Search
Appgate SDP
SDP Overview
Learn how Appgate SDP reduces risk and complexity, and why it's the industry's most comprehensive Zero Trust network access solution.
How Appgate SDP Works
Find out about the inner-workings of the most flexible and adaptable Zero Trust Network Access solution available today.
SDP Integrations
Explore security, IT and business-system integrations that can enhance and help you adapt Appgate SDP to your existing workflows
SDP for Developers
Access developer tools and resources to maximize the value of your Appgate SDP deployment.
Zero Trust Network Access for:
Risk-Based Authentication
Overview
Learn how Risk-Based Authentication provides a frictionless, intelligent and data-informed approach to user authentication.
Strong Authentication
Find out how you can provide secure, frictionless access with the right multi-factor authentication method.
Transaction Monitoring
Explore the tools you can use to intelligently identify and prevent online fraud.
Behavioral Biometrics Service
Learn how behavioral analysis and machine learning stop fraudulent online web activity in real-time.
Secure Consumer Access for:
Digital Threat Protection
Overview
Discover how you can gain unparalleled threat visibility and the risk management tools that enable early identification and elimination of potential attacks.
Key Features
Take a deep dive into the features and tools contained within our industry-leading Digital Threat Protection (DTP) solution.
SECURE NETWORK ACCESS

Chris ScheelsAugust 5, 2020

Russian Hacker Exposes Pulse Secure VPN Passwords

It’s Past Time to Replace This Antiquated Technology

Share


VPNs continue to create unnecessary risk. There are more effective ways to secure network access implementing the principles of Zero Trust.


We’ve advocated for quite some time that VPNs are insecure and need to be retired. Our blog is full of the reasons why, including a recent post, “Why is Your Network’s Front Door Still Unlocked?” Recent news that a Russian hacker leaked the passwords for more than 900 enterprise Pulse Secure VPNs intensifies the urgency. The problem is serious on multiple levels:

  • These enterprises are at immediate risk, since their private networks are now effectively exposed to attackers
  • Chances are, these users have re-used passwords for other accounts, which are now also at risk


VPN vulnerabilities are common knowledge. The most recent USCERT Top Ten Routinely Exploited Vulnerabilities (USCERT AA20-133A) highlights that malicious cyber actors are increasingly targeting VPN vulnerabilities.

Major technical flaws of VPNs include:

  • Too much network visibility, inviting attackers to their front door
  • Default level of access for all when connecting users to the network, exposing a massive attack surface


Along with being inherently insecure, VPNs are expensive to maintain and manage. They gobble up costly network bandwidth, create bottlenecks and slow down data-related operations. They also create an administrative quagmire by requiring tens of thousands of firewall rules to enforce access controls, and the need to apply patches to fix firmware vulnerabilities, like in the case of the Pulse Secure VPNs. A recent study shows that unpatched vulnerabilities are the cause of 60% of breaches. To address patch management effectively costs enterprises an average of $650,000 annually.

Amid the deafening sound of alarm bells, many enterprises have not replaced VPNs with modern technology. We urge them to take the first step today. There are better and more secure ways to provide users with remote access, without putting your entire organization at risk.

The Software-Defined Perimeter uses a simple cryptographic technique (Single-Packet Authorization) to cloak network entry points. With SDP, broad surface attacks associated with VPNs can’t happen.

With VPNs, access is all or nothing. Once connecting, you can see everything on the network. Conversely, SDP uses the principles of Zero Trust to reduce the attack surface. Unauthorized users will be unable to even see the network entry point, and therefore be unable to connect to it or attack it. SDP achieves this by:

  • Building a multi-dimensional profile of a user and device that is authorized before network access is granted
  • Dynamically adjusting entitlements based on policy and real-time conditions
  • Leveraging micro-segmentation to reduce the attack surface and eliminate lateral movement to all network resources.


Forward-looking enterprises have embraced SDP as a more secure way to secure network access. The fierce urgency of now is evident with the latest news of the Russian hack on Pulse Secure VPNs. You can start now by learning more about SDP.

Receive News and Updates From Appgate