discovery. Part 1 is where we discussed VPNaaS with a general overview. Thank you.

Banyan Security is here to make configuring VPNaaS easy to deploy in your organization – attend our weekly live demo to ask all your questions and see how we can help.

The post VPNaaS 101: Part 2 – VPNaaS Tunnel Demo first appeared on Banyan Security.]]>
VPNaaS 101: Part 1 – Migrating to VPNaaS https://www.banyansecurity.io/blog/migrating-to-vpnaas/?utm_source=rss&utm_medium=rss&utm_campaign=migrating-to-vpnaas Thu, 04 May 2023 19:29:22 +0000 https://www.banyansecurity.io/?p=12006 So what is VPNaaS? It’s VPN as-a-service: a VPN that’s hosted without having to deploy traditional VPN appliances. This blog covers the benefits and considerations of migrating to VPNaaS, like cost, flexibility, and scalability.

The post VPNaaS 101: Part 1 – Migrating to VPNaaS first appeared on Banyan Security.]]>

Let’s look at migrating to VPNaaS (VPN as a Service) and examine the benefits and considerations for migration. Watch Ashur Kanoon below as he demonstrates the key factors you should be keeping in mind (plus considerations other vendors might hide).

[transcript] So what is VPNaaS? It’s basically VPN as-a-service: something that’s hosted without having to deploy traditional VPN appliances. So what are some of the advantages? One: scalability. VPN as-a-service allows organizations to quickly and easily scale up and down without having to buy, rack, then stack hardware. It’s also cost-effective. You don’t need to buy the hardware, the licenses, you don’t have to buy, then rack, stack… It’s all in the cloud for you. You just have to basically configure and typically support is bundled in.

Access Anywhere Anytime

It’s easily accessible because usually these are cloud-based, so they’re deployed everywhere. You can access them from anywhere you want. And there’s also typically POPs in China for organizations that have offices there and need to get past the Great Firewall. There’s also easy management; so with VPN as a service, there’s typically a central place to administer the whole infrastructure, and this just frees up IT resources to do other tasks. From a security perspective, with VPNaaS, there are usually more robust security measures. Think about what you have to do today for the VPN appliance…from a firewall perspective, all of that stuff is taken care of for you, and when deploying updated ciphers, all that stuff can be done without having to upgrade or install any FIPS modules or anything like that.

Ultimate Flexibility in Deployment

VPNaaS is also very flexible, meaning there’s a wide range of options and configurations. It really allows you to deploy this as you wish in many different places. In terms of deployment: rapid deployment is also another huge benefit to VPNaaS. Typically you can get VPN as-a-service system up and running in minutes. These can be deployed using like virtual appliances in marketplaces or just a few sets of commands that run on your standard Linux boxes. Now let’s take a look at some considerations when migrating. So the first one is the network architecture. You can basically deploy a VPN as-a-service in many different ways. A lot of times, most of the components are cloud-based, and then there might be a connector that you have to deploy…and these connectors can run anywhere: on-prem, or in your cloud service provider.

Be Mindful of Bandwidth

You should also think about bandwidth requirements. Some VPNaaS have limitations. Depending on what you want to do, you have to make sure that those bandwidth requirements can be met using something in the cloud, and you’re not going to be charged extra for bandwidth consumption. The next consideration: can the VPN as a service integrate with your existing systems? You probably have things for authentication, maybe MDM and EDR. So you want to make sure what you’re migrating to can also support that because you don’t want to have to take a step back.

Compliance Considerations

Don’t forget data privacy and regulations: if you are in an industry that requires some compliance, you want to make sure that data is stored where you think is best, and you also want to make sure that your corporate data isn’t being decrypted, analyzed and then re-encrypted. This is often happening with organizations that are SWG-led, meaning they initially had a SWG (and they decrypt all the traffic). You also want to make sure that the VPN as a service has a client or agent on the platforms that you are using today. Sometimes you’ll see that the new offering is desktop only or it’s missing [for example] a Linux application or agent. You want to also make sure that the new VPN as a service has some training. Typically, these should be very easy to deploy, but in some cases they’re not. You need to train your IT team so that they can deploy rather quickly, and in the scenarios where something happens, you also want to check on support. Some organizations have requirements for in-region support.

Banyan Security is here to make migrating to VPNaaS easy to deploy in your organization – schedule a custom demo today to see how quickly we deploy.

The post VPNaaS 101: Part 1 – Migrating to VPNaaS first appeared on Banyan Security.]]>
What use cases can be solved by ZNTA? https://www.banyansecurity.io/blog/what-use-cases-can-be-solved-by-zero-trust-network-access/?utm_source=rss&utm_medium=rss&utm_campaign=what-use-cases-can-be-solved-by-zero-trust-network-access Tue, 28 Mar 2023 13:00:50 +0000 https://www.banyansecurity.io/?p=11560 “Zero Trust” is a cybersecurity framework and philosophy that assumes no user, device, or network can be inherently trusted. Instead, it requires the verification of every user and device attempting to access resources on a network, regardless of their location, whether they are inside or outside the organization’s perimeter. Zero Trust Network Access (or ZTNA) […]

The post What use cases can be solved by ZNTA? first appeared on Banyan Security.]]>

“Zero Trust” is a cybersecurity framework and philosophy that assumes no user, device, or network can be inherently trusted. Instead, it requires the verification of every user and device attempting to access resources on a network, regardless of their location, whether they are inside or outside the organization’s perimeter.

Zero Trust Network Access (or ZTNA) thus assumes that any user or device accessing the company network or resources must be validated, regardless of their location, before granting a secure access connection.

Some of the use cases that ZTNA can solve include:

Remote access: ZTNA enables secure, “work from anywhere” access to applications and resources for employees, partners, and contractors. As organizations embrace remote work and cloud-based services, ZTNA provides a more flexible and scalable security solution, ensuring secure access to resources regardless of user location or device type.

Secure application access: By implementing least-privilege access, ZTNA ensures that users can only access the applications and resources they need to do their jobs, thus reducing the attack surface and risk of lateral movement.

BYOD (Bring Your Own Device) support: ZTNA can be used to provide secure access to corporate resources, even when the accessing device is a personal one, while also maintaining privacy and reducing the risk of data leaks.

Compliance and regulatory requirements: ZTNA can help organizations meet various compliance and regulatory requirements by providing granular access control, detailed audit logs, and security analytics.

Cloud security: ZTNA is well-suited to the growing adoption of cloud services. As organizations move their applications and data to the cloud, ZTNA can help provide secure access and protect these resources from unauthorized access and data breaches.

Mergers and acquisitions (M&A): ZTNA can make it dramatically easier and faster to provide for the access needs of workers from a newly acquired company. Rather than connecting a relatively “unknown” network to your existing corporate network, ZTNA can be used to safely and quickly provide granular access to needed applications and resources without any of the risk associated with connecting to an unknown network.

Secure access for third-party vendors: ZTNA can provide temporary (or long-term), limited access to specific applications and resources for third-party vendors, reducing the risk of unauthorized access or data breaches. ZTNA enables organizations to grant temporary, limited access to specific resources for third-party vendors without exposing an entire network, thereby reducing the risk of unauthorized access or data breaches.

Micro-segmentation: ZTNA helps organizations to create granular network segments, limiting lateral movement, and isolating potential threats. By isolating network segments, an attacker who gains access to one segment will find it more difficult to move to other segments, thus containing the potential damage.

Incident response and threat containment: In the event of a security breach or incident, ZTNA limits the potential damage caused by the attacker, as lateral movement is significantly reduced in such an environment. For example, ZTNA provides for granular control over who can access specific resources, reducing the risk of unauthorized access or data leaks. Using device trust further limits risk by ensuring secure access is only granted when the user is making their request from a uniquely identified device with an acceptable posture.

As you can see, ZTNA solves many problems, delivering numerous benefits. Best of all, with the Banyan Security Platform, you can deploy incrementally, with a single use case. For example, provide your third party development team with ZTNA-based access to the applications and resources they need. Banyan would love to chat with you about your use cases, and how we might help you progress in adopting a zero trust posture.

The post What use cases can be solved by ZNTA? first appeared on Banyan Security.]]>
Internet Threat Protection Advanced Functionality https://www.banyansecurity.io/blog/internet-threat-protection-advanced-functionality/?utm_source=rss&utm_medium=rss&utm_campaign=internet-threat-protection-advanced-functionality Thu, 16 Feb 2023 14:00:22 +0000 https://www.banyansecurity.io/?p=11157 Protecting users against malicious sites and enabling acceptable use policy (AUP) may be accomplished using some basic tools, however, modern organizations don’t have the resources or time to discover, track, and analyze millions of domains. Banyan Security’s Internet Threat Protection (ITP) has some advanced functionality that not only makes this easier but also enhances usability […]

The post Internet Threat Protection Advanced Functionality first appeared on Banyan Security.]]>

Protecting users against malicious sites and enabling acceptable use policy (AUP) may be accomplished using some basic tools, however, modern organizations don’t have the resources or time to discover, track, and analyze millions of domains. Banyan Security’s Internet Threat Protection (ITP) has some advanced functionality that not only makes this easier but also enhances usability and takes advantage of existing safeguards built into software your users are already using.

Let’s quicky highlight a few.

SafeSearch Enforcement

SafeSearch is a filtering technology developed and used by search engines to block inappropriate or explicit content from search results. It is designed to be a tool that parents, teachers, and adults can use to protect children and others from seeing explicit content online. This technology works by automatically filtering out websites and images that contain certain keywords or phrases associated with adult content. This means that when someone searches for something using a SafeSearch-enabled search engine, they won’t see any inappropriate content in the results.

YouTube also has a “Restricted Mode”, which is an optional setting that you can use on YouTube. This feature can help screen out potentially mature content that you or others using your devices may prefer not to view.

Computers in libraries, universities, and other public institutions may have SafeSearch and Restricted Mode turned on by a network administrator.

Banyan’s app will make sure that only SafeSearch-enabled search engines are accessible.

Blocking by Threat Type

Blocking by categories such as gambling and pornography helps for acceptable use policy (AUP), however, most organizations are more concerned about protecting against threats. Banyan’s ITP allows blocking based on known threat domains. This service is continuously and dynamically updated as threats are discovered globally.

The following is a list of the types of threats we block:

  • Botnet – Command and Control botnet hosts. Prevents receiving commands for already infected machines. Helps identify infected machines.
  • Cryptomining – Sites which serve files or host applications that force the web browser to mine cryptocurrency, often utilizing considerable system, network, and power resources.
  • Malware – Malicious software including drop servers and compromised websites that can be accessed via any application, protocol, or port. Includes drive by downloads and adware.
  • New Domains – Domains which have been registered in the last 30 days, which have a high probability of serving malicious resources.
  • Phishing & Deception – Fraudulent websites that aim to trick users into handing over personal or financial information.
  • Proxy & Filter Avoidance – Sites that provide information or a means to circumvent DNS-based content filtering, including VPN and anonymous surfing services.
  • Translation Sites – Sites that perform translation from one language to another, usually performed by a computer. May also be used as a means to circumvent content filters.
  • Very New Domains – Domains which have been registered in the last 24 hours, which have a high probability of serving malicious resources.

 

Note that any time a blank policy is used to block domains in bulk, whitelisting some sites may be required. For example, a policy may say “block all translation sites” but allow the specific site https://translate.google.com.

Filter Schedules

Depending on the device type (corporate-owned or BYOD), your organization may want to create policies that are enabled only during working hours. This will allow for privacy on devices that are BYOD or for organizations that allow personal browsing during non-business hours.

More on Internet Threat Protection

To learn more about how to jumpstart your journey to a Security Service Edge (SSE), visit https://www.banyansecurity.io/.

The post Internet Threat Protection Advanced Functionality first appeared on Banyan Security.]]>
How Behavior Plays into Authentication and Authorization https://www.banyansecurity.io/blog/how-behavior-plays-into-authentication-and-authorization/?utm_source=rss&utm_medium=rss&utm_campaign=how-behavior-plays-into-authentication-and-authorization Tue, 20 Dec 2022 14:00:27 +0000 https://www.banyansecurity.io/?p=10021 In the dynamic world of cybersecurity, ‘authentication and authorization’ are not just buzzwords; they are essential pillars. These processes should be multifaceted, moving beyond basic username or group-based methods. This is where the integration of User and Entity Behavior Analytics (UEBA) becomes crucial, offering a more nuanced look at not just user actions but also […]

The post How Behavior Plays into Authentication and Authorization first appeared on Banyan Security.]]>

In the dynamic world of cybersecurity, ‘authentication and authorization’ are not just buzzwords; they are essential pillars. These processes should be multifaceted, moving beyond basic username or group-based methods. This is where the integration of User and Entity Behavior Analytics (UEBA) becomes crucial, offering a more nuanced look at not just user actions but also device behaviors.

What are the additional factors to consider in this context?

Let’s start with the evolution of CAPTCHA, a familiar challenge-response test. CAPTCHA has evolved from simple image recognition to analyzing user interaction patterns, such as the time taken to respond, scrolling behavior, and the methods used to select images. These enhancements are crucial in distinguishing between human and automated bot interactions, fortifying the first line of defense in ‘network security’.

Beyond CAPTCHA, numerous behavioral factors play a significant role:

  • Time of day: there are business hours, but these business hours may not be the same for sales or engineering for example. Folks in DevOps may be logged in at 2 a.m. Sunday morning to push out a maintenance release.
  • Day of week: similar to time of day, there may be typical business days of work, but these may not be the same for all employees.
  • Location:  where is the remote user logging in from? With integrations into HR systems, checks can also be done to see if the location matches with the city, state, and/or country that the user has given. There are also known “bad actors” which direct traffic from certain locations and those may raise red flags quickly. This factor should also include adjusting time of day/day of week if the end user has permanently moved or is traveling.
  • Applications access: which applications does this group or type of user typically use?
  • Direction of traffic: is the end user mostly consuming an internal website? Do they typically just upload or edit a document? Are they now downloading documents a few days before their last day of employment? Again, an integration with the HR system may help catch some of these anomalies.
  • Volume of traffic: most job functions have a “standard” range of traffic volume. If you’re doing video editing, you’ll mostly like have more traffic than the person working on an Excel spreadsheet. Baselining the volume traffic and then tracking and looking for anomalies will help detect employees trying to take intellectual property before they leave or even worse, hackers that have gained access to systems.

Establishing a baseline for these behaviors is imperative. This involves continuous learning about individual user patterns and adapting to changes, such as seasonal variations or shifts in work routines.

So, how is this information utilized?

  • Learning versus enforcement modes: during the initial learning time as you baseline behavior, you don’t want to flag everything as an anomaly. However, as an admin setting policies you’ll also want to know what happens once you enable enforcement.
  • Logging anomalies: all anomalies should be logged and shown in log files. Logs needs to be captured in UTC and normalized so that they are easier to read across regions. Anomalies should also be adjusted for severity and effect on access.
  • Automatically reacting to anomalies: Once an anomaly is detected, the system should automatically react without needing analysis and action from a human. Multi-factor authentication (MFA) and sending out email/SMS challenges may be step one. Stepping down access may also be another form of immediate action. Allowing an admin to “acknowledge” an anomaly later may also be considered so that admins are aware of each anomaly, again, to help adjust policies.
  • Advantages of a client to learn “offline” behavior: some systems only capture behavior when you’re connected to it. To get the best overall baseline of user and entity behavior, the system should always be looking at behavior. A client will also be able to detect software like keystroke loggers and other software that may be capturing credentials or trying to intercept system or network calls.

Interested in a deeper dive into how Banyan Security leverages these strategies to enhance ‘cybersecurity’? Schedule a demo and explore the advanced layers of security we provide at Banyan Security Demo Request.”

The post How Behavior Plays into Authentication and Authorization first appeared on Banyan Security.]]>
Enabling BYOD and Unregistered Devices https://www.banyansecurity.io/blog/enabling-byod-and-unregistered-devices/?utm_source=rss&utm_medium=rss&utm_campaign=enabling-byod-and-unregistered-devices Thu, 15 Dec 2022 14:00:04 +0000 https://www.banyansecurity.io/?p=10012 With Black Friday and Cyber Monday out of the way and the holidays right around the corner, IT folks are preparing to get the usual “new device” calls and helpdesk tickets. With over $9B spent on Black Friday itself, you can pretty much guarantee some of your co-workers got a new computer or mobile device. […]

The post Enabling BYOD and Unregistered Devices first appeared on Banyan Security.]]>

With Black Friday and Cyber Monday out of the way and the holidays right around the corner, IT folks are preparing to get the usual “new device” calls and helpdesk tickets. With over $9B spent on Black Friday itself, you can pretty much guarantee some of your co-workers got a new computer or mobile device. While bring your own device (BYOD) isn’t a new concept, enabling BYOD boosts employee productivity in several ways. The days when corporations would flatly ban the use of non-corporate-issued devices due to compliance reasons are waning, as most have seen the advantage of allowing users to bring their own devices and using them quickly and naturally at work.

Devices can be categories in two groups:

  1. Registered Devices are desktops (macOS, Windows, Linux) and mobile devices (iOS, Android) that have a Trusted Device Certificate in their keychain. These devices have been enrolled in the system and the organization/zero trust solution is aware of them. The Trusted Device Certificate also has information about the identity of the user that has enrolled the device, allowing for user and device identity to be part of the authentication and authorization equation.
  2. Unregistered Devices are desktops and mobile devices that do not have a Trusted Device certificate in their keychain. They may be unknown devices, especially the first time they are used.

Notice that we are not necessarily saying that an unregistered device is untrusted. We take a look at how unregistered devices can become “trusted” while on the path to becoming fully registered devices.

Organizations should have the ability to whitelist devices and then allow for self-service so that an end-user can get to corporate enrollment services or to specific services that are behind an identity-aware proxy. The whitelisting is accomplished by using the known, public IP address of the device. An end user can access sites like whatismyip.com and send their public IP address to an administrator. The admin will add the public IP address to the whitelist which will be used by security policies to allow this end user access only from that specific public IP. The addition of this IP address to the whitelist should ideally be temporary; to provide access to a resource while still “unregistered”, and being removed from the whitelist immediately afterward. We’ll discuss the benefits of registered devices later.

Allow Unregistered Devices to Access Services image

With the whitelist in place, the organization has the above option to enable the enrollment service access as well as the ability to create custom redirects to other services. These services may be for the enrollment with an Identity Provider (IdP) or multi-factor authentication (MFA).

Allow Unregistered Devices to Receive an HTTP Response image

Moreover, some lower-risk services, may be made available for registered and unregistered devices based on a granular policy. Both types of devices will be visible to the administrator, along with the associated user.

Unregistered Devices Directory image

Enabling self-service to specific IP-source devices means enabling productivity quickly and will help most users avoid having to call IT to get help with new devices. As a best practice, you should always create policies that ensure that medium and high-risk resources are only accessible from known, registered, healthy, and compliant devices regardless of if they are BYOD or corporate-issued.

The ultimate goal should be to have all devices be registered, with the ability to allow unregistered devices as a pathway to that goal. Why? For the end user, having a registered devices means possibly getting access to additional resources that help them become more productive. Also, the Banyan app provides a Service Catalog that lets them know exactly what resources they can access. For the organization and the administrator, there are more possibilities for visibility and policy enforcement of those devices. Also, with our Remote Diagnostic functionality, which is built-in to the Banyan app, the admin can quickly address issues that may come up without requiring the end user to do anything to help in the troubleshooting.

To schedule a demo and see how easily you can support BYOD, visit https://www.banyansecurity.io/demo-request/.

The post Enabling BYOD and Unregistered Devices first appeared on Banyan Security.]]>
The FACTS about Banyan’s New Granular Trust Scoring https://www.banyansecurity.io/blog/the-facts-about-banyans-new-granular-trust-scoring/?utm_source=rss&utm_medium=rss&utm_campaign=the-facts-about-banyans-new-granular-trust-scoring Thu, 10 Nov 2022 14:00:55 +0000 https://www.banyansecurity.io/?p=9918 Banyan Security is ecstatic to introduce phase 2 of our Granular Trust Scoring (GTS) feature set. Phase 2 includes the ability to create a Trust Profile. Trust Profiles allow an admin to assign trust factors to different groups of devices, with available assignment criteria of; user groups, serial numbers, operating systems, MDM management, and device […]

The post The FACTS about Banyan’s New Granular Trust Scoring first appeared on Banyan Security.]]>

Banyan Security is ecstatic to introduce phase 2 of our Granular Trust Scoring (GTS) feature set. Phase 2 includes the ability to create a Trust Profile. Trust Profiles allow an admin to assign trust factors to different groups of devices, with available assignment criteria of; user groups, serial numbers, operating systems, MDM management, and device ownership.

The F.A.C.T.S.

The term ‘trust’ is a cemented industry concept within IT organizations used to describe the backbone of Zero Trust Architecture (ZTA). Afterall, security and networking teams have been devising methods to trust devices for years.

With ZTA, trust isn’t so straightforward. You cannot simply place computers into a secured network and call it a day as it violates the fundamentals of ZTA. Instead, ZTA warrants the need for organizations to collect signals from devices, users, applications, etc. to determine the trust of the devices registered to the organization.

As a result, Banyan introduced Trust Scoring to alleviate ambiguity of ‘trust’ as organizations adopt ZTA throughout their own ecosystem. As we spoke with adopters of our trust scoring process, we realized some F.A.C.T.S about trust:

Flexibility

Analysis of Trust Factors must be flexible. Organizations can’t globally adhere to Trust Factors as IT organizations manage a multitude of versions of devices and employee types (vendors, contactors, etc.) that require unique rulesets.

Applicability

Trust factors must be useful in determining the trust of a device. For example, it’s useful to know which factors apply only to mobile devices (e.g., Not Jailbroken) and which only apply to desktop devices (e.g., Firewall).

Clarity

Assessing Trust of devices and services requiring trust must be crystal clear in order for organizations to feel confident in their deployment of Trust Scoring.

Transparency

Understanding the Trust Scoring calculation is imperative to admins and allowing configurability provides complete transparency.

Supportability

The capability to understand what factors are not compliant on an end user’s device and what specific steps are needed to satisfy/remediate them is paramount to adopting Trust Scoring.

Introducing Trust Profiles (GTS)

Historically, Banyan struggled to provide the flexibility required for customers to fully consume our device trust scoring feature set. That has since changed with the release of Trust Profiles. Trust Profiles allow admins to assign different devices to trust factors. The assignment can be based on the following (all additive):

banyan security Trust Profile Screenshot

After creating the assignment, admins can then add which Trust Factors will be evaluated to the devices assigned to the Trust Profile. All existing Trust Factors will remain, including the ability to set the Trust Effect. Once completed the admin can set the priority of the Trust Profile.

How Trust Profiles help with the F.A.C.T.S.

Anyone working on bringing something to the masses knows that there seems to be endless edge cases and that each customer seems to be a unique snowflake when it comes to technology. Trust profiles have the flexibility required to deliver Banyan’s leading Trust Scoring feature across an organization by providing extensive assignment criterion. All while delivering clarity as to which devices are assigned to the Trust Factors deemed important by the organization. Furthermore, Trust Profiles layers on top of the existing Trust Effect feature we released last month enabling transparency across a device fleet by having the admin control the effect of each trust factor within a Trust Profile. Lastly, by layering Trust Effect within Trust Profiles, it expands the applicability of Trust Scoring throughout a customer’s organization without compromising the supportability needed to adopt the new security control.

Experience the Banyan Security Difference

Traditionally, customers have only ever dreamed of enabling some sort of mechanism to evaluate the security posture of their device fleet. With Trust Profiles, the blockers preventing this dream from being realized are moot, and we encourage everyone to give it a try. No additional software is needed, simply enroll a device and create a Trust Profile.

Try it out for yourself, and sign up for Banyan’s free Team Edition.

Additional Information

Banyan Security maintains a rich repository of product documentation, including information regarding today’s subject matter including a Trust Score Overview and further details about Trust Effect and Trust Profile.

The post The FACTS about Banyan’s New Granular Trust Scoring first appeared on Banyan Security.]]>