How Can Enterprise Put
SecureCo into Practice?
ERIC SACKOWITZ, SECURECO
he SecureCo platform can serve as a replacement or added layer of protection over current or legacy systems, providing depth
and diversity of defense. It is built from the ground up to support multiple types of implementations, architectures, and use cases. Such layered protection encompasses everything from network and multi-site campus implementations to application-specific integrations, IoT, and secure mobility and remote access.
The design purpose for the SecureCo offering stems from the growing risk of monitoring and surveillance from adversaries. The platform is designed to offer military-grade security with the flexibility of support and operations needed in the modern enterprise. The goal is to ensure that customers can continue to innovate and grow their business without the distraction of having to deal with unwanted traffic monitoring and associated threats to confidentiality and continuity.
5.1 INTEGRATING SECURECO INTO A SECURITY PROGRAM
Network reconnaissance and traffic analysis are typically overlooked in security plans because adversaries perform these actions without the victim organization’s awareness. When a downstream attack occurs, it’s nearly impossible for the victim organization to replay and then understand their inadvertent exposures and leaks that revealed the actual cyber attack vectors.
Preventive measures are optimal for network and business well-being but are hard to assess from an efficacy or return on investment (ROI) point of view. For example, it is impossible to determine how many attacks would have succeeded without preventive measures. As a result, more focus is typically placed on reactive measures, such as detect and respond, which minimize damage from intrusions. Though it may not prevent damage, the direct feedback from the detection and response measures can still provide an ROI.
Regardless of industry, cyber security controls and minimum requirements for most compliance frameworks, whether governed by NIST or other regulatory bodies, overlap significantly. The Venn diagram focuses on key areas of internal security policies and controls, data integrity, redundancy, accountability, authorization, access, and quality assurance. Encryption is at the heart of most cyber compliance programs, including data storage, transmission, and access which extends to physical, virtual, and application resources. Unfortunately, the minimum regulatory policies have yet to catch up to the heightened cyber defense posture necessary to thwart current and evolving threats.
SecureCo integrates into an existing compliance framework and exceeds policy and regulatory controls for most industries. In the more heavily regulated and pivotal industries, like medical, pharmaceutical, financial, legal, law enforcement, and critical infrastructure, SecureCo provides extra layers of benefits unique to supporting those operations. For example, patient data in clinical trials requires anonymizing PII, along with the demands of HIPPA and COPA. Similar requirements exist for GDPR, CCPA, and PCI in financial transactions.
5.3 PILLARS OF ZERO TRUST SUPPORT
The same large companies that have been part of the past problems are now claiming to have new solutions for zero trust, and yet are not addressing all of the fundamental requirements of a modern cyber security stack. That stack should minimally focus on three primary pillars:
• Least Privileged Access –This includes support for zero trust network access or least privileged access.
• Monitoring –This is comprised of behavior monitoring with detect and respond solutions.
SecureCo has the first two of these requirements covered and is integrates with the third. This does not negate the fact that all enterprises should have good cyber hygiene within their IT organization, which includes password management, two-factor authentication on applications, inventory management, and employee use policies and enforcement.
5.4 ACTION PLAN FOR ENTERPRISE
The action plan for the enterprise should be based on a comprehensive risk assessment—one that minimally answers the following questions:
• Outage – What is the cost of breach or downtime?
• Threat –Do we place a high premium on privacy, identity, or data?
• Communications –Do we see a growing reliance on data communications?
• Applications –Do we develop applications or provide services that contain sensitive/critical data or
command and control capabilities to their operation or consumers of their technology?
5.2 INTEGRATING SECURECO INTO A COMPLIANCE PROGRAM
• Operational Security – This involves stealth networking and obfuscation.
• Regulation –Does regulation impose security requirements and/or greater costs to remediate
• Posture –What is our cybersecurity posture today and what gaps might exist with regards to the
primary pillars and cyber hygiene mentioned above?
Also, there should be a budget check focused on what the organization now spends on cyber security.
For example, the SecureCo CONNECT solution can replace certain existing infrastructure (e.g., VPN)
to minimize budget impact. This allows enterprise teams to ensure that their budget allocation is commensurate with the current increased threat levels.
SecureCo can help enterprises assess and recommend a response/action plan, which will likely
include more than just SecureCo solutions. The team also operates a partner network that can assist. Additionally, SecureCo has a flexible Pilot Program that allows customers to trial SecureCo CONNECT for
up to 60 days.
ABOUT TAG CYBER
TAG Cyber is a trusted cyber security research analyst firm, providing unbiased industry insights and recommendations to security solution providers and Fortune 100 enterprises. Founded in 2016 by Dr. Edward Amoroso, former SVP/CSO of AT&T, the company bucks the trend of pay-for-play research by offering in-depth Research as a Service (RaaS), market analysis, consulting, and personalized content based on hundreds of engagements with clients and non-clients alike—all from a former practitioner’s perspective.
SecureCo creates the most secure internet connections possible, addressing a critical gap in existing cyber security solutions. Our patented stealth technology protects networks and transmissions from interference and disruption, powering resilient data links, secure applications, and end user privacy. SecureCo offers a next generation replacement or augmentation for legacy VPNs while extending zero trust principles to data transport, cloaking data exchange, services, and assets to reduce network attack surface and targetability. Trusted by some of the most demanding cyber security customers in the world, we deliver high performance, exceptionally secure data transit for military, intelligence, industrial and commercial applications.
IMPORTANT INFORMATION ABOUT THIS DOCUMENT
Contributor: Eric Sackowitz
Publisher: TAG Cyber LLC. (“TAG Cyber”), TAG Cyber, LLC, 45 Broadway, Suite 1250, New York, NY 10006.
Inquiries: Please contact Lester Goodman, (firstname.lastname@example.org), if you’d like to discuss this report. We will respond promptly.
Citations: This paper can be cited by accredited press and analysts but must be cited in context, displaying the author’s name, author’s title, and “TAG Cyber”. Non-press and nonanalysts must receive prior written permission from TAG Cyber for any citations.
Disclosures: This paper was commissioned by SecureCo Inc.. TAG Cyber provides research, analysis, and advisory services to many cybersecurity firms mentioned in this paper. No employees at the firm hold any equity positions with any companies cited in this document.
Disclaimer: The information presented in this document is for informational purposes only and may contain technical inaccuracies, omissions, and typographical errors.
TAG Cyber disclaims all warranties as to the accuracy, completeness, or adequacy of such information and shall have no liability for errors, omissions, or inadequacies in such information. This document consists of the opinions of TAG Cyber’s analysts and should not be construed as statements of fact. The opinions expressed herein are subject to change without notice. TAG Cyber may provide forecasts and forward-looking statements as directional indicators and not as precise predictions of future events. While our forecasts and forward-looking statements represent our current judgment and opinion on what the future holds, they are subject to risks and uncertainties that could cause actual results to differ materially. You are cautioned not to place undue reliance on these forecasts and forward-looking statements, which reflect our opinions only as of the date of publication for this document. Please keep in mind that we are not obligating ourselves to revise or publicly release the results of any revision to these forecasts and forward-looking statements considering new information or future events.
Copyright © 2022 TAG Cyber LLC. This report may not be reproduced, distributed or shared without TAG Cyber’s written permission. The material in this report is composed of the opinions of the TAG Cyber analysts and is not to be interpreted as consisting of factual assertions. All warranties regarding the correctness, usefulness, accuracy or completeness of this report are disclaimed herein.
Download the Complete eBook for Free!
This is one article of a five part research paper from TAG Cyber on advanced stealth and obfuscation solutions designed to defend commercial networks and internet data communications against the world’s toughest adversaries. The eBook is free with registration.