The VPN Security Gap

This time, it’s our friends at Fortinet who have been compromised. Half a million credentials were swiped from VPN routers. Once again, the vendor had issued a patch, but many customers had not updated their systems, highlighting the importance of VPN security measures to protect against such attacks.

By now we all understand that there are no certainties in life. Everything is vulnerable at some level.

Understanding this fact is why we have multiple layers of security in our most valuable assets.

We have deadbolts on our doors, but also install alarms. In addition to our deadbolts and alarms, we still buy safes for our valuables.

Banks vaults are safe, but we still feel the need to have FDIC insurance for our deposits.

While we apply multiple layers of security to other areas of our lives, these redundancies seem to be missing in most of these IT breaches. This is why there is no longer any excuse for these attacks on VPN security.

This particular breach may have been mitigated with a few simple tactics.

1. Patching – in most recent VPN breaches the vendor immediately issues a patch. The problem is that these usually require manual intervention from the customer to deploy. Given how frequently patches are pushed, many customers either see them as unimportant or update periodically, leaving time gaps for bad actors to exploit a known vulnerability.

2. Multi-Factor Authentication – this one seems easy from an outsider’s perspective but many organizations still have not implemented 2FA access to VPNs.

3. IdP Integration – in addition to consistent patching and MFA, integrating to a 3rd party identity provider like Active Directory or Okta is an easy way to add an additional layer of security to your VPNs. Leveraging an IdP keeps passwords off of the network devices and ensures that password resets and enforcement of security policies are properly managed.

We built the Trustgrid platform as a more efficient way to solve connectivity challenges, but more importantly, every feature has been built with a security-first approach. Which is why you will find all of the pitfalls of a typical VPN, improved in our software-defined approach.

Trustgrid security features include:

  1. Zero Trust networking that microsegments access and authenticates all traffic
  2. Patches and updates to all networks at the touch of a button
  3. Native MFA capabilities that support most common authentication apps
  4. IdP integration (Okta, Azure AD, Google, etc)
  5. End-to-end encryption with no pre-shared encryption keys
  6. AI/ML monitoring and alerting of anomalous network
  7. Real-time log data available for 3rd party security applications

Some of these features might be available for a legacy VPN customer to implement, but it is the ability to make them native to the platform and seamless for anyone to run on day one that gives the Trustgrid platform its power.

And while this particular Fortinet event was handling end-user VPNs, site-to-site VPNs are exposed to similar threats and can benefit from a layered security approach.

How much do you trust your VPN security model? Is your organization vulnerable to a VPN attack?  How less exposed would you be with the Trustgrid approach?

To learn more about the Trustgrid Zero Trust connectivity platform, click here