Cameyo, which has focused on protecting against Remote Desktop Protocol (RDP) brute force and ransomware attacks in the past with its RDP Port Shield, has upped its game. This week, it is expanding its port shield technology to address HTTPS. Cameyo's approach to HTTPS port security aims to improve security by managing and closing down the number of open connections that Windows machines maintain.
The goal, said Cameyo Chief Technology Officer Eyal Dotan, is to reduce the attack surface for remote workers by automatically keeping all RDP and HTTPS ports closed, except when needed.
"Unlike RDP where it is possible to close or open RDP ports based on authorization, HTTP Port Shield requires more granularity in terms of firewall rules," he explained. "For example, instead of closing HTTPS ports to all but authorized users, we had to implement concepts such as Cameyo cloud server discovery, as well as more complex three-way authentication between servers."
Unlike the virtual private network (VPN) approach, which either allows users into the corporate network or keeps them entirely out, Cameyo uses a zero-trust approach focusing on browser isolation. With this method, application sessions take place within the browser. The Port Shield technology embeds complex security mechanisms for both RDP and HTTPS, resulting in three different layers of separation between a user's apps and the actual session. And unlike VPNs that open the entire network to a user's device, Cameyo sessions provide access to a single app at a time, which can reduce the attack surface.
This approach can be especially useful in the area of remote access, said Mark Ward, a senior research analyst with Information Security Forum.
"The connections and ports the solution closes and manages are used to support a variety of services, most notably remote access, on that machine or server," he said. "That’s a potential problem as there are known, active scanning campaigns being conducted by bad guys looking for RDP and other ports that are not locked down. Port Shield overrides existing firewall rules that might mean those ports are kept open by default."
Dotan explained why this approach is better than the VPN approach, given the current remote working environment.
"The moment a user is connected to the company's VPN, any malware, ransomware or data-stealing Trojan horses that are present on their devices now also have access to the corporate network and its data," he said. "VPNs were never designed with the intent of enabling widespread remote work, especially when many of today’s remote workers are using their own personal devices on home networks."
While that's true in many cases, many organizations continue to use VPNs successfully, Ward said.
"It comes down to your circumstances and your organization's appetite for risk," he said. "There are many ways to handle security and remote working. Some opt to support it via VPNs and multifactor authentication systems, others go for zero-trust architectures to verify identities and devices, and others virtualize apps and desktops. It's likely that large organizations would use it in conjunction with other tools, while it might be a large part of what's needed for smaller organizations."
