Earlier this week, BeyondTrust announced that we have been awarded a Level 2 Federal Information Processing Standards Publication (FIPS) 140-2 validation for our Remote Support B300 appliance. BeyondTrust has the only Remote Support solution that meets the rigorous requirements of FIPS 140-2 Level 2. In this blog, I’ll elaborate a bit more on why this validation is important, and what differentiates BeyondTrust’s Remote Support solution versus alternative tools.
On a daily basis, industries like healthcare, finance, legal, government agencies, and others handle highly confidential information that demands robust information security controls to ensure that it is never at-risk of exposure. If this data falls into the wrong hands, it can be highly damaging—to both individuals, and the organizations themselves.
While there are many avenues for hackers, malware, and even rogue insiders to illicitly gain access to and steal data, remote access pathways remain one of the most commonly exploited cyber threat vectors.
According to 2019 research from BeyondTrust as part of the Privileged Access Threat Study, in a typical week, government/public sector organizations have 124 third-party vendors logging into their systems/network. Thus, it’s unsurprising that the same study found that only 10% of government/public organizations believed that third-party vendor access was not a threat to their organizations. With so many remote access points, and often, sub-optimal visibility, auditing, and security controls over this access, it’s only a matter of time before a remote access weak link is compromised—either via an employee, or a third-party vendor.
Background on FIPS 140-2 and How it Applies
To help address the increasing cybersecurity demands of the federal sector and other critical sectors, the Federal Information Processing Standards Publication (FIPS) 140-2 validation became a requirement for cryptographic products/software used in a U.S. government agency network and other industries to establish encryption standards that protect sensitive data. As a result, programs such as FedRAMP, FISMA, DoDIN APL, Common Criteria, HIPAA and HITECH healthcare regulations inherit the dependency on FIPS 140-2 validation.
In 1995, NIST (the U.S. National Institute of Standards and Technology) and their Canadian counterpart CSE (Communications Security Establishment) teamed up to establish the mechanisms for testing and certifying that the FIPS 140 benchmark had been met. NIST and CSE employees staff the CMVP (Cryptographic Module Validation Program) and CAVP (Cryptographic Algorithm Validation Program), which cooperate with independent third-party testing labs. While the labs conduct functional testing, it is the CMVP that ultimately reviews the results and issues the FIPS 140 validation. This is the formalized certification/validation process adhered to today.
FIPS compliance is mandatory for US government computers, which means that all computers used for government work must be FIPS compliant. Government/federal organizations, subsidiaries, and their contractors must ensure FIPS compliance as they handle information protected by federal government rules.
Highly regulated federal agencies are certainly not alone in seeking secure products they can trust to keep their data safe in accordance with the highest and most modern, standards and benchmarks. Thus, FIPS 140-2 has been widely adopted around the world in both the public and private spheres.
Defining Secure Remote Support
As a cybersecurity company, BeyondTrust takes a more robust approach to ensuring secure remote access—for vendors, employees, and remote support solutions—than other vendors. This is readily apparent in both our solution capabilities and in the attainment of certifications, such as FIPS 140-2.
BeyondTrust was the first vendor to introduce an appliance-based approach to remote support. Our patented deployment model – the Secure Remote Access Appliance – is a highly secure option for deploying remote support. As of 2019, we remain the only remote support solution to obtain FIPS 140-2 Level 2 validation for use in U.S. Government agencies and others, ensuring our customers’ data remains safe from the most sophisticated methods of intrusions.
Some other important security features and capabilities of BeyondTrust Remote Support include:
- Enforcement of least privilege: Apply granular permissions to manage teams, users, roles, and session permission settings. This helps ensure users stay productive and on task, while minimizing the threat surface.
- Session recording and auditing: Each BeyondTrust Remote Support session is logged and auditable, creating a central repository for all remote support activity. The administrator can review every click and keystroke from each session within the organization for both auditing purposes and root-cause analysis.
- Pre-built integrations that support enhanced security as well as usability: For instance, integrate BeyondTrust Remote Support with BeyondTrust Password Safe to enable credential injection. Credential injection provides users with the system access they need without revealing plain text credentials and passwords, which are commonly phished. This eliminates a very common attack pathway for hackers. Other important integrations include for ITSM tools (i.e. ServiceNow,) SIEMs, and authentication solutions (i.e. Active Directory).
Finally, because BeyondTrust’s Remote Support solution can securely enable such a wide breadth of use cases, many organizations find that they can consolidate all their organization’s various (and often, many) remote support solutions and leverage the BeyondTrust solution enterprise-wide. This consolidation itself yields a number of security benefits through reduction of tool sprawl, while also eliminating overlapping costs and administrative inefficiencies.
Take the recent breach of Wipro, an IT services provider/MSP/MSSP, as an illustration. The cyberattack featured hackers planting remote support tools on endpoints within Wipro to launch remote access attacks on Wipro’s customers. Consolidating to one support tool, whitelisting it, hardening your systems, while blacklisting unapproved tools, can drastically lower your enterprise’s risk of such exploits.
Continuing on the subject of the WiPro breach—which presents a case study in secure vendor access (or rather lack thereof), BeyondTrust can also secure privileged remote access in use cases that extend well outside of just remote support. This capability is part of BeyondTrust’s leading privileged access management (PAM) platform. No other IT security vendor can help you address secure remote access in all its forms as holistically as can BeyondTrust.
Source: https://www.beyondtrust.com/blog
