Isometric Business New Year 2019 concept, Digital technologies. Business solution, planning ideas. New innovative ideas.

Cybersecurity New Year’s Resolutions

Happy New Year

The New Year is here, and with it a deluge of resolutions to lose weight, watch less TV, exercise more, eat better, and all sorts of other promises which will be kept for a week or two before tapering off back into regular life. The best of us, however, will actually have the willpower to keep hold of a resolution or two and change our lives for the better. There is one resolution we all should take to heart and make sure we follow through with: bettering our cybersecurity practices.

Now, of course, this resolution isn’t just one easy thing to do. Much like “get in shape,” improving our cybersecurity habits is a multi-prong resolution. But just like “get in shape,” fostering a better total mindthink on a life-change as important as cybersecurity will only make your future easier and safer.

Simple Ways to Improve Cybersecurity

Update, Update, Update!

One of the easiest ways to improve your cybersecurity it to make sure your stuff is updated: programs and devices. Sadly, the rush to get products to consumers often means, upon release, there are holes and cracks in the software and/or hardware’s security. The suppliers of these products realize this and routinely release software updates.

update your software

These updates sometimes add functionalities to the products, but more often than not, they fix errors in the code, making the product more secure in the process. So make a schedule to check for updates for all your things and when you find them, take the time to actually update them. Not only will your stuff work better, it will also be more secure.

IAM FTW!

Identity and Access Management is very important to the cybersecurity of organizations. Basically, it’s first determining a user’s specific role in the organization (Identity) and then assigning permissions based only on what that role needs (Access). Proper Identity and Access Management (IAM) is the easiest way to limit the risk of insider threat, while also limiting external threat should the user’s credentials become compromised. IAM is tricky to implement (as users always want access to more than they need), but just like getting more exercise improves the whole body, IAM improves the security of the entire organization all at once.

Deputize Cybersecurity Rangers!

Though the bulk of cybersecurity is on the shoulders of a few in each organization, those few should make sure the many are informed and actively aware of their own cybersecurity. It is, in a way, a social contract — each user in an organization gives up a little bit of their own rights in order to maximize the safety of the organization. Every user tacitly agrees to be a part of the gestalt solution. And a big part of this resolution prong is information and training.

Cybersecurity Training

Everyone in an organization should have some cybersecurity training since every action from every user affects overall security. Training sessions should be scheduled for everyone, including management (all the way to the top). One of the first things taught should be the danger of phishing.

No Phishing!

We all know what phishing is, but getting an entire workforce always on alert for these sorts of scams is very difficult. Often, they prey on our own willingness to help someone out. An email from the boss near the holidays asking an employee to pick up some gift cards as presents for the board of directors sounds like something that could actually be real. But the knowledge to take a step back and examine the email more thoroughly, to never click on any links from a suspected phishing email, and to let admins know the suspect address the email’s sender (without forwarding any possibly risky message) is invaluable. It is this very knowledge which is important to impart to everyone within an organization. Show a person a phishing email and they’ll be safe for a day; teach them how to recognize and avoid phishing emails and they’ll be . . . well, you know.

phishing attempts

Plan Ahead!

No matter how long a person has been walking, they are bound to, at least once in their lives, trip and fall. The best way to help your organization minimize the fallout from a possible future cybersecurity trip-up is through planning. Starting with IAM plans from an employee’s onboarding, continue planning for everything. Plan for all the training, plan for all the updates. Plan for the policy if a breach is detected and what will be done to secure the breach and recover from the disaster. Make up possible worst-case scenarios and plan for those. Plan for what to do when someone leaves the organization (terminating accounts and credentials, resetting passwords, etc.). Often this last step is forgotten about, leaving a host of possible intrusion points.  And finally, plan for being surprised by something no one ever thought of – but plan on how to keep a level head while adapting to whatever happens. Always being prepared is actually extremely good advice.

Use the Best Tools!

The team behind Fognigma is proud to be creating tomorrow’s solutions for today’s cybersecurity problems. Or, rather, in creating solutions that allow organizations to deftly dodge the deluge of digital duplicity which constantly buffet the shores of security. If you care enough about your organization, your mission, and your users to safeguard them with the best leading-edge protection available, then contact Fognigma today.

Isometric dron Santas hat delivering Christmas gifts and presents. Vector illustration

Scrooge’s Three Ghosts of Cybersecurity

Three Visitations

Just as Scrooge was visited by three apparitions, so shall ye be greeted by three specters. These are not hauntings to change your feelings for the holidays, though. These diaphanous blobs of ectoplasm are here to remind you about cybersecurity and how to think about it as the holidays pass and the new year begins. They are here to show you the three directions you must always look in as you think about protecting your network, users, and organization. Do you feel that chill in the air all of a sudden? Yes, that’s right: The Ghost of Cybersecurity Past has arrived.

Ghost of Cybersecurity

The Ghost of Cybersecurity Past

There’s a knock on your office door. When you open it, you are face to face with the Ghost of Cybersecurity Past. It is small like a child, yet there’s something old about its face. It beckons you to follow it, and you both walk hand in hand into your cybersecurity past. Insert flashback special effects here.

Once in the past, you see how simple cybersecurity used to be. Organizations would set up firewalls to stop intrusion and install virus protection to deal with any viruses which found their way into your systems. Sometimes sites would be blacklisted so employees couldn’t access them. It was an early time, where organizations were slowly coming online for the first time. Things were new. And yet, it was during this time of technological change where the seeds of compromise were planted. (For a wonderful interview with the first person to create a virus, read this!)

Phishing Attempt

This was the beginning, the Ghost shows you, how organizations began to connect together, yet fought hard to remain separate and insulated. The Ghost leaves with a shiver (insert flashforward special effects here), and you are alone.

The Ghost of Cybersecurity Present

But you are only alone for a millisecond before a loud, booming knock shakes your office. It is the Ghost of Cybersecurity Present. This Ghost is not small like your first spectral visitation; this Ghost is a giant. It is the present, after all. The world is all connected, everything is attached to the Internet, and there are malicious third-parties hiding in every nook and cranny waiting to feast on your data. The present of Cybersecurity is expansive, as it strives to protect a global attack surface where over 77% of organizations have suffered some form of attack in 2018 alone.

Gone is just putting up walls and patching holes after they appear. Current cybersecurity must be proactive and seek to shore up weak spots before they become holes. It must evade and obscure, encrypt and disappear. It is as giant an undertaking as the Ghost who is by your side.

Privacy and security

You turn exhausted and you notice the Ghost is similarly spent. And yet it shows you two more things: children hiding in the robes around its feet. “These are Connectivity and Privacy – the two issues that plague all humankind now,” the Ghost explains. Each child grabs and hangs onto one of the Ghost’s arms and you watch as he attempts to balance them. You silently nod, realizing this balancing act is what makes the present state of cybersecurity so difficult: managing everyone’s interconnectivity, while respecting and protecting their privacy. Before you can say another word to the giant spirit, you are alone again.

The Ghost of Cybersecurity Yet to Come

Before you can take three breaths, you feel a presence behind you. Turning, you lift your eyes and behold a solemn Phantom, draped and hooded, coming, like a mist along the ground, towards you. If drifts along, taking you somehow with it, into the future of cybersecurity.

Clouds roll in and lightning flashes. In front of you, there are no more wires. There are just vacuum cleaners talking to microwaves talking to thermostats talking to computers talking to cars talking to cell phones talking to cloud storage talking to…. well, you understand.

Iot isometric Device


In the future, everything is connected and nothing exists in an isolated state. All new electronics access the Internet to provide more services to the user. It’s as if the digital world is made of whiffle balls — little points of access surrounded by holes that third-parties can exploit. The battlefield of the cybersecurity warrior of the future is one who instantly goes on the offensive when bringing a new device, network, or user online. One who moves their defense all around them, dynamically altering it as they go; one who appears to be one place and then another and then nowhere at all.

The future of cybersecurity is both terrifying and exciting — exciting because of the new tech which will be developed, but terrifying because each new connected device is also a new attack surface, so compromise can come from anywhere (not just the single point of entry from a modem like in the past).

But don’t be afraid. As the Ghost of Cybersecurity Yet to Come pulls back its hood revealing a sickly, skeletal form (looking ever so much like the Grim Reaper), you are reminded of the Death Tarot card. In Tarot, the Death card represents change. The Ghost is reminding you of the change that is to come in how you deal with cybersecurity, spurring you on to embrace that change. And then it is gone.

Bonus Ghost: Marley

You are left standing in the room where you started. No one is around, and no time has passed (the Ghosts have those timey-wimey, Twilight Zone skillz). There’s a lot of work to do. ‘But the title there mentions a bonus Ghost,’ you wonder, ‘where and who is this extra apparition?’

The fourth Ghost, reader, is the one writing these words. The one warning you to look to the past, present, and future as you craft your cybersecurity plans and processes. The one showing you the best way to prepare for the future is to combine the visions each Ghost showed you into one ever-evolving plan; the one who puts a little plug at the end of this night of visitations for an enterprise software product which can bring you leading-edge technology, the future of cybersecurity, today. That product is Fognigma.

Learn more how Fognigma can give your organization more than a ghost of a chance.

Isometric modern cloud technology and networking concept. Web cloud technology business. Internet data services vector illustration.

Supporting Offensive Cyber Operations

Offensive Cyber

In the 2018 Department of Defense Cyber Strategy, the DoD outlined a change in cyber defense tactics. One of the new strategies is called ‘Defend Forward’  (which we explored in a previous blog post). In short, Defend Forward charges organizations to shore up their cyber defenses and not sit around waiting for someone to attack and test them – to continue to move forward, all while fully defended. Definitely a shift in cyber defense strategy, as offensive cyber operations are on the rise

offensive cyber operations
Protecting your data is important

But the Department of Defense didn’t stop there. They also stated they “will employ offensive cyber capabilities and innovative concepts that allow for the use of cyberspace operations across the full spectrum of conflict.” Yes, the DoD is actually mentioning the need of offensive cyber operations. The new future involves not only arming one’s organization with mobile cyber armor, but also searching out and destroying threats before they can become threats. Fognigma’s patented software solutions are ready to support this new cyber defense strategy. Read on to learn more!

Fognigma Makes You Invisible

We must start by saying that Fognigma is not an offensive tool. It does, however, provide a patented and proven way for you to hide your operations from spying eyes. Fognigma gives you the power to create encrypted, cloaked Mission Partner Networks (MPNs), allowing total protection and anonymity of communications. An MPN is built from strategically leased virtual machines from one or more cloud providers, which work together as one powerful network.

With Fognigma, you completely control your MPN without any third-party interference or oversight. You run it; you own it. You exist now without anyone watching over you. Fognigma also gives you full command over your online presence. By managing your online attribution, you can craft your online appearance to separate who it looks like you are, where it looks like you are, and what it looks like you’re doing from what’s actually going on.

Secure Network Infrastructure

This invisibility of network and communications is paramount for organizations who conduct offensive cyber operations. Too often, offensive ops are compromised by parts being easily discovered and/or associated. A good example (and warning for the future) involves all the new info that’s been revealed about the big 2009-2013 CIA breach. Simple Google searches by third parties revealed sites that had similar aspects to them, leading to the correct assumption that they were, in fact, operated by the same group. This was later used for interception and exfiltration of sensitive information about offensive ops.

As previously stated, Fognigma is built from various virtual machines (VMs). These VMs only know of their immediate neighbors, so the network can’t be compromised should one VM be breached (which is statistically impossible given the nature of Fognigma’s encryption technologies). Also, organizations have the option to use Fognigma’s Portal Proxy technology (also patented) which allows them to create anonymous and disposable URLs for different Fognigma components. With Portal Proxies, organizations can give users their own URLs, so even if multiple people are accessing the same component, from the outside, it will look like they are going in different directions. This disassociates the users from the organization and from each other. And the more disassociation an organization can create during offensive operations, the less chance of activity correlation which could lead to a compromise like the aforementioned CIA operations.

Fognigma Has Global Reach

In order to properly engage in offensive cyber operations, organizations need global access. This is another area where Fognigma shines. Because of Fognigma’s structural nature, all the parts of the network and internal communication components can be built in different areas of the world. If you needed a file share residing in India, you could have just that (built in a few mouse clicks). All users granted access to that file share could access it when they connect to your MPN from wherever they are in the world.

Fogngima Networks Span the Globe

Fognigma also gives you global reach in an intelligent manner. Meaning, it normally doesn’t behoove an organization involved in operations in one part of the world to appear to be coming from another part of the world. Fognigma solves this by the properties of an MPN’s exit points. Without going into too much technical detail here, users leave an MPN by going through admin-created exit points. Once a user goes through an exit point to the Internet, their IP matches the country in which the exit point is located. This is invaluable when not wanting users to appear to be foreign to the part of the world in which they are conducting operations.

Fognigma Provides the Tools for Offensive Operations

But, Fognigma isn’t just an invisible network. Inside your MPN is a suite of communication and collaboration components which allow your operations to stay in constant contact. As soon as your device connects to your MPN, you’ll have access to: traceless telephony (with a misattributable call chain feature for safely communicating with untrusted external parties), protected video conferencing, and secure chat messaging. A file share is also hidden within your MPN for the safe storage and transfer of files.

secure telephony
Secure Telephony

And then there’s Fognigma’s superpowered Virtual Desktops (VDI). Fognigma’s VDIs have all the features of normal VDIs plus many more that only Fognigma can deliver. For instance, you can now transfer files from a USB directly to your VDI, completely bypassing the host computer. If there is a file on the host computer you wish to transfer, you can copy it to your VDI as easily as dragging and dropping it. Fognigma VDIs can be used as a super anonymous and temporary way to access other MPN. For example, you could initialize a VDI, connect to a video conference inside your MPN (assured that the audio is also safe, as Fognigma ensures all audio is proxied to ensure no IP leak), communicate with your team, and then destroy the VDI when done. When any part of an MPN is destroyed, the components are wiped clean and completely overwritten by the cloud providers, eliminating all digital forensics. It’s as if none of it ever really happened.

Fognigma is the Base Offensive Operations Need

A secure cybersecurity base for offensive operations needs to be a multi-tool, a transformer, and a cloaking device which can fit in your pocket. It needs to make the world think you are doing one thing, when you are actually doing something else. It needs to separate the connected and connect the separated. And, most of all, it needs to do all of this without anyone realizing it’s doing anything at all. That list is a good summary of reasons why Fognigma was created. We wanted to give organizations that toolbox, that utility belt, that base on which to build their operational success. And more than that, Fognigma was developed (and continues to be developed) to give the US Government and its military forces the advantage on the world stage. Fognigma puts the power of cybersecurity in the hands of those who will use our technology to make the world a safer place for all of us.

Network dissociation

The Importance of Being Apart

Playing on a Team

Working for an organization means working on a team – a group of people who, even if they are working in different sections on different projects, are all contributing to a common goal. But there are many times when a mission demands the team to not seem like a team for safety, secrecy, or other reasons. That is, the team must still work like a team but not seem to be connected to each other like a team. This is a very difficult thing to achieve – unless you’re using Fognigma! Network Dissociation or generally obscuring your identity can play a big part in thwarting people from obtaining your sensitive information.

Fognigma – In Brief

With Fognigma, your organization has the power to create your own invisible, encrypted network. Fognigma networks are constructed from randomly leased virtual machines (VMs) which reside on cloud networks in five continents. These VMs are spread out over the world, however they function as one unified network. This patented process is unique to Fognigma, and what makes it the most powerful tool for secure communication and collaboration on the planet. And it’s inside this network where your telephony, file share, chat servers, etc., all live – protected and safe. The ever-changeable nature of Fognigma networks which prevents an Internet pattern-of-life from developing (i.e., the things you do every day online which can be used to identify you). You can still do these things, but they will be separated from your online identity – who and where you really are. This is called dissociation and it is very important to the success of many organizations and missions.

Fognigma Virtual Machine
Fognigma Networks are constructed rom randomly leased virtual machines

But First, An Example of Association

If you go into Store A wearing a lime green cowboy hat on Tuesday and wear it going into Store B on Thursday, an observer will definitely see a person wearing the same unique hat. It is then a pretty safe assumption that the person who was observed on Tuesday and the person who was observed on Thursday are, in fact, the same. Once this is deduced, more connections can be made. The observer could enter the stores after you and, due to their crafty nature, discover information about what you purchased. They can then draw connections between the products you bought. If you purchased eggs, flour, baking powder, and baking soda from Store A and sugar, butter, and milk from Store B, then it could be inferred you are going to bake a cake.

Association
Private and Personal information can be shared easily, just by viewing you

But let’s pretend the observer watches more. On Friday, they view a car pull up in the park and that lime green cowboy hat come out. Now they know the make and model of your car, what state it’s registered in, that you probably have two children (based on the stick figure sticker on your rear window), your license plate, and possibly your car’s VIN number (depending on their location and the zoom power of their binoculars). They also see another person exit your vehicle and observe that you are carrying a cake. (See? They were right!) The observer watches the other person blow out candles on the cake and then the two of you share a slice, sitting quite close together. As you feed each other bits of cake, the observer views similar rings on each of your left hands. Your watcher now concludes you and this other person are married – but more than that, they know what your spouse looks like and their birthdate (give or take a few days). The observer focuses on the cake and sees the worlds, “Happy Birthday, Taylor,” and now they know your spouse’s name. All this private and personal information about you and those around you, discoverable because of associating the movements of someone wearing a lime green cowboy hat.

Why Network Dissociation is Important

As you can see in the above example, associating things is how people learn about who you are, who you’re with, and what you’re doing. For organizations, businesses, and missions, having full control over what others know about you is essential. The above example also illustrates how one tiny association can be enough for a third party to learn an awful lot about you. Now imagine how much could go wrong if you were working on a top-secret development project or part of a hostage rescue mission and adversaries were able to put pieces together and figure out not only who you are, but also information about your team, organization, mission, etc. It could spell anything from a small financial loss to a major catastrophe with casualties. The best way to approach your business is to remain as separate and as dissociated as possible.

How Fognigma Dissociates

Fognigma has multiple ways to dissociates you from everything. Let’s assume your network admin has Fognigma scheduled to automatically burn down at the end of the day and rebuild the next morning. This is the first path in your journey of dissociation. Since each day your network will be made from different virtual machines in different data centers on different clouds in different parts of the world, the network you travel on is already dissociated from every previous incarnation of itself.

fognigma globe network
Fognigma Networks Span the Globe

Since you have access to multiple exit points from your Fognigma network, you can pick a new one of those each day (or change during the day with just a click) to add even more dissociation. All your traffic will appear to emanate from the exit point. So, for instance, if you are working in Ohio, but going through an exit point in Hong Kong, it will appear to anyone watching your traffic that you are in Hong Kong. And with a simple drop-down menu change, you can instantly be in Spain, South Korea, India, the US, or anywhere else you have an exit point.

But it gets better – more disassociate-y. Your network admin has also created your Fognigma with a few dissociating joints, which your traffic passes through once you enter and before you exit to the rest of the Internet. dissociating joints do just what their name describes: they obfuscate who/where/what/why you are even more. Passing through each one shatters all your details; passing through all of them cranks your dissociation level to 11.

But it gets better. Your admin is also using Portal Proxies. This gives each user a unique URL from which to access your Fognigma network, so every single user looks like they are going to a different location. No one appears to be heading to the same place. Everyone appears to be separate. No one looks like they work for the same association (i.e., dis-association).

portal proxies
Portal Proxies are a component to Fognigma

But it gets better. You click on your unique URL and access a Virtual Desktop (VDI) on your Fognigma network. You access this VDI as an anonymous entry point, and from this VDI you exit to the Internet and do your browsing. When you are done, the VDI is destroyed, leaving no forensic footprint. You have become so dissociated by now, you might not even know who you are any more.

As you can see, Fognigma is capable of many layers of network dissociation – from what is provided by the innate structure of a Fognigma network to adding on more and more layers. Sort of like peeling an onion, but instead of peeling the layers off, you are adding them on around you, forming shell after shell of Fognigma-created power, guaranteed nothing but tears for anyone attempting to figure you out. Fognigma makes sure (callback time) to hide your lime green cowboy hat in a white box in the middle of a snow drift in the dead of night: completely invisible.

 

Software, web development, programming concept. Abstract Programming language and program code on screen laptop. Laptop and icons company network . Technology process of Software development

Fognigma Version 1.4 Has Been Released

Fognigma v1.4 brings a host of new and powerful features

Herndon, VA – Dexter Edward is thrilled to announce the release of Fognigma v.1.4. Fognigma still creates invisible and encrypted cloud-based networks full of communication and collaboration components, but now it has added some important new features. Fognigma is now FIPS 140-2 Validated and has added a wolfSSL TLS 1.3 layer to its already-unprecedented level of security and anonymity. Update 1.4 gives users the power to transfer files from a USB drive directly into a Virtual Desktop (VDI) completely bypassing the host computer. Plus, with the new Active Directory integrations, admins can import users from their already existent Active Directory straight into the Fognigma Console, greatly speeding up the onboarding of users.

“We are proud to bring even more abilities and security to our customers in Fognigma v1.4. We have raised the bar once more, while continuing to enhance the utility and capability of the system for the end users,” said Cael Jacobs, Dexter Edward’s Chief Technology Officer.

These new features (along with many under-the-hood updates) mark even more leading-edge advances Fognigma is making in the realm of communication security. Fognigma is ready to give organizations the power to create encrypted and invisible networks which hide all their communications and collaboration – now with even more superpowers.

About Dexter Edward:

Dexter Edward LLC is the premier integrator of secure, encrypted, and traceless communications and collaboration systems. We provide commercially available products ready for immediate implementation. Our solutions allow organizations to create invisible network spaces for multilateral, inter-agency cooperation without the risk of intrusion by external forces; provide an encrypted means to obfuscate Internet traffic and misattribute the connectivity of users; and safeguard communications, intellectual property, users, and other organizational assets. These solutions are ready to assist agencies (within the Department of Defense, Intelligence Community, Law Enforcement, and other organizations) to achieve mission success.

We are committed to providing organizations the enterprise software solutions they need to protect their communications, users, and data. This is what drives our business. Dexter Edward’s founders, investors, and employees are all American citizens and have a combined experience of over 150 years in cybersecurity and network development.

Defend-Forward-2-01

Defend Forward – Cloud Smart

A Change in Cybersecurity Tactics

The 2018 Department of Defense Cyber Strategy was released on September 18, 2018, and set the cyber-world humming. The path of cyber defense is shifting. No longer will cyber defense (at least as they DoD views it) be content to building a wall and making sure nothing breaches that wall.  The new directive is for cybersecurity to “defend forward to disrupt or halt malicious cyber activity at its source….” But what exactly does this mean?

Defend Forward

“The Department must respond to these activities by exposing, disrupting, and degrading cyber activity threatening U.S. interests, strengthening the cybersecurity and resilience of key potential targets, and working closely with other departments and agencies, as well as with our allies and partners.” -2018 Department of Defense Cyber Strategy

As you can see from the above quote, cyber defense is, in essence, going on the offense. An easy way to visualize this is by picturing a phalanx of hoplite soldiers in Ancient Greece. They have their protective shields in place and they are in close formation – amazing protection from any attack. However, they don’t stand still. They march forward and engage the enemy. They are bringing the defense toward the enemy’s position and using their defense as part of an offensive plan. They are, to bring it back to the new cyber strategy, defending forward.

defend forward

This is what the DoD plans for the future of cybersecurity. Rather than that waiting for the threat to attack, Defending Forward has your cyber defenses move forward to meet the attacker or, preferably, engage the threats before they can attack. It is an aggressive defense, but one that is needed in today’s ever hostile world. But that’s not all. Not only must we change our defensive tactics, we must also evolve our thoughts on the cloud.

Cloud Smart

 “Cloud Smart is about equipping agencies with the tools, knowledge, and flexibilities they need to move to cloud according to their mission needs.” – 2018 Federal Cloud Computing Strategy

According to the most recent (recent as of this time of writing – October 2018) draft of the 2018 Federal Cloud Computing Strategy, the Office of Management and Budget (OMB) is adding a new spin to how government should think of and interact with the cloud. The new Cloud Smart initiative is a trident approach to being safe on the Internet: security, procurement, and workforce.

First, Cloud Smart calls for a modernization of cloud security. Network security at the outer layer should no longer be the be all and end all – the necessity for security throughout a network is imperative, expressly surrounding actual data stored on the network. The Cloud Smart strategy points out that data is key, and it is an agency’s responsibility to the public to keep that data safe and secure.

office cybersecurity

The procurement tine of the Cloud Smart trident deals with giving agencies the power and knowledge to purchase the proper security products for their agency. But unlike the past, where each agency gets whatever it has found on its own, agencies are encouraged to share. In fact, the push is to standardize security products across all agencies.

The final prong of the Cloud Smart trident deals with the actual workforce of government agencies. To paraphrase the OMB, key cybersecurity talent needs to be recruited and/or grown and trained from current personnel. These new cyber-warriors will be responsible not just for cybersecurity, but also for procurement and engineering of Cloud Smart solutions.

Fognigma is Cloud Smart and Defends Forward

Fognigma is a patented enterprise software solution which creates secure, invisible, and encrypted networks on the cloud called Mission Partner Networks (MPNs). It does this by taking randomly leased virtual machines from multiple cloud servers and connecting them to form one network. Inside these networks are all the communication and collaboration tools organizations need for mission success: traceless telephony, encrypted file share, secure chat messaging and video conferencing, and virtual desktops (VDI) with Fognigma-unique features. These networks exist over public infrastructure yet are invisible to spying eyes.

Every connection in a Fognigma network is wrapped in cascading layers of AES-256 encryption using two separate encryption libraries, OpenSSL and wolfSSL, for added security. This encryption protects the connections that make the network, but also all the connections inside the network. This provides protection at the outer layer of the network, but also surrounding the data stored inside – just like Cloud Smart dictates. Plus, Fognigma is FIPS 140-2 validated.

Fognigma offers even more protection by giving admins granular user controls. Fognigma protects against threats from the inside, as well, by letting admins set which users can access which tools, folders, and files – controlling even the type of access each user has (read only, write, etc.). And Fognigma does all of this without any third-party access or oversight – you own it and you run it.

granular controls for admin

Fognigma’s MPNs are designed to allow for the easy collaboration of multiple agencies without disrupting or endangering each agency’s users or data. In our experience, once an agency gets a taste of what Fognigma can do, it wants Fognigma for its own operations. We completely support that choice (and so does Cloud Smart)!

Fognigma embraces the Defend Forward mindset. Since MPNs are built across multiple cloud providers, they can reach out into over 50 regions spread across 5 continents. Fognigma lets you boldly go into any part of the world your mission dictates. You will advance upon the enemy, yet they will not know you are there due to the invisible nature of MPNs. In fact, MPNs defend forward a little differently from other networks. They defend forward in space, but they also defend forward in time.

Let’s explain. Fognigma lets you extend your network, part of your network, and/or one or more of your communication components into enemy territory – you have defended forward in space. But Fognigma also gives you complete control over when the network, parts, and/or components exist, giving you the ability to defend forward in time. Because Fognigma acknowledges that “always on” isn’t always desired – both for conserving resources and extra security – it gives you the ability to manually or automatically, on a schedule, remove components, network parts, or the entire network. Or, conversely, you can add to your networks. Basically, your entire network’s topography can be constantly in flux; you will be defending forward by being everywhere and nowhere, seemingly at the same time (like Schrödinger’s network). Your shields will forever be raised, yet your troops will be constantly and silently moving around the battlefield defending forward in four dimensions (i.e., in space and in time).

Fognigma combines all the best parts of the Cloud Smart strategy with a solid Defend Forward stance. With Fognigma, your organization will be able to protect itself while not having to sit still hiding behind walls. It can move, it can flow, it can adapt to any situation. Your organization will be able to smartly glide through the cloud towards mission success, while defending in all directions. This is why we can proudly say: Fognigma helps you Cloud Smart while Defending Forward.

Isometric flat 3d abstract office floor interior departments concept vector. conference hall offices workplaces director of the office interior

What is Identity and Access Management (IAM)?

In the workforce, identity isn’t really who you are. It’s not your name, age, shoe size, etc. Your identity is your place and role within the company. Think of what your job title is and add all the other things you do. That’s your Identity (which we will now be capitalizing to distinguish it from your identity (name, age, shoe size, etc.)). It sounds simplistic, but knowing your Identity is extremely important for your cybersecurity team. Why? Because knowing your Identity allows you to be given the proper access to your company’s data and networks. Identity and Access Management (IAM), then, is accurately and precisely defining your role in the company (Identity) and making sure you can only use the tools and data you need (Access) to do your job.

IT Department
Your role plays a part in your identity

Identity and Access Management Issues

And still you are probably thinking this sounds like something basic and easy to do – but it’s not. Almost everyone can agree that the job description they were hired for isn’t exactly the job they ended up doing. It takes time to settle into a workplace and really get a feel for your true role in the company. In fact, in the 2018 edition of the Cyber Defense Magazine, Ketan Kapadia, VP of IAM at Herjavec Group, says it can take 6-8 weeks to complete a solid Identity Access Management assessment of an employee. That is a huge time to be in cybersecurity flux.

But a company can’t sit around on its elbows waiting to figure out an employee’s Identity and then grant access to network resources, files, etc. Access needs to be given (in some form or another) as soon as the employee starts. So, what happens? Access to resources is granted based on a guess of what the employee needs, the bare minimum based on the job description, or (horror of horrors) everything (just to make the sysadmins’ job easy). Many times, this last possibility wins out due to time constraints (because time = money, you know). None of these situations is good for cybersecurity, your workforce, or your company. 

Fognigma with the Identity Access Management Assist

Fognigma builds its Mission Partner Networks (MPNs) out of randomly leased parts on multiple public clouds. MPNs are a collection of parts, but they function as a whole. They are invisible to the outside world of evildoers and protected with two layers of AES-256 encryption between all the parts. And inside the MPN with its stealthy ephemeral style, reside components for secure communication, your files and data, and the see-through playground in which your users work. [For a more detailed explanation of Fognigma, click here.]

Identity and Access Management

Now you know the patented Fognigma engine lets you create a powerhouse of cybersecurity for your company. But that’s not why we brought you here. We want to showcase how Fognigma can make IAM easier to implement, and it does it with three words: granular user controls.

Granular user controls let the MPN’s administrator set precise permissions for each user. It’s still up to you and your company to determine your users Identities, but Fognigma makes adding users and granting/changing/removing Access as simple as a few mouse clicks. No more guessing all the permissions someone needs. No more just giving in and granting everything (while putting your entire organization at risk) because the Access management part doesn’t take a chunk of time anymore.

Because one aspect of cybersecurity that is quite important is speed. The faster you can deal with situations, the better. And the faster your team can manage an employee’s Access, the less chance of “no time” being an excuse for sloppy IAM practices. Fognigma give you the IAM speed you need and the controls to make sure your Identities have exactly the Access they require.

bigstock-Isometric-Internet-Security-Lo-238957666-Converted-01

Protect Your Things

IoT Is Only Getting Bigger

The Internet of Things (IoT) is growing larger day by day. With thermostats monitoring and virtual personal assistants listening, it’s getting quite easy to become surrounded by things. Things are great! They can help you turn on lights and buy dog food and find out what the weather is like without having to look out a window. But things do come with risks. These things could risk your network security, data, users, intellectual property (IP), and even your entire company!

internet of things (ioT)
Connected to everything with cybersecurity

It’s to be expected, really, if you think about it. Each device asks to connect to your network and then monitors something, often communicating out to the Internet. Each thing is now a new window or door into your network – a new safety vulnerability disguised as a handy device.

People Forget About Security

Often, people add smart devices in their homes and offices without any thoughts of security. It’s assumed that the company who created the device was smart enough to add in some measure of safety. Sometimes this is true with the more conscientious manufacturers, but many times network safety is sacrificed for speed to market (gotta get those sales numbers up). This isn’t safe for your home network, and it can be disastrous for your office network.

open network
Opening your network to leaks due to devices

Imagine an enemy agent out there watching your company. Suddenly, a thing pops up on his radar. To you, it’s just a little monkey on your desk that opens its umbrella when it is going to rain (and if that doesn’t exist, it really should). To the enemy agent, it’s a poorly protected entry point to your company’s network. The monkey might tell you that it’s going to rain, but what it isn’t telling you is that the rain is really the tears of your company as all its important information is exploited.

Insecure IoT Can Ruin Your Company

The monkey might be a simplistic and dramatic example, but the main points are solid. Adding unsecure items to your office network can be disastrous. Though we highlighted a frivolous IoT toy, there are many things that are very valuable and useful to businesses and organizations: the aforementioned thermostat, moisture sensors, factory automation things, HAL 9000, security devices, and even a fishtank in a casino!

The first thing to do is make an IoT security plan (i.e., what to do when someone wants to add a new device to your network), and the first step of that plan is to take the new device to the IT department for evaluation. Is it from a known and/or trusted manufacturer? Does it have any safety features built into it? Does it often get its firmware updated? Who will monitor and make sure updates are done in a timely manner (this one is really important)? In short, is this good for the company (read: worth the risk to your network)?

How to securely add a device to your network, discuss with your IT department

Making a plan gets everyone in the habit of thinking before they add a new thing – and, to be quite blunt, users should never stop thinking. But we want to make your IoT security easier and safer – with Fognigma.

Fognigma takes a multi-prong approach in protecting your things by protecting everything on your network. In a nutshell, Fognigma creates a Mission Partner Network (MPN) in parts spread out across multiple cloud platforms, which function as one. This creates an invisible-to-outsiders network in which your data, your communication tools, even your current network (depending on your Fognigma deployment) live. Your IoT devices are also inside the protection of your MPN, as well.

IoT devices connect to the MPN through a bit of hardware called a Wicket. Depending on how you have your IoT spread out through your organization, each device can have its own Wicket, or they can clump into little IoT hives and several devices can connect through one Wicket. Once connected to the MPN, your things are now invisible to external threats.

MPNs prevent metadata snooping (a key way third parties discover networks to exploit), which means network threats won’t even know your IoT devices exist. Fognigma is already in line with the NIST’s recommendations for IoT security by wrapping each connection inside an MPN with the recommended AES-256 encryption. Only, Fognigma doesn’t just use one layer of AES-256 encryption – everything inside your MPN is double wrapped for extra security.

A company that uses Fognigma will have a major advantage in the IoT world, as Fognigma makes sure your IoT remains only your IoT. That’s the magic of Fognigma. We’d like to chat more about this, but the thing on our wrist (which is connected to our phone, which is connected to the refrigerator) is telling us it’s time to get up and get a snack.

Print-01

Printers – PC Load Vulnerability

Printers Are Forgotten About

Every office has at least one printer – quite often, a multi-function machine that also scans and faxes. These machines allow us to distribute hard copies of things, print out websites for the older workers to write their comments on, create signs playing practical jokes on Joe from Accounting, and other very important office things. Everyone oohs and aahs when the new printer arrives, but after it’s installed and hooked to the network, no one thinks about it again until one of its consumables needs replacing. The printer becomes almost a piece of furniture – it has a function, but other than that it just sits there. Until it becomes a portal for intruders, that is. Printer Security may be the last thing on your entire office’s mind, but should it be?

Printers Can Be Gateways of Evil

There are many long-running Internet jokes on how printers are evil. In fact, they aren’t really. Sure, they have to be tended to now and again, but it’s normally just for the feeding of paper and ink/toner. What printers can be, though, are ignored gateways for evil to reach into your networks. Think about it: devices are added to networks all the time and we’ve been trained to properly protect and secure them (which is good). But for some reason, we often seem to forget that printers are devices existing on our network, too. We forget that printers have reach to all our computers. We forget to include printers inside our shell of cybersecurity. Many of us have grown up with printers always there (especially when compared to the vast army of IoT products that have been amassing to take money from our wallets in the last handful of years), and just trust them to be there and be safe.

Secure keys for office
How secure is your office hardware?

And this is exactly what infiltrators want us to do: forget to protect our printers. Because if our printers aren’t protected, infiltrators have a gateway from which to invade our networks.

Printers Can be Exploited – Printer Security

Printers, just like any unprotected IoT device, can be exploited in a number of ways. One of the main ways printers can be compromised is through DNS rebinding attacks. DNS rebinding allows malicious attackers to squeeze around your firewall and find and exploit unprotected devices, such as printers. According to a study by Armis, an estimated 66% of printers from all major brands are vulnerable to DNS rebinding – that’s approximately 165 million printers.

Once a printer has been perforated (old school dot matrix joke there), infiltrators can do a variety of things. The first thing they might do is download all the documents being printed, scanned, or cached on the printer. Those could be as simple as business flyer drafts and as dangerous as tax forms and contracts.

But the damage doesn’t stop there. Once they’ve pierced through your printer, evil-doers can spread throughout your network finding more to exploit. From your printer, they can spread like any other network invasion, installing ransomware, taking over systems, and every other bad thing you can imagine.

Fognigma Protects Printers

Want to make sure your printers are safe? The easiest way is to plug it into a little device called a Wicket, which pulls the printer onto your Fognigma-created network. Because your printer is now protected by Fognigma, it can’t be detected by those looking for network vulnerabilities because your entire network can’t be detected. Don’t have Fognigma yet for your cybersecurity? Well, read on to learn more and how it is a game changer in the realm of cybersecurity.

Wicket Printer Setup
A Fognigma Wicket added to a printer

Fognigma enterprise software gives you the power to create truly invisible networks. Fognigma builds secure and traceless networks by using randomly leased components spread out across multiple clouds which function together as one network. Fognigma networks are wrapped in two layers of AES-256 encryption and hide and protect your communications, files, users, network, and yes, even your printers.

Any device connected to your Fognigma-created network doesn’t seem to exist to the world, so won’t be a target for exploitation. As stated before, printers tend to be forgotten about. We plug them in, connect them to our network, and then use them until they are replaced by a new version. Lather. Rinse. Repeat. But now, just as easily as you would connect them to a regular network, you are attaching them into a Fognigma network.

And, also just to make it clear, Fognigma does in fact protect your printer, but it does secure so much more. We focused on printers as an easy-to-abuse access point for violating an organization’s network, but Fognigma protects everything your organization holds dear. It also has many other valuable features, such as obfuscating network traffic, traceless telephony, encrypted file share, and the ability to safely access your Fognigma network from anywhere in the world on any device.

 

Fognigma is ready to protect your organization’s entire network with leading-edge technology. We just wanted to make sure you knew your printers would be safe, too.

Isometric vector Internet hacker attack and personal data security concept. Computer security technology. E-mail spam viruses bank account hacking. Hacker working on a code. Internet crime concept

Defeating Browser Fingerprinting with Fognigma

You’re Always Being Watched Online

As Joseph Heller aptly wrote in Catch-22, “Just because you’re paranoid doesn’t mean they aren’t after you.” This statement accurately parallels the plight of those who take their online security seriously. Many of us concerned with cybersecurity use countless programs and plugins to thwart online tracking, which might seem paranoid to some. But we know the truth: online, they really are after you.

And who ‘they’ are almost doesn’t matter. They are the ones who want to track your every online move. They are the ones who want to know who you are, where you come from, and what you are doing so they can use that information. Sometimes, this info is just used to market to you, or anonymously track where you look on a website so the site’s design can be made more user friendly. By 2020, profits for data about you and your online activities are expected to reach an estimated $210 billion dollars – a compound annual growth rate of 11.9%. But unfortunately, all too often, this data is used by a more nefarious ‘they’ – the ‘they’ cybersecurity attempts to protect you against. The ‘they’ who will find a way into your network, so they can suck the sweet marrow inside, leaving you with just a brittle shell of your company.

How Do ‘They’ Find You?

Everyone knows about all the flavors of cookies that exist out there – regular cookies, evercookies, supercookies – each tracking something about your online activity. It’s even easier to know about cookies now that GDPR compliance is being enforced. But there are other ways you can be tracked online, ways that are often more difficult to detect and stop than cookies. We’re talking about browser fingerprinting.

Browser fingerprinting, in the TL;DR version, is the act of observing online patterns and deducing from where and whom the patterns were created. It’s easier to illustrate by example. Picture your morning. Most likely, you get up at the same time, head to work at the same time, go to work via the same route, work at the same location, eat lunch at the same time (often, at the same place), leave work at the same time, head home via the same return route, and go to bed at the same time. Lather. Rinse. Repeat. Quite quickly, a very distinct pattern (your pattern-of-life) develops – one which can be exploited to figure out things about you and, in many circumstances, to figure out exactly who you are.

Browser Fingerprinting
Daily online behaviors, systems can learn from online routines

Online, it’s the same thing. Whether you know it or not, you have patterns of online behavior – sites you frequent, time of day you check things, location when you are checking, connection type you use, and so much more. Once it’s analyzed, your online pattern of behavior can disclose quite a lot of information about you and, again, sometimes even exactly who you are. There’s only way to fully protect yourself. You must disappear.

Fognigma Defeats Browser Fingerprinting

Imagination time again. Now picture you go to work like normal, except this time instead of going from your home to your work, you appear suddenly at the Eiffel Tower and begin working from there. When it is time for lunch, you eat a delicious meal, but no one sees it happen. To observers, you never had lunch at all. And rather than anyone able to witness your traffic-filled commute home, you simply disappear from your table at Le Jules Verne as if you never had been there at all.

The point is: Fognigma obscures your actual location, movement, and intent. A Fognigma network is built from randomly leased components from cloud providers all over the world combined to form one network. You enter the network through an entry point which may or may not even be in your own country. Inside the network, your traffic might be routed through dissociating joints (depending on your deployment configuration) before leaving through an exit point possibly on a different continent. Anyone trying to trace your location will see you as existing wherever that exit point is.

leased cloud components
Randomly leased cloud components

And guess what? Your entry and exit points today might not be the same tomorrow – same with the entire configuration of your Fognigma network. Fognigma networks can easily be burned down and rebuilt (either with the same or different configuration) with just a few mouse clicks. The cloud components are wiped clean and returned to the cloud, only to be written over when next they are used. When you rebuild your network, you can choose new entry and exit points in different places. You can do this build/burn/rebuild at any time – even on a scheduled and automated basis.

Now, you no longer have an observable pattern. You might still go to the same sites around the same time, but you will appear to be doing it from different cities, countries, and/or continents. By constantly shifting your perceived location, your activity just becomes static in the soothing white noise of the Internet’s global Om. In short, you won’t even appear to be you.

Fognigma helps you thwart the ‘they’ who are after you, but you’re on your own with your paranoia.