“WHAT ABOUT LATENCY?”

Three simple but powerful words that show where cybersecurity has started to go wrong.  How can you put every packet in its own tunnel without massively affecting network performance?  Does user experience even matter anymore?

Click to Subscribe

Is it just me or are new cybersecurity products just rehashes of old cybersecurity products?  We have gone from 128 bit encryption to 256 bit encryption.  We have gone from endpoint protection to advanced endpoint encryption.  We have gone from firewalls to next generation firewalls.  We have gone from deep packet inspection to deeper packet inspection to deepest packet inspection.  It is the same thing Hollywood did when they remade the greatest films of our generation like Ghostbusters and Vacation.

Do vendors stop and think about the effect they are having on network performance?  Indeed a Cisco survey found that 71% of Chief Executives think that cybersecurity slows down the pace of commerce.  So how are vendors improving cybersecurity without affecting latency?  The answer seems to be more blade servers, faster processors, and ASICs.  This may work but it also translates into higher costs for the customer.  Are cybersecurity vendors starting to price themselves out of the market?

We need to rethink cybersecurity.  We need to start designing solutions based on both network protection AND network performance.  We need to look at our network from a holistic standpoint and identify existing tools that we can use for cybersecurity.  Let’s call it Cybersecurity 3.0!  (I know we skipped 2.0 but I was at a social media talk last week and the speaker used the term Web 3.0 so cybersecurity needs to catch up.)

In the next few weeks TELEGRID will be launching the first Cybersecurity 3.0 product which promises to turn the field of authentication on its head.  If you are not on it already then Join Our Mailing List so you do not miss the release.  In the meantime if you are looking for a secure authentication tool give me a call at 973-994-4440 and I will give you a sneak peek.

Eric Sharret is Vice President of Business Development at TELEGRID.

Click to Subscribe

Disclaimer: The opinions expressed here do not represent those of TELEGRID Technologies, Inc.  The Company will not be held liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use.  All information is provided on an as-is basis.

The post Why is Cybersecurity So Slow? appeared first on TELEGRID.

So how do you make a million dollars?  Simple, you take that email and password and use it to break into the victim’s bank account and steal their money.  If you do not have enough information you wait until they try to relog in to www.freetendollars.com, perhaps to find out where their ten dollars is, and whatever password they try tell them it is wrong.  Then just wait as they try every iteration of password they can remember.  When that is done prompt them for security questions that they never answered but probably forgot about.  Before you know it you will have their bank account password, home security alarm code, first dog’s name, and street they grew up on.  The beauty is that you never even sent them ten dollars!

How often will this work?  Roughly 60% of the time based on studies showing the number of people who reuse passwords on multiple sites.  It is not just current passwords that are an issue but even old passwords can come back to haunt us.  Just ask Mark Zuckerberg whose LinkedIn password from 2012 recently allowed hackers to access his current Twitter and Pintrest accounts.  The truth is that even when we change our passwords we usually only change one number or character.  A study by UNC found that “for 17% of the accounts they studied, knowing a user’s previous password allowed them to guess their next password in fewer than 5 guesses.”

Click to Subscribe

To combat password risk, industry has made an effort to consolidate the number of places where your password is kept.  Single Sign On technologies, based on protocols like SAML and OAuth, have spread rapidly including the ubiquitous “Connect with Facebook” button.  While this does reduce the number of attack vectors it doesn’t solve the problem.  We have also seen a move to Public Key Infrastructure (PKI) with some truly amazing technologies like storing public keys in the Bitcoin blockchain.  But the basic problem still remains that relying on only one form of identification is risky especially when your private key is stored in a smartcard, phone, or other object your 4 year old can put in the toilet.

The best solution is Multi Factor Authentication (MFA).  MFA consists of something you know (e.g., password, pin), something you have (e.g., smartcard, phone) and something you are (e.g., fingerprint).  By providing 2 out of the 3 factors users are securely authenticated.  While there are logistical issues with moving to MFA I believe they have more to do with the infrastructure than with users.  One good example is the delay given to gas stations to install hardware for chip and pin credit card readers.  For software applications it should be simpler but there is still the cost of software redesigns.

What we really need is technology that MFA enables applications and devices that are not MFA capable today.  This is currently available in the TELEGRID-developed SMRTe, a Unified Authentication and Authorization Manager that sits in front of applications and devices and enables MFA.  With the SMRTe we can securely authenticate users with MFA without the logistical headache of rewriting code.

Eric Sharret is Vice President of Business Development at TELEGRID.

Click to Subscribe

Disclaimer: The opinions expressed here do not represent those of TELEGRID Technologies, Inc.  TELEGRID Technologies, Inc. will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use.  All information is provided on an as-is basis.

The post Is Your Password Worth $10? appeared first on TELEGRID.