Far too often, news of data breaches is accompanied by details of the failures in network security that allowed a hacker access to confidential data. Many of these failure are avoidable with adequate precautions such as a spam email filter and mechanism for controlling access to the Internet.
Almost as many breaches in network security can be attributed to poor employee training. Password sharing, unauthorized downloads and poor online security practices can result in hackers gaining easy access to a network and extracting confidential data at will.
It has been well chronicled that hackers will bypass organizations with strong network security and turn their attention to fish that are easier to catch. Make sure your organization does not get caught in the net – implement appropriate web filters and educate your employees on the importance of network security.
Network segmentation is the act of dividing a computer network into smaller physical or logical components. Two devices on the same network segment can then talk directly to each other. For communication to happen between segments, the traffic must flow through a router or firewall. This passage allows for traffic to be inspected and security policies to be applied.
Network segmentation is one of the mitigation strategies in terms of protecting against data breaches and multiple types of cyber security threats. In a segmented network, device groups have the connectivity required for legitimate business use only. The ability of ransomware to spread is greatly restricted. However all too often organizations operate an unsegmented network.
Network segmentation can also help to boost performance. With fewer hosts on each subnet, local traffic is minimized. It can also improve monitoring capabilities and helps IT teams identify suspicious behavior.
If you follow network segmentation best practices and set up firewall security zones you can improve security and keep your internal network isolated and protected from web-based attacks.
Network Segmentation Security Benefits
There are many benefits to be gained from network segmentation, of which security is one of the most important. Having a totally flat and open network is a major risk. Network segmentation improves security by limiting access to resources to specific groups of individuals within the organization and makes unauthorized access more difficult. In the event of a system compromise, an attacker or unauthorized individual would only have access to resources on the same subnet. If access to certain databases in the data center must be given to a third party, by segmenting the network you can easily limit the resources that can be accessed, it also provides greater security against internal threats.
Best Practices for Network Segmentation
Most businesses have a well-defined network structure that includes a secure internal network zone and an external untrusted network zone, often with intermediate security zones. Security zones are groups of servers and systems that have similar security requirements and consists of a Layer3 network subnet to which several hosts connect.
The firewall offers protection by controlling traffic to and from those hosts and security zones, whether at the IP, port, or application level. There are many network segmentation examples, but there is no single configuration that will be suitable for all businesses and all networks, since each business will have its own requirements and functionalities. However, there are network segmentation best practices that should be followed. We have outlined these and firewall DMZ best practices below.
Suggested Firewall Security Zone Segmentation
Suggested Firewall Security Zone Segmentation
In the above illustration we have used firewall security zone segmentation to keep servers separated. In our example we have used a single firewall and two DMZ (demilitarized) zones and an internal zone. A DMZ zone is an isolated Layer3 subnet.
The servers in these DMZ zones may need to be Internet facing in order to function. For example, web servers and email servers need to be Internet facing. Because they face the internet, these servers are the most vulnerable to attack so should be separated from servers that do not need direct Internet access. By keeping these servers in separate zones, you can minimize the damage if one of your Internet facing servers is compromised.
In the diagram above, the allowed direction of traffic is indicated with the red arrows. As you can see, bidirectional traffic is permitted between the internal zone and DMZ2 which includes the application/database servers, but only one-way traffic is permitted between the internal zone and DMZ1, which is used for the proxy, email, and web servers. The proxy, email, and web servers have been placed in a separate DMZ to the application and database servers for maximum protection.
Traffic from the Internet is allowed by the firewall to DMZ1. The firewall should only permit traffic via certain ports (80,443, 25 etc.). All other TCP/UDP ports should be closed. Traffic from the Internet to the servers in DMZ2 is not permitted, at least not directly.
A web server may need to access a database server, and while it may seem a good idea to have both of these virtual servers running on the same machine, from a security perspective this should be avoided. Ideally, both should be separated and placed in different DMZs. The same applies to front end web servers and web application servers which should similarly be placed in different DMZs. Traffic between DMZ1 and DMZ2 will no doubt be necessary, but it should only be permitted on certain ports. DMZ2 can connect to the internal zone for certain special cases such as backups or authentication via active directory.
The internal zone consists of workstations and internal servers, internal databases that do not need to be web facing, active directory servers, and internal applications. We suggest Internet access for users on the internal network to be directed through an HTTP proxy server located in DMZ 1.
Note that the internal zone is isolated from the Internet. Direct traffic from the internet to the internal zone should not be permitted.
The above configuration provides important protection to your internal networks. In the event that a server in DMZ1 is compromised, your internal network will remain protected since traffic between the internal zone and DMZ1 is only permitted in one direction.
Risks of an Unsegmented Network
A real world example of an unsegmented network and resulting attack is the massive Target data breach of 2013. Reportedly, the Target breach had its origin in a phishing email opened by an employee at a small HVAC company that did business with Target. The malware lurked in the HVAC network for two months before moving on to attack the Target network.
Once inside they were able to move laterally through Target’s internal network, eventually installing malware on point-of-sale (POS) terminals throughout the stores. In the wake of the attack, Target implemented network segmentation to prevent the lateral movement that allows the attackers move with the system in this breach.
It’s no surprise a breach this huge is massively expensive and the cleanup represents an almost overwhelming challenge. Bloomberg BusinessWeek reported that Target spent $61 million through Feb. 1 on the breach.
The data of 110 million customers was compromised.
Over 100 lawsuits have been filed.
Banks have already spent $200 million related to the Target breach, and it’s unclear if there’s an even bigger payout on the horizon.
Effective network segmentation also makes it easier to detect signs of an attack. It’s not uncommon for a company’s Intrusion Detection System to generate such a large number of alerts that many go uninvestigated.
By concentrating on alerts related to sensitive parts of the network, security teams can prioritize incidents likely to be the most dangerous. Network segment traffic can also be monitored for unusual patterns or activity potentially indicating an attack.
Effective Network Segmentation is not enough
Many sectors including manufacturing, retail and industrial are prime target for cyberattacks. Often organizations in these sectors are not up to date in terms of implementing key cybersecurity controls in order to be prepared for advanced and evolving attack methods.
By adhering to network segmentation best practices, you can optimize network security. There’s no silver bullet to take down every attacker, but it’s possible to implement several layers of security that work together as a whole to defend against a myriad of attacks.
Layered Security to Prevent Data Breaches
Layered security allows for each security layer to compound with the others to form a fully functioning, complete sphere of security. The internal network (ideally segmented) and its data are surrounded by powerful, interwoven layers that an attacker must defeat. These layers make security much more complex for a successful breach.
Cybercriminals are already exploiting the lack of security at the DNS layer to conduct phishing attacks and gain access to proprietary enterprise data. Not securing the DNS layer is making it far too easy for hackers to take advantage. Securing the DNS layer is a straightforward process that requires no additional computer hardware or even any software installations. Many vendors now offer cloud based DNS filtering solutions that can be set up in minutes.
Isn’t it about time you started securing the DNS layer and making it much harder for cybercriminals to compromise your network? If you’re looking to get enterprise-grade protection from malware and phishing, check out WebTitan Cloud DNS filtering today.
What does network segmentation mean?
Network segmentation is concerned with dividing a network up into smaller segments called subnets. This can improve network performance and is important for security. By using firewalls between each segment, you can carefully control access to applications, devices, and databases and can block lateral movement in the event of a successful cyberattack.
What is logical network segmentation?
Logical network segmentation is a popular way of segmenting a network. Instead of segmenting physical parts of the network such as routers and access points, logical segmentation uses concepts built into network infrastructure for segmentation, such as creating virtual local area networks (VLANS) that may share physical hardware.
Is network segmentation necessary for PCI compliance?
Organizations that store, process, and/or transmit cardholder data must comply with PCI DSS. One of the requirements is to use network segmentation to keep the cardholder data environment (CDE) separate from other parts of the network. Through network segmentation, organizations can isolate credit card data from all other computing processes.
Can network segmentation protect against ransomware attacks?
Network segmentation is a best practice that can help to reduce the damage caused by a malware or ransomware attack. If a computer is compromised, attackers will attempt to more laterally and access other devices and parts of the network. With network segmentation, lateral movement is much harder, so it is easy to contain malware and limit file encryption by ransomware.
What are the main benefits of network segmentation?
There are three main benefits of network segmentation. First is security. It reduces your attack surface and limits lateral movement in the event of a breach. Second, you can improve network performance, as traffic will be confined to the part of the network where it is required. Thirdly, it makes compliance easier by allowing you to separate regulated data from other computer systems.
DNS filtering – or Domain Name System filtering to give it its full title – is a technique of blocking access to certain websites, webpages, and IP addresses. The DNS is what allows easy to remember domain names to be used – such as Wikipedia.com – rather than typing in very difficult to remember IP addresses – such as 188.8.131.52. The DNS maps IP addresses to domain names to allow computers to find web resources.
When a domain is purchased from a domain register and that domain is hosted, it is assigned a unique IP address that allows the site to be located. When you attempt to access a website, a DNS query will be performed. Your DNS server will look up the IP address of the domain/webpage, which will allow your browser to make a connection to the web server where the website is hosted. The webpage will then be loaded. The actual process involves several different steps, but it is completed in a fraction of a second.
So how does DNS Web Filtering Work?
With DNS filtering in place, rather than the DNS server returning the IP address if the website exists, the request will be subjected to certain controls. DNS blocking occurs if a particular webpage or IP address is known to be malicious. The DNS filter will use blacklists of known malicious websites, previous crawls of new websites and web pages, or web content will be assessed in real time if the web page or website has not previously been crawled and categorized. If the website trying to be accessed is determined to be malicious or otherwise violates pre-defined policies, instead of the user being connected to the website, the browser will be directed to a local IP address that displays a block page explaining why the site cannot be accessed.
This control could be applied at the router level, via your ISP, or by a web filtering service provider. In the case of the latter, the user – a business for instance – would point their DNS to the service provider. That service provider maintains a blacklist of malicious webpages/IP addresses and access to those sites is prevented.
Since the service provider will also categorize webpages, the DNS filter can also be used to block access to certain categories of webpages – pornography, child pornography, file sharing websites, gambling, and gaming sites for instance. Provided a business creates an acceptable usage policy (AUP) and sets that policy up with the service provider, the AUP will be enforced. Since DNS filtering is low-latency, there will be next to no delay in accessing safe websites that do not breach an organization’s acceptable Internet usage policies.
Will a DNS Filter Block All Malicious Websites?
Unfortunately, no DNS filtering solution will block all malicious websites, as in order to do so, a webpage must first be determined to be malicious. If a cybercriminal sets up a brand-new phishing webpage, there will be a delay between the page being created and it being checked and added to a blacklist. However, a DNS web filter will block the majority of malicious websites.
The purpose of a web filter is to reduce risk, not eradicate it entirely. Since the vast majority of malicious web content will be blocked, risk can be significantly reduced and there will only be a low chance of a website being accessed that violates your policies.
Can a DNS Filtering Service be Bypassed?
The short answer is yes. Proxy servers and anonymizer sites could be used to mask traffic and bypass the DNS filter. Your DNS filtering service should allow you to easily block access to anonymizer websites and prevent the use of proxy servers and virtual private networks (VPNs). Configuring the DNS filtering service to block access to these services will prevent all but the most determined employees from bypassing the DNS filtering service.
The other key way of bypassing a DNS filtering service is to manually change the DNS settings locally, so it is important for these settings to be locked down. Determined individuals may be able to find a way to bypass DNS filtering, but for most end users, a DNS filter will block any attempt to access forbidden or harmful website content.
There may be a legitimate need to bypass a DNS filtering service. Some DNS content filtering solutions have a feature that allows administrators to temporarily remove content filtering controls. WebTitan Cloud uses cloud keys for this. The cloud key can be issued to a user to bypass content filtering settings for a set time period, such as if research needs to be conducted.
DNS Content Filtering for CIPA Compliance
Schools and libraries in the United States are required to comply with the Children’s Internet Protection Act (CIPA) in order to receive E-rate discounts and qualify for federal grants. There are several requirements of CIPA, one of the most important being to block or filter Internet access to prevent access to images that are obscene, involve child pornography or child abuse, or could otherwise be harmful to minors.
DNS content filtering is the easiest and most cost-effective way of complying with this requirement of CIPA and applying content filtering controls for both wired and Wi-Fi networks. DNS content filtering solutions require no hardware purchases, no software needs to be installed, and they are easy to implement and maintain. DNS content filtering solutions have highly granular filtering controls and allow precision control over content, without overblocking.
DNS Web Filtering Software from TitanHQ
Now you have a better idea about how DNS filtering works, we will introduce you to WebTitan Cloud. WebTitan Cloud is a powerful, easy to implement DNS filtering solution that allows you to filter the internet and block access to malicious content and enforce your acceptable internet usage policies. Being DNS-based, there are no hardware requirements and no software downloads are required. To get started you simply point your DNS to WebTitan, set your filtering parameters through an easy to use web-based interface, and you will be filtering the internet in minutes.
WebTitan Cloud can be used to protect users on and off the network, so it is the perfect choice for protecting remote workers from online threats as well as office staff. The WebTitan DNS web filtering solution – WebTitan Cloud – is a feature-rich, cloud-based solution with a low maintenance overhead and a three-tiered filtering mechanism for maximum granularity. Universally compatible and infinitely scalable, WebTitan Cloud has SSL inspection to provide the highest level of defense against online threats.
WebTitan Cloud can be integrated with multiple management applications (Active Directory, LDAP, etc.) for easier administration. WebTitan can also be remotely configured and adjusted from any Internet-enabled device. An unlimited number of users can be filtering at any time.
Try DNS Filtering Software with SSL Inspection for Free
If you would like to evaluate the benefits of the WebTitan DNS filtering solution in your own environment, please get in touch. Our team of experienced security professionals will answer any questions you have about DNS Internet filtering and guide you step by step through the process of registering for your free trial.
Once you are registered, we will walk you through the process of redirecting your DNS to receive our service. There are no credit cards required, no contracts to sign and no commitment from you to continue with our DNS filtering software once the trial period is over. Simply call us today, and you could be adding an extra level of security to your organization´s web browsing activity within minutes.
WebTitan incorporates an intelligent AI-based component that provides real-time classification of websites for precision control over the content that can be accessed. WebTitan Cloud provides real-time categorization of over 500 million websites, and 6 billion web pages in 200 languages, including coverage of Alexa 1 million most visited websites. Industry leading antivirus is also incorporated to identify and block malware and ransomware threats. A full suite of reports gives you full visibility into the online activities of your employees and any guest users of your network. The reports can be scheduled or run on demand.
These and more features will allow you to block web-based threats and carefully control online activities for only a few dollars per user per year.
Why WebTitan is a Vital DNS Web Security Layer for Your Business
DNS Security Layer – Filter URLs, detect malicious threats, create flexible policies, and more with an API driven DNS security filter
Full Path Detection – Provide analytical credibility to any activity marked as malicious with page and path-level reporting.
User Identification – Assign custom policies to a user or group of users with uniquely identifiable user names.
Scaleable Support – Handle any volume of usage with no latency and receive support from our top-class team.
Reporting – full suite of reports including behavior, trend and security reports.
API Driven – robust API set that allows our MSP customers to easily incorporate WebTitan DNS filtering directly into their existing cloud offering.
URL Filtering – block access to websites known to contain malware.
Remote & Roaming Users – allows off-network roaming by users while continuing to apply their policy.
Content Filtering – highly granular content controls with multiple integration options and comprehensive malware protection.
AI Threat Intelligence – real time AI driven DNS protection from malicious online threats such as viruses, malware, ransomware, phishing attacks and botnets.
What WebTitan Customers Have to Say
“WebTitan is an outstanding tool for most reliable content filtering. The monitoring feature of this specific product is quite unique that totally monitors all the process of online working and also secures all the data. Additionally, its set-up is superb easy and it can be done in just few minutes that save my time and energy as well.” Kristie H. Account Manager
“WebTitan is fairly easy to setup. It is available as a cloud based solution or on prem. You can get as simple or as complicated with your filtering as you like, it will handle most situations with ease. [It] has provided us with a stable web filtering platform that has worked well for us for many years. “Derek A. Network Manager
If you have yet to implement a web filtering solution, are unhappy with your current DNS filtering service, or you have questions about DNS content filtering, contact the TitanHQ team today and ask about WebTitan Cloud.We invite you to sign up for a free 14-day trial of the solution, including full support, to see for yourself the difference WebTitan DNS content filtering solution makes.
WebTitan provides a simple and easy DNS filtering solution to protect your company and employees.
Request a Quote
Details Never Shared
How Does DNS Filtering Work FAQ
What 3 things are most important about employee internet access?
Employees need internet access to complete their work duties, but it is essential to develop an acceptable Internet usage policy and get employees to sign it, that policy should be enforced using a web filtering solution, and you should have a sanctions policy for when employees violate the rules.
What is best, a web filtering appliance of cloud-based web filter?
Both options will provide clean, safe Internet access, but cloud-based web filtering does not require the purchase of a costly appliance, it is more flexible and scalable, and there is no patching burden. For SMBs and MSPs, cloud-based web filtering is the easiest and most cost-effective Internet filtering solution.
Does web filtering slow Internet speed?
Some web filtering solutions involve a degree of latency, but a DNS filtering solution will not slow internet speed as all filtering takes place at the DNS lookup stage of a web request before any content is downloaded. Filtering occurs in the same time as it takes to perform a standard DNS lookup so there is no latency.
How can I provide DNS filtering as a managed service as an MSP?
Adding the WebTitan DNS filtering service to your service stack couldn’t be easier. WebTitan is can be set up in minutes, APIs allow easy integration into your existing back office systems, you will be provided with a white label version ready to take your branding, and you can even host the solution in your own environment.
How much does DNS content filtering cost?
There is considerable variation in price between different web filtering solutions. The most expensive solution will not necessarily be the best option for your business. Price depends on contract term, the number of users, and add-ons. TitanHQ’s DNS content filtering solution, WebTitan, typically costs around $1 per user, per month.
COVID-19 presented many new opportunities for cybercriminals, many of which have proven to be highly successful. In the early days of the pandemic, when it became clear that the new coronavirus was spreading beyond the borders of China and concern about the virus grew, cybercriminals switched from their normal phishing campaigns and started adopting COVID-19 lures.
Phishing campaigns were conducting offering advice about the virus, potential cures, and advice as people craved information that was in short supply. Fake COVID-19 tracking apps and websites were set that collected sensitive information or installed malware, and PPE shortages saw fake shops set up offering non-existent supplies. Then there were fake charities, disinformation campaigns, and phishing scams related to job retention schemes, self-employment income support, government coronavirus loans, and fake tax rebates.
The move to remote working due to the pandemic saw hackers targeting vulnerabilities in remote working solutions such as VPNs and throughout 2020, ransomware gangs have been extremely active, especially in Q3 and Q4, 2020 when attacks soared.
As we move into 2021, cybercriminals are likely to continue to exploit the pandemic to steal credentials, access sensitive data, and spread malware and ransomware, so it is important for businesses not to let their guard drop and to continue to ensure that they have appropriate protections in place to block threats.
The Cyber Threat Landscape in 2021
The high level of ransomware attacks in the last quarter of 2020 is likely to continue in 2021. There are no signs that cybercriminals will reduce attacks, as they are still proving to be profitable. The healthcare industry is likely to continue to be targeted, with cyberattacks on pharmaceutical and clinical research firms also extremely likely.
Now that COVID-19 vaccines have been approved and are starting to be rolled out, cybercriminals have yet another opportunity. The vaccine rollout is likely to take many months and it could well be the autumn or later before most people receive the vaccine. Cybercriminals have already adopted COVID-19 vaccine lures to obtain sensitive information and spread malware and ransomware.
These COVID-19 vaccine scams have impersonated the World Health Organization, Centers for Disease Control and Prevention, and vaccine manufacturers, and are likely to increase over the coming weeks and months. Campaigns have been identified in 2021 that impersonate public health authorities and trick users into clicking links and download files that install Trojans when opened.
We are also likely to see the scams offering financial support, virus information, and infection alerts continue, and offers of fake vaccine can be expected over the coming weeks and months.
One vaccine-related scam to be recently identified involved messages sent to businesses asking recipients to click a link to confirm their email in order to receive the vaccine. Clicking the link directed them to a phishing website where Microsoft 365 credentials were harvested.
Since many employees will continue to work from home in 2021 until the risk of infection is reduced, attacks on remote working infrastructure are also likely to continue.
There is good reason to be hopeful in 2021 now that the vaccines are starting to be rolled out, but it is important for businesses not to let their guard down and to ensure that they have adequate protections in place to identify and block current and new threats.
Many scams are conducted via email, as it is the easiest way for cybercriminals to obtain the credentials they need to gain a foothold in business networks. It is therefore important to ensure that email security is up to scratch and an advanced spam filtering solution is in place that can block phishing and malware threats. If it is possible to implement multi-factor authentication, this should be widely used, especially on email accounts and remote access solutions.
Web filtering solutions are an important cybersecurity measure to deploy to block the web-based component of phishing attacks and to prevent malware and ransomware downloads over the internet. Web filters can be used to block access to known malicious websites and restrict access to risky websites, and cloud-based solutions are easy to deploy to protect both office-based and remote workers.
With many employees still working remotely, it is important to provide regular updates on threats and security awareness training on the threats they are likely to face. Patches and software updates should be applied promptly to prevent cybercriminals exploiting vulnerabilities, especially in remote access solutions such as VPNs which are being actively targeted.
Since ransomware attacks are an ever-present risk, ensure your critical data is regularly backed up and test your backups to make sure data recovery is possible in the event of disaster. A good strategy to adopt is the 3-2-1 approach. Make three backups, store on 2 separate media, and make sure one copy is stored on a non-networked device.
The 2021 threat outlook may be bleak, but with preparation and the above solutions in place, it is possible to prevent most attacks, detect attacks in progress, and recover quickly should an attack succeed.
The K-12 education sector has long been a target for cybercriminals, but this year has seen the sector targeted more aggressively by threat actors. 2020 has seem a major increase in attacks involving ransomware and malware, phishing incidents have risen, as have network compromises and distributed denial-of-service (DDoS) attacks.
This December, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a warning to the education sector after the massive increase in cyberattacks was identified.
Data from the Multi-State Information Sharing and Analysis Center (MS-ISAC) shows a substantial increase in ransomware attacks on K-12 schools. In August and September 2020, 57% of all reported ransomware attacks occurred at K-12 schools, compared to just 28% from the year to July.
Ransomware attacks renders essential systems and data inaccessible which can cause serious disruption to learning, especially at a time when many schools have transitioned to distance learning. K-12 schools often have little choice other than paying the ransom, and many do. Figures from the Department of Education show that between 2016 and 2017, 60% of schools attacked with ransomware paid the ransom to recover their data. A recent Department of Education alert to K12 schools called for a collective effort to ensure that all data is regularly backed up and advised schools not to pay the ransom demands if attacked. The DoE wants to send a message to ransomware gangs that attacks on the education sector are not financially viable.
Similar tactics have been used in ransomware attacks on K-12 schools that have been used to attack business and industry targets. Access to networks is gained, the attackers move laterally to identify data of interest, and exfiltrate that data prior to encrypting files. The attackers threaten to publish or sell sensitive student and employee data if the ransom is not paid.
Several ransomware gangs have stepped up attacks on K-12 schools, including REvil, Nefilim, Ryuk, and AKO. The Maze ransomware operation, which has now been shut down, has also conducted several attacks on K-12 schools in 2020.
The CISA/FBI alert also warned of an increase in Trojan malware and phishing attacks on K12 schools since the start of the school year. The ZeuS banking Trojan has been commonly used in K-12 school cyberattacks and the Shlayer malware downloader has also proven popular. Those two Trojans account for 69% of malware attacks on K-12 schools in 2020.
The increase in attacks in 2020 has been attributed to the ease at which K12 schools can be attacked. Many K-12 schools have transitioned to distance learning and have had to do so in a hurry to ensure student learning was not disrupted by the pandemic; however, that has meant cybersecurity gaps have been created which leave schools vulnerable to attack.
In addition to conducting phishing attacks on staff and students, vulnerabilities in software and remote learning solutions are also commonly exploited. Since the sector has a limited budget for cybersecurity, these vulnerabilities often persist for some time before being addressed, giving cybercriminals and easy entry point into K-12 school networks. It is also common for software to continue to be used after it has reached end of life.
The K-12 Cybersecurity Act of 2019 has been introduced which requires CISA to work with federal departments and the private sector to identify sector-specific cybersecurity risks and make recommendations to K-12 schools on how they can improve their security posture. The Act also calls for CISA to make tools and resources available to help the sector improve cybersecurity; however, the legislation is yet to be passed by Congress.
These cyberattacks on K-12 schools are likely to continue at elevated levels well into 2021. While budgets may be already stretched, it is important for defenses to be improved. The cost of improvements to cybersecurity defenses is likely to be far lower than the cost of dealing with a ransomware attack and costly data breach.
The importance of choosing strong and unique passwords for every account you create has been highlighted by a recent data breach at the music streaming service Spotify. Security researchers identified a database that had been exposed on the Internet which contained the usernames and password combinations of around 300 million individuals. It is unclear where the database came from, although it is likely that it had been amalgamated from data leaks from several major data breaches of online platforms.
Interestingly, within the 300 million-record database was a field stating whether the username/password could be successfully used to login to a Spotify account. According to the researchers, an estimated 300,000 to 350,000 Spotify accounts had been breached.
This breach clearly demonstrates how a data breach at one company can provide the usernames and passwords to gain access to accounts at another. When a username/password is obtained in a cyberattack, it can be used to try to access other accounts that share the same username. A username is often an email address. People may have more than one email address, but there is usually one that is used across most platforms. There is nothing wrong with that of course, but there is a problem with using the same password with that email address on multiple online platforms.
If there is a breach at one platform, the password can be used to access many other accounts. In this example, up to 350,000 Spotify users had reused their password on more than one platform. The Spotify breach victims may well have had several other accounts breached if they used their password on other platforms too.
The credentials to the breached Spotify accounts could easily be sold to anyone who wanted a cheap Premium Spotify account. There have been many reports of passwords being changed to block the real account holder out of their account. The accounts also contain personal information that could be used in further attacks, such as to make convincing phishing emails to obtain the information necessary for identity theft and other types of fraud.
Trying 300 million username and password combinations is a time-consuming process, but that process is automated. An army of bots will work its way through a huge list of username/password combos to see which passwords work. Hackers can also include a list of commonly used passwords against a particular username which will increase the hit rate further. Many people choose easy to remember passwords for their accounts, which are also easy to guess.
The process of trying multiple passwords against a username is called credential stuffing, and it is an effective way of breaching accounts. Recently there have been a swathe of credential stuffing attacks on companies in the retail, travel, and hospitality sectors. One report indicates that out of the 100 billion credential stuffing attacks between July 1, 2018 and June 30, 2020, 64% were on companies in those sectors.
Successful data breaches can result in the theft of hundreds of millions of usernames and password combos. Those credentials could be used on a wide range of different accounts, and since many people reuse passwords from personal accounts for their work accounts – such as Office 365 – one set of Spotify credentials could easily lead to a business Office 365 breach. An Office 365 account is all that is needed to launch further attacks on the company and achieve a more widespread and harmful data breach.
The solution to protecting against credential stuffing attacks is simple. Use a unique, strong password on every different account and use a password manager so you do not have to remember all of those passwords. Just set a very strong password for your password manager, and that means you just have one password to remember.
Businesses also need to take steps to block these attacks and prevent compromised credentials being used to access employee accounts. Multi-factor authentication is a must to block attempts to use stolen credentials to access accounts. Breaching Spotify accounts was easier than on other platforms as Spotify does not yet support multi-factor authentication.
An email security solution such as SpamTitan Cloud is also important for protecting against the email vector in the attacks on businesses. SpamTitan Cloud blocks malicious messages such as phishing attempts and, through outbound email scanning, will help you prevent any compromised mailboxes from being used in more extensive attacks on your organization.
Cloud web filtering software is now an important cybersecurity measure used by businesses of all sizes, but what exactly is it and why is it important? In this post we will explain exactly what cloud web filtering is, what it is used for, and why most businesses need to use it.
What is Cloud Web Filtering?
Cloud web filtering is a software-as-a-service (SaaS) solution that acts as a semi-permeable barrier between an individual and the Internet. For much of the time, users will not know this solution is in place, as there is no noticeable delay when browsing the Internet. Websites can be accessed as if the solution was not in place.
Cloud web filtering software is only noticed by a user when they attempt to visit a website that violates their organization’s acceptable internet use policy. When a request is made to access a website that falls into a category that an employer does not permit – pornography for example – rather than connect to the website, the user will be directed to a local block page and will discover that particular website cannot be accessed due to a content policy violation.
Cloud web filtering software acts as a form of internet content control which is used to reduce productivity losses due to personal Internet use, prevent HR issues, and reduce legal liability, but a cloud web filter it is not just used for restricting access to NSFW websites. It also has an important security function.
Why is Cloud Web Filtering Important?
The Internet can be a dangerous place. There are many threats lurking online that could compromise a business’s systems and lead to a costly data breach or catastrophic data loss. Malware and ransomware are often downloaded from websites, even from legitimate sites that hackers have been able to compromise. A visit to one of those malicious sites by an employee could easily result in a malware infection, and once installed on one device it could easily spread across the network.
Phishing is also a major risk for businesses. Phishing forms are loaded onto websites to harvest sensitive data such as login credentials to Office 365. Links to these sites are often sent to business email accounts.
A web filter acts as an additional layer of protection against these attacks, but in contrast to antivirus software that identifies malware that has been downloaded, cloud web filter software blocks the malware at source, preventing it from being downloaded in the first place. It also works in conjunction with anti-spam software to prevent visits to phishing websites when phishing emails sneak past the spam filter.
With cloud web filter software, all filtering takes place in the cloud (on the service provider’s server), which is important for a distributed workforce. Regardless of where an employee accesses the internet – office, home, airport, coffee shop – the cloud web filter will be active and providing protection.
How Much Does Cloud Web Filtering Software Cost?
Cloud web filtering software is a low-cost solution that can pay for itself by preventing costly malware infections and phishing attacks and stopping productivity losses by blocking access to certain types of web content.
The cost of a cloud web filter can vary considerably from provider to provider with the price starting at around $1 per user, per month.
WebTitan: Web Filtering for SMBs, ISPs, and MSPs
TitanHQ developed WebTitan Cloud web filtering software to help SMBs and MSPs serving the SMB market control what users can access online and to protect business networks from web-based cyberattacks. The solution is quick and easy to implement, as being cloud-based, there are no software downloads. Simply point your DNS to WebTitan Cloud and you can be filtering the Internet in minutes.
Administrators can use an easy-to-use interface to configure the solution, which can be accessed through any web browser. Log in, navigate to the content control section, and you can use the checkboxes to block access to any of 53 pre-defined categories of website (and create your own categories if you so wish).
Integration with LDAP and Active Directory makes it easy to set controls for individual users, user groups, departments, or different offices. You can set time-based controls to limit bandwidth usage or ease up on restrictions at certain times of the day. Cloud keys can be generated to bypass standard controls temporarily, should you ever need access to otherwise prohibited sites.
Whitelist and blacklists are supported, you can block downloads of certain file types, and access to websites known to be used for malicious purposes will be automatically blocked. A full suite of reports gives administrators full visibility into web access, including real-time views and automatic alerts.
AI-powered protection is provided against active and emerging Phishing URLs and zero-minute threats, allowing you to sanitize Internet access and provide your employees, customers, and guest users with clean, filtered internet access.
If you have yet to start using cloud web filtering software or you are unhappy with your current provider, give the TitanHQ team a call. You can also take advantage of a 30-day free trial to try out the solution for yourself before deciding on a purchase. Product demonstrations can also be arranged on request.
The operators of NetWalker ransomware have been aggressively targeting healthcare organizations and more recently attacks have increased on universities conducting research into COVID-19.
NetWalker ransomware first appeared in the middle of 2019 and has been primarily been used in targeted attacks on enterprises, with the operators deploying their ransomware manually after first gaining access to a victim’s network.
As is the case with several other manual ransomware operators, prior to the encryption of data reconnaissance is performed, the attackers move laterally to compromise as many networked devices as possible, and sensitive data is exfiltrated. After the ransomware is deployed, the attackers threaten to publish the stolen data in an attempt to spur victims into paying the ransom rather than attempting to recover files from backups.
The business model of the NetWalker ransomware gang has recently changed and their ransomware is now being offered under the ransomware-as-a-service model, although the gang is only partnering with hackers that are experienced at attacking enterprises. This selective partnering is vastly different to many RaaS operations, which prioritize quantity over quality. The attack methods used to gain access to networks also differs from the typical brute force tactics typically used by Russian ransomware operators.
The operators of NetWalker ransomware have been extremely active during the COVID-19 pandemic. In addition to attacks on hospitals, medical billing companies have been attacked, COVID-19 research organizations, educational software providers and, in the past few weeks, there has been a spate of attacks on universities. Michigan State University, Columbia College of Chicago and, most recently, University of California San Francisco have all been attacked. All three universities are involved in COVID-19 research. It is currently unclear whether an affiliate specializing in attacks on universities has been signed up or if universities involved in COVID-19 research have been specifically targeted.
Healthcare organizations are an attractive target as they are heavily reliant on data to operate. If patient data is encrypted and rendered inaccessible, the ability to provide medical services is significantly hampered, which makes payment of a ransom more likely. Current indications suggest the group is only interested in profiting from ransoms, but COVID-19 research data is in high demand and is certainly valuable. That could account for the number of recent attacks on universities, which have also been targeted by other ransomware gangs. Data from Emsisoft indicates at least 30 universities have suffered ransomware attacks so far in 2020.
NetWalker ransomware is evolving and poses a significant threat to organizations in all industry sectors, but especially healthcare and education. The ransom demands issued by the gang range from hundreds of thousands of dollars to millions, and data theft makes the cost of remediating an attack even higher.
It is unlikely that attacks will slow down in the weeks and months to come, and with a range of attack methods used to gain access to networks, it is important to ensure that all vulnerabilities are addressed and measures are implemented to protect against all possible attack vectors.
There are several common web filtering myths that have led businesses to believe that it is not worth their while implementing a web filtering solution. It is important to bust these myths as they are preventing businesses from adding an essential extra layer of security that can prevent downloads of malware, ransomware infections, and block phishing attacks. The failure to filter the internet is often a costly mistake.
Once upon a time, having a firewall, antivirus solution, and spam filter would ensure your business was well protected, but the sophisticated nature of today’s cyber threats and the massive increase in cyberattacks has meant that these solutions alone are no longer sufficient to block cyber threats and prevent data breaches. The key to blocking these threats is to implement layered defenses. If the outer layer fails to block a threat, other layers exist to provide protection. A web filter should be one of those layers.
Why Web Filtering is Now Essential
Finding vulnerabilities and exploiting them is a difficult and labor-intensive way of attacking a business. Attacks on employees are much easier and require far less skill. All that is needed is a carefully written email to direct an employee to a malicious website and credentials can be easily harvested and malware downloaded. You don’t need to be a skilled hacker to conduct a phishing attack or set up a website for distributing malware.
Email security solutions are great for blocking phishing attacks, but many malicious emails bypass email security defenses. Phishing emails usually have a web-based component and various tactics are used to hide malicious URLs in emails. A web filter provides protection against the web-based component of phishing attacks by providing time-of-click protection. When an attempt is made to visit a malicious website linked in an email, the web filter blocks that request. A web filter will also prevent users from visiting malicious website through web browsing and also block visits to malicious websites through malvertising redirects. Without a web filter in place, there is nothing to stop an employee from visiting a malicious website.
Pervasive Web Filtering Myths
There are some pervasive web filtering myths that need to be busted, the most common of which are detailed below.
Web Filtering is Expensive
OK, so we are not going to tell you that a web filter is a zero cost solution as you will need to pay for this extra level of protection, but the cost is actually low, no hardware needs to be purchased, and what you spend will pay for itself in terms of the data breaches you will prevent and the productivity gains that can be made. In terms of the real cost, less than $1 per user per month is all that needs to be spent to protect your users with WebTitan.
Web Filtering is Complicated
A DNS-based web filter is not complicated to set up, configure, or maintain. In fact, web filtering could not be any simpler. All you need to do is point your DNS to WebTitan. Even during the COVID-19 lockdown, making this change for all of your remote users is a simple process, and one that we can easily talk you through.
Once that small change has been made, here is what happens:
A user enters a web address into their browser and a DNS query is made to locate that web resource
A DNS lookup is performed through WebTitan to find the IP address associated with the domain
If the resource exists, WebTitan will provide the IP address to the browser. If the domain or web page is malicious or violates your organization’s policies, no IP address will be provided, a connection to the site will not be made, and the user will be presented with a local block page telling them why that resource cannot be accessed.
Your standard DNS request will go through all of those steps aside from applying filtering controls. All that changes with a web filter is filtering controls are applied.
Web Filters are Easy to Bypass
Once you set up your DNS to point to WebTitan, all internet traffic will be subject to filtering controls. For most businesses that will be sufficient, however, web filters can be bypassed by using an anonymizer/proxy website. Connect to the anonymizer site, and through that site any other website can be accessed, thus bypassing the filter. The solution? Click the checkbox in WebTitan to block access to anonymizer sites.
A web filter can be used to block the use of shadow IT by preventing downloads of unauthorized software, including unauthorized VPNs, to prevent this method of web filter bypass.
Maybe, one of your employees will try to change the DNS settings on their laptop to access the unfiltered internet. This is why you need to lockdown your laptops to make sure that is not possible. You should also block DNS requests to anything other than your approved DNS service. If you use an external DNS server, only allow port 53/UDP to access the IP addresses of your chosen DNS filtering service servers. If you host your DNS server internally, ensure that local computers query your local DNS server, and only your DNS server queries the web filtering DNS service on the Internet.
No web filter is infallible, but by taking these steps it will be much harder to bypass the filter and it will be beyond the ability of most employees.
Internet Speeds will be Greatly Reduced
One of the web filtering myths that is based in fact is the slowing of internet speed. Filtering the internet can result in latency and a slowing of internet speed. If you require your users to login remotely using a VPN, then connect to your secure web gateway appliance, this will naturally result in latency. Backhauling traffic to the office, especially when your remote workers have slow home internet connections, will result in significant latency.
The solution is to use a DNS-based filtering solution on your employees’ laptops. With a DNS filter there is no backhauling of traffic, as the DNS filter can be integrated into the laptop. When a request is made to view a website, filtering takes place as part of the DNS lookup process. Point your DNS to WebTitan and filtering takes place before any content is downloaded, with zero latency.
There has been an increase in phishing attacks on remote workers using COVID-19 as a lure over the past few months. Multiple studies suggest the number of COVID-19 related phishing attacks have soared. The anti-phishing training company KnowBe4 placed the rise at about 600% in Q1, 2020, and that rise has continued in Q2.
As was pointed out by Microsoft, the total number of phishing attacks has not increased by any major degree during the COVID-19 public health emergency, as cyber actors have finite capabilities for conducting attacks. What has happened is threat actors have abandoned their standard phishing campaigns and have repurposed their phishing infrastructure and are now using COVID-19 lures, and with good reason.
People crave information about the 2019 Novel Coronavirus, SARS-CoV-2, and COVID-19. There is a thirst for knowledge about the virus, how it infects people, how to prevent infection, and how great the risk is of catching it. With little information available about this new virus, finding out more information required following the news from countries around the world that are involved in research. Unsolicited emails offing important information naturally had a high open rate, so it is no surprise that COVID-19 phishing attacks have increased.
To control the spread of the virus, countries have gone into lockdown, so businesses have had to allow their employees to work from home. The increase in home workers happened very quickly, so businesses did not have the time to prepare properly and that meant new risks were introduced. It is therefore no surprise that there has been an increase in data breaches during the COVID-19 pandemic. Cybercriminals have taken advantage of lapses in security, insufficient staff training, and the vulnerabilities that are introduced when employees are forced to work in an environment that has not been set up remote working.
IT teams have had to rapidly purchase new laptops to allow employees to work outside the office and there has not been time to properly secure those devices. VPN infrastructure was not sufficient to cope with the rapid increase in users. Home networks lack the security of corporate networks, and training employees on working from home securely had to be rushed. In order to allow remote workers to access the data they need, data has had to be moved to the cloud, and that has inevitably resulted in vulnerabilities being introduced. In short, the attack surface has increased considerably, huge numbers of devices are being used outside the protection of the corporate firewall, and new working environments have greatly increased the potential for errors.
Cybercriminals have taken advantage of these new vulnerabilities. Unpatched VPNs and software flaws are being exploited, RDP is being targeted, but phishing and spear phishing attacks offer the easiest way of gaining access to sensitive corporate data and spreading malware and ransomware. Improving phishing defenses is therefore critical.
Important Phishing Defenses for Remote Workers
Improving phishing defenses is one of the most important ways of protecting remote workers, their devices, and the networks and data that they are accessing remotely. Listed below are simple steps you can take to improve security and reduce risk.
Improve Email Security
The easiest way to thwart phishing attacks is to block the emails at source, and that requires a powerful anti-phishing solution. Many businesses have been relying on the standard anti-phishing measures provided with Office 365 – Exchange Online Protection (EOP). EOP is effective at blocking spam and standard (known) phishing attacks, but it is not particularly effective at blocking zero-day threats: New, previously unseen phishing and malware attacks. There have been a great many of zero-day attacks during the COVID-19 lockdown.
They key to improving email security is layered defenses. Adding an extra layer of email security on top of EOP will greatly improve detection rates. It is best not to put all your eggs in one basket and opt for the second (paid) tier of protection offered by Microsoft (Advanced Threat Protection or APT), instead use a third-party dedicated anti-spam and anti-phishing solution that features predictive threat detection and advanced anti-phishing mechanisms to detect zero-day threats. SpamTitan features machine learning, predictive technology, threat intelligence feeds, sandboxing, dual anti-virus engines and more to ensure that zero-day threats are blocked. SpamTitan adds an important extra layer of security, and SpamTitan itself includes layered defenses against phishing attacks.
Implement a Web Filter
Security can be further improved with a web filtering solution such as WebTitan. A web filter adds another layer to your anti-phishing defenses by blocking the web-based component of phishing and malware attacks. If a phishing email does reach an inbox, a web filter can prevent a click on a hyperlink from turning into a data breach. WebTitan provides time of click protection to block attempts by employees to visit malicious websites, such as those used to phish for credentials or distribute malware. WebTitan can be used to block web-based attacks for office and remote workers and allows different controls to be set depending where employees connect to the internet.
Train Staff and Conduct Phishing Simulations
Remote employees need to be trained how to work and access data securely, and that means refresher cybersecurity training should be provided to reeducate employees about cybersecurity best practices. Trai9ning must also be provided on how to work securely from home.
Phishing is the easiest way that employees can be attacked, so they must be trained how to recognize a phishing email. It is also useful to run phishing email simulations on remote workers to find out which employees have taken the training on board and who needs further training. Training can reduce susceptibility to phishing attacks by up to 90%.
New research has recently been published which suggests there has been a lack of security awareness training for remote workers, even with the massive increase in people working from home due to the COVID-19 pandemic and the increased threat level.
Many companies have had to make major changes to policies and allow most employees to work from home, even though doing so introduces cybersecurity risks. While this is seen by many as a temporary measure due to the pandemic, there is currently some debate about how long lockdown measures will be in place. It could well be many months before lockdowns are eased and there is a return to “normal” working life. It may also be difficult to convince workers to return to the office when measures are eased, or at least until a vaccine for the virus has been developed. That could well be a year or most likely much longer.
In the meantime, remote workers are not just encountering the odd phishing email. These workers are being actively targeted by cybercriminals and APT groups. It is important to ensure that technical controls are up to scratch and are blocking threats but also to train workers to recognize threats such as phishing.
Technical Controls Will Not Block 100% of Cybersecurity Threats
Technical solutions can block most malware and phishing attacks on remote workers and will protect devices and the networks to which those devices connect. TitanHQ has developed two solutions that provide excellent protection from email and web-based threats, and there has been a massive increase in demand for those solutions during the COVID-19 pandemic from businesses and managed service providers (MSPs).
When these solutions are coupled with other cybersecurity protections such as firewalls, antivirus software, and intrusion detection systems, businesses will be well protected; however, no matter how many layers are added to your defenses, security awareness training for remote workers should still be provided. Employees are the last line of defense and require training to help them identify threats that bypass your technical defenses.
Employees are a Weak Link, but Neglecting Security Awareness Training for Remote Workers is a Mistake
One study recently conducted on IT workers by Apricorn revealed 57% of IT decision makers in the United Kingdom believe remote workers are a security risk and will expose organizations to data breaches and that there is apathy among IT leaders about training the workforce as employees are not concerned about security. 34% of IT leaders said their remote workers do not care about security, but that is not a reason not to provide training. It is a reason to reinforce training and get employees to buy into the company’s security strategy.
Another survey, conducted by Promon on 2,000 remote workers in the United Kingdom, confirmed those findings. The study revealed 66% of employees have not been provided cybersecurity training in the last 12 months, even though cybercriminals are actively targeting remote workers. It is also concerning that 77% of respondents were not worried about the security threat from working from home. The survey also revealed that 61% of employees are using personal devices to work from home instead of corporate-issued devices, which typically have far fewer protections in place to block threats.
Given the numbers of employees working from home due to COVID-19 and the increase in threats targeting those workers, now is the time to be stepping up training and to make sure employees are working in a secure environment. TitanHQ can help you better protect employees and the devices they use to work from home, but you should also ensure that cybersecurity training is reinforced.
Cybercriminals are taking advantage of the 2019 Novel Coronavirus pandemic and are exploiting fear to spread malware and steal data. These tactics many not be new, but these campaigns pose a significant threat in the current climate of global fear and worry.
People are naturally worried about contracting COVID-19 and will be concerned about the wellbeing of their friends and family members. Many people crave new information to help avoid them avoid illness and protect their families. If that information arrives in an inbox, email attachments may be opened, and links clicked to malicious websites.
Even when training is provided to employees and they are taught not to respond to unsolicited messages, open email attachments, or click links in emails from unknown senders, mistakes can still be made. During the COVID-19 crisis, stress levels are high, and this can easily lead to decisions being taken that would not normally be made.
Businesses have been forced to allow their employees to work from home, many of whom are now working in a home environment where there are many distractions. Many people do not have home offices where they can quietly work, and a challenging working environment also makes mistakes more likely. Those mistakes can prove very costly.
Phishing campaigns are being conducted targeting home workers as they are seen as low-hanging fruit and an easy way to gain access to business networks to install malware, ransomware, and steal sensitive data. Several campaigns have been detected that offer important advice on the 2019 novel coronavirus that impersonate authorities on disease control and prevention such as the U.S. Centers for Disease Control and Prevention (CDC), U.S. Department of Health and Human Services, UK National Health Service, and the World Health Organization (WHO). The phishing campaigns are credible, claim to offer important advice, and are likely to be opened by many individuals. These campaigns seek remote access credentials and distribute malware.
Coronavirus maps that display the number of cases per country are being used on many websites, including a legitimate COVID-19 case tracking map on Johns Hopkins University website. One campaign has been detected that uses a carbon copy map and urges users to download a desktop application that allows them to track new cases. The application installs the information-stealing AZORult Trojan. As the COVID-19 crisis has deepened, these phishing and malspam campaigns have increased significantly.
With more people working from home and self-isolating, the risk of malware and phishing attacks has increased significantly. It is therefore important for businesses to make sure that they are properly protected and manage risk. During this difficult time, it is important to provide security awareness training to staff to keep them aware of the threat of cyberattacks and to help them identify malicious messages. Phishing simulation exercises are a useful way of assessing risk and identifying individuals that require further training.
It is also important to implement additional control measure to block attacks at source. There are two main attack vectors being used to target remote workers: Email and the web. Due to the high risk of mistakes by employees it is essential for businesses to have an effective email security solution in place.
The key to improving email security is defense in depth. Layered defenses will greatly improve resilience to phishing and malware attacks. If you are using Office 365 and have yet to augment protection with a third-party email security solution, now is the ideal time. One 2019 study showed that Office 365 protections only block around 75% of phishing attempts. Given the increase in phishing volume, a great many malicious emails will land in inboxes unless protection is improved.
The more time people spend online, the greater the risk. With many workers housebound and self-isolating, online time has increased considerably. Unsurprisingly, the of number of malicious domains being used to distribute malware has increased and drive-by malware attacks have spiked. With corporate laptops being used at home, steps should be taken to limit what employees can do on those laptops. Blocking access to ‘risky’ websites such those distributing pirated TV shows and movies will help to reduce the risk of a malware download, along with controls to prevent the downloading of risky file times such as software installers and executable files.
A web filtering solution will allow you to control the sites that remote employees can access on their corporate laptops and prevent malicious websites from being visited. A cloud-based web filtering solution is the ideal choice as it can be easily implemented to protect all remote workers, without causing any latency issues.
TitanHQ can help you protect your telecommuting workers from email and web-based threats. SpamTitan is a powerful email security solution that compliments Office 365 anti-spam and anti-phishing controls and enhances protection against phishing, spear phishing, and zero-day malware. WebTitan is a cloud-based DNS filtering solution that is simple to implement that allows you to carefully control the online activities of remote employees and block drive-by malware downloads and other web-based threats.
Both solutions can be implemented in a matter of minutes and will greatly improve protection against web and email-based threats. For further information, to book a product demonstration, or to register for a free trial, contact TitanHQ today.
Phishing attacks are increasing and malware is a growing threat. A DNS filter adds an important level of protection to block these attacks. In this post we explain why.
The Growing Threat from Malware and Phishing Attacks
There are various methods used to deliver malware, but email remains one of the most common methods of distributing malware, either through malicious attachments or hyperlinks in emails that direct users to websites where malware is downloaded. The latter is a popular method of malware delivery as there is an increased chance that the hyperlink will not be detected as malicious by an email security solution. Various tactics are used to mask these URLs from email security solutions, such as adding the hyperlink to an attached file such as a PDF.
The Emotet Trojan is one of the most prevalent threats and also one of the most dangerous. Emotet is primarily spread via email through a combination of attachments and malicious URLs. The Trojan is an information stealer capable of spreading across networks to infect other vulnerable devices. Removing the malware is problematic, as there are usually multiple devices infected. As soon as the malware is removed from one device, others on the network re-infect the cleaned machine. Emotet is also a malware downloader. Once all valuable information has been obtained post-infection, other malware variants such as the TrickBot Trojan and RYUK ransomware are downloaded. All devices infected with Emotet are added to the botnet. An analysis by the SpamHaus project revealed around 6,000 malicious URLs are emitted from infected devices, which act as compromise vectors.
An advanced spam filter will ensure that the majority of malicious emails are blocked, but it is important not to totally rely on a spam filter alone to block email-based malware and phishing attacks. The key to a strong defense is to implement layered defenses. With overlapping layers of security, if one layer fails to block a threat, another is in place to provide protection. One of the most important additional protections against phishing attacks and email-based malware is a web filter.
Why a Web Filter is so Important
Phishing attacks have an email and web-based component. The email contains the lure and a hyperlink is included that directs the recipient to a webpage hosting a phishing kit. When the user visits the website credentials and other sensitive information is harvested. A spam filter will block most of these phishing emails and a web filter provides protection against emails that are not blocked, as well as protecting against accidental navigation to malicious websites through malvertising or general web browsing.
A web filter is a form of content control that prevents network users from visiting known malicious websites. When a network user attempts to visit a malicious website, rather than connecting to the site, they are directed to a block page. That block page informs the user that they have attempted to visit a prohibited website which, in this case is a phishing page or website hosting malware. It could equally be a website that violates an organization’s internet usage policies. A web filter therefore serves as an additional, and important, layer of security to block phishing attacks and malware and ransomware downloads.
Web Filtering Options
There are different web filtering options available. Appliance-based web filters were once the go-to solution, but cloud-based filtering is now much more common, more cost effective for most organizations, and easier to implement and maintain.
Appliance-based solutions are not scalable. Once capacity has been reached, another appliance must be purchased. Software-based web filters, which are usually deployed as a virtual appliance on existing hardware, are a good choice but the most popular web filtering solutions are cloud-based. With cloud-based web filters, all filtering takes place in the cloud on the service provider’s hardware. Cloud-based filters are highly scalable. If capacity is increased, additional licenses just need to be purchased which takes seconds.
DNS Filtering is the Most Flexible Web Filtering Choice
The most popular, flexible, and scalable solution is a DNS filter. When a user makes a request to visit a website, such as by clicking a hyperlink or navigating to a website through their browser, a set of procedures must be followed to display the content.
One of the first steps is to send a query to the DNS server. The DNS server matches an easy to remember domain name – google.com for instance – with an IP address that allows the site to be found. A DNS filter works at this stage of the process and will block attempts to visit prohibited websites or malicious sites before any content is downloaded. Modern DNS filters do not just block content at the domain level. They also block content at the URL and page level. This means that a page on Medium.com could be blocked, while other content on the site is allowed. This means filtering controls are very granular and there is less potential for overblocking of web content.
WebTitan – A DNS Filter for SMBs and MSPs Serving the SMB Market
TitanHQ’s DNS filtering solution – WebTitan – has been developed for use by SMBs, MSPs providing security services to SMBs, and ISPs with millions of users. WebTitan includes market-leading classification of web content and malicious URL detection, and the solution is updated in real-time with more than 60,000 malicious URLs added to the filter every day. The solution includes advanced analytics and threat intelligence feeds and covers more than 99.9% of the active web. The solution is also easy to integrate into your own systems through TitanHQ’s API, and the solution can be purchased, set up, and be providing protection in just a few minutes.
For more information on WebTitan, to sign up for a free trial, or to book a product demonstration, give the TitanHQ team a call today.
The increase in cyberattacks on law firms has highlighted a need for greater security protections, especially to protect against phishing, malware, and ransomware.
According to a recent Law.com report, more than 100 law firms are known to have experienced cyberattacks in the past five years: Cyberattacks that have resulted in hackers gaining access to sensitive information and, in many cases, employee, attorney, and client information.
Investigations such as this are likely to uncover just a small percentage of successful cyberattacks, as many are resolved quietly and are not reported. Many law firms will be keen to keep a cyberattack private due to the potential damage it could do to a firm’s reputation. The reputation of a law firm is everything.
As Law.com explained, there are different data breach reporting requirements in different states. If there is no legal requirement to report the data breaches, they will not be reported. That means that only if reportable information has potentially been compromised will the breach be reported to regulators or made public. It is therefore not possible to tell how many successful cyberattacks on law firms have occurred. However, there has been a steady rise in reported cyberattacks on law firms, as is the case with attacks on other industry sectors. Law.com’s figures are likely to be just the tip of the iceberg.
From the perspective of cybercriminals, law firms are a very attractive target. The types of information stored on clients is incredibly valuable and can be used for extortion. Information on mergers and takeovers and other sensitive corporate data can be used to gain a competitive advantage. Cybercriminals are also well aware that if they can deploy ransomware and encrypt client files, there is a higher than average probability that the ransom will be quietly paid.
Based on the information that has been made public about law firm data breaches, one of the main ways that law firms are attacked is via email. Many of the data breaches started with a response to a phishing or spear phishing email. Phishing allows cybercriminals to bypass even sophisticated cybersecurity protections as it targets a well-known weakness: Employees.
Employees can be trained to be more security aware and be taught how to recognize potential phishing emails, but phishers are conducting ever more sophisticated campaigns and every employee will make a mistake from time to time. That mistake could be all that it takes to compromise a computer, server, or a large part of a network.
One firm contacted for the report explained that it had implemented advanced cybersecurity protections that were undone with a phishing email. The digital security measures it had in place greatly restricted the harm caused, and there was no evidence that the attacker had accessed sensitive information, but the attack did succeed.
In response, the law firm implemented more advanced security protocols, implemented a more aggressive spam filter, multi-factor authentication was used more widely, and it revised its policies and procedures and training. Had those measures been implemented in advance, it may have been possible to block the attack.
The response was to implement more layered defenses, which are critical for blocking modern cyberattacks. Overlapping layers of security ensure that if one measure fails, others are in place to prevent an attack from succeeding.
This is an area where TitanHQ can help. TitanHQ has developed cybersecurity solutions that can fit seamlessly into existing security stacks and provide extra layers of security to block the most common attack vectors. TitanHQ’s email and web security solutions – SpamTitan and WebTitan – provide advanced protection without compromising usability.
Since many clients prefer to communicate via email, it is important for all incoming attachments to be analyzed for malicious code. Extensive checks are performed on all incoming (and outgoing) emails, with SpamTitan able to block not only known malware but also zero-day threats. SpamTitan also includes DMARC email authentication to block email impersonation attacks and sandbox to analyze suspicious files and identify malicious or suspicious activity.
WebTitan provides protection from web-based threats. Most malware is now delivered via the internet, so a web security solution is essential. WebTitan is a DNS filtering solution that protects against all known malicious sites. It is constantly updated in real time through threat intelligence services to ensure maximum protection. The solution provides advanced protection against drive-by downloads and malicious redirects to exploit kits and other malicious sites and provides and important additional layer of security to protect against phishing attacks.
Law firms will no doubt prefer to host their cybersecurity solutions within their own environments or private clouds, which TitanHQ will happily accommodate.
For further information on TitanHQ’s cybersecurity solutions for law firms, contact the TitanHQ team today. Managed Services Providers serving the legal industry should contact TitanHQ’s channel team to find out more about the TitanShield program and discover why TitanHQ is the leading provider of cloud-based email and web security solutions to MSPs serving the SMB market.
Ransomware attacks slowed in 2018 but the malicious file-encrypting malware is back with a vengeance. Ransomware attacks on educational institutions have soared this year, and as the attackers are well aware, these attacks can be extremely profitable.
There have been 182 reported ransomware attacks so far this year and 26.9% of those attacks have been on school districts and higher education institutions. The increase has seen education become the second most targeted sector behind municipalities (38.5%) but well ahead of healthcare organizations (14.8%).
The reason why the number of ransomware attacks on educational institutions, healthcare, and municipalities is so high compared to other sectors is because attacks are relatively easy to perform and there is a higher than average chance that the ransoms will be paid.
Attacks on municipalities mean they can’t access computer systems, and essential services grind to a halt. Police departments can’t access criminal records, courts have to be shut down, and payments for utilities cannot be taken. If hospitals can’t access patient data, appointments have to be cancelled out of safety concerns. In education, teachers cannot record grades and student records cannot be accessed. Administration functions grind to a halt and a huge backlog of work builds up.
Some of the recent ransomware attacks on school districts have seen schools forced to send students home. Monroe-Woodbury Central School District in New York had to delay the start of the school year due to its ransomware attack. If students need to be sent home, there is often backlash from parents – Not only because their children are not getting their education, but childcare then needs to be arranged.
The costs of these attacks are considerable for all concerned. Each day without access to systems costs schools, universities, municipalities, and hospitals a considerable amount of money. Downtime is by far the biggest cost of these attacks. Far greater than any ransom payment.
It is no surprise that even when ransom demands are for tens or hundreds of thousands of dollars, they are often paid. The cost of continued losses as a result of the attacks makes paying the ransom the most logical solution from a financial perspective. However, paying the ransom sends a message to other cybercriminals that these attacks can be extremely profitable, and the attacks increase.
The huge cost of attacks has seen educational institutions take out insurance policies, which typically pay the ransom in the event of an attack. While this is preferable financially for the schools, it ensures that the attackers get their pay day. Some studies have suggested that attackers are choosing targets based on whether they hold insurance, although the jury is out on the extent to which that is the case.
In total, 49 school districts and around 500 K-12 schools have been affected by ransomware attacks this year. While the ransomware attacks on school districts have been spread across the United States, schools in Connecticut have been hit particularly hard. 7 districts have been attacked, in which there are 104 schools.
Prevention of these attacks is key but securing systems and ensuring all vulnerabilities are identified and corrected can be a challenge, especially with the limited budgets and resources of most schools. Cybersecurity solutions need to be chosen wisely to get the maximum protection for the least cost.
A good place to start is by addressing the most common attack vectors, which for ransomware is Remote Desktop Protocol and email-based attacks.
Remote Desktop Protocol should be disabled if it is not required. If that is not possible, connection should only be possible through a VPN. Rate limiting should also be set to block access after a number of failed login attempts to protect against brute force password-guessing attacks.
Email security also needs to be improved. Massive spam campaigns are being conducted to distribute the Emotet banking Trojan, which serves as a downloader for Ryuk ransomware and others. Embedded hyperlinks in emails direct end users to sites where they are encouraged to download files that harbor malware, or to exploit kits where ransomware is silently downloaded.
Advanced spam filters should be deployed that incorporate sandboxing. This allows potentially suspicious email attachments to be checked for malicious activity in a safe environment. DMARC email authentication is also important as it is one of the best defenses against email impersonation attacks. SpamTitan now incorporates both of these measures.
A DNS based content filtering solution is also beneficial as an additional protection against malware downloads and phishing attacks. Not only can the content filter be used to ensure compliance with CIPA, it will prevent end users from visiting malicious websites where ransomware is downloaded.
Email attacks usually require some user interaction, which provides another opportunity to block the attacks. By educating all staff and students on the risks, they can be prepared for when malicious emails arrive in their inboxes and will be conditioned how to respond.
It is often the case that breached entities only implement these measures after an attack has occurred to prevent any further attacks from succeeding. By taking a more proactive approach and implementing these additional security measures now, costly, disruptive attacks can be avoided.
For more information on ransomware defenses such as email and DNS filters for educational institutions, give the TitanHQ team a call today. You are likely to find out that these security measures are far cheaper than you think… and naturally a great deal less expensive than having to deal with an attack.
2017 was a bad year for ransomware attacks, but as 2018 progressed it was starting to look like the file-encrypting malware was being abandoned by cybercriminals in favor of more lucrative forms of attack. Between 2017 and 2018 there was a 30% fall in the number of people who encountered ransomware compared to the previous year, and the number of new ransomware variants continued to decline throughout 2018; however, now, that trend has been reversed.
2019 has seen a sharp increase in attacks. Figures from Malwarebytes indicate there was a 195% increase in ransomware attacks in Q1, 2019 and that increase has continued in Q2. A new report from Kaspersky Lab has shown that not only are attacks continuing to increase, the number of new ransomware variants being used in these attacks is also increasing sharply.
Kaspersky Lab identified 16,017 new ransomware modifications in Q2, 2019, which is more than twice the number of new ransomware modifications detected in Q2, 2018. In addition to updates to existing ransomware variants, Q2, 2019 saw 8 brand new malware families detected.
Kaspersky Lab tracked 230,000 ransomware attacks in Q2, which represents a 46% increase from this time last year. Far from ransomware dying a slow death, as some reports in 2018 suggested, ransomware is back and is unlikely to go away any time soon.
Not only are attacks increasing in frequency, ransom demands have increased sharply. Ransom demands of hundreds of thousands of dollars are now the norm. Two Florida cities paid a combined total of $1 million for the keys to unlock files encrypted by ransomware. Jackson County in Georgia paid $400,000 for the keys to unlock the encryption that crippled its court system, and recently, a massive ransomware attack that impacted 22 towns and cities in Texas saw a ransom demand of $2.5 million issued.
Earlier this year, the developers of GandCrab ransomware shut down their popular ransomware-as-a service offering. They claimed to have made so much money from attacks that they have now taken early retirement. Despite GandCrab ransomware being one of the most widely used ransomware variants for the past 18 months, the shut down has not been accompanied with a reduction in attacks. They continue to increase, as other ransomware-as-a-service offerings such as Sodinokibi have taken its place.
Ransomware attacks are increasing because they are profitable, and as long as that remains the case, ransomware is here to stay. Businesses are getting better at backing up their data but recovering files from backups and restoring entire systems is a difficult, time-consuming, and expensive task. When major attacks are experienced, such as those in Texas, recovering systems and files from backups is a gargantuan task.
Attackers realize this and set their ransom demands accordingly. A $400,000 ransom demand represents a sizable loss, but it is a fraction of the cost of recovering files from backups. Consequently, these sizable ransoms are often paid, which only encourage further attacks. It is for this reason that the FBI recommends never paying a ransom, but for many businesses it is the only option they have.
Businesses naturally need to develop plans for recovering from an attack to avert disaster in the event of ransomware being installed on their network, but they must also invest in new tools to thwart attacks. At the current rate that attacks are increasing, those tools need to be implemented soon, and that is an area where TitanHQ can help.
To find out more about email and web security solutions that can block ransomware and protect your network, give the TitanHQ team a call.
A new version of WebTitan Cloud has been released by TitanHQ. WebTitan Cloud 4.12 offers existing and new customers the opportunity to set filtering controls by location, in addition to setting organization-wide policies and role and departmental policies via links to Active Directory/LDAP.
The new feature will be especially useful to MSPs and companies with remote workers, satellite offices, bases in multiple locations, and operations in overseas countries. Organization-wide web filtering policies can be set to prevent users from accessing illegal web content and pornography, but oftentimes, the one size fits all approach does not work for web filtering. The new location filter helps solve this.
MSPs can use this new feature to set web filtering controls for customers in different locations while businesses using WebTitan Cloud can easily set a range of different policies for all users from a specific location, whether those users are accessing the Internet on or off the network.
There will naturally be times when policies need to be bypassed to enable specific tasks to be completed. Rather than making temporary changes to location or other policies, WebTitan Cloud uses cloud keys which allow policy-based controls to be temporarily bypassed.
Accompanying the location-based controls are new reporting options which allow administrators to quickly access information about web views and blocked access attempts in real time. While reports can be useful, oftentimes information needs to be accessed quickly. To help administrators find the information they need, search functionality has been enhanced.
Administrators can use the search filter on the history page to search by location name. For MSPs this allows a specific customer to be selected and for traffic information at a specific location to be quickly viewed in real time, without having to generate a report.
Location-based when filtering policies can be set and viewed for all locations through the same user interface, giving administers full visibility into traffic and settings of all customers through a single pane of glass.
It is hoped that these updates will make WebTitan even more useful for businesses and MSPs and will further improve the user experience.
TitanHQ has formed a strategic partnership with the GRIDHEART, which will see TitanHQ’s leading cloud-based email security, web security, and email archiving solutions made available to users of the Cloudmore Cloud Commerce platform.
GRIDHEART is a privately-owned Swedish company that delivers the world’s leading cloud-based solutions through its Cloud Commerce platform, Cloudmore.
For the past 10 years, GRIDHEART has been offering leading cloud solutions to its customers and resellers and now deals with more than 1,000 cloud partners. The Cloudmore platform makes selling cloud services easy and brings a wide range of cloud services together in a single unified platform.
The platform gives users complete centralized control over their cloud solutions and allows them to easily provision new customers, bill for services, automate processes, and obtain pre-and post-sales support. The platform provides a host of management tools to make control of SaaS and cloud computing simple.
The partnership with TitanHQ will see the Galway, Ireland-based cybersecurity firm add its leading cybersecurity solutions to the platform, through which users can manage the solutions for free.
GRIDHEART’s customers will be able to offer their clients the SpamTitan Cloud email security solution, the WebTitan web filtering solution, and the ArcTitan email security solution and provide multi-layered security to protect against email, web, and modern blended threats.
“By offering additional layers of cloud-based security through Cloudmore’ s unique Cloud Commerce platform, MSPs can procure and deploy IT services for their customers and quickly maximize their IT investment, enhance their security stack and lower operational costs for their customers,” said Rocco Donnino, Executive VP of Strategic Alliances at TitanHQ. “This agreement highlights the importance of delivering comprehensive security solutions to the MSP community through a single and powerful platform”
“TitanHQ fits the bill as a perfect partner with their razor focus on advanced threat protection via email and the web. We’ve very happy to have them on board,” said Stefan Jacobson, Sales Director of GRIDHEART.
In this post we explore the key benefits of Internet content control for businesses and explain how the disadvantages can be minimized or eliminated.
The Problems of Providing Unfettered Internet Access to Employees
Providing employees with Internet access makes a great deal of sense. In order to work efficiently and effectively, employees need access to the wealth of information that is available online. Via the internet, businesses can interact with customers and vendors and provide them with important information. Information can easily be shared with colleagues rather than relying on email, and a wide range of online tools are available to improve productivity.
The Internet is something of a double-edged sword. It offers the opportunity to improve productivity, but it also has potential to reduce productivity. A great deal of time is wasted online by employees – Often referred to as cyber slacking. The losses to cyber slacking can be considerable. If each employee spends an hour a day on personal Internet use, a company with 50 employees would lose 50 hours a day or 250 hours a week. That’s 13,000 hours a year lost to personal Internet use. Many employees waste much more time online than an hour a day, so the losses can be significantly higher.
Personal Internet use can also result in legal problems for businesses. Businesses can be vicariously liable for illegal activities that take place on their network. Illegal file sharing for instance. Some online activities can also lead to the creation of a hostile work environment.
Giving employees full access to the Internet also introduces security risks. As well as very beneficial websites there is no shortage of malicious web content. Phishing websites are used to steal login credentials. If credentials are stolen, hackers can gain access to the network undetected and steal data and install malware. Malware downloads are also common. The cost of mitigating cyberattacks is considerable and can be catastrophic for small to medium sized businesses.
Common Internet Content Control Issues and How to Avoid Them
The solution to these issues is to implement an Internet content control solution. By carefully controlling the websites employees can access at work, productivity losses can be avoided and businesses can effectively manage risk. Access to phishing and other malicious websites can be blocked and businesses can block categories of website that are NSFW or are a major drain on productivity. The former includes adult content and the latter includes gaming websites, dating sites, and social media websites.
Internet content control for businesses is best achieved with a web filtering solution. This can either be an appliance that sites between your Internal network and the Internet through which all web traffic passes, or a DNS-based web filter that applies Internet content control for businesses at the DNS level.
The former is a more traditional approach to content control that comes with certain disadvantages. The latter is a more modern approach, that eliminates the problems of internet content control for businesses.
The benefits of Internet content control for businesses are clear but there are disadvantages. Latency is a key issue. If Internet speed is slowed, productivity declines. Appliance based filtering solutions tend to slow Internet access and download speeds. DNS-based Internet content control for businesses avoids this. There is no latency with DNS-level filtering.
Cost is another stickling point. An appliance-based solution requires a significant outlay and the appliances are not scalable. They need to be upgraded when the business grows. DNS-based solutions on the other hand are highly scalable – up and down. DNS-based filtering is much cheaper – a few dollars a year per employee. TitanHQ also offers monthly billing to make the cost more affordable.
Appliances need to be selected to fit in with your network architecture and there can often be compatibility issues. DNS-filtering allows businesses to seamlessly integrate Internet content control into the current infrastructure. DNS-based filters are technology agnostic and work on all operating systems.
Easy Internet Content Control for Businesses
WebTitan Cloud is an innovative, easy to use, DNS-based web filter that provides cost-effective Internet content control for businesses of all sizes.
For further information on WebTitan Cloud, to arrange a product demonstration, or to register for a free trial, contact TitanHQ today.
Web filtering is important for protecting users from web-based threats and for controlling what users can do online. There are many choices of web filtering solutions, including Cisco Umbrella. While the latter is popular, many businesses and organizations are now changing from Cisco Umbrella to WebTitan.
In this post we explain some of the main benefits of changing from Cisco Umbrella to WebTitan and illustrate this with an example from the education sector.
Web Filtering for Schools and Libraries and CIPA Compliance
Web filters are a requirement of the Children’s Internet Protection Act (CIPA). CIPA was enact by congress in 2000 and is concerned with protecting minors from harmful website content such as pornography. CIPA requires schools and libraries to implement an Internet safety policy that addresses the safety and security of minors online.
To comply with CIPA, measures must be introduced to block access to obscene content, child pornography, and other web content that is considered to be harmful to minors. Additionally, schools must educate minors about appropriate online behavior and monitor the online activities of minors.
While there are many choices of web filters for schools that can help them comply with CIPA, not all solutions are created equal. While it is usually easy to block access to harmful content, with some solutions monitoring user activity can be difficult and time consuming, and solutions as feature-rich and complex as Cisco Umbrella may be considered overfill for schools and libraries only looking to block access to obscene images.
Why Did Saint Joseph Seminary College Change from Cisco Umbrella to WebTitan?
There is no doubt that Cisco has developed a powerful web filtering solution in Umbrella that can offer protection from web-based threats and allow content control, but the solution is not without its drawbacks.
One of the main downsides is usability, especially monitoring the online activities of users, something that is particularly important for CIPA compliance. It was proving to be particularly difficult for Saint Joseph Seminary College, which needed to quickly identify attempts by students to access restricted content.
“I don’t need rounded corners and elegant fonts when I am trying to see who has been visiting dangerous websites. I need to clearly see domain names and internal IPs,” explained Saint Joseph Seminary College IT Director Todd Russell. “In my opinion, after Cisco bought OpenDNS, they made some major changes to the UI which made it virtually useless for quickly looking through blocked traffic for signs of particular types of usage.” The complexity of the user interface made the solution unpopular with IT staff and the complexity was jeopardizing security.
Ease of use was a major problem, but the troubles didn’t end there. There was also the issue of cost. “We found that once Cisco bought OpenDNS, they began upping the Umbrella pricing every year at renewal time. Despite the repeated price increases, the service was not improving and there was no additional value offered,” explained Russell.
Cost and usability issues prompted Russell to look for a Cisco Umbrella alternative. After assessing various Cisco Umbrella alternatives, the decision was taken to switch from Cisco Umbrella to WebTitan. “It didn’t take long to realize that WebTitan was the best alternative for an efficient, cost-effective, and easy to use filtering solution to replace Cisco Umbrella,” explained Russell.
“I am able to quickly scan an entire previous day of blocked traffic and take a closer look at the full traffic on any users that raise a concern in a matter of minutes. This has saved me an enormous amount of time when I need to examine a user’s traffic, but it has also made it possible for me to keep close tabs on our traffic.” All the information required was accessible with just two clicks.
In terms of time savings gained from using WebTitan and the lower cost of running the solution, the college has been able to make significant cost savings as well as identify and remediate issues immediately, which means greater safety and security for students.
Cisco Umbrella Licensing
In August 2019, Cisco Umbrella licensing was updated when major changes were made to the different Cisco Umbrella packages. Previously, Cisco Umbrella licensing was based on three packages called “Professional”, “Insights” and “Platform.”
The features available under each have been rejigged and new features have been incorporated into each of the new packages. They have also been renamed as Cisco Umbrella “DNS Security Essentials”, “DNS Security Advantage”, and “DNS Secure Internet Gateway”. Each tier includes all the features of the lower tiers with the range of features increasing with each package tier. The Cisco Umbrella licensing cost also increased to reflect the more comprehensive nature of the packages. As with many other DNS filtering solutions, licensing is based on the number of users and is purchased for a minimum term of one year.
Cisco Umbrella Pricing
Cisco Umbrella pricing is not provided on its website, so contact has to be made with the company to find out the Cisco Umbrella cost for each business. The cost is dependent on many different factors, including which of the three versions of Cisco Umbrella is required. Cisco Umbrella Pricing is also changeable depending how many users need to be protected, the length of term of the contract, and any add-ons that are required. For instance, the packages only include basic support and comprehensive support comes at an additional cost.
We cannot provide up to date Cisco Umbrella pricing for each of the packages; however, to give you an idea of the Cisco Umbrella cost for comparison purposes, the lowest cost package (prior to February 2020) was $4,296 per year for 100 users, which is $3.58 per user per month. Cisco Umbrella pricing for the more comprehensive packages will be significantly more.
There is no denying Cisco Umbrella is a comprehensive Internet security product – in particular the top-level Secure Internet Gateway package – but it is priced accordingly and will be surplus to requirements for many businesses. For general business use, a DNS filtering solution that provides an equivalent level of protection from Internet-based threats and can be used to control access to Internet content can be obtained at less than a third of the price of Cisco Umbrella.
Are You Looking for an Alternative to Cisco Umbrella?
If you are currently using Cisco Umbrella and are frustrated with the interface and are unable to easily get the information you need, or if you are looking for a lower-cost alternative to Cisco Umbrella that will not jeopardize security, you have nothing to lose by evaluating WebTitan.
Contact the TitanHQ team today and you can arrange a product demonstration and set up a free trial of the full solution to see for yourself the difference it makes.
In the words of Todd Russell, “That brief demo was all I needed to know that WebTitan would serve my needs much better than Umbrella and I have been thrilled with the improvements to my workflow since switching over.”
It is straightforward to implement security controls to protect wired networks, but many businesses fail to apply the same controls to improve WiFi security, often due to a lack of understanding about how to improve wireless access point security. In this post we cover some of the main threats associated with WiFi networks and explain how easy it can be to improve wireless access point security.
Wireless Access Points are a Security Risk
Most businesses now apply web filters to control the types of content that can be accessed by employees on their wired networks but securing wireless networks can be more of a challenge. It is harder to control and monitor access and block content on WiFi networks.
Anyone within range of the access point can launch an attack, especially on public WiFi hotspots which have one set of credentials for all guest users. It is therefore essential that controls are implemented to improve wireless access point security and protect users of the WiFi network.
WiFi Security Threats
A single set of credentials means cybercriminals are afforded a high degree of anonymity. That allows them to use WiFi networks to identify local network vulnerabilities virtually undetected. They could conduct brute force attacks on routers, for example, or use WiFi access to inject malware on servers that lack appropriate security. If access is gained to the router, attacks can be launched on connected devices, and malware can be installed on multiple end points or even POS systems to steal customers’ credit/debit card information.
The cyberattack on Dyn is a good example of how malware can be installed and used for malicious purposes. The DNS service provider was attacked which resulted in large sections of the Internet being made inaccessible. A botnet of more than 100,000 compromised routers and IoT devices was used in the attack.
Man-in-the-Middle attacks are also common on Wi-Fi networks. Any unencrypted content can be intercepted, such as if information is exchanged between a user and a HTTP site, rather than HTTPS, if a VPN is not used.
Public WiFi networks are often used for all manner of nefarious purposes due to the anonymity provided. If users take advantage of that anonymity to access illegal content and download child pornography or perform copyright infringing downloads of music, films, and TV shows from P2P file sharing sites, an investigation would center on the hotspot provider. Questions would likely be asked about the lack of security controls to prevent illegal website access.
The Easy Way to Improve Wireless Access Point Security
The easy way to improve wireless access point security is a web filtering solution. Web filtering solutions are usually implemented by businesses to secure wired networks, but solutions also exist to improve wireless access point security.
A web filter forms a barrier between the users of the network and the Internet. Controls can be applied to stop users from accessing dangerous, illegal, or inappropriate website content. Even if each user has their own access controls, without a web filter, users will still be vulnerable to malware attacks and phishing attempts and the hotspot provider may be liable for illegal activities over the WiFi network.
There are two ways of implementing WiFi web filtering to improve wireless access point security. One is to rely on a list of categorized domain names and use that to control content. The other is DNS-layer web filtering, which uses the DNS lookup process that is required before any user is directed to a website after entering the domain name into their browser. The DNS server turns the domain name into an IP address to allow the web page to be found.
Why DNS Filtering is Best Way to Improve Wireless Access Point Security
The main difference between the two types of web filtering is the point at which access is blocked. With a traditional web filter, content is first downloaded before it is blocked, which is a risk. With DNS-layer filtering, content is blocked during the lookup process before content is downloaded.
If content is downloaded before being blocked, this will naturally have an impact on available bandwidth. DNS-layer filtering has no impact on bandwidth, since the content is blocked before it is downloaded.
DNS filtering does not need to be integrated with other systems and it works across all devices and operating systems, since they all use DNS servers to access websites.
DNS filtering is also quick and easy to implement. No appliances need to be purchased, hardware doesn’t need to be upgraded, and no software downloads are required. A simple change to the DNS is all that is required to point it to the provider’s DNS server. It is also much easier to maintain. No software updates are necessary and, in contrast to other security solutions, no patching is required. It is all handled by the service provider.
WebTitan Cloud for WiFi – The Leading Wireless Access Point Security Solution
TitanHQ has set the standard for WiFi security with WebTitan Cloud for WiFi. WebTitan Cloud for WiFi gives businesses the opportunity to implement bulletproof WiFi security to protect end users from online threats, block malware downloads, and carefully control the content that can be accessed by wireless network users.
Businesses that run WiFi hotspots can quickly and easily implement the solution and let TitanHQ secure their WiFi networks and provide the massive processing power to fight current and emerging web-based threats. With WebTitan Cloud for WiFi, businesses can instead concentrate on profit-generating areas of the business.
If you want to improve wireless access point security, contact TitanHQ for further information on WebTitan cloud for WiFi. Our security experts will be happy to schedule a product demonstration and set up for a free trial.
Can I secure multiple access points at different geographical locations?
WebTitan is a DNS-based web filtering solution that sees all filtering take place in the cloud. Being cloud-based, WebTitan can be used to filter the Internet at any location, for both wired and wireless networks. You can protect multiple access points through the same solution, even if those access points are in different cities or countries. You can set controls for each access point through a single web-based user interface.
Can I set different filtering controls for employees and guest users?
With WebTitan you have full control over the content that can be accessed by all users of your access points. You can set different filtering controls for individuals, departments, user groups such as guest users, and the entire organization. You have highly granular control over the content that can be accessed, with filtering by category, keyword, and URL filtering.
Is it possible to bypass filtering on access points?
Most people will attempt to bypass filtering controls on access points by using an anonymizer service or proxy. If the Internet is accessed through the anonymizer website or proxy, the actual content viewed will not be visible via the web filtering service. To prevent users from bypassing the web filter you can block anonymizer services through the WebTitan UI.
Can I block specific websites on my access points?
You can use the blacklisting feature of WebTitan to prevent a specific website from being accessed via your access points. You can do this for the entire organization, for different departments or user groups, or for specific individuals. Conversely, you can use whitelisting to allow a website to be accessed even if it contravenes other filtering controls.
Is it possible to temporarily disable filtering on access points?
With WebTitan, you do not need to disable web filtering if you need to bypass your web filtering policies on a temporary basis. You can configure a cloud key that can be used to bypass filtering controls for a limited period and can set the duration that the cloud key is valid through your UI.