Archive for Pulse Secure

VPN Vulnerability Actively Being Exploited In The Wild…. Yikes!

Posted in Commentary with tags , on January 9, 2020 by itnerd

If you have a Pulse Secure VPN, you should be aware of an urgent patch that needed to be applied back in April of last year. The vulnerability that this patch fixes is CVE-2019-11510 and can basically be abused to extract plain-text passwords, and other secrets, from networks without any authentication. Or put another way, it allows people without valid usernames and passwords to remotely connect to the corporate network the device is supposed to protect, turn off multi-factor authentication controls, remotely view logs and cached passwords in plain text. And that includes Active Directory account passwords.

In case you are wondering, that’s very, very bad.

Now let’s pretend for a second that you did not apply this patch last April. Or you didn’t know about it. Well you might be in deep trouble as there’s a group that is now actively exploiting this vulnerability to pwn networks with ransomware. The latest victim to get pwned so far is UK based Travelex according to this article:

Travelex, the foreign currency exchange and travel insurance company, appears to be the latest victim of the group. On New Year’s Eve, the company was hit by Sodinokibi ransomware, also known as REvil. The ransomware operators contacted the BBC and said they want Travelex to pay $6m (£4.6m). They also claimed to have had access to Travelex’s network for six months and to have extracted five gigabytes of customer data—including dates of birth, credit card information, and other personally identifiable information.

“In the case of payment, we will delete and will not use that [data]base and restore them the entire network,” the individual claiming to be part of the Sodinokibi operation told the BBC. “The deadline for doubling the payment is two days. Then another seven days and the sale of the entire base.”

The group who are behind these attacks have seven victims so far, and that number is likely to grow. Bad Packets Report’s Troy Mursch ran a vulnerability scan finding that thousands of Pulse Secure VPN servers worldwide remain vulnerable. Which means that the pwnage has the potential to be epic. Thus if you’re using a Pulse Secure VPN, you should get to patching it now. As in right now. Seriously. Drop everything and do it now.

Pulse Secure Recognized as Great Place to Work Certified Company

Posted in Commentary with tags on November 18, 2019 by itnerd

Pulse Secure, the leading provider of software-defined Secure Access solutions, has been recognized as a Great Place to Work Certified Company.

The company’s employees themselves helped earn the distinction, which is based on an independent survey of the employee experience and an analysis of the culture measured against Great Place to Work’s global benchmark data. Key findings included:

  • 92% said Pulse Secure is a great place to work
  • 97% say people care about each other
  • 98% celebrate special events at the company
  • 95% feel they can “be me”

Other notable findings of the analysis were a successful internship program with a track record of 20% converting to full-time hires.

Great Place to Work conducted an extensive Pulse Secure employee survey and assessed the results against an industry comparative benchmark to achieve “Certified” rated. The Great Place to Work Certification process is based on rigorous benchmarks established by surveys of more than 100 million employees over 30 years. The resulting analytical model is used to evaluate company cultures against the best in the world. Known as the Great Place to Work Trust ModelTM, because trust is the essential element of a great workplace, the same standard process is used to create theFortune 100 “Best Companies to Work For” and other notable lists.

Earlier this year, Pulse Secure was ranked 26th among 2019 Top Workplaces by the Bay Area News Group. That recognition, the second year in a row, was also based on an employee survey conducted externally.

 

Pulse Secure Wins Web Application Firewall of the Year at The Computing Security Awards 2019

Posted in Commentary with tags on November 6, 2019 by itnerd

Pulse Secure has won the Web Application Firewall of the Year category at The Computing Security Awards 2019.

The Award, which is based on votes from IT managers across the U.K. was given to the Pulse Secure Virtual Web Application Firewall (vWAF), a scalable solution for application-level security, both for off-the-shelf solutions and complex custom applications including third-party frameworks. The vWAF is a part of Pulse Secure’s virtual Application Delivery Controller (vADC) solution, which provides unprecedented scale and flexibility to enhance the performance and security of applications across the widest range of environments, from physical and virtual data centers to public and hybrid cloud.

Pulse Secure’s vWAF can be used to apply business rules to online traffic, inspecting and blocking attacks such as SQL injection and cross-site scripting (XSS), while filtering outgoing traffic to mask credit card data, and help achieve compliance with PCI-DSS requirements by filtering outgoing data. An additional prominent feature is vWAF’s automated learning capability that can make policy recommendations by learning about application behavior to make it easier for security teams to maintain policies and negate false positives. Administrators retain full control over the activation and deactivation of each ruleset, with the opportunity to screen for false positive before committing to production.

Now in its fifth year, the 2019 Awards ceremony was held at The Leonardo Royal Hotel, London City and hosted by former England cricket captain Chris Cowdrey and comedian Sean Collins.

Pulse Accelerates Enterprise Means To Achieve Zero Trust Security for Hybrid IT

Posted in Commentary with tags on October 22, 2019 by itnerd

Pulse Secure, the leading provider of software defined Secure Access solutions, today announced that it has introduced new Secure Access management and threat mitigation capabilities within its Zero Trust Network Access platform. Through these enhancements, Pulse Secure enables enterprise and service provider organizations to progress Zero Trust security and mitigate hybrid IT risks while simplifying access to multi-cloud and data center resources.

Pulse Secure’s Zero Trust Network Access platform allows organizations to centrally manage policy and automate secure access to applications, data and services that are delivered on-premise or in private and public cloud environments. The company continues to incorporate open standards and proprietary means to extend platform interoperability and automation that provide customers greater operational oversight, policy management and threat response economies.

Management

Many enterprises supplement conventional desktop and mobile remote access to hybrid IT applications and resources utilizing Virtual Desktop Infrastructure. Having to manage multiple secure access mechanisms often introduces user experience issues, as well as provisioning delays. Pulse Secure has enhanced its VDI integration with RDS (Remote Desktop Services) Broker to simplify user experience and management support for Citrix XenApp/XenDesktop, VMware Workspace ONE and Microsoft RDP.  Additional management enhancements include:

  • Pulse VPN can now use DHCP-based networking configuration to automate endpoint access provisioning
  • Openstack interoperability to streamline managing multiple virtual Pulse Secure appliances through popular IT orchestration tools
  • Easier, broader network switch support for Layer-2 enforcement utilizing a template-based CLI framework for Pulse NAC that negates the need for RADIUS
  • Building in Pulse Secure VPN and NAC attributes within Pulse vADC to facilitate policy-based load balancing to improve user experience and access resiliency

Threat Mitigation

Organizations are seeking means to improve mobile workforce user experience, while assuring data protection measures are always active and audit-ready in order to support numerous internal and regulatory compliance specification. Pulse Secure has enhanced its popular Pulse VPN Lockdown mode feature that prevents users from modifying VPN Client settings or disconnecting from gateways. Ensuring always-on and protected connections with rich user authentication and device security posture enforcement significantly reduces endpoint and access security threats.Additional threat mitigation enhancements include:

  • Bi-directional integration with IBM Qradar and Splunk SIEMs allowing Pulse NAC to receive SIEM alerts and take network threat response actions
  • Identity-based integration between Pulse NAC and the Fortigate Next Gen firewall (NGFW) using RADIUS Accounting allowing Pulse to send identity context to the NGFW for role-based access enforcement to corporate resources
  • Pulse NAC can provision users’ authentication details and resource/IoT access enforcement policies to specific Palo Alto Network’s NGFW virtual instances (VSYS)
  • User Entity Behavior Analytics (EUBA) enhancements to further extend adaptive access control based on anomalous and malicious user or device activity

Pulse Secure’s Zero Trust Network Access platform is a foundational component of the Pulse Access Suites. The Suites provide remote, mobile, cloud, network and application security with comprehensive VPN, Mobile Device Management (MDM), Single Sign-on (SSO), endpoint and IOT device security, Network Access Control (NAC) and virtual Application Delivery Controller (ADC) functionality. Pulse SDP is a Suite add-on which activates Software Defined Perimeter (SDP) components within existing Pulse solutions to provide direct device-to-application trusted connectivity only after successful user, device and security state verification. This approach extends the company’s foundation of Zero Trust access for hybrid IT with enhanced usability, deployment flexibility, automated provisioning and resource optimization.

 

Pulse Secure Experiences Double-Digit Growth

Posted in Commentary with tags on August 14, 2019 by itnerd

Pulse Secure, the leading provider of software defined Secure Access solutions, today announced that growing demand for hybrid IT and Zero Trust Secure Access, resulted in double digit deal volume growth in the first half of 2019. Additionally, the company announced significant achievements in product innovation, channel programs, customer service and talent acquisition.

Pulse Secure is uniquely positioned to bring together crucial secure access functions with required interoperability for hybrid IT and multi-cloud. Key milestones behind the company’s outstanding growth for 1H2019 include:

  • Pulse Secure Access Suites sales grew by 98% year over year; nearly twice the demand for suites over last year
  • Pulse Secure realized double-digit deal volume growth, including new products and service business, with subscriptions increasing by 44%
  • Bookings included the highest number of deals greater than $100,000 in Pulse Secure history
  • Pulse One Manager, including mobile security, cloud security and single sign-on, grew by more than 50%
  • Network Access Control (NAC) business grew by 45% year over year across federal, Europe and Middle East markets, and we were recognized as a top 3 enterprise NAC provider
  • New offerings were launched, including Pulse SDP, extended support and onsite services, and a global solution training and certification program
  • New Access Now partner program designed to accelerate channel sales and service opportunities while advancing MSSP enablement
  • Industry Net Promoter Score (NPS) rating increased to 52, with a customer renewal rate of over 92%

Product Innovation Extends Zero Trust Network Access for Hybrid IT

Announced in February, the Pulse SDP solution integrates Software Defined Perimeter (SDP) architecture within the award-winning Pulse Secure Access platform, offering customers a flexible path to SDP. This approach extends the company’s foundation of Zero Trust access for hybrid IT with enhanced usability, deployment flexibility, automated provisioning and reduced cost of ownership. Pulse SDP offers dual-mode VPN and SDP architecture to provide single-pane-of-glass secure access management with uniform policy management and granular, stateful access enforcement across data center and cloud applications.

Growth, Culture and Engagement Attract Top Talent

The Pulse Secure focus on individual growth, employee engagement and corporate culture continues to attract top talent globally. Pulse Secure has increased its global workforce by 5% across support, engineering, sales and marketing and institutionalized professional development across all disciplines, with participation increasing by 60%. In addition, the company’s local charitable programs are seeing an employee participation rate increase of nearly 50%.

About Pulse Secure

Pulse Secure provides easy, comprehensive software-driven Secure Access solutions for people, devices, things and services that improve visibility, protection and productivity for our customers. Our suites uniquely integrate cloud, mobile, application and network access to enable hybrid IT in a Zero Trust world. Over 20,000 enterprises and service providers across every vertical entrust Pulse Secure to empower their mobile workforce to securely access applications and information in the data center and cloud while ensuring businesscompliance. Learn more at www.pulsesecure.net.

Pulse Secure Launches Access Now Partner Program

Posted in Commentary with tags on January 24, 2019 by itnerd

Pulse Secure, the leading provider of Secure Access solutions to both enterprises and service providers, today announced the global launch of their new Access Now Partner Program. Designed to offer partners the means to establish themselves as a go-to source with an industry-leading solution in Secure Access, Access Now provides an enhanced opportunity for top line revenue and bottom line profit growth while setting them apart from the competition.

Pulse Secure is recognized as a channel-focused industry leader, as evidenced by delivering virtually 100 percent of its sales through partners and having been recognized four years in a row with a prestigious CRN five-star program award.

Pulse Secure’s continued growth within the channel is closely tied to its successful distribution relationships, which included Ingram Micro Inc., Securematics and Westcon.

As part of the Pulse Secure Access Now partner program, the company will recognize three program tiers: Authorized, Preferred and Elite. Each level represents the partner’s proficiency, expertise and growth in selling Pulse Secure solutions to their customers. Partner rewards and incentives are differentiated at each level and will reflect the partner’s investment in Pulse Secure’s solutions. Along with the program’s easy to understand structure, partners will also benefit from a dedicated support team.

Building on the success of Pulse Secure’s previous partner program, the new Access Now partner program features:

  • Online and onsite certification and training
  • Interactive partner resource portal
  • Discounted demo equipment
  • Enhanced deal registration
  • Joint marketing funds and sales promotions
  • Enhanced lead registration process
  • Dedicated account management and support teams

The program also allows partners to take advantage of the award-winning Pulse Access suite packaged for managed services. The solution offers Managed Security Service Providers (MSSPs) an accelerated, cost-effective means to differentiate and build out their service portfolio to meet the massive demand for protected connectivity to cloud applications and hybrid IT resources. The packaging includes virtual appliance form factors for VMware, KVM and Hyper-V, and supports deployment in hosted cloud environments such as Microsoft Azure and Amazon AWS.

Pulse Secure uniquely offers its channel partners a Secure Access portfolio comprised of Virtual Private Network (VPN), Enterprise Mobile Management (EMM), Network Access Control (NAC), Web Application Firewall (WAF) and virtual Application Delivery Controller (ADC) solutions within a unified management framework for data center and hybrid IT implementation. Enterprises of every size and industry trust Pulse Secure to enable secure access seamlessly, no matter where users and applications reside, and to orchestrate compliant connectivity, data privacy and application resiliency across mobile, network and cloud.

To find out more about the Access Now partner program please visit their website by clicking here.

Pulse Secure’s VPN Solution Earns “High Scores” From IAIT Lab

Posted in Commentary with tags on December 13, 2018 by itnerd

Pulse Secure, the leading provider of Secure Access solutions to both enterprises and service providers, today announced that the IAIT Lab has completed an extensive test of Pulse Connect Secure, resulting in superb findings across usability, comprehensiveness and interoperability for the market leading VPN solution.

Pulse Connect Secure provides easy, secure, authenticated access for remote and mobile users to corporate resources—anytime, anywhere. Pulse Connect Secure is the most widely deployed SSL VPN for organizations of any size, and across every major industry, to enable productivity through seamless, protected access to applications and information. The solution offers Zero Trust-based secure access through integrated user, device and security state authentication and robust connection sets that ensure compliant pre- and post-connect access to hybrid IT infrastructure.

Pulse Connect Secure includes Pulse Secure Clients and the AppConnect SDK. Pulse Clients are dynamic, multiservice network clients, which can be implemented agent or agentless, for mobile and personal computing devices. Pulse Clients can be simply deployed, enabling users to quickly “click and connect” from any device, anywhere. Pulse Secure AppConnect SDK delivers per application SSL VPN connectivity for iOS and Android clients, enabling IT departments to create an even more transparent and secure mobile app experience for their users.

The Institute for the Analysis of IT components (IAIT), an independent testing laboratory based in Germany, examined Pulse Connect Secure under real-world conditions through a series of testing scenarios. The highly detailed, nine-page report covers 16 core functions ranging from initial configuration, policy development, through enterprise onboarding, host checking functionality, FQDN split tunnelling, multi-factor authentication, as well as data center and cloud Single Sign On along with interoperability with a range of third-party applications.

The complete review is available here.