top of page
June 2024.png

Welcome to Our Newsletter 

Greetings from ISEC7 and welcome to the latest edition of our monthly newsletter! This month we’ll discuss our presence at the upcoming TechNet Cyber event, how to best utilize your security budget, a recently discovered VPN vulnerability, and our most recent blog posts.

Classify

Visit Us at TechNet Cyber 2024

Join us at the Baltimore Convention Center June 25 – 27 for AFCEA’s TechNet Cyber 2024. The theme of this year’s event is “Outpacing the Threat: Align, Adapt, Accelerate,” and it is only fitting that ISEC7 will showcase the latest iteration of our newest product, ISEC7 CLASSIFY.

ISEC7 CLASSIFY is a data marking and classification tool that prevents data from reaching the wrong recipients by enforcing classification of information based on the clearance level of both the sender and receiver. Also, every classified email and/or document is audited from a central location to monitor who is sending what type of classified information to whom. ISEC7 CLASSIFY also addresses Cybersecurity Maturity Model Certification (CMMC) 2.0’s new requirements for protecting and marking Controlled Unclassified Information (CUI). ISEC7 CLASSIFY takes the guesswork out of implementing a CUI program by defining the CUI categories and associated controls through our platform, ensuring that your markings follow the most current CUI registry.


Book a meeting with us or stop by Booth #2317 at TechNet Cyber to learn more about ISEC7 CLASSIFY and what’s coming next for ISEC7!

TechNetConf.png

How are You Using Your Security Budget?

The team at ISEC7 upholds a Zero Trust Architecture (ZTA) strategy, of which the guiding principle is “Never trust, always verify.” The sevens pillars upon which ZTA is built and cyber resilience is instilled are as follows:  

  1. User
    Users are often said to be the largest vulnerability in an organization and should be continuously verified, validating that they are who they claim to be, and their behavior monitored and evaluated for risk.
     

  2. Device 
    It is mandatory to have an up-to-date view of the device’s security posture to make real-time decisions like whether to grant access, as well as proactively suspend access to resources. It is crucial to ensure that the device always remains secure, and for that, it must be monitored constantly.
     

  3. Application & Workload 
    Organizations must ensure that all commercial off-the-shelf (COTS) and internally built applications are kept up to date and secure. This includes all the applications, systems, and services running in an infrastructure, either locally on-premises, externally in the cloud, or both in the case of hybrid environments.
     

  4. Data 
    Access to data should be continuously evaluated based on need-to-know and security posture associated with the User and Device pillars of a complete Zero Trust deployment. Data loss prevention policies should be applied to all labeled and tagged data and in transit/at rest data secured through encryption.
     

  5. Network & Environment 
    Networks should be built in a way that assumes compromise and limits the damage an adversary causes through lateral movement. This is accomplished by controlling, isolating, and segmenting all network components, both physical (hardware) and logical (software), using specific policies and applying advanced access controls.
     

  6. Automation & Orchestration 
    Due to the sheer volume of cyberattacks, a process must be in place to collect inputs monitored by the Security Operations Team (SOC) and respond to them proactively when needed. This is achieved by using defined processes and security policies, usually powered by artificial intelligence (AI) technologies like machine learning (ML).
     

  7.  Visibility & Analytics 
    Using the power of artificial intelligence (AI) and machine learning (ML), visibility and analytics tools detect any unusual pattern that would indicate a potential technical issue and/or security threat and take remedy actions accordingly, in real-time. 


Not only can our team help organizations deploy and incorporate Zero Trust elements into their network, but we can also provide an objective assessment of what tools can address the needs of your organization and/or risk mitigation needed to enhance your current solution. We understand the importance of the end user experience in a digital workplace and emphasize balance between usability and flexibility with data protection and regulatory compliance standards.

Zero Trust Security
Inventory.jpg

Public Service Announcement: VPN Vulnerability

Security researchers recently exposed a new cybersecurity attack/method called “TunnelVision,” that would allow them to breach into any Virtual Private Network (VPN) deployment.

The attack relies on using a largely unknown Dynamic Host Configuration Protocol (DHCP) option called Option 121 which allows a DHCP server to specify a list of static routes that clients should use to reach specific destination networks. This option was introduced more than 20 years ago but is largely unknown to the public and only used in very specific scenarios, so there is a general lack of awareness about it and its potential when misused; it can be misused to reroute data traffic outside of the secure VPN tunnel and bypass all safety measures in place.

 

Stay tuned for our forthcoming blog post detailing the TunnelVision vulnerability and how you can protect yourself. In the meantime, we recommend exercising cybersecurity best practices such as avoiding untrusted networks and public Wi-Fi where the DHCP and network is unknown.

VPN.png

Check out our latest blog posts:   

Demist.png

With today’s ever increasing cybersecurity threats, all organizations, no matter the size or area of business, must have a proper cybersecurity strategy in place to protect their infrastructure and data from these growing cyber-attacks

Part 2 (1).png

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) recently published an article highlighting 10 of the most common cybersecurity misconfigurations,  identified by their red and blue teams within the networks of major organizations.  

ISEC7 Pie Chart_edited.png

In today's digital landscape marked by the endless rise of cyberattacks, it is imperative for organizations to prioritize the establishment, regular review, and continuous improvement of their cybersecurity posture.

LinkedIn

Never miss an update! Follow us on LinkedIn: 
ISEC7 Group & ISEC7 Government Services 

ISEC7 Group

8 Market Place, Suite 402, Baltimore, MD 21202, USA
Tel:  
(866) 630-1893 | sales-na@isec7.com  www.isec7.com

New Logo Newsletter Footer.png
bottom of page