Archive for April, 2014

Ruckus Wireless Release R300 High Capacity Access Point

Tuesday, April 29th, 2014

Ruckus Redefines the Wi-Fi Price/Performance Paradigm for the Small Business and Managed Service Markets

New ZoneFlex R300 Combines High Capacity and High Performance Smart Wi-Fi to Give Organizations the Ideal Entry Point into Enterprise Class Wi-Fi Services.

SUNNYVALE, CA – April 28, 2014 – Ruckus Wireless, Inc. (NYSE: RKUS) announced today the immediate availability of the new Ruckus ZoneFlex™ R300, one of the industry’s highest performing and lowest cost dual-band, two-stream 802.11n Smart Wi-Fi indoor access points (APs) capable of delivering an aggregate data rate of up to 600 Mbps. Aimed at the price-sensitive small business market, the R300 is also ideally suited for small venues and enterprises with many branch locations.

With Cloud computing and the proliferation of embedded Wi-Fi in all types of devices, Wi-Fi has become a mission-critical utility for small businesses. As a result, they are now replacing SOHO-class, standalone access points with more robust, enterprise-grade wireless LAN (WLAN) solutions that are simple to deploy and operate while meeting their budget requirements.

Developed to directly address these issues, the Ruckus R300 redefines Wi-Fi for the low end of the WLAN market by combining cost-effectiveness with a rich collection of enterprise functionality and enterprise-class service and support options.

“With the R300, we are enabling our channel partners and managed service providers to reach further into the ‘S’ part of the SMB market with a highly differentiated and compelling enterprise-grade solution at a disruptive price point,” said Selina Lo, President and CEO of Ruckus Wireless.

“Combined with SAMS, our Cloud controller service, the R300 provides a whole new economics model to customers and partners. They are the first in a comprehensive solution roadmap we’ve developed to expand our market reach,” Lo concluded.

U.S. Census data shows that there are more than 6 million businesses in operation today with less than 100 employees each in the U.S. alone, and according to the most recent report on the WLAN market from the Dell’Oro Group, WLAN revenues for the small business market in 2013 reached over $4.5 billion, with over 100 million APs shipped worldwide.

The Ideal Component for Cloud-Based Wi-Fi Access

The Ruckus ZoneFlex R300 is the only AP in its class to integrate patented adaptive antenna technology to extend the range, performance and reliability of Wi-Fi at one of the most attractive price points in the industry. Deployed as a standalone access point or part of a centrally managed Ruckus WLAN, the R300 is also an ideal access component for organizations looking to migrate to new Cloud-based Wi-Fi access services such as the recently announced Ruckus Smart Access Management Service (SAMS).

Supported across the entire range of Ruckus management platforms including the ZoneDirector™ and SmartCell™ Gateway (SCG), the ZoneFlex R300 gives organizations a wide range of flexible deployment options that best suit their specific requirements.

R300 Product Details

The ZoneFlex R300 is a dual-band, two-stream 802.11n access point capable of supporting up to 256 active connections. Each R300 uniquely integrates Ruckus-patented BeamFlex™, a software-controlled, high gain directional antenna array system that continually forms and directs each packet over the best performing signal path, automatically adapting Wi-Fi signals to constant environmental changes to ensure the highest levels of range, reliability and client performance.

Within a sleek, lightweight and low profile form factor that fits in the palm of your hand, the R300 is ideal for small business use. The R300 comes with a limited lifetime warranty and features a myriad of advanced capabilities not available in competitive alternatives, such as network address translation (NAT) and DHCP services, optimized video streaming, per-use rate limiting, band steering, client load balancing, standard Power over Ethernet (PoE) support and advanced quality of services support for automatic prioritization of delay sensitive traffic.

If you have any questions about the Ruckus R300 access point you can call our sales team on 01473 281 211, or email

View the original article by Ruckus Wireless.

Palo Alto Networks Positioned in Leader Quadrant Once Again

Wednesday, April 23rd, 2014

Palo Alto Networks has been positioned in the leader quadrant of the magic quadrant for enterprise network firewalls.

Santa Clara, Calif., April 17, 2014 – Palo Alto Networks® (NYSE: PANW), the leader in enterprise security, today announced it has been positioned by Gartner Inc. in the “leaders” quadrant of the April 15, 2014 “Magic Quadrant for Enterprise Network Firewalls.” This is the third year that Palo Alto Networks has been recognized as a leader in the Magic Quadrant for Enterprise Firewalls.

According to the report, “through 2018, more than 75% of enterprises will continue to seek network security from a different vendor than their network infrastructure vendor.” The report also states, “products must be able to support single-enterprise firewall deployments and large and/or complex deployments, including branch offices, multi-tiered demilitarized zones (DMZs) and, increasingly, the option to include virtual versions.”


“We’re thrilled to once again be named a leader in Gartner’s Magic Quadrant for enterprise firewalls report. We believe this echoes the momentum we’ve been experiencing as enterprise organizations see the value of a truly next-generation security platform – one that safely enables all applications and proactively prevents cyber threats for all users on any device across any network.”
– René Bonvanie, chief marketing officer at Palo Alto Networks

Leading the Way in Next-generation Enterprise Security

Nine years ago, Palo Alto Networks changed the network security industry with the introduction of the next-generation firewall. This breakthrough architecture brought unparalleled control through the safe enablement of applications, and exceptional levels of protection by blocking all known threats operating across a multitude of different vectors.

Two years ago, we again changed the industry with the introduction of WildFire and a next-generation threat cloud that focuses on detecting and defending against the most advanced, unknown threats. Most recently, through our acquisition of Cyvera, we added unique endpoint protection to the platform. The combination of our next-generation endpoint technology, our next-generation firewall and our next-generation threat cloud represents the most innovative, integrated, and automated enterprise security platform in the market.

With over 16,000 customers, our momentum is a testament to our innovative approach that protects organizations based on what matters most in today’s dynamic computing environments: applications, users and content – not just ports and protocols – and protecting them from the most advanced cyber threats.

If you have any questions about the Palo Alto Networks solution contact our sales team at, or call them direct on 01473 281 211.

To learn more about the Palo Alto Networks approach, visit:

To access the report, visit:

Ruckus SPoT™ Smart Positioning Technology

Wednesday, April 16th, 2014

Ruckus Wireless Release Industry’s first completely cloud-based Smart Wi-Fi positioning service

Ruckus SPoT™ — based on the company’s Smart Wi-Fi technology, is the industry’s first cloud-based location technology suite that enables carriers, service providers and enterprises to deliver a wide range of location-based services. These value-added services enable them to increase profitability and enhance users’ mobile, online experiences.

SPoT™ has a powerful combination of several unique features. It is completely cloud-based – so venues with Ruckus Smart Wi-Fi will not need any additional hardware to become “location intelligent”. It is based on Ruckus’ Smart Wi-Fi technology – giving it a high degree of accuracy and performance while remaining cost-effective. Businesses can also tap into a vast ecosystem of application developers and providers of third-party analytics to generate additional value from their investment in SPoT.

The Ruckus SPoT™ (Smart Positioning Technology) Location Suite comprises:

  • SPoT™ Positioning Engine – accurately pinpoints in real time, a user’s location in any indoor or dense urban environment
  • SPoT™ Location Analytics Dashboard – provides real-time tracking of user movement and historical analysis of footfall trends
  • SPoT™ API – a set of APIs that power a new generation of mobile apps, giving them “Location Intelligent” features such as the ability to locate users and engage or send them highly targeted messages in any venue with Ruckus Smart Wi-Fi installed and Ruckus SPoT™ enabled

How it works
Ruckus BeamFlex™ technology is combined with a variety of advanced location techniques such as RSSI trilateration, RF fingerprinting and techniques that take advantage of the constant travelling speed of radio waves and packets. As a result, Ruckus SPoT™ is capable of better pinpointing the location of users, depending on the number and density of access points used.

Analyse marketing and merchandising effectiveness, shopper trending, improve customer engagement, Q buster features such as real-time heat-map views for floor managers

Improve loyal customers’ satisfaction with on-device features such as auto check-in, way-finding, and instant coupons for amenities

Transportation Hub
Enhance traveller experience with intuitive on-mobile engagements; improve efficiency of the entire venue or sub-zones with real-time heat maps, statistical footfall and dwell-time data.

Shopping Malls
Identify areas of heavy usage, improve traffic flow and engage customers with way-finding and contextual coupon serving.

Accurate location data provides asset tracking, indoor navigation, and personnel locations.

Tracks assets such as tables, navigate guests and students around campus.

A “Location Intelligent” SPoT™Location Ecosystem

The SPoT™ Location Ecosystem is a Ruckus program for third-party mobile and analytics application developers. These developers create business and consumer applications for carriers, service providers, enterprises, schools and other businesses and organisations. Through the program, Ruckus provides an open API set for the delivery of comprehensive, accurate and near-real-time location information — powering services such as Location Analytics for better customer insights, and enhanced user engagement and experiences on mobile apps.

The first Ruckus SPoT™ Location Ecosystem partners include location analytic companies like Euclid and SkyRove, and mobile application development partners including FrontPorch, Sanginfo, PurpleWi-Fi, TechStudio and ITC Infotech.

To review the full feature and technical specification download the Ruckus Wireless SPoT datasheet.

If you have any questions about the solution, or would like to find out more about how it will benefit you and your company get in touch with Net-Ctrl on 01473 281 211, or email

Ruckus Unveils Smart Access Management Public Cloud Service

Wednesday, April 16th, 2014

Ruckus Wireless Brings Together Best-in-Class Wi-Fi with Cloud Computing to Simplify the Provisioning, Management and Monetisation of Public Wi-Fi Access

SUNNYVALE, CA — April 15, 2014 — Ruckus Wireless, Inc. (NYSE: RKUS) today unveiled the first Cloud-based Smart Wi-Fi Access Management Service (SAMS) that combines the scale, efficiencies and cost-effectiveness of Cloud-based services with best-in-class Smart Wi-Fi products and technology to give organisations the power to now easily design, manage and monetise Wi-Fi services from an intuitive ‘point-and-click’ Cloud-based portal.

The first of a new breed of Ruckus Smart Wireless Services (SWS), SAMS enhances the guest experience by letting businesses quickly create and customise wireless hotspots for single or multiple sites without building extensive data centers, or deploying expensive and cumbersome infrastructure typically required for offering managed Wi-Fi access services. SWS is a flexible framework for layering value-added software services such as Cloud-based wireless access (SAMS) and Ruckus SPoT™ location services, as well as virtualised management software over carrier-class Smart Wi-Fi infrastructure products and platforms to give organisations unprecedented flexibility to build reliable, scalable and robust Smart Wi-Fi solutions based on their specific requirements, and to enable channel partners to easily migrate to recurring revenue-based service models.

Unlike other public wireless access alternatives, SAMS combines all the necessary infrastructure components and service elements into a single solution. Ideal for any organisation or venue offering managed public wireless access, such as shopping malls, stadiums, convention centers, airports and retail outlets, SAMS transforms the traditional model for offering managed Wi-Fi services by moving local network infrastructure, such as WLAN controllers, authentication servers, captive portals, advertising engines and content filtering into the Cloud as a service.

“The benefits the Cloud brings to the wireless access market is undeniable,” said Selina Lo, president and CEO of Ruckus Wireless. “Beyond delivering world-class Wi-Fi infrastructure solutions, with SAMS, Ruckus continues to give its partners and customers the ability to realise greater value from Wi-Fi through innovative new services such as Cloud-based access, location services, rich analytics and the ability to begin monetising their networks.”

In a new report(1), IDC estimates that the worldwide enterprise market for Cloud-managed WLAN infrastructure and managed services is expected to reach $2.5 billion by 2018. The report states that “Cloud computing has shifted the paradigm of enterprise IT from being hardware driven to service driven. As more enterprises seek new ways to optimise existing resources and build capacity at the network edge, expect to see the rise in Cloud-managed Wi-Fi adoption continue for years to come.”

According to the report, Enterprises are searching for increasingly sophisticated network functionalities despite continually tight budgets and limitations around infrastructure, space, and staffing. Moreover, many Enterprises need a singular, centrally managed and controlled network for branch locations that are geographically dispersed.

As WLAN management shifts to the Cloud, venue owners now have access to cost-effective, easy to manage enterprise grade wireless at a lower total cost ownership (TCO). SAMS delivers flexible deployment and management options through a simple, Web-based portal that allows highly customised Wi-Fi access services to be defined and created in a matter of minutes, and provided at a low TCO.

Customers simply define the attributes of the wireless access service required at a given venue, and then have an authorised Ruckus Big Dog channel partner turn on the services for them, either for existing Ruckus Smart Wi-Fi customers and/or those who desire to keep a traditional wireless LAN (WLAN) configuration (onsite subscription) or after just installing the requisite number of Ruckus ZoneFlex™ access points (APs) onsite (hosted subscription). SAMS does the rest. In turn, the venue benefits from best-in-class wireless connectivity at each site, supported by an easy-to-use Cloud-based platform that scales on demand within a ‘pay as you grow,’ fully managed Cloud service.

Unmatched Deployment Flexibility and Remote Control Over Wireless Access Services

SAMS works transparently with Ruckus ZoneFlex Smart Wi-Fi access points and/or on-premises Ruckus ZoneDirector™ WLAN controllers for unmatched deployment flexibility, compared with existing hotspot services. All requisite authentication services, WLAN administration and service management tools are integrated directly within SAMS.

When configuring SAMS, customers have complete control over service branding and functionality, such as the ability to enable authentication with popular social media sites like Facebook and Twitter. Service enforcement controls can be used to limit the length and number of sessions, restrict bandwidth consumption or filter access to specific content.

To further customise access services and enrich the user experience, SAMS provides a rich set of user analytics that can be collected over periods of time. Each venue is provided with a view into their wireless access service from a single Web-based dashboard. From this dashboard, customers have at-a-glance information such as popular registration methods, total user sessions and visits, new and returning users visits, registration by device type, age group and gender, and the most popular devices being used on the network, as well as the average duration of user sessions.

Managed Wireless Access Simplified

The process to enable managed wireless access with SAMS is simple. Once logged into the service portal, customers simply create a new site, configure access settings, customise the registration page and user journey and upload any ads or message to be displayed.

Read the official release from Ruckus Wireless or if you’re interested in finding out more about the new service offering from Ruckus Wireless contact Net-Ctrl on 01473 281 211, or email

(1)Source: IDC, Cloud-Managed WiFi Set to Grow to $2.5 Billion by 2018, Doc #247738, Mar 2014

Strong Authentication Best Practices

Tuesday, April 15th, 2014

A strong authentication solution that validates the identities of users and computing devices that access the non-public areas of an organisation’s network is the first step in building a secure and robust information protection system.

1. Match Your Authentication Solution to Your Business, Users, and Risk
A flexible approach that enables an organisation to implement different authentication methods based on different risk levels may ensure a robust system that can be efficiently and cost-effectively deployed.
Technologies for multi-factor authentication include:

One-Time Passwords (OTP): OTP technology is based on a shared secret or seed that is stored on the authentication device and the authentication backend. This method ensures authentication by generating a one-time passcode based on the token’s secret.

Certificate-based Authentication (CBA): This method ensures authentication using a public and private encryption key that is unique to the authentication device and the person who possesses it. CBA tokens can also be used to digitally sign transactions and to ensure non-repudiation. SafeNet for example delivers certificate-based authentication via USB tokens and smart cards.

Context-based Authentication: Context-based authentication uses contextual information to ascertain whether a user’s identity is authentic or not, and is recommended as a complement to other strong authentication technologies. In order to develop a robust authentication solution, organisations should consider their business, users, and risk, and select a solution that provides them with the flexibility to adapt as needed. For example, if organisations are interested in implementing additional security solutions that rely on PKI technology, such as full-disk encryption, network logon, and digital signatures, or are thinking about adding such solutions in the future, they should consider CBA, as it enables these applications.

2. Prefer Solutions That Adhere to Standards-Based Security and Certifications
Products that are built upon standards-based crypto-algorithms and authentication protocols are preferred. Unlike proprietary algorithms, standards-based algorithms have gone through public scrutiny by industry and security experts that reduces the chance of any inherent weaknesses or vulnerabilities. Moreover, they enjoy broad industry support.

3. Consider All Access Points
Organisations need to ensure that access to all sensitive information is authenticated, whether the information resides on premise or in the cloud. Organisations should implement the same security mechanisms for cloud resources as they would for remote access to the corporate network. In addition, organisations should deploy security mechanisms to ensure that users accessing network resources from their mobile consumer devices (e.g., tablets, smart phones) are securely authenticated.

4. Ensure the Solution Reduces IT Administrative and Management Overhead
Authentication environments have to offer convenience and transparency for end users and administrators alike. Following are several guidelines that can help organisations achieve these goals:

Administrative Controls: Administrators need to be able to manage all users across all devices and resources. To meet this charter, they need automation, central management, and visibility into user access across multiple resources. To ensure users have an optimal experience, administrators need to be equipped with granular controls and comprehensive reporting capabilities.

End-User Convenience: To ensure security controls are enforced, while streamlining user access, organisations should have the ability to offer users the type of authentication device that most suits their role and security profile. Organisations can offer their users several authentication methods, ranging from context-based authentication, through SMS, phone tokens or hardware tokens – ensuring user acceptance and compliance with corporate security policies

If you’re unsure of the best multi-factor authentication solution for your company contact Net-Ctrl on 01473 281 211, or email

View the original best practices guide from SafeNet.

Palo Alto Networks 8 Tips for Dealing with Heartbleed right now

Monday, April 14th, 2014

Palo Alto Networks have released their own set of tips for dealing with Heartbleed right away. There’s a lot out there already about what Heartbleed means for the Web and beyond, and I’ll point you to Palo Alto’s analysis written by Scott Simkin or an essay by Dan Goodin over at ars technica for that explanation.

1. Don’t panic: Yes, this is a serious issue – and a vulnerability that has been available for exploitation for over two years. But the chances that hackers have successfully exploited you or your organization are pretty small. Check your trap lines for sure but let’s get on with the business of cleaning up in aisle nine.

2. Monitor Palo Alto Networks IPS vulnerability Signature IDs 36416, 36417, 36418, 40039: For Palo Alto Networks customers, monitor IPS vulnerability signature IDs 36416, 36417, 36418, 40039 for signs of activity. We released those signatures on April 9 and April 10 and they can automatically detect and block attempted exploitation of the vulnerability. If you’re a Palo Alto Networks customer with an up-to-date subscription, you’re covered.

3. Identify and patch your affected systems: I know that this sounds obvious, but don’t assume you know everything. Run local scanners across your network to discover any OpenSSL instances that might have popped up without your knowledge. Both client and server applications utilizing OpenSSL need to be updated.

4. Ping your cloud application providers to see where they are in the cleanup process: is one cloud provider that already announced that its systems are unaffected by this vulnerability. But you are probably using a handful of other cloud providers for other tasks like HR, Payroll, ERP, etc. Make sure you know who they are and ensure they are cleaning up the same way that you are. As Brian Krebs noted, one useful resource is Filippo Valsorda’s site to check for vulnerable systems.

5. Get new keys: Acquire new key certificates, revoke your old ones and install the new ones. Because of the way the vulnerability works, hackers who have compromised your servers with this Heartbeat weakness may have stolen your private keys. Even after you patch your systems, these guys would still have your private keys. Get a new set of keys.

6. Inform your customers: This is critical. Your customers should already be asking you if you have been affected (see No. 3), but there will be some that do not and will just assume you’re working on it. As a matter of trust, you should be transparent about your cleanup efforts. Do not shy away from this. Since this vulnerability is widespread, you will not be alone in your efforts and maybe you can help some other organization who is not as clear thinking as you are about how to do this cleanup. Customers always remember who acted swiftly and professionally in times of crisis.

7. Change your passwords: Once you have patched your systems, changed your keys, ensured that your cloud providers also accomplished those tasks, then it is time to change the passwords for all users on those systems. But wait on this until everything else is done, because hackers who are hanging out on systems that have not been patched or systems where the keys have not been changed can still read your new password. It does not make sense to change your password until the other tasks are completed.

8. Beware of the inevitable phishing campaigns: Soon you will start to see phishing email messages telling you that you must immediately change your password in order to protect yourself from the Heartbleed vulnerability. They will most likely have a link embedded in the message pointing you to a sight that looks very much like your ERP, HR or payroll site, but in fact, it will be a site cleverly designed to collect your credentials. Be wary of all communications.

Read the original report by Rick Howard at Palo Alto Networks.

Net-Ctrl’s Response to the Heartbleed SSL Vulnerability

Friday, April 11th, 2014

Net-Ctrl are aware and monitoring the Heartbleed SSL vulnerability that has been publicised heavily over the past few days. For Net-Ctrl we have to look at the incident on many levels:

  • Are any of our own services and systems compromised?
  • Are any of products and solutions we offer vulnerable?
  • If they are, how are they protecting against it?
  • How can we check whether our customers are vulnerable?
  • How it affects each one of us individually?

As a starting point, Net-Ctrl contacted all of our technology partners to see if any of their systems may be vulnerable to the Heartbleed situation. This allowed us to check through our customer database to see who may have been affected by the vulnerability and act on it.

One of our vendors, Palo Alto Networks, has not only issued a statement of how Heartbleed affects their service in relation to their firewalls, but also released vulnerability patches in order to help protect their customer’s networks against the problem. More details of how to get this can be obtained on their website.

We have had many customers contacting us about their systems, wanting reassurance and direction to see if they need to do anything, many of them were not vulnerable. We have had a few cases where customer’s products were vulnerable, and we have pro-actively provided a solution in order to make their network safe and secure once again.

Dealing with the Heartbleed Vulnerability

Dealing with the Heartbleed vulnerability through patches and updates is the first step in securing your systems. The second step is to replace your existing encryption keys. This is crucial, as it may be that the vulnerability has already been exploited on your system and your encryption keys used to carry out your SSL connection may have already been obtained. Therefore the data being exchanged on your network is still just as vulnerable post patching.

Soon after the vulnerability announcement at least one of our SSL certificate providers made statements about the infection and have offered to re-issue SSL certificates at no charge, which allows people to replace their compromised keys with fresh ones.

Change your password, but do it the right way

Currently in the media there is a lot of ‘change your password’ scenarios going-on. From an end user point-of-view, this is only worth doing if the platform you’re using that was vulnerable, has now been patched and has also had the keys replaced. Otherwise you’re just changing a password on a system that is still compromised.

Even for systems that were not vulnerable, the issue is that whilst people shouldn’t use the same passwords to access multiple systems, if they do, they need to think about all the secure sites that they access with the same credentials. It could be that the details have been collected from a different vulnerable system. So the user needs to check before changing their passwords that all their systems are no longer vulnerable, which in our mind is going to take some time.

You are able visit to check whether a particular server is vulnerable. It is worth running all your sites through this tool, please be aware it is currently experiencing a lot of traffic.

Here is our Heartbleed action plan:

  1. Check whether any of your solutions are vulnerable, to do so contact your reseller, or visit the technology partner websites and use the SSL labs site to check servers.
  2. Apply upgrades and patches where required.
  3. Contact your SSL certificate provider about getting new encryption keys, a lot of providers are offering this ‘free of charge’ in light of the events.
  4. Replace your encryption keys.
  5. Once you’re happy that all of your systems are protected, change all your passwords.
  6. Sit back and relax knowing that your network is now safe and secure once again.

If you have any concerns or questions over the Heartbleed vulnerability please email me at and I will get back to you as soon as I can.

10 Things Your Next Firewall Must Do

Tuesday, April 8th, 2014

Stop Thinking: Traditional firewall.
Start Thinking: Next-generation firewall

An Introduction
In the face of today’s complex cybersecurity landscape, choosing your next firewall is more than a simple comparison of technical features. It’s about embracing a change in your role as an enabler of business rather than a blocker. It’s about balancing the needs of the company with the business and security risks associated with modern applications. It’s about acknowledging that the world has changed around you and you can no longer protect yourself with an approach to cyber security that worked well when web browsing and email were the only two applications on the Internet. It’s about the 10 things we describe in this booklet that we believe your next firewall must do.

Stop Thinking: Bricks.
Start Thinking: Open air, everywhere.

Identify and control applications on any port

Application developers no longer adhere to standard port/protocol/application mapping. More and more of the applications on your network are capable of operating on non-standard ports or can hop ports (e.g., instant messaging applications, peer-to-peer file sharing, or VoIP). Additionally, users are increasingly savvy enough to force applications to run over non-standard ports (e.g., RDP, SSH). In order to enforce application-specific policies where ports are increasingly irrelevant, your next firewall must assume that any application can run on any port.

Identify and control circumventors

Most organizations have security policies along with controls designed to enforce those policies. External proxies, remote server/desktop management tools, and encrypted tunnel applications are being used to circumvent security controls like firewalls. Without the ability to identify and control these tools, your organization cannot enforce your security policies, exposing the business to the very Cyberattacks the security controls were designed to mitigate. Your next firewall must be capable of dealing with these circumvention tools.

Stop Thinking: Closed doors.
Start Thinking: Freedom.

Decrypt SSL and control SSH usage

The number of commonly used applications on your network that have adopted SSL as a means of encrypting traffic currently hovers at around 25%. The increased use of HTTPS for many high-risk, high-reward applications and users’ ability to manually enable SSL on many websites means your network security team has a large and growing blind spot. As SSH is used more commonly by tech-savvy employees, the encryption blind spot may be even larger than you thought. Your next firewall must be capable of decrypting and inspecting SSL traffic on any port; be flexible enough to bypass selected segments of SSL traffic (e.g., web traffic from health care organizations) and enforce the native use of SSH via policy.

Provide application function control

Many applications have significantly different functions, presenting your organization with different risk profiles and value. Many business focused as well as end-user focused examples exist. WebEx vs. WebEx Desktop Sharing and GoogleMail vs. Google Talk. If your organization is heavily dependent on intellectual property, then external desktop sharing and file transfer applications may represent security and regulatory risks. Your next firewall must continually evaluate the traffic and watch for changes—if a different function or feature is introduced in the session, the firewall must recognize the shift and perform a policy check.

For the complete list download Palo Alto Network’s free guide to the ’10 Things Your Next Firewall Must Do’.

If you have any questions, please email or contact your account manager directly.

Trade in and Trade up your Security Solution with Net-Ctrl

Monday, April 7th, 2014

So you want to replace your current security solution to the latest, industry leading offering from Kaspersky Lab but still have time remaining on your current licence?

Well great news! New customers to Kaspersky can trade in their current security solution and benefit from all the features that Kaspersky Endpoint Security for Business has to offer without needing to wait for your license expiry date.

Available on new purchases of Kaspersky Endpoint Security for Business and/ or Kaspersky Security for Virtualization on licences for 2 or 3 years, you can trade in and get up to 6 months free*!


An example would be that your current security solution is a paid for security license from either Symantec, McAfee, Trend Micro or Sophos, that runs until 31/10/2014.You would like to switch to Kaspersky Lab for a 3 year term. We deliver the license which will be valid from the “purchase date” of this 3 year term plus the additional term on your existing agreement e.g.

• Current license valid until: 31/10/2014
• Purchase date for a new 3 year term on a Kaspersky Lab license: 30/04/2014
• New license will there run for a total of 3 years + 6 months from 30/04/2014 and will expire 31/10/2017

You therefore don’t pay the 6 months “double cost” for the time your current license is valid, but can benefit from all the award winning technologies of Kaspersky Lab Endpoint Security for Business right away.

Contact us directly to find out more, alternatively please email your enquiry to


How “inconvenient” would it be to lose your passport?

Friday, April 4th, 2014

My daughter, who’s nearly 19 years old, thought that she’d lost her passport. For three days in a state of panic she looked in all the places she might have put it and the specific place she thought she put it.

She isn’t travelling abroad any time soon but having to mop up after losing it didn’t fill her with joy, nor me for that matter as I’d likely have to buy the new one.

A similar thing happened to me a few years ago when I thought I’d lost my driving licence. I spent two days looking for it and then cancelled it and had to obtain a new one. Of course, like my daughters passport my driving licence was safely stored where it should have been, in my wallet, and her passport was in her desk drawer. At least she found it before cancelling it.

What’s the point of my stories?

The point is that keeping safe your valuables is very important. Losing a passport is a serious matter and a company losing it’s data due to a breach is different but the heart sinking feeling you’ll get when you realise you’ve been breached will be much the same, only much worse.

In my previous blog entitled Plan B. An in-depth analysis of securing your data and your reputation, I highlighted that organisations must consider the consequences of a breach. No perimeter or filtering solutions are ever going to be 100% foolproof, so securing the data with encryption and storing the keys in specialist hardware is an absolute must.

Many reputations have been lost, and many sleepless nights have been endured, so now is as good a time as any to look at Plan B.

Call me. Tony Pullon, 01473 281211 or contact