In 2016, I experienced my first major cybersecurity incident. SFMTA, one of the largely-independent departments within the City and County of San Francisco left an RDP server open and it was compromised by Iranian hackers.
Once inside the network perimeter, they moved laterally, eventually finding their way to a domain controller and using it to push a ransomware client to every endpoint within MTA. Payment processors cut off MTA, forcing us to cut MTA off from the rest of the city network.
The decision to quarantine MTA was difficult, but necessary. It cost the MTA a few days of fares and the ability to communicate efficiently. But that decision saved the City of San Francisco from the fate of the City of Atlanta; who suffered a citywide breach in 2018 (caused by ransomware) that crippled Atlanta for months and cost it more than $17M dollars and years of police dashcam video.
Both of these breaches were possible because of an outdated paradigm. Secure perimeters and VPNs no longer suffice; organizations that continue relying on them will continue to suffer.
This isn’t an Earth-shattering assertion. Anyone who’s managed or used corporate IT infrastructure has experienced the frustration of trying (and often failing) to log into the VPN client, often with a shared password, in order to access critical corporate infrastructure. It’s slow. It’s inconvenient, and it’s often really insecure.
It’s time to move on to the next generation of networking. There are a number of names for this methodology, including software-defined networking, microsegmentation and zero trust, but the basic idea is simple: let machines and people who should have access to resources have that access while keeping bad actors out.
There have been a number of attempts at deploying this methodology over the years. Most of them, very expensive and very complex, with high upfront capital and installation costs and the requirement for full-time network engineers to update and maintain the infrastructure once it’s deployed.
That’s why we’ve created Enclave. We used the best open-source zero-trust networking framework and built an extremely easy-to-use deployment and support service around it. For less than the price of a network engineer, most organizations can deploy a proven, robust, best-in-class zero trust solution that will be managed by a trusted security partner. And, best of all, it can be deployed in weeks rather than months.
Network segmentation is a core security methodology that most leaders have known they need to deploy for years. It’s just been too hard. Now, SideChannel has found a way to solve this problem. Share your email below, so we can reach out. Let’s talk about securing your network.
See How Enclave Can Secure Your Network
David brings over 20 years experience to SideChannel from the City & County of San Francisco and the intelligence community. He is EVP of Sales & Marketing.
