Webinar Dec. 10th: Stop Ransomware, kill the VPN.

Webinar Stop Ransomware Dec. 10th

Find out how to stop Ransomware, secure RDP and kill the VPN with Zero Trust Network Access on Dec. 10th at 2PM ET on this live webinar with our partner Cozzi Consulting

Unsecure RDP connections and VPN are the two main ways ransomware can proliferate on a corporate network. Join us for a webinar on how to keep RDP access secure while eliminating the VPN with Zero Trust Network Access (ZTNA). TransientX delivers ZTNA by creating disposable, transient connections between the user and the corporate resource, providing only the access needed for the time it’s needed, dramatically reducing the attack surface for hackers.

Our CEO Egemen Tas will be presenting, hosted by Tony Marcozzi of Cozzi Consulting and John Sarina, TransientX VP of Channels & Partnerships.

Cozzi Consulting
Tony Marcozzi
Cozzi Consulting
John Sarina VP Sales
John Sarina
VP, Channels and Partners
Egemen Tas. Founder & CEO
Egemen Tas
CEO and Founder

Register here and we’ll see you there!

Or if you can’t make it, read more about securing RDP with ZTNA to stop Ransomware at the source in this blog post: https://transientx.com/blog/stop-ransomware-attacks-at-the-source/ 

How a Global Paint and Chemical Company Secured Remote Workers with TransientAccess ZTNA

Betek, with 2000 employees in 16 countries, chose TransientAccess to replace its legacy VPN with Zero-Trust Network Access (ZTNA), allowing them to use remote clients, SAP in particular, with confidence.

While looking for a product to replace their current VPN solution and secure remote workers, Betek found TransientX’s TransientAccess based on a recommendation from their partner, Maya ICT, one of Turkey’s leading MSSPs. Maya ICT had already incorporated TransientAccess into their cloud security offering for customers. Betek’s goals were to:

• Implement a zero-trust model
• Secure remote workers with ZTNA and eliminate the VPN
• Provide granular control of remote network access between offices
• Provide secure access by 3rd parties to in-house SAP apps without a VPN
• Implement micro-segmentation of critical apps
• Create and manage application-based user policies within minutes
• Support private cloud and hybrid architectures

As part of their search for a solution, Betek explored how they could implement microsegmentation in their critical applications for the company with their existing systems, but they could not fully support this for end users. Managing the many different user profiles in order to partially control access to their VPNs was time consuming and difficult.
This solution was not scalable and was difficult in terms of change management. Moreover, they had to support a wide variety of their customers’ IT architectures, including private cloud and hybrid architectures.

” TransientAccess is very easy to use, but the main benefit is that it provides very powerful control with the features it provides.
They made it possible to define a variety of policies for different groups with different needs. We could not find any other alternative system that met our needs as we define various policies for all our users. It provides security so easily.” -Feza Zengin,
IT Manager at Betek.

Read the full case study here or contact us to try it out for yourself.

Zero Trust Network Access: What and Why?

Legacy NAC and VPN for accessing corporate networks

ZTNA, NAC, SDP, RDP, VPN: Making sense of the remote access alphabet soup.

Zero Trust Security is a hot topic and with good reason. But what does it really mean in practice, when applied to solving remote access security challenges? In this post we provide an introduction on Zero Trust Security as it applies to Network Access (ZTNA) to help sort it out.

Before Zero Trust, a user or device was validated as having the correct credentials and the right to access the network. Once that step was complete the user or device had a wide open path to the network and resources. To mitigate the risk that a valid user would access systems they weren’t supposed to, role-based access control (or RBAC) was implemented. In theory this worked in conjunction with least-privileged access (the Principle of Least Privilege or PoLP) so that users were only granted access to the resources they needed and nothing more.

VPNs – Virtual Private Networks – are the ubiquitous technology for providing remote users access to enterprise resources. However, they are a network-layer technology, meaning that once the user is validated and logged in, the user’s device now has an open network connection to the corporate network. To mitigate the security risk of this open pipe, in addition to RBAC and PoLP, enterprises deploy Network Access Control (NAC) to verify first that a given device has the correct security posture – is the device allowed, independent of the user? Does the device have up to date AV running and passed a scan? And so forth.

VPN
Legacy NAC and VPN for accessing corporate networks

Once a user logged in to the VPN client, and his device passed the NAC security check, one of the most common resources accessed are remote desktops, most often with Remote Desktop Protocol or RDP. Although it is a proprietary Microsoft protocol, it does have cross-platform support for non-Windows devices.

That in essence is the technology stack most widely deployed in enterprises today to enable remote access: VPN clients where devices are validated by NACs. Users are granted access based on RBAC, PoLP to resources, including remote desktops over RDP.

Zero Trust Network Access (ZTNA) offers a simpler, more secure alternate vision. ZTNA turns the existing paradigm on its head – rather than open up a wide open pipe and then retroactively find ways to narrow it down, ZTNA assumes no device or user should be trusted, and no access granted by default except that explicitly required only for the duration required.

This is critical in a world where there is no fixed perimeter any more, but rather a software-defined perimeter (SDP).

TransientAccess takes ZTNA and SDP a step further, delivering true app-to-app connectivity over disposable networks. That is, there is never a device to device connection, nor is a user validated for anything more than what the user needs access to for the time the user is accessing it.

TransientAccess Zero Trust Network Access
TransientAccess Zero Trust Network Access

TransientX has a unique approach to Zero Trust Network Access (ZTNA):

  • A lightweight agent, creating a disposable virtual network connecting the local app to the enterprise resource on-prem or in the cloud.
  • A “Transient Virtual App Network”

This approach means TransientX can deliver on the promise of truly secure remote access for an organization’s workforce and business partners. Learn more in our intro video, contact us to get TransientAccess now or scroll below for further reading:

Further Reading:

https://transientx.com/content/zero-trust-network-access.html

https://transientx.com/content/zero-trust-network-access.html

References:

https://en.wikipedia.org/wiki/Principle_of_least_privilege

https://en.wikipedia.org/wiki/Role-based_access_control

https://en.wikipedia.org/wiki/Virtual_private_network

https://en.wikipedia.org/wiki/Remote_Desktop_Protocol

https://en.wikipedia.org/wiki/Software_Defined_Perimeter

Delivering a Unified TransientAccess User Experience

TransientAccess User Experience (UX)

For users, a consistent UX across all platforms and devices

TransientAccess provides a consistent user experience across all platforms: Windows, Mac, iPad, Android and iPhone. We’ve produced a short video showing how TransientAccess delivers radically simple Zero Trust Network Access (ZTNA) with the same UX across all devices and platforms, whether the devices are managed or unmanaged.

Ease of use, simplicity, performance and consistency are security factors. Nothing will motivate end users faster to bypass security controls than poor UX or degraded performance. With the TransientAccess user experience, the user sees no performance degradation vs VPN and has no learning curve as they switch platforms and devices.

See more here and contact us if you’re ready to try for yourself:

How a Leading Sports Club Secured SAP with TransientAccess ZTNA

Fenerbahce ZTNA Case Study with TransientAccess

TransientAccess delivers true Zero Trust Network Access for the Fenerbahce Sports Club

With over 5000 employees and more than 300,000 members,
Fenerbahce is one of the largest multi-sport clubs in Turkey and is a
major retailer in its own right.

With their dedicated fan bases, legal and illegal betting riding on game results and big revenue streams, professional sports clubs are among the most targeted companies by hackers. Successful attacks can have devastating effects on company operations and reputation.

An organization’s viability can be imperiled because of damage caused by IP loss. For an organization like Fenerbahçe, SAP is the most important digital asset to defend. Protecting such a high value asset means going beyond traditional security paradigms. Most organizations deploy multiple security layers to protect SAP data, such as NGFWs, AV, MFA along with robust IT security policies. Yet all these steps can still leave holes that
need to be closed.

FC Fenerbahce relies heavily on SAP for all business-critical processes. The executives and security teams are responsible for carrying out this process knowing that their business revolves around this information. However, they are also aware of hidden dangers such as user accesses, file downloads, and data leaks that can occur due to data streaming. It therefore became critical to implement solutions that monitor and prevent such leaks.

“After a detailed product assessment, in-depth presentations and a pilot
project to measure performance in our company’s environment,
TransientAccess demonstrated reliability and effectively demonstrated its
value in providing SAP access and data security.”
– BĂĽlent Kaçmaz, CTO, FC
Fenerbahçe

Securing remote access for SAP with ZTNA

TransientAccess is able to proactively eliminate threats such as data loss and ransomware attacks by providing users with an operational convenience they have not experienced before.


As a result, TransientAccess provides proactive protection against commercial damage by ensuring data protection and facilitating secure operational processes. Thanks to the micro-segmentation feature of TransientAccess, only relevant users are authorized to access company data in the relevant SAP modules. IT Managers can now see ‘who’ can access ‘which’ data from the SAP system and make sure that this data is securely encrypted, even outside the company.

Read the full case study here or contact us to try it out for yourself.

TransientAccess Performance vs VPN

TransientAccess ZTNA performance vs Open VPN

Speed Matters.

While security is the prime consideration when moving from VPN to ZTNA, another important factor is performance. Not only do VPNs have a broad attack surface, they can impact dramatically network speeds for the endpoint. That’s why TransientAccess ZTNA’s performance vs traditional VPN clients like Open VPN is crucial.

Performance degradation in effect becomes a security issue, as the degraded user experience pushes users to avoid using VPNs and the already-limited security they provide. Shadow IT emerges and IT security teams get pressure to loosen controls.

Instead, with a Zero Trust Network Access (ZTNA) approach like TransientAccess, there’s no performance degradation. That’s in addition to the inherent security advantages of app to app security provided only when needed as needed on transient, disposable networks.

ZTNA Performance vs Open VPN

We’ve made a short video here showing the real-world performance hit of TransientAccess ZTNA vs a VPN client (in this example, Open VPN):

TransientAccess ZTNA Performance vs Open VPN

Whether remote access is via a mobile client or desktop, and whether it’s OpenVPN or a commercial VPN client, performance degradation will always be an issue. Contact us to compare for yourself.

File Access the Zero Trust Way

accessing Windows & Linux file shares securely without the VPN

Accessing Windows & Linux file shares securely without the VPN

Remote file access has always been a major use case for enterprise IT. In the 20th century (yes last century!) when VPNs were invented, they were used to solve pain points associated with offsite workers having to copy files from onsite computers to offsite. At the time floppy disks, CDs and USB sticks were the leading-edge technologies of choice.

Fast forward to today. Along with the dramatic increase in offsite workers, different file sharing problems have arisen: tracking changes, preventing data leaks, BYOD devices accessing corporate files etc. Companies like Box.com or Dropbox.com focus on solving these problems. While they do solve certain pain points, there is a trade-off: corporate files/data must be moved to their cloud.

Windows and Linux file shares are still used in many enterprise workflows. But do they have a place in today’s modern zero trust solution architectures? After all, out of box, they have several issues that conflict with zero trust concepts:

1- VPN required: In order to facilitate access to file shares, a solution usually needs to have a VPN. Just like last century! VPN is an antonym for zero trust.

2- No MFA support: As a legacy technology, access to file shares is not secured by modern MF authentication mechanisms out of the box.

3- Access is permanent: Once the VPN connection is established, the access to the file share is permanent and untethered. A user will be able to access the files but so will ransomware if the PC is infected.

4 – BYOD/BYOPC and 3rd Party access issues: Allowing access from unmanaged devices, devices that are not corporate owned or managed e.g. BYOPC or contractors/affiliates and their devices, is a recipe for disaster. Data leak disasters, ransomware infections etc.

With TransientAccess, we implemented a true zero trust solution architecture for accessing Windows & Linux file shares, something unique in the market.

The basic solution architecture is outlined below. This architecture is not specific to file sharing and suitable for any other access scenario.

TransientAccess Solution Architecture

With TransientAccess, access to file shares is zero trust because:

1- No VPN is Required. While accessing the file share, even IP address or hostname of the file server are hidden to the users.

2- Built-in MFA Support. If an enterprise doesn’t have a modern IdP that supports MFA, TransientAccess has built-in support.

3- Access is Transient (i.e. Temporary). TransientX networks are application networks that are built and dissolved on demand, as opposed to VPNs. Even the data (i.e. files transferred to the accessing device) can be temporary if admins choose that configuration option.

4- BYOPC and 3rd-Party Friendly: Access to the network, shares and file data is temporary and not broad. Even if the PC is infected with a ransomware, shares wont be visible to the ransomware but only to the file manager.

5 – Zero Friction Solution: Security is delivered without compromising usability. TransientAccess also simplifies the use of file shares for end users as well as administrators. From IT teams’ perspective, the solution can be implemented in as little as 30 mins. From the end-user’s perspective, there is no need for advanced training on how to access file shares. It is as simple as logging into a web based portal and clicking on a link.

Below is a video of how it works from the end user’s perspective:

With TransientAccess, even a legacy use case like Windows file shares can be easily implemented in a zero trust way! Additional security comes hand-in-hand with enhanced usability. It’s simpler to use Windows file shares with TransientAccess.

Ready to try for yourself? Contact us.

TransientAccess Now Available on MS Azure Marketplace

Microsoft Azure customers worldwide now gain access to TransientX’s flagship product TransientAccess to take advantage of the scalability, reliability and agility of Azure to drive true zero-trust security through zero-trust network access (ZTNA).

Hoboken, NJ — September 28th, 2020 — TransientX, transforming fixed and device-centric networks to disposable networks of apps, today announced the availability of TransientAccess Zero-Trust Network Access in the Microsoft Azure Marketplace, an online store providing applications and services for use on Azure. TransientX customers can now take advantage of the Azure cloud platform, with streamlined deployment and management. In addition, we’ve built in tight integration with Azure Active Directory Services for seamless integration with existing customer infrastructure.

TransientX has a mission to transform fixed and device-centric networks to disposable networks of apps – delivering true Zero-Trust Network Access (ZTNA).

TransientX has a unique approach to ZTNA:

  • A lightweight agent, creating a disposable virtual network connecting the local app to the enterprise resource on-prem or in the cloud.
  • A “Transient Virtual App Network”

“Microsoft Azure Marketplace lets customers worldwide discover, try, and deploy software solutions that are certified and optimized to run on Azure,” said Sajan Parihar, Senior Director, Microsoft Azure Platform at Microsoft Corp. “Azure Marketplace helps solutions like TransientAccess reach more customers and markets.”

The Azure Marketplace is an online market for buying and selling cloud solutions certified to run on Azure. The Azure Marketplace helps connect companies seeking innovative, cloud-based solutions with partners who have developed solutions that are ready to use.

“By making our solution available on the Azure Marketplace, we are going further in delivering on our mission and helping make our customers’ experience seamless and secure. We build on Azure’s impressive performance and security infrastructure  to make it easy and fast for customers to deploy TransientAccess. Additionally, we tightly integrate with Azure Active Directory for a seamless customer experience.” – Egemen Tas, TransientX founder and CEO.

For additional information, see our listing on the Azure Marketplace and our Press Release.

The TransientAccess Client is available here.

Stop Ransomware Attacks at the Source.

Coveware report: Ransomware Attack Vectors

Secure RDP, Kill the VPN

Everyone knows by now that preventing ransomware is one of the top cybersecurity challenges. Yet most solutions focus on detection once the attack is underway. Wouldn’t it be better to stop ransomware attacks at the source?

In my previous post, I shared our insights on the attacks used against exposed RDP hosts and VPN servers. Most enterprises today are adapting to the new “work from home” reality through widespread deployment of VPNs and Remote Desktops (RDPs). However, as we outlined earlier, attackers exploit these solutions so extensively that it takes an average of 2 minutes for such a target to be attacked.

According to a recently-published report by Coveware, not surprisingly, RDP Compromise is the most common attack vector for ransomware with ~60% of the cases, followed by email phishing and software vulnerabilities.

Coveware report: Ransomware Attack Vectors
Fig. 1: Coveware report: Ransomware Attack Vectors

This data shows that Microsoft RDP is both one of most widely-used remote desktop solutions while also being the most common attack vector for ransomware.

ZTNA Stops Ransomware at its Source

In order to prevent public access, some companies use VPN solutions for further limiting access to RDP hosts but in reality this approach just shifts the attack vectors to VPN servers and cause additional problems. For full technical details, check out “Using RDP together with VPN/MFA gives a false sense of security”.

TransientAccess, on the other hand, offers a simple and highly effective Zero Trust Network Access (ZTNA) solution that alleviates all of the aforementioned problems and stops ransomware at its source because:

1- RDP hosts are NEVER accessible from the internet. Remote access is limited to authenticated users only.

2- Unlike VPNs, no device is joining a private network, hence other PCs in the private network are not visible.

3- Even if the device is infected with Ransomware, malware does not even see the hidden “disposable network” created by TransientAccess.

4- TransientAccess builds a network of applications, not devices. Hence it is natively segmented at the application level.

See the benefits of using TransientAccess to protect RDP Solutions

This short video shows how simple it is to use RDP with TransientAccess. The user doesn’t need to know how to run RDP client itself. Everything is handled automatically for them. Put another way, simple isn’t easy. We’ve done the hard work of making it simple:

Accessing an RDP session with TransientAccess

So why TransientAccess?

Security:

  • ZTNA architecture provides private access to RDP hosts without any publicly exposed elements
  • Even with unmanaged devices or infected machines, RDP sessions are protected against credential-stealing malware or ransomware.
  • Multi-Factor Authentication (MFA) support built-in.

Simplicity:

  • Zero-friction implementation with the simplicity and elasticity of a cloud delivered service.
  • No user education. Users do not even need to know how to use an RDP client. Everything is just one click away. RDP with TransientAccess is EASIER to use than RDP alone.

Low TCO:

  • No need to buy a VPN and MFA service, it’s built in.
  • No need to buy expensive licenses for alternative remote desktop tools like Teamviewer or Logmein

Stop Ransomware Attacks at the Source. Secure RDP and kill the VPN with TransientAccess ZTNA.

Ready to try for yourself? Contact us and we’ll get you set up today.

TransientAccess 2.0 now available

TransientAccess 2.0 Desktop view

Like the ease of use of Zoom? You’ll love how easy we’ve made ZTNA with TA2.0

Highlights:

  • Unified User Experience
  • Friction-Free Browser-Based User Onboarding
  • Automatic Disposal of Application Contents
  • Built-In MFA Support

We’ve made it our mission to deliver zero-trust network access that provides a seamless, transparent user experience with no compromise on security. With the release of TransientAccess 2.0 we’ve delivered on that goal on multiple fronts:

Unified User Experience & Friction-Free Onboarding

We have simplified the end user experience significantly. The same lightweight client is available on all platforms, from IOS and Android to Windows and Mac.

We have also removed the friction of provisioning or installing our clients to endpoint devices, with a new seamless browser based experience. For mobile users they see:

TransientAccess mobile client

Desktop users see this:

TransientAccess 2.0 Desktop view
TransientAccess 2.0 Desktop view

Whether accessing via desktop or mobile, TransientAccess 2.0 provides a seamless, frictionless and consistent UX across all platforms.

MFA support built-in

Lack of MFA adoption by end users because of the friction and hassle involved is arguably one of the biggest security risks out there. Now TransientAccess has MFA support enabled, allowing TOTP-based authentication using common 2FA apps from Google, Microsoft, DUO and more.

Automatic Disposal of Application Contents

We have added a much-anticipated feature for automatically deleting container contents when going offline. With this new option, when users go offline or sign out, all the application contents can be erased from the device.

TransientAccess 2.0 new features
TransientAccess Automatic container content disposal

Ready to try for yourself? Contact us and we’ll get you set up today.