Pulse Secure VPN
Recommendation for Lookout Admins
Security teams want to give employees enough data access to do their jobs, but not so much that they have access to everything. Lookout admins can implement Lookout ZTNA to mitigate the risk of unauthorized access and breaches caused by over-entitlement of services. This will also help bring the security benefits of SaaS applications to legacy, IaaS, and private apps to ensure all your corporate resources are properly secure.
Admins can also define context-aware adaptive access control policies to deliver Zero Trust access based on unique user and device identifiers. Lookout ZTNA also enables data loss prevention (DLP) and admins can leverage enterprise digital rights management (E- DRM) to automatically envelop data with advanced encryption based on its sensitivity.
Overview
Threat actors that are likely backed by nation-states are exploiting a number of vulnerabilities in the Pulse Secure VPN. One of the vulnerabilities is a zero-day, which allows the attackers to bypass multi-factor authentication (MFA) protections that the affected organizations have in place. It appears that 12 malware families are exploiting these vulnerabilities. While it’s not clear whether these families are directly related, experts say there are multiple actors at play. Once attackers exploit these vulnerabilities and bypass authentication, they install malware that persists through software updates and allow remote access and control through webshells.
Lookout Analysis
This incident exemplifies where VPN technology can fall short. VPNs enable whoever is connected to tunnel directly into their organization’s infrastructure while assuming the user and device can be trusted. Once inside, users can move laterally within the network, which could be detrimental if an attacker exploits the VPN to do this. Zero Trust Network Architecture (ZTNA) helps organizations avoid the pitfalls of VPN. ZTNA continuously monitors the identity of those requesting access to your apps and provides dynamic identity and context-aware access to cloud data depending on the risk level of the user and device.
Authors
Lookout
Lookout, Inc. is the data-centric cloud security company that uses a defense-in-depth strategy to address the different stages of a modern cybersecurity attack. Data is at the core of every organization, and our approach to cybersecurity is designed to protect that data within today’s evolving threat landscape no matter where or how it moves.
