Archive for December, 2016

Merry Christmas and Happy New Year from Net-Ctrl

Thursday, December 22nd, 2016

christmas-banner
The team at Net-Ctrl wish you a very Happy Christmas and prosperous New Year.

Net-Ctrl has had a very exciting year, a year that has seen a number of changes. One of the most notable being the change in structure at Net-Ctrl, with Lee Georgio becoming the Managing Director. We have also taken on new vendors including Brocade and Pulse Secure.

A key growth area for Net-Ctrl throughout 2016 has been the expansion of our Building Management Portfolio. We are now well versed at integrating a number of elements including IP-CCTV, Remote Access Control, Wireless Door Handles, plus more from leading manufacturers such as MOBOTIX, CEM and Aperio. Our efforts were rewarded earlier this year when we became the most successful MOBOTIX installer and integrator in the UK.

We would like to take a moment to thank you all for your custom throughout the year, and for the new opportunities, you have provided.

We are all looking forward to continuing our journey into 2017 and are all extremely excited about what the year ahead may bring.

In the meantime, we wish you a very Happy Christmas and an extremely prosperous New Year.

UK’s “National Cyber Security Strategy”: Contributing to Increasing Cybersecurity and Prosperity in the UK and Worldwide

Wednesday, December 21st, 2016

By Danielle Kriz

The UK government recently released its new National Cyber Security Strategy 2016-2021. Recognising that cyberattacks on the UK are a top threat to the UK’s economic and national security, the strategy outlines a vision and goals to create a UK that is secure and resilient to cyberthreats, as well as prosperous and confident in the digital world. The UK has always been at the forefront of cybersecurity activities, and its new strategy is an important contribution to and model for global efforts.

The strategy lays out a substantive set of goals, actions and metrics mapped to three important pillars:

  • Defend: The government will strengthen its own IT defences and work with industry to ensure UK networks, data and systems are protected against evolving cyberthreats.
  • Deter: The UK will strengthen law enforcement’s capabilities to increase the cost of cybercrime.
  • Develop: The government will help to develop the UK’s critical capabilities, including cyber skills, as well as the country’s growing cybersecurity industry, to keep pace with cyberthreats.
  • The strategy includes an impressive set of plans, based extensively on working with the private sector. While all parts of the strategy are laudable, highlighted below are a number of its forward-looking approaches that will surely contribute to greater cybersecurity in the UK.

    First, the strategy immediately puts into action its stated goal of partnering with industry. For example, as part of his strategy, the UK has created a new National Cyber Security Center (NCSC), which is a single, central government body bringing together many of the government’s cybersecurity functions, including CERT-UK. The NCSC will be the UK’s authoritative voice on cybersecurity and aims to build effective cybersecurity partnerships between government, industry and the public. The NCSC’s commitment to direct industry engagement will help to deliver many elements of the strategy. The NCSC will manage national cyber incidents, provide expertise and deliver tailored support and advice to government and industry.

    Second, the strategy aims to prevent and reduce the impact of cyberattacks on the UK, reflected in a new “Active Cyber Defence” program. Described in a blog by Ian Levy, technical director of the NCSC, this effort aims to make a significant proportion of UK networks more robust through automated prevention, ensuring UK citizens are protected by default from the majority of large-scale commodity cyberattacks. For example, the government plans to provide automated protections to citizens accessing online government services and states that, where possible, “similar technologies should be offered to the private sector and the citizen.” Using automation to prevent successful cyberattacks is wise, given that attackers themselves deploy sophisticated, automated attacks. Responding with manual defences just won’t scale: we won’t keep up and, in fact, will continue to fall behind. The UK’s prevention-focused calculus will change the dynamic that currently favours attackers, tilting the balance to help the UK government, businesses and individuals better protect their networks. The strategy envisions the development and deployment of automated cyber defence in partnership with industry.

    Third, the strategy strongly endorses cyberthreat information sharing. In fact, one of the NCSC’s initial emphases will be on facilitating such sharing, including ensuring UK government organisations have easy access to cyberthreat information and improving government-industry sharing. The goal is to “ensure that citizens, businesses, public and private sector organisations and institutions have access to the right information to defend themselves.” Sharing threat intelligence on advanced cyberattacks, cybercriminal motivations, and the tactics of malicious actors is essential to defend networks and prevent successful attacks. The UK also plans to move toward automated cyberthreat information sharing to allow organisations to act swiftly on relevant information, an important measure that will support the aforementioned automated prevention goal.

    Fourth, the strategy focuses heavily on helping industry to raise its cyber resilience. The government plans to work with critical national infrastructure (CNI) but also will expand outreach to many more firms: the “UK’s most successful” companies, companies that hold a large amount of data, high threat targets, digital service providers, insurers, and others. While the exact risks to these companies may differ, they all require cybersecurity for competitiveness and efficiency. Although the government plans to continue its practice of helping via investing in innovation and encouraging industry’s voluntary action, the strategy acknowledges a role for regulation, noting that the UK plans to use the forthcoming General Data Protection Regulation (GDPR) to drive standards of cybersecurity across the economy.

    Fifth, augmenting the cyber resilience goals above, the strategy stresses that whether in industry or government, cybersecurity now needs to be viewed as a C-level or board-level concern, not simply an IT issue. The strategy notes responsibility for cybersecurity in the private sector lies with boards, owners and operators, while security of UK public sector organisations lies with Ministers, Permanent Secretaries and Management Boards. Palo Alto Networks agrees on the need for senior leadership involvement, and we are helping educate corporate directors and board members worldwide on these responsibilities through our recent book, Navigating the Digital Age. The UK version, including chapters by almost a dozen UK thought leaders, is slated for launch in early 2017. It is critical for modern corporations to have the capacity not just to understand the opportunities but also to understand and mitigate the risks inherent in our digital age, and we are pleased to contribute to that discussion in the UK.

    Finally, the strategy stresses that the UK will work internationally. We wholeheartedly support this approach by all governments. Neither the global digital infrastructure nor the threats attacking it know national boundaries. We are only as strong as the weakest link. We appreciate that the UK will continue to play a strong role in global cybersecurity capacity building and use its influence in multilateral organisations, such as the European Union (EU), NATO and the G20.

    These are only some of the many important activities in the UK’s new strategy, which also details plans to tackle cybercrime, develop cybersecurity skills across the population, and support a thriving UK cybersecurity sector. The UK’s National Cyber Security Strategy 2016-2021 sets out how the UK will become one of the most secure places in the world to do business in cyberspace. This framing is important. Cybersecurity must be viewed as an enabler, and the UK’s strategy, while acknowledging the growing threats, focuses on the benefits to the UK of better cyber resilience. As the sixth largest economy in the world, strong cybersecurity in the UK has multiplier effects around the globe. Palo Alto Networks looks forward to working with the UK government and private sector to realise the goals of its 2016-2021 Cyber Security Strategy and improve the UK’s – and hence the world’s – cybersecurity.

    Article taken from the Palo Alto Networks Research Centre.

    Christmas Opening Hours 2016

    Friday, December 16th, 2016

    Please note the Net-Ctrl Christmas opening hours below.

    Should you require assistance please ensure that all support e-mails are sent to support@net-ctrl.com and sales matters sent to sales@net-ctrl.com and these will be addressed by the Net-Ctrl team as soon as possible.

    Christmas-opening-hours-2016

     

     

    Small Companies May Suffer More from Cyber Attacks than Big Brands

    Thursday, December 15th, 2016

    Whenever a company suffers a headline-grabbing data breach, its reputation takes a serious blow. If you’re a big company, evidence suggests the impact is short-lived. But if you’re a small company doing business with large partners, it could be a different story. Retail giant Target saw its sales decline after suffering a breach in 2013 that compromised payment card information of 110 million customers, but one year later the company’s sales had increased. In a March 2015 article, Fortune magazine reported that breaches cost big companies “shockingly little.” Citing a study by Benjamin Dean, a fellow at Columbia University’s School of International and Public Affairs, Fortune reported that breach-related expenses cost Sony, Target and Home Depot “less than 1 percent of each company’s annual revenues” after suffering major cyber attacks. Even though the study measured revenue, there is a correlation to reputation. If customers abandoned a company in droves after it suffers a breach, the impact wouldn’t be this low.

    Size Matters

    While giant corporations with ubiquitous brands appear relatively impervious to long-term damage, such may not be the case for smaller companies. In a recent study, KPMG found 86 percent of business partners in the United Kingdom “would consider removing a breached supplier from their supply chain to protect their own business from external access.” This finding is significant because cybercriminals in recent years have targeted small and midsize businesses to get to larger partners to which they are digitally connected. In the Target breach, investigators found that hackers got into the retailer’s network through a refrigeration company, Fazio Mechanical Services, which was linked to Target through an electronic billing system. Alarmingly, too many SMBs are ill-prepared to fend off cybercrime. Only 29% of SMB companies in 2015 used basic security tools such as configuration and patching to prevent breaches, down from 39 percent the previous year, according to Cisco. Their use of web security also dropped, to 48% in 2015 from 59% a year earlier. “SMBs show signs that their defences against attackers are weaker than their challenges demand,” Cisco noted in its 2016 Annual Security Report. This means SMBs put themselves and their partners at risk of a cyber breach.

    Who Cares?

    Business partners aren’t the only ones to take notice of cyber attacks. Consumers, too, see breaches as reason to reconsider doing business with a breached company. A recent Opinion study found 78 percent of consumers in the United States and Europe said cyber attacks change their perceptions of breached companies’ brands. Twenty-nine percent said their perception becomes negative, and 53 percent “thought that people wouldn’t do business with the brand in future,” as reported by IT Governance. Notice respondents didn’t say they would stop doing business with the breached company; they’re just counting on others to do so. That explains why the large brands bounce back quickly and pay a small cost for breaches. But if you’re a small company, don’t expect to enjoy the same level or resilience. If enterprises are willing to cut you off for poor security, you’d best take that as a sign to build up your defences.

    This has been taken from the iboss Blog. View the original article.

    Gemalto study reveals security concerns over convergence of personal and workplace identities

    Wednesday, December 14th, 2016

    • 90% of IT professionals are concerned about employees using their personal credentials for work purposes
    • 62% of enterprises feel increasing pressure to match consumer authentication methods in the workplace
    • The use of two-factor authentication is on the rise, with 40% of organisations’ employees using it

    Gemalto, the world leader in digital security, today released the findings of its Authentication and Identity Management Index, which revealed that 90% of enterprise IT professionals are concerned that employee reuse of personal credentials for work purposes could compromise security. However, with two-thirds (68%) saying they would be comfortable allowing employees to use their social media credentials on company resources, Gemalto’s research suggests that personal applications (such as email) are the biggest worry to organisations.

    Convergence of Personal and Workplace Identities

    The enterprise and consumer worlds are merging closer together, with enterprise security teams under increasing pressure to implement the same type of authentication methods typically seen in consumer services, such as fingerprint scanning and iris recognition. Six in ten (62%) believed this was the case, with a similar amount (63%) revealing they feel security methods designed for consumers provide sufficient protection for enterprises. In fact, over half of respondents (52%) believe it will be just three years before these methods merge completely.

    Consumer breaches impacting enterprise security

    Identity theft accounts for 64% of all data breaches across the globe[1], and consumer service breaches continue to rise, resulting in almost nine in ten (89%) enterprises addressing their access management security policies. Half of enterprises have implemented extra training (49%) to allay their security concerns, 47% increased security spend, and 44% allocated further resources.

    Employee expectations around usability and mobility are affecting how enterprises approach authentication and access management. Nearly half of respondents stated that they are increasing resources and spending on access management. Deployment rates are also increasing: 62% expect to implement strong authentication in two years’ time – up from 51% of respondents who said the same thing last year, and nearly 40% responded they will implement Cloud SSO or IDaaS within the next two years.

    Enterprises are clearly seeing the benefits, with over nine in ten (94%) using two-factor authentication to protect at least one application and nearly all respondents (96%) expecting to use it at some point in the future.

    Mobility security still a challenge

    As more enterprises become mobile, the challenges in protecting resources while increasing flexibility for employees working on the move increases. Despite an increasing amount of businesses enabling mobile working, a third (35%) completely restricted employees from accessing company resources via mobile devices and nine in ten (91%) are at least part-restricting access to resources. This is backed up as half of businesses (50%) admit security is one of their biggest concerns to increasing user mobility.

    In order to protect themselves against threats from increased mobility, enterprises are still most likely to be using usernames and passwords – two-thirds of users at respondents’ organisations are using this authentication method, on average. Currently, 37% of users at respondents’ organisations are required to use two-factor authentication to access corporate resources from mobile devices, on average. However, like the rise for access while in the office, on average, respondents believe this will increase to over half (56%) in two years’ time.

    “From credential sharing to authentication practices, it’s clear that consumer trends are having a big impact on enterprise security,” said François Lasnier, Senior Vice President, Identity Protection at Gemalto. “But businesses need to make sure their data isn’t compromised by bad personal habits. It’s encouraging to see deployment of two-factor authentication methods on the rise, and increased awareness for cloud access management, as these are the most effective solutions for businesses to secure cloud resources and protect against internal and external threats. For IT leaders, it’s important that they keep pushing for security to be a priority at the board level, and ensure that it’s front of mind for everyone in an organisation.”

    Related Resources

  • Download the full Authentication and Identity Management Report here
  • Download the Infographic here
  • Access full global and regional data on the Authentication and Identity Management website here
  • Read more about Gemalto’s Identity and Access Management solutions
  • [1] According to Gemalto’s H1 2016 Breach Level Index

    2017 Cybersecurity Predictions: Preparation, Proliferation, Personnel and Protection = A Bumper Year in EMEA

    Wednesday, December 14th, 2016

    By Greg Day

    The innovations in today’s digital world continue to advance at a tremendous pace, and 2016 didn’t fail to have its own impact on society. As a hobbyist in remote flight, the introduction of drones to deliver blood and medicines in Rwanda from a Silicon Valley startup was an amazing example of how the Internet of Things can have a hugely positive impact on society. I can’t wait for the completion of the $10 million Tricorder XPRIZE to be announced in early 2017, when fiction is expected to become fact, as a portable wireless device that is anticipated to be able to monitor and diagnose health conditions.

    What can we expect in 2017 from a cybersecurity perspective? Personally, I believe 2017 and early 2018 will be the most exciting years in terms of evolving our cybersecurity capabilities as businesses prepare for the May 2018 deadlines imposed by upcoming EU legislation changes. This is a rare opportunity to step back and take stock of our capabilities and validate if they are still fit for their purpose, both for the approaching deadline and thereafter. This is a welcome driver to look to the future as security professionals are often so caught up in enabling the ongoing technology innovations and managing evolving cyber risks.

    So here are my predictions for the next 12 months:

    1. 2017 is the year businesses need to get prepared for the May 2018 deadline for upcoming EU legislation in the form of the GDPR and NIS Directive.

    This will mean that businesses finally have to gain control of the mountains of data they have gathered and generated, as well as to understand both the value and risks they create for the business.

    We can expect some early examples to be made, as the EU looks to ensure that businesses take their digital societal responsibilities

    Cybersecurity leaders will need to validate that their cybersecurity capabilities are relevant to the risk they face and that they leverage current best practices, referred to as “state of the art,” with clearly documented processes and measures. Too often security experts continue to hold on to legacy practices, perceiving that continuing to do the same things as before is enough; as such, 2017 will be the year for change.

    2. Businesses will be vulnerable as they are immobilised by the confusion of what a good next-generation endpoint strategy looks like.

    With the growing volume of unique attacks, organisations have, for a long time, been looking for new solutions to either complement or replace signature-based approaches. However, with many different, new approaches to choose from, businesses are hesitating for too long while they look for validation to define their future next-generation endpoint strategies. With the growth of ransomware, one instance has become one too many, and now is the time when next-generation capabilities are needed.

    3. We will see the cybersecurity landscape continue to change.

    Ransomware will continue to have business impact. Expect ransomware to target a broader range of platforms and further leverage historical cyberattack techniques, such as APT-style attacks, as those behind them look to increase their profits. While this threat remains lucrative, it will continue to be a focus for attackers, which could distract them from developing threats leveraging other areas of technology.

    DDoS will refocus on the retail space as retailers become increasingly dependent on online revenue streams.

    Targeted credential theft will allow attackers to move the attack out of the business network. As more businesses in Europe embrace cloud, credential theft – whether through social engineering or attack – will mean that adversaries have to spend little or no time in the business’s network to achieve many of their cyberattack goals.

    4. While senior cybersecurity skills are in reasonable shape, practitioners are in demand, and outsourcing capabilities are not scaled for evolving demands (volume of work, hybrid cloud/on-premise services, incident response, next-generation SOC requirements, training and running AI/big data systems).

    With the continuing growth of information to draw on in order to prevent and protect against cyberthreats, we can only expect more security events that need to be managed. The scale of security experts has not and will not keep pace; therefore, businesses must rethink how and where human skills should be leveraged in cybersecurity. Today there are too many siloed human-dependent cybersecurity processes that, with evolving best practices, can and should be consolidated and automated. In a market with limited skills, usability and automation should be treated as equally important as capability.

    5. Most companies will confirm whether cyber insurance will become a part of their investment strategy and realise that insurers are a valuable point for CISOs wishing to translate and validate risk to senior executives to help better understand their business’s cyber risks.

    6. Cross-domain incidents will stop organisations siloing IoT/OT, and business/home systems, and help them start to realise it is actually one, big cyber mesh.

    It’s likely that essential services will suffer more outages, following the early examples in Ukraine, the recent Mirai bot DDoS attack, and others.

    In recent years, we have seen more attacks on automotive systems, so attackers inevitably will start to look at moving laterally into other autonomous systems, as they grow in popularity. These may vary from driverless city centers to the Amazon button to the increasing use of drones for commercial businesses.

    It will be interesting to see how many of these predictions come true over the next 12 months. If experience has taught me anything, some will have been realized in half that time, while others may take a little longer – and, as always, I’m sure we’ll be thrown a few curveballs. The only near guarantee I can give is that the digital world will continue to have an amazing and positive impact on our lives, and I’m proud to be part of the global cybersecurity community that supports its enablement.

    This has been taken from the Palo Alto Networks Research portal. View the original entry.

    MOBOTIX Shipping Delays Over Christmas

    Tuesday, December 13th, 2016

    The MOBOTIX Production Facility will be closed over the entire holiday period and the Shipping department at minimum manning, therefore to reduce the risk of any delays in shipping it is highly recommended that any orders required between now and 16 January 2017 should be submitted to MOBOTIX by 16 December 2016 at the very latest.

    Previous experience has shown that order backlogs and delays to courier delivery schedules normally stretch in to the second week of January, so we therefore advise that you pro-actively review your project pipeline and associated timelines for any projects that may be affected by this and consider ordering before 16 December 2016 to reduce any risk of delay.

    Naturally we will still process orders after 16 December 2016, but cannot guarantee that they will be shipped before the holiday shutdown.

    MOBOTIX will resume business as usual on 2 January 2017.

    Brocade Introduce the Ruckus ICX 7150 Switch

    Thursday, December 8th, 2016

    Brocade introduces the Ruckus ICX 7150 switch to bring enhanced functionality and performance to budget-conscious organisations.

    Ruckus Wireless, a part of Brocade, has announced the Brocade Ruckus ICX® 7150 switch, an entry-level stackable campus switch for budget-conscious customers in the education, hospitality and small-to-medium business (SMB) sectors. For the first time, budget-sensitive organisations will be able to experience the same features and high performance that major enterprises enjoy while also being able to scale and grow accordingly without having to replace equipment.

    “Access Networks utilises enterprise-grade network appliances to provide the finest network solutions for its customers’ connected lifestyles,” said Hagai Feiner, founder and CEO, Access Networks. “As a long-term, satisfied Ruckus partner, we are very pleased to add the ICX switches to our portfolio. The new ICX 7150 switch is an ideal complement to the Ruckus Wi-Fi networks. It delivers the enterprise-class features, flexibility and scalability at an affordable price that we need. From the ability to upgrade uplinks from 1GbE to 10GbE with a license, long-distance stacking, and the ability to expand our network with other ICX 7000 switch families with Campus Fabric, the ICX 7150 switch does what no other competitor can match for the price.”

    What:
    The Ruckus ICX 7150 offers unprecedented, enterprise-class features and performance at an entry-level price. At the same time, it enables organisations to buy what they need now and easily scale to support growth and new technologies in the future.

    The Ruckus ICX 7150 is available in 12, 24 and 48 port 10/100/1000 Mbps models with 1/10 GbE dual-purpose uplink/stacking ports. The switch’s Power over Ethernet (PoE) and Power over Ethernet Plus (PoE+) capabilities make powering of high-capacity access points (APs) and other devices along with data connection easy. Additional features include:

    • Software upgradeable uplink/stacking ports from 1 GbE to 10 GbE
    • SDN-enabled with OpenFlow support
    • Easy transition to Brocade Campus Fabric for network automation and management simplicity
    • Plug-and-play operations for powered devices via LLDP and LLDP-MED protocols
    • Auto-configuration ensures error free configuration and accelerates deployment
    • Hot-insertion and removal of stack members simplifies operations
    • sFlow-based network monitoring
    • Flexible stacking adds capacity throughout the network without increasing the management load

    Who:
    The Ruckus ICX 7150 switches are ideal for organisations in the education, SMB or hospitality sectors as well as organisations that are more budget conscious.

    When:
    The Ruckus ICX 7150 can be ordered now with volume shipments starting in February 2017.

    Where:
    Purchase Ruckus ICX 7150 switches worldwide through Ruckus Wireless’s and Brocade’s global distribution network.

    For more information, visit the ICX 7150 product page on the Ruckus website.

    Safeguarding your corporate network using Pulse Policy Secure

    Wednesday, December 7th, 2016

    Safety measures, when it comes to providing network security by means of endpoint authentication and authorization, are always preferable, and in regulated industries mandatory. Traditionally, network access control (NAC) solutions used to provide local area network (LAN) security by allowing or blocking network access based on set security policies. In today’s world, NAC has evolved to address the vast variety of challenges for the next generation of networks.

    While Pulse Policy Secure provides standard-based advanced network protection and features, it is very important for security professionals to get complete visibility of the network; who is accessing, what device type are they using, etc. It also requires that ensure that only the right user with the right devices to get access to the right corporate resources.

    The first step towards safeguarding your network is knowing that various network security options exist and NAC is part of the overall plan. Moreover, it is important to plan your deployment by creating comprehensive policies for assigning roles/realms, enforcement methods, and remediation actions for non-compliant endpoints. Once the policies are in place, implementation is ready to begin.

    Pulse-Safe-Guarding
    Let’s look at various aspects of a NAC deployment.

    Visibility

    With the increase of network devices it has become difficult for administrators to get the identity of the connected endpoints. With the help of the Profiler feature on Pulse Policy Secure, administrators can overcome the problem of little visibility of endpoints. Profiler provides contextual details about every endpoint connected to the network including both managed and unmanaged devices. It also increases visibility by identifying and classifying devices by MAC address, IP address, location and OS type/function etc.

    Enforcement and Network Security

    Traditional security approaches focus on protecting the entire network. It has become vital to provide network security on the basis of device type and state, and user. Role-based access is given based on those two factors. It is important to find out which individual users accessing resources. Network security can also be accomplished by applying dynamic enforcement policies configured on Policy Secure to mitigate the risk of end user access and automatically remediate non-compliant devices.

    Compliance

    With the wide variety of devices introduced by BYOD and IoT, there is a need at every enterprise to quickly identify the source of threats and mitigate the risks of losing organisation’s sensitive data. Pulse Secure’s Host Checker evaluates every endpoint and ensures that it is compliant. These compliance checks can be custom items like files or processes. Host Checker can verify that latest anti-virus, patches and system firewall are deployed in order to minimise the risk at the endpoint.

    In addition, Pulse Policy Secure also provides simplified guest access management, end-user device onboarding, and flexibility in deployment options. For more information on Pulse Policy Secure, please visit HTTPS://WWW.PULSESECURE.NET/POLICY-SECURE/OVERVIEW.