Tag Archives: their

Update Samba Servers Immediately to Patch Password Reset and DoS Vulnerabilities

Samba maintainers have just released new versions of their networking software to patch two critical vulnerabilities that could allow unprivileged remote attackers to launch DoS attacks against servers and change any other users’ passwords, including admin’s.

Samba is open-source software (re-implementation of SMB networking protocol) that runs on the majority of operating systems available

Skype Finally Adds End-to-End Encryption for Private Conversations

Good news for Skype users who are concerned about their privacy.

Microsoft is collaborating with popular encrypted communication company Signal to bring end-to-end encryption support to Skype messenger.

End-to-end encryption assured its users that no one, not even the company or server that transmits the data, can decrypt their messages.

Signal Protocol is an open source cryptographic protocol that has become an industry-wide standard—which is used in Apple iMessage, Facebook Messenger, Whatsapp, and Google Allo for secure messaging.

Dubbed Private Conversations, the new feature which is about to be introduced in Skype will offer end-to-end encryption for audio calls, text, and multimedia messages like videos and audio files.

“Skype Private Conversations give you enhanced security through end-to-end encryption with an additional layer of security for conversations between you and your friends and family,” the company announced

“Private Conversations can only be between you and one other contact. This is not supported in groups.”

How to Start Skype End-to-End Encrypted Calls and Chats

Private Conversations is already available to the Skype Insider program—a platform that allows Skype users to test new features before they rolled out to the rest of its over 300 million of users worldwide.

To initiate a new secure communication with your Skype contact, you need to tap or click on the (+) icon, select ‘New Private Conversation’ and then select the contact you would like to start the secure communication with.

A Private Conversation will have a lock icon next to your Skype contact’s name. Preview messages from Private Conversations will not appear in the chat list or notifications.

Unlike WhatsApp, end-to-end encryption feature is not enabled by default in Skype and users need to select ‘New Private Conversation’ from the app’s “Compose” menu, or from another user’s profile to initiate a secure communication—it’s like Facebook Messenger’s Secret Conversations, which is also based on of Signal.

Unfortunately, Private Conversations also doesn’t currently support video calling, but this is secured by the standard encryption that Microsoft already provides with its Skype service.

Also, even with Private Conversations enabled, Skype will still be able to access some information (metadata) about your secure communications, like when you initiate them, and how long the conversation last.

Skype Insider users can test Private Conversations using Skype build version for iOS, Android, Linux, Mac, and Windows Desktop.

Cryptocurrency Mining Scripts Now Run Even After You Close Your Browser


Some websites have found using a simple yet effective technique to keep their cryptocurrency mining javascript secretly running in the background even when you close your web browser.

Due to the recent surge in cryptocurrency prices, hackers and even legitimate website administrators are increasingly using JavaScript-based cryptocurrency miners to monetize by levying the CPU power of their visitor’s PC to mine Bitcoin or other cryptocurrencies.

After the world’s most popular torrent download website, The Pirate Bay, caught secretly using Coinhive, a browser-based cryptocurrency miner service, on its site last month, thousands of other websites also started using the service as an alternative monetization model to banner ads.

However, websites using such crypto-miner services can mine cryptocurrencies as long as you’re on their site. Once you close the browser window, they lost access to your processor and associated resources, which eventually stops mining.

Unfortunately, this is not the case anymore.

Security researchers from anti-malware provider Malwarebytes have found that some websites have discovered a clever trick to keep their cryptocurrency mining software running in the background even when you have closed the offending browser window.

How Does This Browser Technique Work?

According to a blog post published Wednesday morning by Malwarebytes, the new technique works by opening a hidden pop-under browser window that fits behind the taskbar and hides behind the clock on your Microsoft’s Windows computer.

From there (hidden from your view), the website runs the crypto-miner code that indefinitely generates cryptocurrency for the person controlling the site while eating up CPU cycles and power from your computer until and unless you notice the window and close it.


Researchers say this technique is a lot harder to identify and able to bypass most ad-blockers because of how cleverly it hides itself. The crypto-miner runs from a crypto-mining engine hosted by Amazon Web Servers.

“This type of pop-under is designed to bypass adblockers and is a lot harder to identify because of how cleverly it hides itself,” Jérôme Segura, Malwarebytes’ Lead Malware Intelligence Analyst, says in the post. “Closing the browser using the “X” is no longer sufficient.”

To keep itself unidentified, the code running in the hidden browser always takes care of the maximum CPU usage and maintains threshold to a medium level.

You can also have a look at the animated GIF image that shows how this clever trick works.

This technique works on the latest version of Google’s Chrome web browser running on the most recent versions of Microsoft’s Windows 7 and Windows 10.

How to Block Hidden Cryptocurrency Miners

If you suspect your computer CPU is running a little harder than usual, just look for any browser windows in the taskbar. If you find any browser icon there, your computer is running a crypto-miner. Now simply, kill it.

More technical users can run Task Manager on their computer to ensure there is no remnant running browser processes and terminate them.

Since web browsers themselves currently are not blocking cryptocurrency miners neither does the integrated Windows Defender antivirus software, you can use antivirus programs that automatically block cryptocurrency miners on web pages you visit.

For this, you can contact your antivirus provider to check if they do.

Alternatively, you can make use of web browser extensions, like No Coin, that automatically block in-browser cryptocurrency miners for you, and regularly update themselves with new mining scripts that come out.

Created by developer Rafael Keramidas, No Coin is an open source extension that blocks Coin Hive and other similar cryptocurrency miners and is available for Google Chrome, Mozilla Firefox, and Opera.

No Coin currently does not support Microsoft Edge, Apple Safari, and Internet Explorer. So, those using one of these browsers can use an antimalware program that blocks cryptocurrency miners.

New Mirai Botnet Variant Found Targeting ZyXEL Devices In Argentina


While tracking botnet activity on their honeypot traffic, security researchers at Chinese IT security firm Qihoo 360 Netlab discovered a new variant of Mirai—the well known IoT botnet malware that wreaked havoc last year.

Last week, researchers noticed an increase in traffic scanning ports 2323 and 23 from hundreds of thousands of unique IP addresses from Argentina in less than a day.

The targeted port scans are actively looking for vulnerable internet-connected devices manufactured by ZyXEL Communications using two default telnet credential combinations—admin/CentryL1nk and admin/QwestM0dem—to gain root privileges on the targeted devices.

Researchers believe (instead “quite confident”) this ongoing campaign is part of a new Mirai variant that has been upgraded to exploit a newly released vulnerability (identified as CVE-2016-10401) in ZyXEL PK5001Z modems.

“ZyXEL PK5001Z devices have zyad5001 as the su (superuser) password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP’s deployment of these devices),” the vulnerability description reads.

Mirai is the same IoT botnet malware that knocked major Internet companies offline last year by launching massive DDoS attacks against Dyndns, crippling some of the world’s biggest websites, including Twitter, Netflix, Amazon, Slack, and Spotify.


Mirai-based attacks experienced sudden rise after someone publicly released its source code in October 2016. Currently, there are several variants of the Mirai botnet attacking IoT devices.

The biggest threat of having the source code of any malware in public is that it could allow attackers to upgrade it with newly disclosed exploits according to their needs and targets.

“For an attacker that finds a new IoT vulnerability, it would be easy to incorporate it into the already existing Mirai code, thus releasing a new variant,” Dima Beckerman, security researcher at Imperva, told The Hacker News.

“Mirai spread itself using default IoT devices credentials. The new variant adds more devices to this list. Still, we can’t know for sure what other changes were implemented into the code. In the future, we might witness some new attack methods by Mirai variants.”

This is not the very first time when the Mirai botnet targeted internet-connected devices manufactured by ZyXEL. Exactly a year before, millions of Zyxel routers were found vulnerable to a critical remote code execution flaw, which was exploited by Mirai.

Secure Your (Easily Hackable) Internet-Connected Devices

1. Change Default Passwords for your connected devices: If you own any internet-connected device at home or work, change its default credentials. Keep in mind; Mirai malware scans for default settings.

2. Disable Remote Management through Telnet: Go into your router’s settings and disable remote management protocol, specifically through Telnet, as this is a protocol used to allow one computer to control another from a remote location. It has also been used in previous Mirai attacks.

3. Check for Software Updates and Patches: Last but not the least—always keep your internet-connected devices and routers up-to-date with the latest firmware updates and patches.

European Companies Must Tell Employees If Their Work Emails Are Being Monitored


Finally, European companies must inform employees in advance if their work email accounts are being monitored.

The European Court of Human Rights (ECHR) on Tuesday gave a landmark judgement concerning privacy in the workplace by overturning an earlier ruling that gave employers the right to spy on workplace communications.

The new ruling came in judging the case of Romanian engineer Bogdan Barbulescu, who was fired ten years ago for sending messages to his fianceé and brother using his workplace Yahoo Messenger account.

Earlier Romanian courts had rejected Barbulescu’s complaint that his employer had violated his right to correspondence—including in January last year when it was ruled that it was not “unreasonable for an employer to want to verify that the employees are completing their professional tasks during working hours.

But now, the European court ruled by an 11-6 majority that Romanian judges failed to protect Barbulescu’s right to private life and correspondence, as set out in article 8 of the European Convention on Human Rights.

Apparently, Barbulescu’s employer had infringed his right to privacy by not informing him in advance that the company was monitoring his account and communications. His employer used surveillance software in order to monitor his computer activities.

The right to respect for private life and for the privacy of correspondence continued to exist, even if these might be restricted in so far as necessary,” the court writes in a press release about the decision.

The Court considered, following international and European standards, that to qualify as prior notice, the warning from an employer had to be given before the monitoring was initiated, especially where it entailed accessing the contents of employees’ communications.

The ruling will now become law in 47 countries that have ratified the European Convention on Human Rights.

In a Q & A section on its website, the European Court of Human Rights says the judgement doesn’t mean that companies can’t now monitor their employee’s communications at workplace and that they can still dismiss employees for private use.

However, the ECHR says that the employers must inform their staff in advance if their communications are being monitored, and that the monitoring must be carried out for legitimate purposes and limited.

Powered by WPeMatico

FDA Recalls Nearly Half a Million Pacemakers Over Hacking Fears


Almost half a million people in the United States are highly recommended to get their pacemakers updated, as they are vulnerable to hacking.

The Food and Drug Administration (FDA) has recalled 465,000 pacemakers after discovering security flaws that could allow hackers to reprogram the devices to run the batteries down or even modify the patient’s heartbeat, potentially putting half a million patients lives at risk.

A pacemaker is a small electrical battery-operated device that’s surgically implanted in the chest of patients to help control their heartbeats. The device uses low-energy electrical pulses to stimulate the heart to beat at a normal rate.

Six types of pacemakers, all manufactured by health-tech firm Abbott (formerly of St. Jude Medical) are affected by the recall, which includes the Accent, Anthem, Accent MRI, Accent ST, Assurity, and Allure.

All the affected models are radio-frequency enabled cardiac devices—typically fitted to patients with irregular heartbeats and patients recovering from heart failure—and were manufactured before August 28th.

In May, researchers from security firm White Scope also analysed seven pacemaker products from four different vendors and discovered that pacemaker programmers could intercept the device using “commercially available” equipment that cost between $15 to $3,000.

“Many medical devices—including St. Jude Medical’s implantable cardiac pacemakers—contain configurable embedded computer systems that can be vulnerable to cybersecurity intrusions and exploits,” the FDA said in a security advisory

“As medical devices become increasingly interconnected via the Internet, hospital networks, other medical devices, and smartphones, there is an increased risk of exploitation of cybersecurity vulnerabilities, some of which could affect how a medical device operates.”

To protect against these critical vulnerabilities, the pacemakers must be given a firmware update. The good news is that those affected by the recall do not require to have their pacemakers removed and replaced.

Instead, patients with these implanted, vulnerable device must visit their healthcare provider to receive a firmware update—something that would take just 3 minutes or so to complete—that can fix the vulnerabilities.

In the U.S., the pacemaker devices to which the firmware update applies include Accent SR RF, Accent MRI, Assurity, Assurity MRI, Accent DR RF, Anthem RF, Allure RF, Allure Quadra RF, and Quadra Allure MP RF.

Outside of the U.S., the pacemaker devices to which this update applies include Accent SR RF, Accent ST, Accent MRI, Accent ST MRI, Assurity, Assurity +, Assurity MRI, Accent DR RF, Anthem RF, Allure RF, Allure Quadra RF, Quadra Allure MP RF, Quadra Allure, and Quadra Allure MP.

As a result of the firmware update, any external device trying to communicate with the pacemaker will require authorization.

Moreover, the software update also introduces data encryption, operating system fixes, the ability to disable network connectivity features, according to Abbott’s press release published on Tuesday, August 29.

Any pacemaker device manufactured beginning August 28, 2017, will have the firmware update pre-installed and will not need the update.

The FDA recall of devices does not apply to implantable cardiac defibrillators (ICDs) and cardiac resynchronization ICDs.

Abbott is working with the FDA, the U.S. Department of Homeland Security (DHS), global regulators, and leading independent security experts, in efforts to “strengthen protections against unauthorized access to its devices.”

Although there are no reports of compromised pacemakers yet, the threat is enough to potentially harm heart patients with an implanted pacemaker that could even put their lives at great risk.

Powered by WPeMatico

Here’s How CIA Spies On Its Intelligence Liaison Partners Around the World

Wikileaks Exposes How CIA Spies On Its Intelligence Liaison Partners Around the World

WikiLeaks has just published another Vault 7 leak, revealing how the CIA spies on their intelligence partners around the world, including FBI, DHS and the NSA, to covertly collect data from their systems.

The CIA offers a biometric collection system—with predefined hardware, operating system, and software—to its intelligence liaison partners around the world that helps them voluntary share collected biometric data on their systems with each other.

But since no agency share all of its collected biometric data with others, the Office of Technical Services (OTS) within CIA developed a tool to secretly exfiltrate data collections from their systems.

Dubbed ExpressLane, the newly revealed CIA project details about the spying software that the CIA agents manually installs as part of a routine upgrade to the Biometric system.

The leaked CIA documents reveal that the OTS officers, who maintain biometric collection systems installed at liaison services, visit their premises and secretly install ExpressLane Trojan while displaying an “upgrade Installation screen with a progress bar that appears to be upgrading the biometric software.”

“It will overtly appear to be just another part of this system. It’s called: MOBSLangSvc.exe and is stored in WindowsSystem32,” leaked CIA documents read. 

“Covertly it will collect the data files of interest from the liaison system and store them encrypted in the covert partition on a specially watermarked thumb drive when it is inserted into the system.”

ExpressLane includes two components:

  • Create Partition — This utility allows agents to create a covert partition on the target system where the collected information (in compressed and encrypted form) will be stored.
cia hacking tool
  • Exit Ramp — This utility lets the agents steal the collected data stored in the hidden partition using a thumb drive when they revisit.
cia hacking tools

The latest version ExpressLane 3.1.1 by default removes itself after six months of the installation in an attempt to erase its footprints, though the OTA officers can change this date.

The biometric software system that CIA offers is based on a product from Cross Match, a US company specialized in biometric software for law enforcement and the intelligence community, which was also used to “identify Osama bin Laden during the assassination operation in Pakistan.”

Previous Vault 7 CIA Leaks

Last week, WikiLeaks published another CIA project, dubbed CouchPotato, which revealed the CIA’s ability to spy on video streams remotely in real-time.

Since March, WikiLeaks has published 21 batches of “Vault 7” series, which includes the latest and last week leaks, along with the following batches:

  • Dumbo — A CIA project that disclosed the CIA’s ability to hijack and manipulate webcams and microphones to corrupt or delete recordings.
  • Imperial — A CIA project that revealed details of at least 3 CIA-developed hacking tools and implants designed to target computers running Apple Mac OSX and different flavours of Linux OS.
  • UCL/Raytheon — An alleged CIA contractor, who analysed in-the-wild malware and hacking tools and submitted at least five reports to the spying agency for help it developed its malware.
  • Highrise — An alleged CIA project that allows the spying agency to stealthy collect and forward stolen information from compromised phones to its server via SMS messages.
  • BothanSpy and Gyrfalcon — Two alleged CIA implants that allowed the US agency to intercept and exfiltrate SSH credentials from target Windows and Linux computers.
  • OutlawCountry – An alleged CIA project that let the agency hack and remotely spy on computers running Linux OS.
  • ELSA – Alleged CIA malware that tracks the location of targeted laptops and PCs running the Microsoft Windows operating system.
  • Brutal Kangaroo – A Microsoft Windows tool suite used by the agents to target closed networks or air-gap PCs within an organisation or enterprise without requiring any direct access.
  • Cherry Blossom – A CIA framework employed by its agents to monitor the Internet activity of the target systems by exploiting bugs in Wi-Fi devices.
  • Pandemic – A CIA project that let the spying agency turn Windows file servers into covert attack machines that can silently infect other systems of interest inside the same network.
  • Athena – A spyware framework that the US secretive agency uses to take full control of the infected Windows machines remotely and works against every version of Windows operating system–from Windows XP to Windows 10.
  • AfterMidnight and Assassin – Two alleged CIA malware frameworks for the Windows platform that’s designed to monitor and report back actions on the infected remote host system and execute malicious actions.
  • Archimedes – Man-in-the-middle attack tool allegedly developed by the US agency to target systems inside a Local Area Network (LAN).
  • Scribbles – Software allegedly designed to embed ‘web beacons’ into confidential documents, allowing the agents to track insiders and whistleblowers.
  • Grasshopper – A framework that let the spying agency easily create its custom malware for breaking into Microsoft Windows and bypassing antiviruses.
  • Marble – Source code of a secret anti-forensic tool used by the US agency to hide the actual source of its malicious payload.
  • Dark Matter – Hacking exploits the US spying agency designed and used to target iPhones and Macs.
  • Weeping Angel – A spying tool used by the CIA agents to infiltrate smart TV’s and transform them into covert microphones.
  • Year Zero – CIA hacking exploits for popular hardware and software.

Powered by WPeMatico

Fappening 2017: More Celebrity Nude Photos Hacked and Leaked Online


It seems like celebrities have not taken their security seriously, which once again resulted in the leaking of nude and personal photographs of more a-listed celebrities.

Dozens of personal and intimate photos of Anne Hathaway, Miley Cyrus, Kristen Stewart, Katharine McPhee, golfer Tiger Woods and his ex Lindsey Vonn have reportedly been surfaced on the Internet, and have widely been shared on Reddit, Tumblr and Twitter.

The incident comes a few months after “The Fappening 2.0” surfaced, leaking alleged pictures of many female celebrities, including Emma Watson and Amanda Seyfried on Reddit and 4chan.

The latest release of celebs private photos seems to have come after an unidentified hacker or group of hackers has gained access to celebs’ Apple iCloud accounts and stolen private iPhone photos and videos.

A similar trick was used in the 2014 Fappening incident, where anonymous hackers flooded the Internet with private photographs of major celebrities, including Jennifer Lawrence, Kim Kardashian, Kate Upton and Kirsten Dunst.

Apple responded to the 2014 hack by pledging to bolster iCloud security, and the Fappening 2014 hackers have since been sent to prison.

Miley Cyrus, Anne Hathaway, Amanda Seyfried, Demi Lovato, Lucy Hale, Kate Hudson, Rose McGowan, Rosario Dawson, Suki Waterhouse and Alison Brie, and much more are just the latest victims adds to the long list of affected celebrities.

The compromised images were posted on the Celeb Jihad website, and the celebrities’ lawyers are reported to be actively working to get those pictures taken off, but they are now being copied and shared across the internet.

The 2014 Fappening hackers used phishing to trick celebrities into entering their iCloud account credentials into bogus ‘security’ websites and then accessed private photographs and videos of more than 300 victims.

However, it is unclear what attack vector attackers used in the latest hack to broke into celebrities’ iCloud accounts.

How To Keep Your Private Photos Private

If you are looking for the best way to keep your photos off the Internet, the simplest solution to this is—Don’t click them and store them insecurely. But if you do so, there are a few steps that you can follow to minimise the risk:

  • Do not click on any suspicious links or attachments in the email you received.
  • When in doubt, contact the sender to confirm that he or she sent the email to you or not.
  • Never provide your personal or financial information through an email to anyone.
  • No service, be it Google, Apple, or Microsoft, ever asks for your password or any other sensitive personal information over an email.
  • It’s always a good idea to regularly update your passwords and security questions.
  • Enable two-factor authentication on your accounts and always choose a strong and different password for all your accounts. If you are unable to create and remember different passwords for each site, you can use a good password manager.

Powered by WPeMatico

Microsoft Launches Ethereum-Based ‘Coco Framework’ to Speed Up Blockchain Network


A growing number of enterprises are showing their interest in blockchains, but the underlying software fails to meet key enterprise requirements like performance, confidentiality, governance, and required processing power.

However, Microsoft wants to help solve these issues and make it easier for the enterprises to build their networks using any distributed ledger.

Microsoft has unveiled a framework called “Coco” — short for “Confidential Consortium” — a new open-source foundation for enterprise blockchain networks.

Coco is an Ethereum-based protocol which has been designed to help commercial companies and large-scale enterprises process information on the Ethereum Blockchain with increased privacy.

“Coco presents an alternative approach to Ledger construction, giving enterprises the scalability, distributed governance and enhanced confidentiality they need without sacrificing the inherent security and immutability they expect,” Mark Russinovich, the CTO at Microsoft Azure said in an official statement.

The framework can be integrated with a number of popular open-source blockchain networks and distributed ledgers, including Ethereum, R3’s Corda, Intel’s Hyperledger Sawtooth and JPMorgan’s Quorum.


Since Blockchain transaction speed is so slow that it can only handle a handful of transactions in a second, the company wants the technology to handle a thousand or more transactions per second.

To solve this hurdle, the Coco Framework leverages the power of existing blockchain protocols, trusted execution environments (TEEs) — including Intel’s SGX (Software Guard Extensions) and Windows Virtual Secure Mode (VSM), distributed systems and cryptography.

With these TEEs, one can build a network of trusted enclaves that all agree on the ledger and the Coco code they are running that deliver:

  • Throughput and latency approaching database speeds.
  • Richer, more flexible, business-specific confidentiality models.
  • Network policy management through distributed governance.
  • Support for non-deterministic transactions.

Video Demonstration

In a video demonstration, the Coco framework resulted in an increased volume of nearly 1,700 transactions per second using a private version of the Ethereum blockchain, when compared to about 13 transactions per second without the framework.

However, the average transaction speed of blockchains integrated with the Coco framework is about 1,600 transactions per second, allowing companies to control permissions on a network without making the process slower.

Microsoft said the company has already started exploring the Coco Framework’s potential across a variety of industries, including supply chain, retail and financial services.

“Being able to run our existing supply chain Dapp code much faster within Coco framework is a great performance improvement that will reduce friction when we talk about enterprise Blockchain readiness with our retail customers,” Tom Racette, the vice president at Mojix, said. 

“Adding data confidentiality support without sacrificing this improvement is what will enable us to lead the digital transformation we are envisioning with Smart Supply Chains.”

Microsoft said Coco framework will be ready by 2018 and will be released as open source software. The company has made a technical whitepaper available on GitHub.

Powered by WPeMatico

What is the hype around Firewall as a Service?


Admit it. Who would not want their firewall maintenance grunt work to go away?

For more than 20 years, companies either managed their edge firewall appliances or had service providers rack-and-stack appliances in their data centers and did it for them.

This was called a managed firewall — an appliance wrapped with a managed service, often from a carrier or managed security service provider (MSSP).

The provider assumed the management of the firewall box, its software, and even its policy and management from the over-burdened IT team. But customers ended up paying for the inefficiency of dealing with appliances (i.e. “grunt work”) because the problem just shifted to the provider. A new architecture was needed – a transformation from an appliance form factor to a true cloud service.

In a 2016 Hype Cycle for Infrastructure Protection report, Gartner analyst Jeremy D’Hoinne initiated the emerging category of Firewall as a Service (FWaaS).

He defined FWaaS as “…a firewall delivered as a cloud-based service or hybrid solution (that is, cloud plus on-premises appliances). The promise of FWaaS is to provide simpler and more flexible architecture by leveraging centralized policy management, multiple enterprise firewall features and traffic tunneling to partially or fully move security inspections to a cloud infrastructure

Recently, in the 2017 Magic Quadrant for Unified Threat Management (SMB Multifunction Firewalls), the analysts reference a Gartner client survey indicating 14% of respondents were likely (8%) or very likely (6%) to consider moving all the firewall security functions to FWaaS.

FWaaS isn’t merely packaging of legacy appliances into a managed service. It is challenging the decades-old concept of the appliance as the primary form factor to deliver network security capabilities.

What is an FWaaS?

FWaaS offers a single logical firewall that is available anywhere, seamlessly scales to address any traffic workload, enforces unified policy, and self-maintained by a cloud provider.

Let’s look at these elements in more detail.

• Single, global firewall instance — One firewall instance for the entire global organization is radically different than the current architecture that places a network security stack at each location, a regional hub or a datacenter.

With FWaaS every organizational resource (data center, branch, cloud infrastructure or a mobile user) plugs into the FWaaS global service and leverages all of its security capabilities (application control, URL filtering, IPS, etc).

• Seamlessly scales to address inspection workload — FWaaS provides the necessary compute resources to perform all security processing on all traffic regardless of source or destination.

IT teams no longer need complex sizing processes to determine the appliance capacity needed to plan for today’s business requirements and future growth.

For example, the increase in SSL traffic volume pressures appliance processing capacity and can force unplanned. FWaaS can scale to accommodate these needs without disrupting the customer’s business operations.

• Enforcing a unified policy — A single firewall, by design, has a single security policy. While legacy appliance vendors created centralized management consoles to ease managing distributed appliances, IT must still consider the individual firewalls instances per location and often customize policies to the locations’ unique attributes.

In heterogenous firewall environments (often created due to M&A) security policy is hard to configure and enforce increasing exposure to hackers and web-borne threats. Contrast that with a single cloud-based firewall that uniformly applies the security policy on all traffic, for all locations and users.

• Self-maintained — One of the most painful aspects of firewall management is maintaining the software through patches and upgrades. It is a risky process that could impact business connectivity and security.

Many IT teams tend to skip or completely avoid software upgrades, leaving enterprise exposed. Because the cloud-based firewall software is maintained by the FWaaS provider and is shared by all customers, the firewall is kept up to date by quickly fixing vulnerabilities and bugs, and rapidly evolving with new features and capabilities that the customers can immediately access.

FWaaS is bringing genuine relief to overburdened IT teams within enterprises and service providers. Instead of wasting cycles on sizing, deploying, patching, upgrading and configuring numerous edge devices, work can now shift to delivering true security value to the business through early detection and fast mitigation of true risk.

FWaaS Providers

FWaaS is not a mere concept. It has been deployed in production deployments and by several vendors.

Cato Networks is a provider of the Cato Cloud, built from the ground up to deliver Firewall as a Service.

Cato provides an optimized, global SD-WAN, ensuring resilient connectivity to its FWaaS in from all regions of the world. Cato can completely eliminate edge firewalls by inspecting both WAN and Internet-bound traffic. The Cato Cloud FWaaS further extends to mobile users and cloud datacenters.

Zscaler provides FWaaS for Internet-bound traffic from remote branches and mobile users. To secure WAN traffic, customers must rely on other means.

Palo Alto Networks recently announced a similar service. It uses its next generation firewall within a cloud service to protect users, whether in remote locations or mobile, accessing the Internet.

FWaaS is a viable alternative for IT teams that waste time and money to sustain their distributed edge firewall environments — the so-called appliance sprawl.

With FWaaS, they can now reduce the operational and capital expense of upgrading and refreshing appliances as well as the attack surface resulting from delayed patches and unmitigated vulnerabilities.

By simplifying the network security architecture, FWaaS makes IT more productive and the business secure.

Powered by WPeMatico