SASE is emerging as a way to defeat cybercriminals by preventing malware from accessing the corporate network
Organized crime and criminal groups are increasing the pressure on enterprises in the form of cyberattacks. For most, the pre-eminent tool of attack comes in the form of ransomware, disrupting the critical operations of business until a ransom is paid. Some of those attacks have become epic in nature and have led to sensitive information being exposed or files being encrypted as a form of digital extortion.
Recent victims include Gedia, a German automotive parts manufacturer, and Travelex, a foreign currency exchange enterprise. Both businesses experienced disruption and claimed the attacks came from a criminal group that was behind a series of attacks using sophisticated malware that encrypts files, known as Sodinokibi or REvil. The criminal group also threatened to publish sensitive data from the car parts supplier on the internet unless a ransom was paid.
Ultimately, the criminal group involved is to blame for the crime, but both Gedia and Travelex may not have protected their systems effectively to prevent the crime from happening in the first place. It is speculated that the attack on Travelex was possible because the company failed to patch vulnerable VPN servers. This is important to note, especially since the NIST’s National Vulnerability Database has published more than 100 new CVEs (Common Vulnerabilities and Exposures) for VPNs since January 2019, indicating that there may be many unpatched VPN servers in use today. Even more troubling is that the root cause of the Gedia attack is still yet to be discovered, which means undiscovered vulnerabilities may very well be out in the wild.
Both attacks make it obvious how vulnerable today’s businesses are when connected to the public internet. What’s more, poor cybersecurity hygiene increases the vulnerabilities and makes large organizations tempting targets for criminal enterprises using cyberattacks. The real question becomes, What can be done to prevent such attacks?
One answer may be found in an emerging technology known as secure access service edge (SASE), a cloud-based solution built on SD-WAN technology and may become one of the predominant ways to defeat cybercriminals. SASE is a term coined by research firm Gartner and is attributed as a transformational technology.
“Most ransomware enters a network after a phishing attack or by a user downloading software from an embedded link,” said Avidan Avraham, security research team leader at Cato Networks, an organization that Gartner names as a “sample vendor” in its report on the SASE category.
“Ultimately, the attack occurs because a piece of malware was able to enter the network,” Avraham added. He makes a good point: Ransomware is only able to impact an organization if the malicious code has been placed on the network and executed. Eliminate the ability for malicious code to enter the network and ransomware and other threats can be defeated.
Of course, detecting malicious code and blocking known malware sites are only part of the security solution. Avraham also explained that infrastructure and network connectivity must be further protected to eliminate the potential for malware to infect a network.
Cato Networks isn’t the only name in the SASE game. Barracuda Networks, Zscaler, Forcepoint and BitGlass are aggressively promoting SASE as well.
SASE brings forth a different approach than traditional wide area networking solutions. SASE is built on SD-WAN and creates a secure environment that runs over the public internet. SASE fully encrypts all traffic and collapses the networking and security stack into an easily managed, unified offering, which then allows enterprises to connect over private backbones, with all traffic evaluated for cybersecurity issues. “By blocking malicious software, traffic, and lateral attacks, SASE makes it impossible for attackers to insert malicious code into a SASE-protected network,” said Avraham.