New Hacking Method
Puts WiFi Users At Risk

Last month researchers released a disturbing report about a new man-in-the-middle attack technique called KRACK (Key Reinstallation AttaCK).

KRACK enables any adversary to insert himself between any device –  smartphone, tablet, laptop, etc. – and a WiFi hotspot. Once in, the hacker monitors traffic traveling between those two points. He can then steal credit card numbers, emails, passwords or other sensitive data or inject malware or ransomware into selected messages.

This weakness isn't in just certain devices or WiFi equipment. It's in the WiFi WPA2 encryption protocol itself. This makes KRACK effective against all modern protected WiFi networks. While companies like Microsoft, Apple and Google are in various stages of developing and issuing patches to their users, this does not ensure the problem is solved.

Consider the ongoing saga of Heartbleed.

This tiny flaw in OpenSSL allows anyone to quietly and easily plunder vulnerable systems and make off with passwords, private crypto-keys and much more. At the time its existence was announced in April 2014, Heartbleed was considered one of the most catastrophic bugs ever. Patches were hurriedly developed and issued to users.

Yet, nearly three years later, more than 200,000 patchable systems remain Heartbleed-exploitable. Simply put, patches only work when people install them.

The best way to combat KRACK is to use a network that's invulnerable to it. IPSec tunnels, VPNs and Dispersive™ Virtualized Networks are NOT susceptible to the technique.

Of these three, Dispersive™ VN offers advantages unavailable from the other two. It can provide your remote and mobile users secure, reliable and high-performance connectivity unavailable from VPN. The Dispersive™ VN also provides more control and flexibility, and order-of-magnitude improvements in speed, security and reliability.

A remote access device attached to an IPSec-based network can pass vulnerabilities across the IPSec tunnel to the entire network. Remote users may also have difficulty connecting to the corporate network due to firewall issues at the guest site. These problems do not exist with Dispersive™ VN.

Dispersive™ VN defeats man-in-the-middle threats with our patented, split-traffic multipath approach to data connections. Our software splits sessions into multiple independent streams and then sends each stream across a unique path on the Internet. Each stream has a different encryption key. These streams roll paths every minute, keeping your data-in-motion safe from a range of threats, including KRACK attacks.

Find out more about how Dispersive™ VN can benefit your enterprise. Email us at info@dispersivegroup.com or call us at 1-844-403-5852.

A Message For Veterans Day

Most of us will never serve in the Army, Navy, Air Force or Marines.

We can never comprehend the sacrifices our veterans made and make each day.

We can never know the pain of losing a buddy in combat, the loneliness of missing a loved one half a world away, the stress of adjusting to home and work after living the military life for years.

Fortunately, there is plenty we can do.

We can write a letter. Send a care package. Drive a van. Sponsor a service dog. Donate frequent flier miles. Or simply say "thank you for your service" every time we meet military personnel.

There are hundreds of things we can – and should – do for our veterans.

What we can never do is forget them.

How We Empower The Power
Behind A New FinTech Solution

The name Joel Bruckenstein may not ring a bell. However, in the world of financial technology – FinTech to insiders – he's a pretty big deal.

Bruckenstein has co-authored three books, writes regularly for a couple of financial magazines, and compiles a yearly financial technology survey. He also produces an annual event called the T3 Enterprise Conference, going on this week in Las Vegas. Top executives from big-time brokers and RIAs, plus their tech advisors, flock there to learn the latest insights and innovations for their industry.

So when Bruckenstein issued the following statement before this year's event, he no doubt piqued the interest of more than a few attendees.

We will be announcing an innovative new cybersecurity solution during a special lunch briefing for press and other VIPs. This could be the biggest announcement of the year – maybe even the biggest of the decade. Anyone who is concerned about cybersecurity – and that should be everyone – should consider being in the room....

This is not the spiel of some carnival barker trying to dupe rubes into the tent. The T3 Enterprise Conference is well respected and well attended. Instead, this appears to be the clarion call of someone who understands the shortcomings of and challenges facing current FinTech measures, and who is reveling in the arrival of an important solution.

Bringing The Financial Sector "Under The Dome"

That new cybersecurity solution was revealed Monday. cleverDome, an Arizona cybersecurity company, is launching a platform that addresses security and compliance requirements for the financial services community.

"Meeting regulatory compliance with a fully secure network for financial communications, including personal data of consumers, has been a great challenge across the financial services spectrum," explained cleverDome founder and CEO Aaron Spradlin. "We have created a community-based platform to protect confidential client information in the cloud."

The company will provide a path to take that information "under the dome," i.e., secure and off the open Internet. By unifying end-point protection with a secure communication layer, and doing so under a common due-diligence standard, cleverDome offers a solution that promises to be the model for future financial networks.

Looking Under The Hood

The cleverDome announcement was the shiny new red Ferrari at the T3 conference. However, as any car buyer knows, looks can be deceiving. It always pays to check under the hood to get a better idea of potential performance.

And the cleverDome model doesn't disappoint.

The engine powering its solution is an Application Wide Area Network (AppWAN) from NetFoundry, a Tata Communications business. And the software empowering that AppWAN is from Dispersive Technologies. NetFoundry licenses our software to provide superior performance and unmatched security for each AppWAN.

Performance. We combine dynamic, split-session multipath routing across one or more physical circuits with simultaneous, multivariate QoE and optimization schemes. All available connections are usable: broadband, WiFi, 4G/5G, etc. Our software increases throughput by optimally using any connection, with the software treating all available connections as one logical pipe.

When the network detects performance issues, the independent data streams instantly adapt. They automatically roll to new paths, improving application performance. If a packet is dropped, it (and it alone) is immediately retransmitted. Finally, our network seamlessly and efficiently reassembles all streams in the right order before handing them off to the application.

Security. As user sessions are split and independent paths selected, each packet stream is encrypted with a unique FIPS 140-2 compliant key. Each stream also takes a different path to thwart man-in-the-middle attacks. As an overlay solution, Dispersive's software obscures the original source and destination for each session and stream. This shifts potential attacks away from the end customer.

By rolling away from problems, our software can defeat DoS and DDoS attacks. It not only authenticates users before providing access, it also can microsegment networks by user, port, protocol and application. And finally, our software silently denies by default any unexpected or outside connections.

With 28 patents granted and more on the way, Dispersive brings proven innovative leadership to the NetFoundry AppWAN.

Find out what partnering with us can bring to your enterprise. Email us at info@dispersivegroup.com or call us at 1-844-403-5852.

 

Proposed IoT Security Bill
Doesn't Go Far Enough

Earlier this month, four U.S. senators introduced the Internet of Things (IoT) Cybersecurity Improvement Act of 2017. This piece of legislation seeks to establish minimum cybersecurity standards for federally procured Internet of Things devices. It defines a device as a physical object that can connect to – and regularly connects with – the Internet and "has computer processing capabilities that can collect, send or receive data."

In a nutshell, the act would require vendors to certify that IoT devices they are selling to the U.S. government:

  • have no known vulnerabilities;
  • can be properly authenticated and updated in a trustworthy fashion;
  • use current industry standards for communications, encryption, and interconnections;
  • eliminate fixed passwords.

The bill is endorsed by numerous legislative technology groups and companies. Cybersecurity researcher Nicholas Weaver calls it a "solid piece of common-sense legislation."

The act is a noble effort and may well pass. However, it won't adequately protect our nation's IoT devices because, all too often, a device has a software weakness unknown to the vendor. It's called a zero-day vulnerability. Hackers patiently and deliberately search for these holes because, once one is found, it can be exploited to access user information or infiltrate malware and spyware. Only after the user discovers the breach – which can take months if not years – can developers hurriedly develop a "patch" to repair the software's weak point.

To understand the severity of zero-day vulnerabilities, consider these statistics:

Here's another drawback to the bill. As detailed in this article and this article and this report, quite often hacks are not the fault of the device. Human error, stolen credentials and poor patch management can also be the cause. In fact, the largest hack in U.S. government history – the Office of Personnel Management breach – was initiated when a hacker stole the credentials of a government contractor.

And, as a February 2017 report by the U.S. Government Accountability Office found, federal agencies "consistently fail to apply critical security patches on their systems in a timely manner, sometimes doing so years after the patch becomes available."

At Dispersive, we create software networks that feature highly advanced techniques that can help secure IoT devices from unauthorized access. It's technology that can change the way you use the Internet.

We welcome the chance to talk with you – or anyone in Congress who may be interested – about all this. To get the conversation started, just email us at info@dispersivegroup.com or call us at 1-844-403-5852.

Why Your Network No Longer Works
(Or RIP, VPN)

In our last post, we praised the Virtual Private Network (see below). Today, we've come to bury it.

We're going to tell you why you no longer need VPN. In fact, the longer you stay with your network, the less competitive your business will be.

You may have heard of a little something called business digitization. If you haven't, here's an article and blog and white paper and survey and video and podcast and questionnaire to fill you in.

By 2020, members of Generation C connected, communicating, content-centric, computerized and always clicking   will comprise 40% of the population of the U.S., Europe, Brazil, Russia, India and China. They will be the largest single category of consumers in the world.

This is what makes the digitization of your business so important. And what makes your current network   assuming you use VPN   so debilitating.

VPN technology was created more than 20 years ago. To put that into perspective, it was introduced the same year as the 56k dial-up modem. VPN wasn't designed to handle the 21st century business challenges of big data, cloud computing, mobile workforces and the Internet of Things.

A VPN can't deliver the secure, reliable and high-performance connectivity your employees need to collaborate and your customers need to transact business with you.

But don't take our word for it. Ask around.

Ask your employees if they ever experience dropped or choppy calls or less than ideal video downloads. We bet they do. VPNs often suffer audible errors and latency problems across locations, long distances and devices.

Ask your IT administrator how easy your VPN is to manage. Since it typically relies on a hub-and-spoke architecture, the network can take days or weeks to set up and configure.

Your VPN also requires active management and mind-numbing routing rules to move data traffic from your hub to the proper services.

And then there's the issue of security. Hackers love VPNs. One of their favorite tactics is to use compromised credentials to enter an enterprise network like yours through a VPN concentrator located at your hub. Once they're in, these cybercriminals have access not only to your network, but also all its extended services.

Then ask yourself a few questions.

Is my enterprise ready for Generation C? Am I willing to risk customer satisfaction and employee confidence just to hold onto 19th century technology? Is there a better alternative?

We can answer that last question for you. Yes, there is. It's the Dispersive™ Virtualized Network. When compared to your VPN, the Dispersive™ VN:

  • Provides a higher quality voice and video experience
  • Delivers data faster
  • Offers your remote and mobile users more reliable connectivity
  • Uses your available bandwidth more efficiently
  • Eliminates your need for hub-and-spoke network architecture
  • Centralizes your network management using a point-and-click GUI interface
  • Enables zero-touch provisioning
  • Reduces your OPEX and CAPEX

Don't let outdated network technology stand between you and your potential. Find out how we or one of our carrier partners can make your enterprise more efficient, more competitive, and more attractive to Generation C users. Email us info@dispersivegroup.com or call us at (844) 403-5852.