Ghost (Account) Busters

Be Afraid of These Ghosts

A whisper in an empty office; files moving without anyone there; the eyes of a portrait following you as you pass. Your office has ghosts. Not spectral hauntings that spew ectoplasm, but ghost accounts which haunt your organization’s cybersecurity. Ghost accounts are accounts which have credentials even though there are no longer any active users associated with them. To those attempting to exploit, ghost accounts are like extra doors on the outside of a building: each one is potential way into your network. Once inside, there’s no telling what things heinous exploiters will exfiltrate. Bad is a ghost account only giving an evil third-party entry into your organization; catastrophic is a ghost account which still has access to various file shares, data, and other protected parts of your network.

data leak with ghost accounts

‘But where do these ghost accounts come from?’ you wonder. Well, large organizations have a large number of users. That seems silly to mention, but it is important to spell out. By having a large number of users, quite often adding and removing user credentials take time. Well, to be honest, an organization needs to get the new user up and running as fast as possible, so those credentials and the access they entail are normally set up quite quickly. But when a user leaves an organization (either honorably or dishonorably), often the removal of those credentials is pushed to some later date or merely forgotten. And then your organization becomes a haunted house.

Ghost (Account) Busters

We’ve already written a bunch about Identity & Access Management (IAM) — the process of defining an employee’s role in the company as detailed as possible and then giving them exactly the access they need to do their job (no more, no less). IAM is extremely important for an organization’s internal security when new users are added, but it is equally as important when they leave. IAM strategies need to include the deletion of users and not just the creation. It’s second nature to make sure a departing employee gives back the keys to the office, so should it be to terminate their keys to connecting to your organization’s network.

employee cyber access

But as said before, there always seems time to help a new employee settle in, but never any time once they leave, normally because you’re preoccupied with on-boarding their replacement. And this problem compounds itself if more than one worker is leaving at the same time. All is not lost, however. Fognigma is here to not only protect your network, not only bolster your cybersecurity with leading-edge technology, but also to let you automate a little more than you thought you could.

Fognigma & Active Directory Make It Easy

Many companies use Active Directory to manage all their employees. Fognigma integrates with Active Directory to make IAM even easier. Just as Fognigma’s invisible and encrypted networks and communications help protect an organization, so can teaming it up with Active Directory.  Since Active Directory administrators already have their employees entered in, it would be silly to have them redo all that work when they add the leading-edge tech of Fognigma to their cybersecurity arsenal. That’s why Fognigma can import Active Directory users right into its console!

Active Directory is engaged to activate and deactivate the user. Fognigma, on the other hand, is where admins put users into all the groups they need to do their job. (A Fognigma network has its construction and components microsegmented, with access to each part given only to a specified group. Being in a group, then determines the amount of access a user has to Fognigma capabilities, such as file share, telephony, VDI, etc.) This means the setup of a user when on-boarding is just as easy as it always has been: create user and add permissions.

The brilliance comes when it’s time to say goodbye to a user. When that day arrives, all an admin has to do is deactivate the user in Active Directory. Active Directory then tells Fognigma about the deactivation, Fognigma deactivates the user in every group they were a part of, and the user instantly has all their access revoked at once. Fognigma and Active Directory easily eliminate the risk of ghost accounts haunting your network.

To learn more about how Fognigma, contact us today.

Smart home technology of interface with 3d plan building and internet of things or IOT connected objects. Control safety and automation of smart house. Internet of things isometric technology concept.

Fognigma’s Scheduler Automation: An Oasis in the Cybersecurity Drought

A Cybersecurity Drought

Sure, we don’t all have jetpacks or flying cars as all the science and speculative fiction of old prophesied, but one thing they sure did get right is our reliance on computers. Computers and the Internet are so completely woven into the fabric of our lives that there’s no turning back. The future is here. Yay. The only problem is: with every new technology, there come those who exploit that technology for their own evil ends. And thus, cybersecurity was born to protect the good against the threats of the bad. A big issue with cybersecurity is the manual oversight with protecting your network, imagine being able to implement network automation to more easily protect, create, and break down secure networks.

But there’s a problem which has recently come to light. Though organizations might be able to fully control their investment of time and money into their cybersecurity, they cannot control the amount of people who are qualified to actually do all the cybersecurity-ing.

There will be an estimated 3.5 million unfilled cybersecurity positions by 2021  –Cybersecurity Ventures

Sadly, it’s true: because of the rise in cybercrime, the job pool of cybersecurity professionals just can’t keep up with the demand. Security executives see one of the main reasons for this empty-ish candidate pool is prospective employees lacking the skills and training needed (less than 1 in 4 are qualified, according to a survey by ISACA).

The Information Systems Security Association (ISSA) and independent industry analyst firm Enterprise Strategy Group (ESG) back this up in their own survey. Their findings show this shortage actively impacts an organization’s cybersecurity, leading 91% of respondents to conclude most organizations are cyber-vulnerable. Also highlighted in this survey is that 40% believe staff burnout and turnover (as few attempt to do the work of many) strongly contributes to the deficit of cybersecurity employees.

Office Cybersecurity

The US Government has noticed the shortage, as well, and is trying a new program to help train current employees not currently in IT fields to be the cybersecurity workforce of the future. It’s called the Federal Cybersecurity Reskilling Academy and though it’s not considered to be a complete solution, Suzette Kent (Federal CIO) has stated, “[this program] will let us understand the success rate and look to expand and industrialize [programs] across the federal government.” It’s a small step (the first class will most likely be less than thirty), but a step nonetheless in the right direction of increasing cybersecurity training.

In short, organizations need more qualified cybersecurity personnel than currently exist. However, all is not lost. If organizations were able to implement network automation to handle a majority of the usual manual work necessary, cybersecurity would become more of an everyday thing then something dreaded or caused by human error.


Network Automation with Scheduler

Let’s start out by saying we don’t think Fognigma is a panacea for the lack of cybersecurity staff, but it is a powerful tool in allowing organizations to better manage their resources. Fognigma (explained in more depth here) lets organizations create invisible and encrypted cloud-based networks which conceal the organization’s communications and collaboration. Fognigma’s networks are built of strategically leased virtual machines (from various cloud providers) all working as one network. Fognigma is patented, proven, and ready to take any organization’s cybersecurity to the edge and beyond.

But there is one key feature of Fognigma which provides this oasis in the cybersecurity desert in which we all find ourselves, and that is the Scheduler interface. Scheduler lets you plan out and schedule your network and component builds. Quite simply, our thought was, ‘If no one is in the house, why do the lights need to be on?’

network automation
Fognigma automates the build of networks, and the teardown of them as well

Actually, that’s not right. With Fognigma, it’s not that the lights aren’t on – it’s that the house isn’t even there and looks like it never was. Or, for example, if your network stays active but you only want your entry and exit points (i.e., where users get into and out of your network) active during business hours, then it’s like the doors on your house disappear at night and reappear somewhere else in the morning. Or, for another example (because examples are fun), you need a video conference server for just Thursday, then it’s as if an entire new room appears in your house with a home theater – but just for that one day.

What Scheduler does is allow you to control when (and where, since you can specify cloud service providers and location for some of the components) your network (in whole or in parts) actually exists. Since all the parts are specialized virtual machines, once they are destroyed, they are overwritten by the cloud provider. They truly cease to be. When you rebuild them with Scheduler, they are completely new with new IP addresses. Back to the house example, this would be like your house disappearing when you go to work and then reappearing in a different configuration in a different neighborhood when you return home, and only you know your new address each day.

Apart from the cybersecurity brownie points the dynamic nature of Fognigma gives you, there is an even more applicable bonus when applied to resources. In most organizations using a standard network, someone needs to be on call 24/7 in case something happens. Since it’s always on, that network is always visible and can be attacked at any time. Even during working hours, if a chat server, for instance, is used for team meetings every Friday, it still exists as a potential exploit for evildoers all the other days of the week. Someone has to monitor everything at all times.

Fognigma allows your cybersecurity team to do more with less. Are we saying you only need a tiny team to protect your organization if you use Fognigma? Not at all. We’re just trying to illustrate how Fognigma will let your team work more efficiently. Plus, if you think about it, there’s a major cost savings in not having everything on when it’s not needed. With an introduction of network automation to your cybersecurity strategy, it becomes less of an extra task and more of something you can depend on.

Back to the ISACA survey: 55% reported that it took at least 3 months to fill open cybersecurity positions, while 32% said it was more like 6 months or more. Whether you are in those percentages and searching to fill your cybersecurity needs or you already have your team in place and just want the most leading-edge protection possible, Fognigma is the twinkling oasis in the cybersecurity desert for which you’ve been searching.

update your software

Cybersecurity New Year’s Resolutions

Happy New Year

The New Year is here, and with it a deluge of resolutions to lose weight, watch less TV, exercise more, eat better, and all sorts of other promises which will be kept for a week or two before tapering off back into regular life. The best of us, however, will actually have the willpower to keep hold of a resolution or two and change our lives for the better. There is one resolution we all should take to heart and make sure we follow through with: bettering our cybersecurity practices.

Now, of course, this resolution isn’t just one easy thing to do. Much like “get in shape,” improving our cybersecurity habits is a multi-prong resolution. But just like “get in shape,” fostering a better total mindthink on a life-change as important as cybersecurity will only make your future easier and safer.

Simple Ways to Improve Cybersecurity

Update, Update, Update!

One of the easiest ways to improve your cybersecurity it to make sure your stuff is updated: programs and devices. Sadly, the rush to get products to consumers often means, upon release, there are holes and cracks in the software and/or hardware’s security. The suppliers of these products realize this and routinely release software updates.

update your software

These updates sometimes add functionalities to the products, but more often than not, they fix errors in the code, making the product more secure in the process. So make a schedule to check for updates for all your things and when you find them, take the time to actually update them. Not only will your stuff work better, it will also be more secure.


Identity and Access Management is very important to the cybersecurity of organizations. Basically, it’s first determining a user’s specific role in the organization (Identity) and then assigning permissions based only on what that role needs (Access). Proper Identity and Access Management (IAM) is the easiest way to limit the risk of insider threat, while also limiting external threat should the user’s credentials become compromised. IAM is tricky to implement (as users always want access to more than they need), but just like getting more exercise improves the whole body, IAM improves the security of the entire organization all at once.

Deputize Cybersecurity Rangers!

Though the bulk of cybersecurity is on the shoulders of a few in each organization, those few should make sure the many are informed and actively aware of their own cybersecurity. It is, in a way, a social contract — each user in an organization gives up a little bit of their own rights in order to maximize the safety of the organization. Every user tacitly agrees to be a part of the gestalt solution. And a big part of this resolution prong is information and training.

Cybersecurity Training

Everyone in an organization should have some cybersecurity training since every action from every user affects overall security. Training sessions should be scheduled for everyone, including management (all the way to the top). One of the first things taught should be the danger of phishing.

No Phishing!

We all know what phishing is, but getting an entire workforce always on alert for these sorts of scams is very difficult. Often, they prey on our own willingness to help someone out. An email from the boss near the holidays asking an employee to pick up some gift cards as presents for the board of directors sounds like something that could actually be real. But the knowledge to take a step back and examine the email more thoroughly, to never click on any links from a suspected phishing email, and to let admins know the suspect address the email’s sender (without forwarding any possibly risky message) is invaluable. It is this very knowledge which is important to impart to everyone within an organization. Show a person a phishing email and they’ll be safe for a day; teach them how to recognize and avoid phishing emails and they’ll be . . . well, you know.

phishing attempts

Plan Ahead!

No matter how long a person has been walking, they are bound to, at least once in their lives, trip and fall. The best way to help your organization minimize the fallout from a possible future cybersecurity trip-up is through planning. Starting with IAM plans from an employee’s onboarding, continue planning for everything. Plan for all the training, plan for all the updates. Plan for the policy if a breach is detected and what will be done to secure the breach and recover from the disaster. Make up possible worst-case scenarios and plan for those. Plan for what to do when someone leaves the organization (terminating accounts and credentials, resetting passwords, etc.). Often this last step is forgotten about, leaving a host of possible intrusion points.  And finally, plan for being surprised by something no one ever thought of – but plan on how to keep a level head while adapting to whatever happens. Always being prepared is actually extremely good advice.

Use the Best Tools!

The team behind Fognigma is proud to be creating tomorrow’s solutions for today’s cybersecurity problems. Or, rather, in creating solutions that allow organizations to deftly dodge the deluge of digital duplicity which constantly buffet the shores of security. If you care enough about your organization, your mission, and your users to safeguard them with the best leading-edge protection available, then contact Fognigma today.