sales@net-ctrl.com
01473 281 211

Net-Ctrl Blog

Blistering Performance Starts with Cleaner Wi-Fi RF Signals

December 8th, 2017

By Helen Kim, CEO NanoSemi

With each generation, Wi-Fi keeps getting faster. When will it be “fast enough?” Never! You’re talking to someone from Boston. Yeah, the Patriots won five Super Bowls, but Pittsburgh won six. We want more!

I’m not making my Super Bowl pick just yet, but when it comes to Wi-Fi, I can tell you definitively: faster is coming. Much faster, with the emergence of 802.11ax, which by some accounts is the 6th Generation of Wi-Fi (6G anyone?). Using more and wider channels, higher modulation techniques and other elements of the new standard, tomorrow’s Wi-Fi will be 4 to 10x faster than today’s 802.11ac networks, delivering up to 1.2 Gbps per stream.

Sounds great, right? Well, keep in mind that, for the moment, 802.11ax performance exists largely on paper and in the lab. Now, Wi-Fi device and chip vendors need to go out and make it happen in the real world. That means not just advertising huge throughput increases on a product box—but actually delivering them to clients at usable distances with good battery life. And doing that is a lot harder than it seems.

Why is it so tough to bring ultra-fast Wi-Fi bandwidths to real-world devices at longer range with better battery life? To answer these questions, I’m going to need to nerd out a little. Join me on a journey to the center of the silicon that lives inside your Wi-Fi devices. I’m going to explain a radio frequency (RF) concept called “linearization,” and show why it holds the key to tomorrow’s lightning-fast Wi-Fi.

Why are higher Wi-Fi bandwidths so hard to deliver?

It’s not hard to achieve fast data rates when clients are right next to an access point (AP). To deliver good performance at a distance, however, Wi-Fi RF signals need a few important attributes. They have to be high-powered (so they can reach farther), while also being power-efficient. (A great-performing client that dies after an hour of use isn’t particularly useful.)

Finally, the RF signal needs to be very clean. And that’s where it gets especially tricky, because every component in the chip that touches that signal (called the “RF signal chain”) can add noise, ultimately degrading performance.

Now, I’ve mentioned that Wi-Fi RF signals need amplification. Those power amplifiers (PAs) inside RF transmitters are a major source of distortion. This is where “linearity” comes in. Linearity is a measure of the PA’s ability to amplify all the parts of a signal equally. More linearity means a cleaner signal and better throughput at longer distances. So if noisy PAs (and noisy signal chains overall) reduce linearity, we need to do something about it.

New 802.11ax standards make things even harder.

Achieving good linearity is a complex problem to begin with, and it gets more complex at wider Wi-Fi bandwidths, especially over 40 to 60 MHz. (And remember, under 802.11ax, individual channels may be 4x that wide, 160 MHz.) But that’s not the only challenge. 802.11ax devices will also use higher modulation rates (called quadrature amplitude modulation, or QAM). At the lower end, the 802.11ax standard will use 1024 QAM. The highest bandwidths could use 4096 QAM.

As you climb up the ladder to higher QAM and Wi-Fi bandwidths, linearity becomes more and more important. Said simply: if you’re going to get to ultra-fast data rates, devices need much cleaner signal chains. This degree of cleanliness, measured by Error Vector Magnitude (EVM), is hard to achieve with the low-cost PAs commonly used in Wi-Fi systems.

Below, you can see a constellation plot of a high-performance Wi-Fi RF signal (160 MHz bandwidth, using 4096 QAM modulation). When you clean up that signal with linearization (the right side of the figure), you get pinpoint clarity at higher bandwidths. When you don’t (left side), you end up with a lot of undifferentiated noise.

Cleaning Up Wi-Fi RF

NanoSemi, an early-stage venture-funded company spun out from MIT Lincoln Laboratories, is working with Wi-Fi system vendors like Ruckus, as well as silicon vendors, to significantly improve the Wi-Fi RF chain. We apply machine learning-based digital compensation to correct the entire signal chain—power amplifiers, filters and other components—at unprecedented bandwidths.

We’re bringing linearization to new levels by automatically characterizing the signal chain, identifying nonlinear components and other impairments, and analyzing their impact on system performance. By doing this, we can improve EVM by up to 30 dB—and allow Wi-Fi vendors to unlock the full promise of 802.11ax.

Wi-Fi RF Linearization in Action

To show the power of NanoSemi’s linearization implementation, let’s look at a typical Wi-Fi PA designed to meet 802.11ac specs of 256 QAM and 80 MHz (480 Mbps). Using our linearization technology, that PA can achieve 802.11ax rates of 1024 QAM and 160MHz (1.2Gbps). And we can more than double both the power efficiency and output—leading to longer range at reduced power consumption. (You can read the detailed report here.)

Another benefit of effective linearization is that vendors can use more efficient amplifiers. The most efficient PA designs such as Class B and Doherty PAs are capable of operating much more efficiently than the ones most vendors use today, but on their own, they’re very nonlinear. By using NanoSemi linearization technology, however, we can bump up PA efficiency from 4% to over 28%, while nearly doubling the power output (test report here). Once again, that translates to faster speeds, over wider bandwidths, with longer ranges and better battery life than any solution available today. For access points, the greater power efficiency leads to less power consumption on power over ethernet deployments.

Learn More

Much as I’d like to, I can’t promise another Patriots Super Bowl. But I can promise wider, faster and longer Wi-Fi in the near future. By working with companies like Ruckus to solve the linearization problem, we’re helping take blazing-fast 802.11ax performance out of the lab and into a device near you.

View the original post by Helen Kim, CEO NonSemi at The Ruckus Room.

Data Security: Today’s Essential Business Requirements

December 8th, 2017


Review the precautions below to minimize your risk of being breached and, just as importantly, minimize the damage in the unlikely event that you are.

Famous Data Breaches

In 2008, Heartland Payment Systems suffered what was, up to that time, the biggest data breach in U.S. history. Astoundingly, intruders had been roaming around behind Heartland’s firewall for weeks before the breach was detected. Millions of customers’ credit card numbers were accessed, and Heartland, the nation’s fifth largest payments processor, was almost destroyed. While one would have expected this to serve as a lesson for all companies that stored customer information, about five years later, the Target Corporation suffered an even bigger breach. The post-mortem done by both Heartland and Target revealed negligence and carelessness at the systems administration level, which was subsequently corrected. End of story? Nope. Just this past spring and summer, another high-profile breach occurred. This time, the victim was Equifax, the credit monitoring and reporting agency. And the damage was much more serious, as hackers accessed the entire credit files of millions of Equifax customers. The full extent of the damage done most likely won’t be known for years, if ever.

Ransomware Rises

As if breaches and data theft weren’t enough, the latest trend in systems chicanery, ransomware, is happening at an increasing pace. Unlike the massive breaches at Heartland, Target and Equifax, ransomware can be targeted at the individual computer user. And it has targeted individuals, sometimes demanding hundreds of dollars from the victims. The most notorious recent ransomware viruses, however, WannaCry and Petya, were aimed at commercial entities. That’s where the money is, after all.

Someone’s Knockin’ at the Door

Ultimately, breach prevention boils down to both systems and personnel. While nothing is foolproof, here are some steps that organizations and individuals should take to keep their data secure. Here’s a short, though certainly not exhaustive, list:

  1. Internal controls are essential. Know who has access to the data and closely monitor their usage patterns. Also, analyze your log monitors to detect suspicious activity. There is software that can make this less resource intensive.
  2. Always make sure any software patches are installed immediately. This is what sunk Equifax. A patch to Windows was ignored and the vulnerability exploited.
  3. Keep your firewall up to date.
  4. Encrypt your data. This may be the best advice of all.
  5. Backup your data. You don’t have to build a server farm. The cloud offers several affordable and secure options.
  6. Install malware prevention tools and keep up with version releases and updates.
  7. Turn off your computer when you are done working. If your computer isn’t on, no one can crack into it. It’s a pain, but a good way to minimize the chance of intrusion.
  8. Train all users on things to avoid. For example, make sure they know not to open email attachments from unknown third parties and that they are on the alert for things like bogus login pages.

The Best Cure Is Prevention, But…

In order to be truly proactive, every endpoint must be protected against every type of attack at every stage of the threat lifecycle. Traditional anti-virus software programs have represented only a partial solution. As Heartland contends, there is simply no way to make a system completely breach-proof, so quick detection of problems and fast remediation of them are essential. Next Gen from SentinelOne is uniquely suited to maximize prevention and increase the speed of detection and remediation.

Conclusion: It’s Not Going Away

The threats are going to continue and they are going to become increasingly sophisticated. Most of the remedies will be reactive, i.e. they will come after a breach has occurred. But by deploying a Next Gen solution like SentinelOne and taking the precautions above, you can minimize your risk of being breached, and, just as importantly, minimize the damage in the unlikely event that you are.

Want to see how SentinelOne can help improve the effectiveness and efficiency of your security efforts?

Request a Demo Now

View the original post by SentinelOne.

The Right IoT Mindset for 2018 and Beyond

December 8th, 2017


Just when companies thought they’ve successfully transitioned to a mobile work force, Internet of Things (IoT) devices have followed hot on the heels, tempting would be takers with unprecedented productivity and margins should they dare traverse the proverbial minefield.

As IoT stands now, there is no clear swim lane, no tested and proven path of least resistance, no clear best practice for every implementation. Too many solutions, too little standards. Most of us know the destination – a network utopia of connected devices working harmoniously. Scalable, visible, secure. Is 2018 the year we lay the concrete over the IoT foundations?

Applications Aplenty, Consolidations Coming

It’ll be hard to find an industry not headed towards an IoT future:

  • Finance: Forget the cash. Contactless payments, biometrics, wearables
  • Transportation: Look, no hands! Driverless vehicles for you and I
  • Healthcare: Your family doctor without a pulse

Price, complexity, compatibility, scalability – there’s clearly plenty to consider for traditional businesses wanting to adopt IoT. It’s currently a jungle out there, and we’re going to start seeing consolidation as victors emerge. The bigger fishes are primed and hungry for the technology and data acquisitions will bring.

History Doesn’t Have to Repeat Itself

As we race towards building infrastructure and apps (as we did with LAN years ago), as we invest heavily into transforming into Smart Nations, we absolutely need to keep security top of mind. Just think about the number of high-profile hacks, breaches, and threats we’ve read about this year. The vast majority of them could have been prevented.

The stakes are higher than before. In 2018, data is going to be collected like never before. And increasingly personal data at that. Bank accounts, medical conditions, criminal histories, you name it. Security needs to be baked-in to every design concept and not a bolt-on at a later stage.

Goodbye Corporate Device, Hello Dynamic Policies

The company issued device is dead. Users want to use their own device to get their work done. And it shouldn’t matter whether they’re at home or in the office, users need that consistent user experience. But, with the multitude of corporate apps for dozens of different uses, admins have had to play a game of policy juggling. An exception here, an allowance there, each turn into a hole you punch in your firewall and perimeter defenses.

Dynamic policies are the happy silver bullet here. Make decisions based on the user, their profile and therefore their policy. It shouldn’t matter where or how they’re connecting.

The truth is there is no hard deadline here like the millennium bug, so the journeys we all take are bound to be different. The dynamic data centre of cloud and IoT is an exciting destination, and we’ll figure out the most optimal way there eventually. But till then, if we keep secure access in mind, our colleagues, users, stakeholders will thank us.

View the original post by Don Tan at Pulse Secure.

3 lessons to learn from Blade Runner 2049

December 8th, 2017

Last month, a very long wait came to an end for Blade Runner fans. Since the original (set in 2019) was released in 1982, a cult-following of fans from all over the world has been waiting (and hoping) for a sequel. 35 years later, their patience has been rewarded with a masterpiece; Blade Runner 2049 has been heralded as five-star blockbuster, visually stunning, and a philosophically profound classic.

For those that haven’t seen it yet, here’s the trailer:

2049 raises several questions that encourage us to think carefully about the future in relation to AI. Is there anything we can learn from the way the film deals with human and machine existence?

1. AI’s potential is incredible, and for some unsettling

The potential of artificial intelligence has been well-documented, particularly in the last few years. However, 2049 does highlight AI’s potential in a brilliant and concerning way. It shows us that if perfected, we might be able to create forms of the intelligence that could execute tasks, jobs and assignments more effectively than we humans ever could. Indeed, we’re getting close now when it comes to diagnosing some cancers.

The performance of Ryan Gosling’s K throughout the film shows us incredible skill, reasoning, quick thinking, strength and bravery. If, someday, we become able to create replicants such as this, the possibilities are endless – these forms of intelligence could revolutionize everything, from education, to medicine, to services, to policing, to transport.

In fact, we’re already seeing how machine-learning, in ways a precursor to a fully-realized AI, can enhance mobile marketing strategies and payments right now… and if these forms of AI continue to progress (which is likely), we may even see a Zero UI System (or screen-less) in the future, which would be truly incredible. For more on this fascinating concept, check out Rand Hindi’s Ted Talk.

But the capability of AI in the film is unsettling. The potential of AI is wondrous, of course, but 2049 shows us a myriad of ethical problems and dilemmas relating to the rights and treatment of the film’s AI protagonists (known as replicants). And without providing too many spoilers, it also shows us the possibility of AI thinking completely independently, which is a difficult scenario for many to deal with. This brings us to our second lesson.

2. Distrust of AI is highly likely

Early into the story, we see a widespread distrust of replicants. The humans of 2049 are clearly uncomfortable in the presence of AI, and we’re already seeing some distrust today. A recent survey has found that 85% of Brits believe that AI in marketing should be governed by a key principle from the Blade Runner franchise, now known as the “Blade Runner rule”. This rule dictates that it is illegal for AI applications such as chatbots, social media bots and virtual assistants to conceal their identity and pose as humans. All companies considering the use of AI in these forms should bear this in mind, and ensure transparency, or risk alienating customers.

3. AI could hold the key to building a truly connected world and greater civilizations

If you’ve now watched the trailer above and listened carefully, you’ll remember how the eerie Niander Wallace claims that “every civilization was built off the back of a disposable workforce”. A chilling claim, but one with arguably some truth within it. Perhaps an AI-based workforce is the key to building an even greater world? It’s difficult to predict though, and ethical concerns spring to mind immediately. However, there is a point to be made when it comes to AI’s relationship with the IoT.

The IoT is currently producing astounding volumes of data, so much that analysts won’t even come close to processing it all accurately. Simply put, big data is being produced more quickly than we can deal with it. One hope of getting a hold on it, and harnessing its potential is AI. It could be the only way to build an IoT to be proud of, and it’s something we’re working on with our Assurance Hub. This new platform aims to prevent online banking fraud through a detailed analysis of customer behaviour and biometric markers.

View the original post by Gemalto.

Ruckus joins the ARRIS family

December 8th, 2017

By Dan Rabinovitsj, President, Ruckus Networks, an ARRIS company

Today we finalized the ARRIS acquisition of the Ruckus business! Our team is jubilant, relieved and ready to hit the ground running. I want to thank all of our partners, customers and employees for their loyalty, perseverance and passion throughout the past year as we found our way to our new home. Now that we are here at both the finish line and the starting gate, I want to provide more details about how our business fits into ARRIS and also share my thoughts on why the combination with ARRIS offers a compelling path forward for our business.

Our updated brand name is “Ruckus Networks, an ARRIS company.” This reflects the expansion of our portfolio to include not only industry-leading wireless products, but also the integration of the high-performance ICX switching family to our overall portfolio. Internally, we will be called the Enterprise Networks business segment of ARRIS. This is important to understand because we will operate as a business unit with its own engineering, sales and marketing resources focused on the Enterprise market. This set-up will minimize integration time and ensure continuity for our partners and customers.

However, please don’t construe the independence of our business unit as the creation of an island. The real value of integration with ARRIS will be to take advantage of our combined and complementary strengths:

1. Continuity of user experience across all verticals and contexts. We see some of the most exciting innovation in networking starting in the residential market. The adoption of voice control, physical security, IoT, high density mesh and application visibility has taken off in the home and we want to exploit these trends in the Enterprise. Conversely, the performance expectations in the premium home segment are now closer to the Enterprise market, and we see opportunities to work with partners to create complete solutions for this segment using our combined assets. From the home, to the office, to school, to public venues like hotels, arenas and smart cities, ARRIS now has a soup-to-nuts capability in networking.

2. Scale matters. Ruckus Networks is now integrated into a large and stable business with the potential for greater investment and ambition. This will become manifest in manufacturing, operations and supply chain but also in R&D where we will be able to tap into complementary skill sets and know-how from DOCSIS to Wi-Fi, Ethernet and Optical communications.

3. Serving the Service Providers. In the service provider market, we believe we have a very clear leadership position in Wi-Fi with significant investments and commitment in all major markets serving residential, hotspot and managed services needs. Ruckus and ARRIS have common DNA in this area and can take advantage of our complementary footprint to better serve SPs of all shapes and sizes, while expanding our offer using our Ethernet switching, analytics from SCI and the Cloudpath security platform.

4. Transition to Cloud. Ruckus and ARRIS both have strong commitments to the future transition to IaaS for networking. The combination will allow us to double-down on our Cloud investment, which is critical to our continued growth in the market.

5. Technology Innovation. Finally, we share a passion for innovation such as our common interest in CBRS and the proliferation of OpenG LTE networks. ARRIS now has the potential to invest more aggressively on this front with solutions spanning the enterprise, smart city and residential markets using common platforms with a consistent user experience and integration with Wi-Fi. Some of our innovation will be focused on simplicity and hitting “the easy button” for networking. A great example of this is Unleashed and how we keep making this product family better and better for the SMB and premium home segment.

This is the beginning of a new journey for our team, but we are nothing without our partners, distributors and customers. Ruckus Networks will work to earn the nickname, “the Partner Networking Company,” because nurturing our critical partner and customer relationships is the most important ingredient for future growth and scale.

Thanks again for all of the support we have received from the Ruckus team who have humbled me with their passion, the ARRIS team who worked tirelessly to get this deal done, and to all of you who count yourselves as part of the Ruckus Pack.

Your Worst Nightmare: Fileless Malware

November 30th, 2017

By now, everyone pretty much knows what malware is and how it works: Victims receive an email telling them that if they just open the attached PDF, their entire life will morph into heaven on earth. Or they get an email telling them that they need to click on a link to avoid blowing up the universe, or some such catastrophe. In any event, the malware can be stymied by simply not opening the attachment, clicking on the link or whatever. It’s pretty simple. Just educate the users not to open attachments from unfamiliar email senders, links from what appear to be legitimate e-commerce sites and so on. Bad actors defeated. World safe again.

Unfortunately, the bad guys are hip to this, which is why a new type of cyberattack is taking hold: fileless malware. Unlike the malware described in the opening paragraph, fileless malware does not depend on the victim downloading any files. That’s because it doesn’t require any files. It invades systems in two ways:

  • The malware’s code resides in RAM or in the system registry.
  • The malware infects its host through scripts.

Conventional Delivery Methods and Unconventional Purposes

Even though files are not used to deliver the malicious code, phishing schemes can still be used to allow the code to infiltrate systems. For example, malicious code can be delivered in the form of a Word document, which, when opened, releases the malware. Of further concern is that fileless malware often uses anti-forensics techniques to erase its tracks, thus making it completely invisible.

The purpose of fileless malware is most often similar to that of conventional attacks: get access to credentialed data and personal information. However, because of its stealthy and persistent nature, there is some suspicion that fileless malware will be used to support espionage activities and to set the stage for future acts of sabotage.

Can Fileless Malware Be Stopped?

The problem is complex. To begin with, organizations have to realize that processes that run scripts, like Microsoft PowerShell, are just as capable of delivering malware as processes that execute them, like opening a PDF. Secondly, companies must make sure that their employees are educated about the dangers of opening ANY attachments that aren’t from known senders, and third, every patch issued by any vendor must be installed immediately. This includes, of course, the antivirus software on the system, as well as the operating system itself. Simple steps like these can prevent a lot of future pain.

Pick the Right Security Software

It’s essential to realize that the threat is getting more common and the attackers more creative. Whether it’s through email spam with attachments, PowerShell or the Windows Registry database, fileless malware may very well try to find a home in the systems environment. The best defence against any type of malware attack is proper education and a multi-layered security software. When evaluating different security solutions to hinder the threat of fileless malware, there are several things to consider, including, but not limited, to:

  • What’s the vendor’s level of sophistication with regard to understanding the threat?
  • Will the vendor provide access to current users?
  • Is the software user reviewed? This can reveal things like ease of implementation and customer service.
  • Does it emphasize endpoint protection?
  • What’s the upgrade history? Once a year won’t hack it (no pun intended) in this environment.
  • Does the vendor offer a cyber warranty? Not many do, and this can tell a lot (mainly because it requires an insurance underwriter).

The threat vectors are ever-increasing, but due diligence in employee education, and choosing the right security solution still offers the best chance of not becoming the next victim of the new bad kid on the block, fileless malware.

Want to see how SentinelOne can stop file-less attacks? Request a Demo Now.

View the original article by SetinelOne.

Majority of consumers would stop doing business with companies following a data breach, finds Gemalto

November 29th, 2017

A majority (70%) of consumers would stop doing business with a company if it experienced a data breach, according to a survey of more than 10,000 consumers worldwide conducted on behalf of Gemalto, the world leader in digital security. In addition, seven in ten consumers (69%) feel businesses don’t take the security of customer data very seriously.

Despite these concerns, the Gemalto study found that consumers are failing to adequately secure themselves, with over half (56%) still using the same password for multiple online accounts. Even when businesses offer robust security solutions, such as two-factor authentication, two fifths (41%) of consumers admit to not using the technology to secure social media accounts, leaving them vulnerable to data breaches.

This may be because the majority of consumers (62%) believe the business holding their data is mostly responsible for its security. This is resulting in businesses being forced to take additional steps to protect consumers and enforce robust security measures, as well as educate them on the benefits of adopting these. Retailers (61%), banks (59%) and social media sites (58%) were found to have a lot of work to do, with these being sectors that consumers would leave if they suffered a breach.

“Consumers are evidently happy to relinquish the responsibility of protecting their data to a business, but are expecting it to be kept secure without any effort on their part,” says Jason Hart, CTO, Identity and Data Protection at Gemalto. “In the face of upcoming data regulations such as GDPR, it’s now up to businesses to ensure they are forcing security protocols on their customers to keep data secure. It’s no longer enough to offer these solutions as an option. These protocols must be mandatory from the start – otherwise, businesses will face not only financial consequences but a potential legal action from consumers.”

Despite their behaviour, consumers’ security concerns are high, as two thirds (67%) worry they will be victims of a data breach in the near future. Consequently, consumers now hold businesses accountable – if their data is stolen, the majority (93%) of consumers would take or consider taking legal action against the compromised business.

Consumers Trust Some Industries More Than Others

When it comes to the businesses that consumers trust least, over half (58%) believe that social media sites are one of the biggest threats to their data, with one in five (20%) fearful of travel sites – worryingly, one in ten (9%) think no sites pose a risk to them.

On the other hand, a third (33%) of consumers trust banks the most with their personal data, despite them being frequent targets and victims of data breaches, with industry certified bodies (12%), device manufacturers (11%) and the government (10%) next on the list.

Hart continues, “It’s astonishing that consumers are now putting their own data at risk, by failing to use these measures, despite growing concerns around their security. It’s resulting in an alarming amount of breaches – 80% – being caused by weak or previously stolen credentials. Something has to change soon on both the business and consumer sides or this is only going to get worse.”

Additional Resources

About the Survey

10,500 Adult con sumers were interviewed by Vanson Bourne globally. Countries included were the US, UK, France, Germany, India, Japan, Australia, Brazil, Benelux, UAE and South Africa. All of those surveyed actively use online/mobile banking, social media accounts or online retail accounts.

View the original post by Gemalto.

The Cybersecurity Skills Gap Is Putting Businesses at Risk

November 24th, 2017


The gap between the supply of trained cybersecurity professionals and the demand for their skills is steadily widening. The ISACA reports that by 2019 the global cybersecurity shortage will reach two million jobs, and a Brocade global study reveals that 54% of businesses expect to struggle in the next year due to a lack of cybersecurity skills.

Additionally, the rise of cyber-attacks over the last several years shows no sign of letting up. Not only are more and more attacks being created, but their sophistication continues to grow. Juniper Research reports that the average cost of a data breach could exceed $150 million by 2020 as more business infrastructure becomes connected, while globally the annual cost of cybercrime will rise above $21 trillion in 2019.

Numbers aren’t everything, but it’s clear that many businesses will struggle to secure the talented individuals they need to protect their organisation – and further casualties are highly likely. At a time when cybersecurity skills are stretched, this could prove disastrous for many businesses.

What does the cybersecurity skills gap mean for businesses?

A Skills Gap Significantly Increases Cybersecurity Risk

The lack of skilled cybersecurity experts is going to increase a business’ risk in several ways.

To begin, fewer employees mean fewer eyes monitoring and fewer man-hours spent working. This increases the risk of a vulnerability lying unfixed until it is too late and, consequently, increases the overall likelihood of a breach occurring.

Second, fewer workers mean businesses will be less prepared to respond in the event that a breach does occur. For many businesses, especially small to medium-sized enterprises, this can be devastating as long periods of downtime could spell potential bankruptcy for companies already in a weakened state following a breach.

Ultimately, no matter the size or status of a business the skills gap overall effect is a significant increase in risk. It is highly likely that over the next few years, as threat actors become more sophisticated in their attack methods that we will see the effects of the skill gap amplified resulting in breaches that are even more damaging than those in recent memory.

As Demand Increases, So Will Wages

In addition to having to cope with a skills gap and the resulting risk this creates, businesses will also struggle to hold on to their top professionals.

The high demand for cybersecurity talent, relative to supply, will cause wages and competition amongst employers to increase. Organisations that do not provide competitive offers will struggle to attract and retain skilled workers. When this happens organisations tend to fill the gaps by hiring less qualified professionals that they train to bring up to speed. The problem with this is as the individual’s skill set increases so do their demand in a competitive marketplace which means that the employer will still be forced to pay a higher wage or risk losing the time they have invested in that employee to a better offer.

Technology Must Fill the Gap

With the number of trained professionals forecast to fall far below demand, businesses will need to rely on their security tools to fill in the gaps more than ever before. Businesses should be constantly reviewing new tools on the market to see if emerging technologies offer any opportunity to fill in some of these gaps and provide more effective and efficient protection for critical systems.

Ideally, an organisation’s security tools should augment their security team’s efforts and protect them against a broad array of attacks (including executables, document exploits, scripts and false credentials) throughout the entire threat life-cycle: pre-execution through post-execution.

Conclusion

The gap between the supply of trained cybersecurity professionals and the demand for their skills is only going to continue to widen as we move forward. As a result of this, businesses will face increased risk, increased employment costs, and a growing reliance on tools that improve security efforts. Businesses need to be aware of and have a plan for dealing with these challenges, otherwise, we will continue to see more and more high profile breaches over the next several years.

View the original article by SentinelOne.

Ruckus Launches New Versatile Switch Family for Next Generation Networks

November 20th, 2017

Ruckus, today announced a new family of switches to support next-generation network edge and aggregation/core requirements. The Ruckus ICX® 7650 family delivers high-performance switching capabilities to meet current and future network demands, including high-density 802.11ac / 802.11ax Wi-Fi deployments, UHD video streaming, line rate encryption and single point of management.

The Ruckus ICX 7650 is the industry’s highest performing, scalable edge switch to deliver support for 100 Gigabit Ethernet—the highest port density for IEEE 802.3bz (multi-gigabit) Ethernet ports, along with the highest number of IEEE 802.3bt-ready (90 W PoE) ports on the market today. This family is the first fixed configuration switch to offer 100 Gigabit Ethernet for campus networks.

“As more wireless users access cloud and data-intensive applications on their devices, the demand for high-speed, resilient edge networks continues to increase,” said Siva Valliappan, vice president of campus product management, Ruckus. “The innovative technology behind the ICX 7650 switch family captures all these requirements, enabling users to scale and future-proof their network infrastructure to meet the increasing demand of wired and wireless network requirements for seven to ten years.”

The high-performance Ruckus ICX 7650 family offers a flexible, scalable architecture for simplified management and is available as a multi-gigabit access switch or a medium core/aggregation switch. The ICX 7650 is the industry’s first multi-gigabit (IEEE 802.3bz) Ethernet stackable switch with 100GbE connectivity, In-Service Software Upgrades (ISSU) for high availability in a stack, up to 90 Watts (IEEE 802.3bt ready) of PoE power per port and dual hot-swappable power supplies and fans for added resiliency. The ICX 7650 has fixed 40 Gigabit and 100 Gigabit Ethernet ports that can be used as uplinks or stacking ports, further supplementing user bandwidth requirements by providing modular uplinks that can scale from 10 to 100 Gigabits. With all the features of ICX switches, such as simplified management with campus fabric and advanced stacking capabilities, these switches are ideal for customers in markets with high-bandwidth requirements including education, hospitality, federal government and small-to-medium enterprise (SME).

“The new Ruckus ICX 7650 switch expands Ruckus’ offering in multi-gigabit Ethernet switching, delivering more multi-gigabit ports, higher performance with up to 100G uplinks and more PoE power to support high density wireless deployments, including future Wi-Fi standards such as 802.11ax and beyond,” said Nolan Greene, senior research analyst, enterprise networks, IDC. “This new family of switches is well suited for many vertical segments including Primary and Higher Education, Carpeted Enterprise, Large Public Venues and Government markets that value a high-performance, future-proof network platform.”

Features for Ruckus ICX 7650 Family

The new ICX 7650 family includes three new models including:
1) the ICX 7650-48ZP multi-gigabit access switch.
2) the ICX7650-48F core/aggregation switch.
3) ICX 7650-48P high-performance gigabit switch.

  • The ICX 7650-48ZP access switch provides 24 ports of multi-gigabit (IEEE 802.3bz) Ethernet ports to also support 90 W of PoE power (IEEE 802.3bt ready), as well as 24 ports of Gigabit Ethernet to support PoE+.
  • The ICX 7650-48F core/aggregation switch provides a high-performance platform with up to 24 10G and 24 1G fiber ports with the premium L3 features of a large core switch as well as 256-bit MACsec line rate encryption.
  • The ICX 7650-48P can be flexibly deployed in multiple management models – as a stack of up to 12 switches, stacked over long distances up to 10 km, or in a fabric bringing the ease of plug-and-play while retaining a secure and scalable design.
  • ​With the advancement of Wi-Fi technologies delivered by 802.11ac and 802.11ax capable APs, customers require networks that will support their current and future needs. The ICX 7650 provides the right network infrastructure delivering high-performance connectivity for existing and future Wi-Fi networks where reliability, simplified management and future-proofing is essential.

    What’s Wrong with PSKs and MAC Authentication for BYOD?

    November 20th, 2017

    When a BYOD user or visitor needs network access, how do you roll out the welcome mat without leaving the door wide open to anyone who wanders by? Plenty of organizations use conventional pre-shared keys or MAC authentication to get BYOD users and visitors on the network. Seems reasonable—until you learn that these mechanisms come with serious security flaws. What’s so bad about traditional pre-shared keys (PSKs) and MAC authentication for guest and BYOD onboarding from an IT security perspective? Let’s find some answers.

    What’s the problem with pre-shared keys?

    When users ask for “the Wi-Fi password”, they are using the common vernacular for pre-shared keys. Suppose an IT administrator sets up a Wi-Fi SSID with an assigned PSK, and then simply gives that PSK to anyone who requires network access. Maybe you even use this approach yourself—why not? Well, for a few reasons.

    Start with the fact that when you have a single Wi-Fi password, you have no way to control who has access to it. Users can—and do—share Wi-Fi passwords with others, even people you might not want to have access to your network.

    When everybody’s sharing the same password, there’s also no way to revoke access to an individual user—say, when someone leaves the organization. Do you really want former employees to be able to just hop on your network after they’ve left? Probably not. But you can’t change that password without disrupting access for everyone—so you might be tempted never to change it. Not a good policy.

    OK, then what about MAC Authentication?

    At least PSKs encrypt data traffic in transit over the air. When you use MAC authentication to provide network access for BYOD and guest users, that’s not the case. Anyone can intercept that data traffic. Attackers also find it easy to spoof MAC addresses and thereby gain unauthorized access to the network.

    Heard enough? There’s more.

    With both PSKs and MAC authentication, you have no way to associate each device with a user. Suppose you become aware of a device that’s wasting bandwidth by downloading huge video files—and, even worse, it’s copyrighted content being downloaded illegally over your network. You would want to put a stop to that right away. If you have no way to link that device with a specific person, good luck figuring out who it is.

    Secure environments use “role-based access” to control what different types of users can do on the network. On a K-12 school network, for example, you might want to let teachers access Netflix to play a documentary but block that application for students. Or you might need to restrict access to a server housing sensitive student data to only a few privileged users. If you use PSKs or MAC authentication to grant access, you can forget it—neither works with your infrastructure to support granular policy enforcement.

    Additionally, neither traditional PSKs nor MAC authentication let you perform an up-front assessment of a device’s security posture, or automatically remediate any issues discovered. For example, before you let a BYOD user on the network, you probably want to make sure that tablet he’s about to connect has a passcode enabled. Otherwise, when it’s lost or stolen, an unauthorized user can get unfettered access to confidential data on your network. You also probably want to make sure that laptop a contractor just brought into your environment has the desktop firewall turned on, and current anti-malware protection in place, before you allow it to connect. These are sound, straightforward IT security practices—and you can’t use them if you’re using traditional PSKs or MAC authentication.

    There’s a better way to do this.

    A secure onboarding solution is an important element of a layered approach to IT security—and traditional PSKs and MAC authentication just don’t get the job done. Fortunately, Ruckus offers a solution that does: Cloudpath Enrollment System (ES). Cloudpath ES provides secure network access with role-based policy control for any user and any device—and you don’t have to swap out your WLAN or wired infrastructure to use it.

    You’ll always need to get BYOD users and guests up and running. By putting aside legacy access methods, you can do it without giving away the keys to the kingdom.

    Learn more about Cloudpath ES. You can also check out the product overview video:

    Net-Ctrl Blog - mobile

    Blistering Performance Starts with Cleaner Wi-Fi RF Signals

    December 8th, 2017

    By Helen Kim, CEO NanoSemi

    With each generation, Wi-Fi keeps getting faster. When will it be “fast enough?” Never! You’re talking to someone from Boston. Yeah, the Patriots won five Super Bowls, but Pittsburgh won six. We want more!

    I’m not making my Super Bowl pick just yet, but when it comes to Wi-Fi, I can tell you definitively: faster is coming. Much faster, with the emergence of 802.11ax, which by some accounts is the 6th Generation of Wi-Fi (6G anyone?). Using more and wider channels, higher modulation techniques and other elements of the new standard, tomorrow’s Wi-Fi will be 4 to 10x faster than today’s 802.11ac networks, delivering up to 1.2 Gbps per stream.

    Sounds great, right? Well, keep in mind that, for the moment, 802.11ax performance exists largely on paper and in the lab. Now, Wi-Fi device and chip vendors need to go out and make it happen in the real world. That means not just advertising huge throughput increases on a product box—but actually delivering them to clients at usable distances with good battery life. And doing that is a lot harder than it seems.

    Why is it so tough to bring ultra-fast Wi-Fi bandwidths to real-world devices at longer range with better battery life? To answer these questions, I’m going to need to nerd out a little. Join me on a journey to the center of the silicon that lives inside your Wi-Fi devices. I’m going to explain a radio frequency (RF) concept called “linearization,” and show why it holds the key to tomorrow’s lightning-fast Wi-Fi.

    Why are higher Wi-Fi bandwidths so hard to deliver?

    It’s not hard to achieve fast data rates when clients are right next to an access point (AP). To deliver good performance at a distance, however, Wi-Fi RF signals need a few important attributes. They have to be high-powered (so they can reach farther), while also being power-efficient. (A great-performing client that dies after an hour of use isn’t particularly useful.)

    Finally, the RF signal needs to be very clean. And that’s where it gets especially tricky, because every component in the chip that touches that signal (called the “RF signal chain”) can add noise, ultimately degrading performance.

    Now, I’ve mentioned that Wi-Fi RF signals need amplification. Those power amplifiers (PAs) inside RF transmitters are a major source of distortion. This is where “linearity” comes in. Linearity is a measure of the PA’s ability to amplify all the parts of a signal equally. More linearity means a cleaner signal and better throughput at longer distances. So if noisy PAs (and noisy signal chains overall) reduce linearity, we need to do something about it.

    New 802.11ax standards make things even harder.

    Achieving good linearity is a complex problem to begin with, and it gets more complex at wider Wi-Fi bandwidths, especially over 40 to 60 MHz. (And remember, under 802.11ax, individual channels may be 4x that wide, 160 MHz.) But that’s not the only challenge. 802.11ax devices will also use higher modulation rates (called quadrature amplitude modulation, or QAM). At the lower end, the 802.11ax standard will use 1024 QAM. The highest bandwidths could use 4096 QAM.

    As you climb up the ladder to higher QAM and Wi-Fi bandwidths, linearity becomes more and more important. Said simply: if you’re going to get to ultra-fast data rates, devices need much cleaner signal chains. This degree of cleanliness, measured by Error Vector Magnitude (EVM), is hard to achieve with the low-cost PAs commonly used in Wi-Fi systems.

    Below, you can see a constellation plot of a high-performance Wi-Fi RF signal (160 MHz bandwidth, using 4096 QAM modulation). When you clean up that signal with linearization (the right side of the figure), you get pinpoint clarity at higher bandwidths. When you don’t (left side), you end up with a lot of undifferentiated noise.

    Cleaning Up Wi-Fi RF

    NanoSemi, an early-stage venture-funded company spun out from MIT Lincoln Laboratories, is working with Wi-Fi system vendors like Ruckus, as well as silicon vendors, to significantly improve the Wi-Fi RF chain. We apply machine learning-based digital compensation to correct the entire signal chain—power amplifiers, filters and other components—at unprecedented bandwidths.

    We’re bringing linearization to new levels by automatically characterizing the signal chain, identifying nonlinear components and other impairments, and analyzing their impact on system performance. By doing this, we can improve EVM by up to 30 dB—and allow Wi-Fi vendors to unlock the full promise of 802.11ax.

    Wi-Fi RF Linearization in Action

    To show the power of NanoSemi’s linearization implementation, let’s look at a typical Wi-Fi PA designed to meet 802.11ac specs of 256 QAM and 80 MHz (480 Mbps). Using our linearization technology, that PA can achieve 802.11ax rates of 1024 QAM and 160MHz (1.2Gbps). And we can more than double both the power efficiency and output—leading to longer range at reduced power consumption. (You can read the detailed report here.)

    Another benefit of effective linearization is that vendors can use more efficient amplifiers. The most efficient PA designs such as Class B and Doherty PAs are capable of operating much more efficiently than the ones most vendors use today, but on their own, they’re very nonlinear. By using NanoSemi linearization technology, however, we can bump up PA efficiency from 4% to over 28%, while nearly doubling the power output (test report here). Once again, that translates to faster speeds, over wider bandwidths, with longer ranges and better battery life than any solution available today. For access points, the greater power efficiency leads to less power consumption on power over ethernet deployments.

    Learn More

    Much as I’d like to, I can’t promise another Patriots Super Bowl. But I can promise wider, faster and longer Wi-Fi in the near future. By working with companies like Ruckus to solve the linearization problem, we’re helping take blazing-fast 802.11ax performance out of the lab and into a device near you.

    View the original post by Helen Kim, CEO NonSemi at The Ruckus Room.

    Data Security: Today’s Essential Business Requirements

    December 8th, 2017


    Review the precautions below to minimize your risk of being breached and, just as importantly, minimize the damage in the unlikely event that you are.

    Famous Data Breaches

    In 2008, Heartland Payment Systems suffered what was, up to that time, the biggest data breach in U.S. history. Astoundingly, intruders had been roaming around behind Heartland’s firewall for weeks before the breach was detected. Millions of customers’ credit card numbers were accessed, and Heartland, the nation’s fifth largest payments processor, was almost destroyed. While one would have expected this to serve as a lesson for all companies that stored customer information, about five years later, the Target Corporation suffered an even bigger breach. The post-mortem done by both Heartland and Target revealed negligence and carelessness at the systems administration level, which was subsequently corrected. End of story? Nope. Just this past spring and summer, another high-profile breach occurred. This time, the victim was Equifax, the credit monitoring and reporting agency. And the damage was much more serious, as hackers accessed the entire credit files of millions of Equifax customers. The full extent of the damage done most likely won’t be known for years, if ever.

    Ransomware Rises

    As if breaches and data theft weren’t enough, the latest trend in systems chicanery, ransomware, is happening at an increasing pace. Unlike the massive breaches at Heartland, Target and Equifax, ransomware can be targeted at the individual computer user. And it has targeted individuals, sometimes demanding hundreds of dollars from the victims. The most notorious recent ransomware viruses, however, WannaCry and Petya, were aimed at commercial entities. That’s where the money is, after all.

    Someone’s Knockin’ at the Door

    Ultimately, breach prevention boils down to both systems and personnel. While nothing is foolproof, here are some steps that organizations and individuals should take to keep their data secure. Here’s a short, though certainly not exhaustive, list:

    1. Internal controls are essential. Know who has access to the data and closely monitor their usage patterns. Also, analyze your log monitors to detect suspicious activity. There is software that can make this less resource intensive.
    2. Always make sure any software patches are installed immediately. This is what sunk Equifax. A patch to Windows was ignored and the vulnerability exploited.
    3. Keep your firewall up to date.
    4. Encrypt your data. This may be the best advice of all.
    5. Backup your data. You don’t have to build a server farm. The cloud offers several affordable and secure options.
    6. Install malware prevention tools and keep up with version releases and updates.
    7. Turn off your computer when you are done working. If your computer isn’t on, no one can crack into it. It’s a pain, but a good way to minimize the chance of intrusion.
    8. Train all users on things to avoid. For example, make sure they know not to open email attachments from unknown third parties and that they are on the alert for things like bogus login pages.

    The Best Cure Is Prevention, But…

    In order to be truly proactive, every endpoint must be protected against every type of attack at every stage of the threat lifecycle. Traditional anti-virus software programs have represented only a partial solution. As Heartland contends, there is simply no way to make a system completely breach-proof, so quick detection of problems and fast remediation of them are essential. Next Gen from SentinelOne is uniquely suited to maximize prevention and increase the speed of detection and remediation.

    Conclusion: It’s Not Going Away

    The threats are going to continue and they are going to become increasingly sophisticated. Most of the remedies will be reactive, i.e. they will come after a breach has occurred. But by deploying a Next Gen solution like SentinelOne and taking the precautions above, you can minimize your risk of being breached, and, just as importantly, minimize the damage in the unlikely event that you are.

    Want to see how SentinelOne can help improve the effectiveness and efficiency of your security efforts?

    Request a Demo Now

    View the original post by SentinelOne.

    The Right IoT Mindset for 2018 and Beyond

    December 8th, 2017


    Just when companies thought they’ve successfully transitioned to a mobile work force, Internet of Things (IoT) devices have followed hot on the heels, tempting would be takers with unprecedented productivity and margins should they dare traverse the proverbial minefield.

    As IoT stands now, there is no clear swim lane, no tested and proven path of least resistance, no clear best practice for every implementation. Too many solutions, too little standards. Most of us know the destination – a network utopia of connected devices working harmoniously. Scalable, visible, secure. Is 2018 the year we lay the concrete over the IoT foundations?

    Applications Aplenty, Consolidations Coming

    It’ll be hard to find an industry not headed towards an IoT future:

    • Finance: Forget the cash. Contactless payments, biometrics, wearables
    • Transportation: Look, no hands! Driverless vehicles for you and I
    • Healthcare: Your family doctor without a pulse

    Price, complexity, compatibility, scalability – there’s clearly plenty to consider for traditional businesses wanting to adopt IoT. It’s currently a jungle out there, and we’re going to start seeing consolidation as victors emerge. The bigger fishes are primed and hungry for the technology and data acquisitions will bring.

    History Doesn’t Have to Repeat Itself

    As we race towards building infrastructure and apps (as we did with LAN years ago), as we invest heavily into transforming into Smart Nations, we absolutely need to keep security top of mind. Just think about the number of high-profile hacks, breaches, and threats we’ve read about this year. The vast majority of them could have been prevented.

    The stakes are higher than before. In 2018, data is going to be collected like never before. And increasingly personal data at that. Bank accounts, medical conditions, criminal histories, you name it. Security needs to be baked-in to every design concept and not a bolt-on at a later stage.

    Goodbye Corporate Device, Hello Dynamic Policies

    The company issued device is dead. Users want to use their own device to get their work done. And it shouldn’t matter whether they’re at home or in the office, users need that consistent user experience. But, with the multitude of corporate apps for dozens of different uses, admins have had to play a game of policy juggling. An exception here, an allowance there, each turn into a hole you punch in your firewall and perimeter defenses.

    Dynamic policies are the happy silver bullet here. Make decisions based on the user, their profile and therefore their policy. It shouldn’t matter where or how they’re connecting.

    The truth is there is no hard deadline here like the millennium bug, so the journeys we all take are bound to be different. The dynamic data centre of cloud and IoT is an exciting destination, and we’ll figure out the most optimal way there eventually. But till then, if we keep secure access in mind, our colleagues, users, stakeholders will thank us.

    View the original post by Don Tan at Pulse Secure.

    3 lessons to learn from Blade Runner 2049

    December 8th, 2017

    Last month, a very long wait came to an end for Blade Runner fans. Since the original (set in 2019) was released in 1982, a cult-following of fans from all over the world has been waiting (and hoping) for a sequel. 35 years later, their patience has been rewarded with a masterpiece; Blade Runner 2049 has been heralded as five-star blockbuster, visually stunning, and a philosophically profound classic.

    For those that haven’t seen it yet, here’s the trailer:

    2049 raises several questions that encourage us to think carefully about the future in relation to AI. Is there anything we can learn from the way the film deals with human and machine existence?

    1. AI’s potential is incredible, and for some unsettling

    The potential of artificial intelligence has been well-documented, particularly in the last few years. However, 2049 does highlight AI’s potential in a brilliant and concerning way. It shows us that if perfected, we might be able to create forms of the intelligence that could execute tasks, jobs and assignments more effectively than we humans ever could. Indeed, we’re getting close now when it comes to diagnosing some cancers.

    The performance of Ryan Gosling’s K throughout the film shows us incredible skill, reasoning, quick thinking, strength and bravery. If, someday, we become able to create replicants such as this, the possibilities are endless – these forms of intelligence could revolutionize everything, from education, to medicine, to services, to policing, to transport.

    In fact, we’re already seeing how machine-learning, in ways a precursor to a fully-realized AI, can enhance mobile marketing strategies and payments right now… and if these forms of AI continue to progress (which is likely), we may even see a Zero UI System (or screen-less) in the future, which would be truly incredible. For more on this fascinating concept, check out Rand Hindi’s Ted Talk.

    But the capability of AI in the film is unsettling. The potential of AI is wondrous, of course, but 2049 shows us a myriad of ethical problems and dilemmas relating to the rights and treatment of the film’s AI protagonists (known as replicants). And without providing too many spoilers, it also shows us the possibility of AI thinking completely independently, which is a difficult scenario for many to deal with. This brings us to our second lesson.

    2. Distrust of AI is highly likely

    Early into the story, we see a widespread distrust of replicants. The humans of 2049 are clearly uncomfortable in the presence of AI, and we’re already seeing some distrust today. A recent survey has found that 85% of Brits believe that AI in marketing should be governed by a key principle from the Blade Runner franchise, now known as the “Blade Runner rule”. This rule dictates that it is illegal for AI applications such as chatbots, social media bots and virtual assistants to conceal their identity and pose as humans. All companies considering the use of AI in these forms should bear this in mind, and ensure transparency, or risk alienating customers.

    3. AI could hold the key to building a truly connected world and greater civilizations

    If you’ve now watched the trailer above and listened carefully, you’ll remember how the eerie Niander Wallace claims that “every civilization was built off the back of a disposable workforce”. A chilling claim, but one with arguably some truth within it. Perhaps an AI-based workforce is the key to building an even greater world? It’s difficult to predict though, and ethical concerns spring to mind immediately. However, there is a point to be made when it comes to AI’s relationship with the IoT.

    The IoT is currently producing astounding volumes of data, so much that analysts won’t even come close to processing it all accurately. Simply put, big data is being produced more quickly than we can deal with it. One hope of getting a hold on it, and harnessing its potential is AI. It could be the only way to build an IoT to be proud of, and it’s something we’re working on with our Assurance Hub. This new platform aims to prevent online banking fraud through a detailed analysis of customer behaviour and biometric markers.

    View the original post by Gemalto.

    Ruckus joins the ARRIS family

    December 8th, 2017

    By Dan Rabinovitsj, President, Ruckus Networks, an ARRIS company

    Today we finalized the ARRIS acquisition of the Ruckus business! Our team is jubilant, relieved and ready to hit the ground running. I want to thank all of our partners, customers and employees for their loyalty, perseverance and passion throughout the past year as we found our way to our new home. Now that we are here at both the finish line and the starting gate, I want to provide more details about how our business fits into ARRIS and also share my thoughts on why the combination with ARRIS offers a compelling path forward for our business.

    Our updated brand name is “Ruckus Networks, an ARRIS company.” This reflects the expansion of our portfolio to include not only industry-leading wireless products, but also the integration of the high-performance ICX switching family to our overall portfolio. Internally, we will be called the Enterprise Networks business segment of ARRIS. This is important to understand because we will operate as a business unit with its own engineering, sales and marketing resources focused on the Enterprise market. This set-up will minimize integration time and ensure continuity for our partners and customers.

    However, please don’t construe the independence of our business unit as the creation of an island. The real value of integration with ARRIS will be to take advantage of our combined and complementary strengths:

    1. Continuity of user experience across all verticals and contexts. We see some of the most exciting innovation in networking starting in the residential market. The adoption of voice control, physical security, IoT, high density mesh and application visibility has taken off in the home and we want to exploit these trends in the Enterprise. Conversely, the performance expectations in the premium home segment are now closer to the Enterprise market, and we see opportunities to work with partners to create complete solutions for this segment using our combined assets. From the home, to the office, to school, to public venues like hotels, arenas and smart cities, ARRIS now has a soup-to-nuts capability in networking.

    2. Scale matters. Ruckus Networks is now integrated into a large and stable business with the potential for greater investment and ambition. This will become manifest in manufacturing, operations and supply chain but also in R&D where we will be able to tap into complementary skill sets and know-how from DOCSIS to Wi-Fi, Ethernet and Optical communications.

    3. Serving the Service Providers. In the service provider market, we believe we have a very clear leadership position in Wi-Fi with significant investments and commitment in all major markets serving residential, hotspot and managed services needs. Ruckus and ARRIS have common DNA in this area and can take advantage of our complementary footprint to better serve SPs of all shapes and sizes, while expanding our offer using our Ethernet switching, analytics from SCI and the Cloudpath security platform.

    4. Transition to Cloud. Ruckus and ARRIS both have strong commitments to the future transition to IaaS for networking. The combination will allow us to double-down on our Cloud investment, which is critical to our continued growth in the market.

    5. Technology Innovation. Finally, we share a passion for innovation such as our common interest in CBRS and the proliferation of OpenG LTE networks. ARRIS now has the potential to invest more aggressively on this front with solutions spanning the enterprise, smart city and residential markets using common platforms with a consistent user experience and integration with Wi-Fi. Some of our innovation will be focused on simplicity and hitting “the easy button” for networking. A great example of this is Unleashed and how we keep making this product family better and better for the SMB and premium home segment.

    This is the beginning of a new journey for our team, but we are nothing without our partners, distributors and customers. Ruckus Networks will work to earn the nickname, “the Partner Networking Company,” because nurturing our critical partner and customer relationships is the most important ingredient for future growth and scale.

    Thanks again for all of the support we have received from the Ruckus team who have humbled me with their passion, the ARRIS team who worked tirelessly to get this deal done, and to all of you who count yourselves as part of the Ruckus Pack.

    Your Worst Nightmare: Fileless Malware

    November 30th, 2017

    By now, everyone pretty much knows what malware is and how it works: Victims receive an email telling them that if they just open the attached PDF, their entire life will morph into heaven on earth. Or they get an email telling them that they need to click on a link to avoid blowing up the universe, or some such catastrophe. In any event, the malware can be stymied by simply not opening the attachment, clicking on the link or whatever. It’s pretty simple. Just educate the users not to open attachments from unfamiliar email senders, links from what appear to be legitimate e-commerce sites and so on. Bad actors defeated. World safe again.

    Unfortunately, the bad guys are hip to this, which is why a new type of cyberattack is taking hold: fileless malware. Unlike the malware described in the opening paragraph, fileless malware does not depend on the victim downloading any files. That’s because it doesn’t require any files. It invades systems in two ways:

    • The malware’s code resides in RAM or in the system registry.
    • The malware infects its host through scripts.

    Conventional Delivery Methods and Unconventional Purposes

    Even though files are not used to deliver the malicious code, phishing schemes can still be used to allow the code to infiltrate systems. For example, malicious code can be delivered in the form of a Word document, which, when opened, releases the malware. Of further concern is that fileless malware often uses anti-forensics techniques to erase its tracks, thus making it completely invisible.

    The purpose of fileless malware is most often similar to that of conventional attacks: get access to credentialed data and personal information. However, because of its stealthy and persistent nature, there is some suspicion that fileless malware will be used to support espionage activities and to set the stage for future acts of sabotage.

    Can Fileless Malware Be Stopped?

    The problem is complex. To begin with, organizations have to realize that processes that run scripts, like Microsoft PowerShell, are just as capable of delivering malware as processes that execute them, like opening a PDF. Secondly, companies must make sure that their employees are educated about the dangers of opening ANY attachments that aren’t from known senders, and third, every patch issued by any vendor must be installed immediately. This includes, of course, the antivirus software on the system, as well as the operating system itself. Simple steps like these can prevent a lot of future pain.

    Pick the Right Security Software

    It’s essential to realize that the threat is getting more common and the attackers more creative. Whether it’s through email spam with attachments, PowerShell or the Windows Registry database, fileless malware may very well try to find a home in the systems environment. The best defence against any type of malware attack is proper education and a multi-layered security software. When evaluating different security solutions to hinder the threat of fileless malware, there are several things to consider, including, but not limited, to:

    • What’s the vendor’s level of sophistication with regard to understanding the threat?
    • Will the vendor provide access to current users?
    • Is the software user reviewed? This can reveal things like ease of implementation and customer service.
    • Does it emphasize endpoint protection?
    • What’s the upgrade history? Once a year won’t hack it (no pun intended) in this environment.
    • Does the vendor offer a cyber warranty? Not many do, and this can tell a lot (mainly because it requires an insurance underwriter).

    The threat vectors are ever-increasing, but due diligence in employee education, and choosing the right security solution still offers the best chance of not becoming the next victim of the new bad kid on the block, fileless malware.

    Want to see how SentinelOne can stop file-less attacks? Request a Demo Now.

    View the original article by SetinelOne.

    Majority of consumers would stop doing business with companies following a data breach, finds Gemalto

    November 29th, 2017

    A majority (70%) of consumers would stop doing business with a company if it experienced a data breach, according to a survey of more than 10,000 consumers worldwide conducted on behalf of Gemalto, the world leader in digital security. In addition, seven in ten consumers (69%) feel businesses don’t take the security of customer data very seriously.

    Despite these concerns, the Gemalto study found that consumers are failing to adequately secure themselves, with over half (56%) still using the same password for multiple online accounts. Even when businesses offer robust security solutions, such as two-factor authentication, two fifths (41%) of consumers admit to not using the technology to secure social media accounts, leaving them vulnerable to data breaches.

    This may be because the majority of consumers (62%) believe the business holding their data is mostly responsible for its security. This is resulting in businesses being forced to take additional steps to protect consumers and enforce robust security measures, as well as educate them on the benefits of adopting these. Retailers (61%), banks (59%) and social media sites (58%) were found to have a lot of work to do, with these being sectors that consumers would leave if they suffered a breach.

    “Consumers are evidently happy to relinquish the responsibility of protecting their data to a business, but are expecting it to be kept secure without any effort on their part,” says Jason Hart, CTO, Identity and Data Protection at Gemalto. “In the face of upcoming data regulations such as GDPR, it’s now up to businesses to ensure they are forcing security protocols on their customers to keep data secure. It’s no longer enough to offer these solutions as an option. These protocols must be mandatory from the start – otherwise, businesses will face not only financial consequences but a potential legal action from consumers.”

    Despite their behaviour, consumers’ security concerns are high, as two thirds (67%) worry they will be victims of a data breach in the near future. Consequently, consumers now hold businesses accountable – if their data is stolen, the majority (93%) of consumers would take or consider taking legal action against the compromised business.

    Consumers Trust Some Industries More Than Others

    When it comes to the businesses that consumers trust least, over half (58%) believe that social media sites are one of the biggest threats to their data, with one in five (20%) fearful of travel sites – worryingly, one in ten (9%) think no sites pose a risk to them.

    On the other hand, a third (33%) of consumers trust banks the most with their personal data, despite them being frequent targets and victims of data breaches, with industry certified bodies (12%), device manufacturers (11%) and the government (10%) next on the list.

    Hart continues, “It’s astonishing that consumers are now putting their own data at risk, by failing to use these measures, despite growing concerns around their security. It’s resulting in an alarming amount of breaches – 80% – being caused by weak or previously stolen credentials. Something has to change soon on both the business and consumer sides or this is only going to get worse.”

    Additional Resources

    About the Survey

    10,500 Adult con sumers were interviewed by Vanson Bourne globally. Countries included were the US, UK, France, Germany, India, Japan, Australia, Brazil, Benelux, UAE and South Africa. All of those surveyed actively use online/mobile banking, social media accounts or online retail accounts.

    View the original post by Gemalto.

    The Cybersecurity Skills Gap Is Putting Businesses at Risk

    November 24th, 2017


    The gap between the supply of trained cybersecurity professionals and the demand for their skills is steadily widening. The ISACA reports that by 2019 the global cybersecurity shortage will reach two million jobs, and a Brocade global study reveals that 54% of businesses expect to struggle in the next year due to a lack of cybersecurity skills.

    Additionally, the rise of cyber-attacks over the last several years shows no sign of letting up. Not only are more and more attacks being created, but their sophistication continues to grow. Juniper Research reports that the average cost of a data breach could exceed $150 million by 2020 as more business infrastructure becomes connected, while globally the annual cost of cybercrime will rise above $21 trillion in 2019.

    Numbers aren’t everything, but it’s clear that many businesses will struggle to secure the talented individuals they need to protect their organisation – and further casualties are highly likely. At a time when cybersecurity skills are stretched, this could prove disastrous for many businesses.

    What does the cybersecurity skills gap mean for businesses?

    A Skills Gap Significantly Increases Cybersecurity Risk

    The lack of skilled cybersecurity experts is going to increase a business’ risk in several ways.

    To begin, fewer employees mean fewer eyes monitoring and fewer man-hours spent working. This increases the risk of a vulnerability lying unfixed until it is too late and, consequently, increases the overall likelihood of a breach occurring.

    Second, fewer workers mean businesses will be less prepared to respond in the event that a breach does occur. For many businesses, especially small to medium-sized enterprises, this can be devastating as long periods of downtime could spell potential bankruptcy for companies already in a weakened state following a breach.

    Ultimately, no matter the size or status of a business the skills gap overall effect is a significant increase in risk. It is highly likely that over the next few years, as threat actors become more sophisticated in their attack methods that we will see the effects of the skill gap amplified resulting in breaches that are even more damaging than those in recent memory.

    As Demand Increases, So Will Wages

    In addition to having to cope with a skills gap and the resulting risk this creates, businesses will also struggle to hold on to their top professionals.

    The high demand for cybersecurity talent, relative to supply, will cause wages and competition amongst employers to increase. Organisations that do not provide competitive offers will struggle to attract and retain skilled workers. When this happens organisations tend to fill the gaps by hiring less qualified professionals that they train to bring up to speed. The problem with this is as the individual’s skill set increases so do their demand in a competitive marketplace which means that the employer will still be forced to pay a higher wage or risk losing the time they have invested in that employee to a better offer.

    Technology Must Fill the Gap

    With the number of trained professionals forecast to fall far below demand, businesses will need to rely on their security tools to fill in the gaps more than ever before. Businesses should be constantly reviewing new tools on the market to see if emerging technologies offer any opportunity to fill in some of these gaps and provide more effective and efficient protection for critical systems.

    Ideally, an organisation’s security tools should augment their security team’s efforts and protect them against a broad array of attacks (including executables, document exploits, scripts and false credentials) throughout the entire threat life-cycle: pre-execution through post-execution.

    Conclusion

    The gap between the supply of trained cybersecurity professionals and the demand for their skills is only going to continue to widen as we move forward. As a result of this, businesses will face increased risk, increased employment costs, and a growing reliance on tools that improve security efforts. Businesses need to be aware of and have a plan for dealing with these challenges, otherwise, we will continue to see more and more high profile breaches over the next several years.

    View the original article by SentinelOne.

    Ruckus Launches New Versatile Switch Family for Next Generation Networks

    November 20th, 2017

    Ruckus, today announced a new family of switches to support next-generation network edge and aggregation/core requirements. The Ruckus ICX® 7650 family delivers high-performance switching capabilities to meet current and future network demands, including high-density 802.11ac / 802.11ax Wi-Fi deployments, UHD video streaming, line rate encryption and single point of management.

    The Ruckus ICX 7650 is the industry’s highest performing, scalable edge switch to deliver support for 100 Gigabit Ethernet—the highest port density for IEEE 802.3bz (multi-gigabit) Ethernet ports, along with the highest number of IEEE 802.3bt-ready (90 W PoE) ports on the market today. This family is the first fixed configuration switch to offer 100 Gigabit Ethernet for campus networks.

    “As more wireless users access cloud and data-intensive applications on their devices, the demand for high-speed, resilient edge networks continues to increase,” said Siva Valliappan, vice president of campus product management, Ruckus. “The innovative technology behind the ICX 7650 switch family captures all these requirements, enabling users to scale and future-proof their network infrastructure to meet the increasing demand of wired and wireless network requirements for seven to ten years.”

    The high-performance Ruckus ICX 7650 family offers a flexible, scalable architecture for simplified management and is available as a multi-gigabit access switch or a medium core/aggregation switch. The ICX 7650 is the industry’s first multi-gigabit (IEEE 802.3bz) Ethernet stackable switch with 100GbE connectivity, In-Service Software Upgrades (ISSU) for high availability in a stack, up to 90 Watts (IEEE 802.3bt ready) of PoE power per port and dual hot-swappable power supplies and fans for added resiliency. The ICX 7650 has fixed 40 Gigabit and 100 Gigabit Ethernet ports that can be used as uplinks or stacking ports, further supplementing user bandwidth requirements by providing modular uplinks that can scale from 10 to 100 Gigabits. With all the features of ICX switches, such as simplified management with campus fabric and advanced stacking capabilities, these switches are ideal for customers in markets with high-bandwidth requirements including education, hospitality, federal government and small-to-medium enterprise (SME).

    “The new Ruckus ICX 7650 switch expands Ruckus’ offering in multi-gigabit Ethernet switching, delivering more multi-gigabit ports, higher performance with up to 100G uplinks and more PoE power to support high density wireless deployments, including future Wi-Fi standards such as 802.11ax and beyond,” said Nolan Greene, senior research analyst, enterprise networks, IDC. “This new family of switches is well suited for many vertical segments including Primary and Higher Education, Carpeted Enterprise, Large Public Venues and Government markets that value a high-performance, future-proof network platform.”

    Features for Ruckus ICX 7650 Family

    The new ICX 7650 family includes three new models including:
    1) the ICX 7650-48ZP multi-gigabit access switch.
    2) the ICX7650-48F core/aggregation switch.
    3) ICX 7650-48P high-performance gigabit switch.

  • The ICX 7650-48ZP access switch provides 24 ports of multi-gigabit (IEEE 802.3bz) Ethernet ports to also support 90 W of PoE power (IEEE 802.3bt ready), as well as 24 ports of Gigabit Ethernet to support PoE+.
  • The ICX 7650-48F core/aggregation switch provides a high-performance platform with up to 24 10G and 24 1G fiber ports with the premium L3 features of a large core switch as well as 256-bit MACsec line rate encryption.
  • The ICX 7650-48P can be flexibly deployed in multiple management models – as a stack of up to 12 switches, stacked over long distances up to 10 km, or in a fabric bringing the ease of plug-and-play while retaining a secure and scalable design.
  • ​With the advancement of Wi-Fi technologies delivered by 802.11ac and 802.11ax capable APs, customers require networks that will support their current and future needs. The ICX 7650 provides the right network infrastructure delivering high-performance connectivity for existing and future Wi-Fi networks where reliability, simplified management and future-proofing is essential.

    What’s Wrong with PSKs and MAC Authentication for BYOD?

    November 20th, 2017

    When a BYOD user or visitor needs network access, how do you roll out the welcome mat without leaving the door wide open to anyone who wanders by? Plenty of organizations use conventional pre-shared keys or MAC authentication to get BYOD users and visitors on the network. Seems reasonable—until you learn that these mechanisms come with serious security flaws. What’s so bad about traditional pre-shared keys (PSKs) and MAC authentication for guest and BYOD onboarding from an IT security perspective? Let’s find some answers.

    What’s the problem with pre-shared keys?

    When users ask for “the Wi-Fi password”, they are using the common vernacular for pre-shared keys. Suppose an IT administrator sets up a Wi-Fi SSID with an assigned PSK, and then simply gives that PSK to anyone who requires network access. Maybe you even use this approach yourself—why not? Well, for a few reasons.

    Start with the fact that when you have a single Wi-Fi password, you have no way to control who has access to it. Users can—and do—share Wi-Fi passwords with others, even people you might not want to have access to your network.

    When everybody’s sharing the same password, there’s also no way to revoke access to an individual user—say, when someone leaves the organization. Do you really want former employees to be able to just hop on your network after they’ve left? Probably not. But you can’t change that password without disrupting access for everyone—so you might be tempted never to change it. Not a good policy.

    OK, then what about MAC Authentication?

    At least PSKs encrypt data traffic in transit over the air. When you use MAC authentication to provide network access for BYOD and guest users, that’s not the case. Anyone can intercept that data traffic. Attackers also find it easy to spoof MAC addresses and thereby gain unauthorized access to the network.

    Heard enough? There’s more.

    With both PSKs and MAC authentication, you have no way to associate each device with a user. Suppose you become aware of a device that’s wasting bandwidth by downloading huge video files—and, even worse, it’s copyrighted content being downloaded illegally over your network. You would want to put a stop to that right away. If you have no way to link that device with a specific person, good luck figuring out who it is.

    Secure environments use “role-based access” to control what different types of users can do on the network. On a K-12 school network, for example, you might want to let teachers access Netflix to play a documentary but block that application for students. Or you might need to restrict access to a server housing sensitive student data to only a few privileged users. If you use PSKs or MAC authentication to grant access, you can forget it—neither works with your infrastructure to support granular policy enforcement.

    Additionally, neither traditional PSKs nor MAC authentication let you perform an up-front assessment of a device’s security posture, or automatically remediate any issues discovered. For example, before you let a BYOD user on the network, you probably want to make sure that tablet he’s about to connect has a passcode enabled. Otherwise, when it’s lost or stolen, an unauthorized user can get unfettered access to confidential data on your network. You also probably want to make sure that laptop a contractor just brought into your environment has the desktop firewall turned on, and current anti-malware protection in place, before you allow it to connect. These are sound, straightforward IT security practices—and you can’t use them if you’re using traditional PSKs or MAC authentication.

    There’s a better way to do this.

    A secure onboarding solution is an important element of a layered approach to IT security—and traditional PSKs and MAC authentication just don’t get the job done. Fortunately, Ruckus offers a solution that does: Cloudpath Enrollment System (ES). Cloudpath ES provides secure network access with role-based policy control for any user and any device—and you don’t have to swap out your WLAN or wired infrastructure to use it.

    You’ll always need to get BYOD users and guests up and running. By putting aside legacy access methods, you can do it without giving away the keys to the kingdom.

    Learn more about Cloudpath ES. You can also check out the product overview video:

    Net-Ctrl Blog

    Blistering Performance Starts with Cleaner Wi-Fi RF Signals

    December 8th, 2017

    By Helen Kim, CEO NanoSemi

    With each generation, Wi-Fi keeps getting faster. When will it be “fast enough?” Never! You’re talking to someone from Boston. Yeah, the Patriots won five Super Bowls, but Pittsburgh won six. We want more!

    I’m not making my Super Bowl pick just yet, but when it comes to Wi-Fi, I can tell you definitively: faster is coming. Much faster, with the emergence of 802.11ax, which by some accounts is the 6th Generation of Wi-Fi (6G anyone?). Using more and wider channels, higher modulation techniques and other elements of the new standard, tomorrow’s Wi-Fi will be 4 to 10x faster than today’s 802.11ac networks, delivering up to 1.2 Gbps per stream.

    Sounds great, right? Well, keep in mind that, for the moment, 802.11ax performance exists largely on paper and in the lab. Now, Wi-Fi device and chip vendors need to go out and make it happen in the real world. That means not just advertising huge throughput increases on a product box—but actually delivering them to clients at usable distances with good battery life. And doing that is a lot harder than it seems.

    Why is it so tough to bring ultra-fast Wi-Fi bandwidths to real-world devices at longer range with better battery life? To answer these questions, I’m going to need to nerd out a little. Join me on a journey to the center of the silicon that lives inside your Wi-Fi devices. I’m going to explain a radio frequency (RF) concept called “linearization,” and show why it holds the key to tomorrow’s lightning-fast Wi-Fi.

    Why are higher Wi-Fi bandwidths so hard to deliver?

    It’s not hard to achieve fast data rates when clients are right next to an access point (AP). To deliver good performance at a distance, however, Wi-Fi RF signals need a few important attributes. They have to be high-powered (so they can reach farther), while also being power-efficient. (A great-performing client that dies after an hour of use isn’t particularly useful.)

    Finally, the RF signal needs to be very clean. And that’s where it gets especially tricky, because every component in the chip that touches that signal (called the “RF signal chain”) can add noise, ultimately degrading performance.

    Now, I’ve mentioned that Wi-Fi RF signals need amplification. Those power amplifiers (PAs) inside RF transmitters are a major source of distortion. This is where “linearity” comes in. Linearity is a measure of the PA’s ability to amplify all the parts of a signal equally. More linearity means a cleaner signal and better throughput at longer distances. So if noisy PAs (and noisy signal chains overall) reduce linearity, we need to do something about it.

    New 802.11ax standards make things even harder.

    Achieving good linearity is a complex problem to begin with, and it gets more complex at wider Wi-Fi bandwidths, especially over 40 to 60 MHz. (And remember, under 802.11ax, individual channels may be 4x that wide, 160 MHz.) But that’s not the only challenge. 802.11ax devices will also use higher modulation rates (called quadrature amplitude modulation, or QAM). At the lower end, the 802.11ax standard will use 1024 QAM. The highest bandwidths could use 4096 QAM.

    As you climb up the ladder to higher QAM and Wi-Fi bandwidths, linearity becomes more and more important. Said simply: if you’re going to get to ultra-fast data rates, devices need much cleaner signal chains. This degree of cleanliness, measured by Error Vector Magnitude (EVM), is hard to achieve with the low-cost PAs commonly used in Wi-Fi systems.

    Below, you can see a constellation plot of a high-performance Wi-Fi RF signal (160 MHz bandwidth, using 4096 QAM modulation). When you clean up that signal with linearization (the right side of the figure), you get pinpoint clarity at higher bandwidths. When you don’t (left side), you end up with a lot of undifferentiated noise.

    Cleaning Up Wi-Fi RF

    NanoSemi, an early-stage venture-funded company spun out from MIT Lincoln Laboratories, is working with Wi-Fi system vendors like Ruckus, as well as silicon vendors, to significantly improve the Wi-Fi RF chain. We apply machine learning-based digital compensation to correct the entire signal chain—power amplifiers, filters and other components—at unprecedented bandwidths.

    We’re bringing linearization to new levels by automatically characterizing the signal chain, identifying nonlinear components and other impairments, and analyzing their impact on system performance. By doing this, we can improve EVM by up to 30 dB—and allow Wi-Fi vendors to unlock the full promise of 802.11ax.

    Wi-Fi RF Linearization in Action

    To show the power of NanoSemi’s linearization implementation, let’s look at a typical Wi-Fi PA designed to meet 802.11ac specs of 256 QAM and 80 MHz (480 Mbps). Using our linearization technology, that PA can achieve 802.11ax rates of 1024 QAM and 160MHz (1.2Gbps). And we can more than double both the power efficiency and output—leading to longer range at reduced power consumption. (You can read the detailed report here.)

    Another benefit of effective linearization is that vendors can use more efficient amplifiers. The most efficient PA designs such as Class B and Doherty PAs are capable of operating much more efficiently than the ones most vendors use today, but on their own, they’re very nonlinear. By using NanoSemi linearization technology, however, we can bump up PA efficiency from 4% to over 28%, while nearly doubling the power output (test report here). Once again, that translates to faster speeds, over wider bandwidths, with longer ranges and better battery life than any solution available today. For access points, the greater power efficiency leads to less power consumption on power over ethernet deployments.

    Learn More

    Much as I’d like to, I can’t promise another Patriots Super Bowl. But I can promise wider, faster and longer Wi-Fi in the near future. By working with companies like Ruckus to solve the linearization problem, we’re helping take blazing-fast 802.11ax performance out of the lab and into a device near you.

    View the original post by Helen Kim, CEO NonSemi at The Ruckus Room.

    Data Security: Today’s Essential Business Requirements

    December 8th, 2017


    Review the precautions below to minimize your risk of being breached and, just as importantly, minimize the damage in the unlikely event that you are.

    Famous Data Breaches

    In 2008, Heartland Payment Systems suffered what was, up to that time, the biggest data breach in U.S. history. Astoundingly, intruders had been roaming around behind Heartland’s firewall for weeks before the breach was detected. Millions of customers’ credit card numbers were accessed, and Heartland, the nation’s fifth largest payments processor, was almost destroyed. While one would have expected this to serve as a lesson for all companies that stored customer information, about five years later, the Target Corporation suffered an even bigger breach. The post-mortem done by both Heartland and Target revealed negligence and carelessness at the systems administration level, which was subsequently corrected. End of story? Nope. Just this past spring and summer, another high-profile breach occurred. This time, the victim was Equifax, the credit monitoring and reporting agency. And the damage was much more serious, as hackers accessed the entire credit files of millions of Equifax customers. The full extent of the damage done most likely won’t be known for years, if ever.

    Ransomware Rises

    As if breaches and data theft weren’t enough, the latest trend in systems chicanery, ransomware, is happening at an increasing pace. Unlike the massive breaches at Heartland, Target and Equifax, ransomware can be targeted at the individual computer user. And it has targeted individuals, sometimes demanding hundreds of dollars from the victims. The most notorious recent ransomware viruses, however, WannaCry and Petya, were aimed at commercial entities. That’s where the money is, after all.

    Someone’s Knockin’ at the Door

    Ultimately, breach prevention boils down to both systems and personnel. While nothing is foolproof, here are some steps that organizations and individuals should take to keep their data secure. Here’s a short, though certainly not exhaustive, list:

    1. Internal controls are essential. Know who has access to the data and closely monitor their usage patterns. Also, analyze your log monitors to detect suspicious activity. There is software that can make this less resource intensive.
    2. Always make sure any software patches are installed immediately. This is what sunk Equifax. A patch to Windows was ignored and the vulnerability exploited.
    3. Keep your firewall up to date.
    4. Encrypt your data. This may be the best advice of all.
    5. Backup your data. You don’t have to build a server farm. The cloud offers several affordable and secure options.
    6. Install malware prevention tools and keep up with version releases and updates.
    7. Turn off your computer when you are done working. If your computer isn’t on, no one can crack into it. It’s a pain, but a good way to minimize the chance of intrusion.
    8. Train all users on things to avoid. For example, make sure they know not to open email attachments from unknown third parties and that they are on the alert for things like bogus login pages.

    The Best Cure Is Prevention, But…

    In order to be truly proactive, every endpoint must be protected against every type of attack at every stage of the threat lifecycle. Traditional anti-virus software programs have represented only a partial solution. As Heartland contends, there is simply no way to make a system completely breach-proof, so quick detection of problems and fast remediation of them are essential. Next Gen from SentinelOne is uniquely suited to maximize prevention and increase the speed of detection and remediation.

    Conclusion: It’s Not Going Away

    The threats are going to continue and they are going to become increasingly sophisticated. Most of the remedies will be reactive, i.e. they will come after a breach has occurred. But by deploying a Next Gen solution like SentinelOne and taking the precautions above, you can minimize your risk of being breached, and, just as importantly, minimize the damage in the unlikely event that you are.

    Want to see how SentinelOne can help improve the effectiveness and efficiency of your security efforts?

    Request a Demo Now

    View the original post by SentinelOne.

    The Right IoT Mindset for 2018 and Beyond

    December 8th, 2017


    Just when companies thought they’ve successfully transitioned to a mobile work force, Internet of Things (IoT) devices have followed hot on the heels, tempting would be takers with unprecedented productivity and margins should they dare traverse the proverbial minefield.

    As IoT stands now, there is no clear swim lane, no tested and proven path of least resistance, no clear best practice for every implementation. Too many solutions, too little standards. Most of us know the destination – a network utopia of connected devices working harmoniously. Scalable, visible, secure. Is 2018 the year we lay the concrete over the IoT foundations?

    Applications Aplenty, Consolidations Coming

    It’ll be hard to find an industry not headed towards an IoT future:

    • Finance: Forget the cash. Contactless payments, biometrics, wearables
    • Transportation: Look, no hands! Driverless vehicles for you and I
    • Healthcare: Your family doctor without a pulse

    Price, complexity, compatibility, scalability – there’s clearly plenty to consider for traditional businesses wanting to adopt IoT. It’s currently a jungle out there, and we’re going to start seeing consolidation as victors emerge. The bigger fishes are primed and hungry for the technology and data acquisitions will bring.

    History Doesn’t Have to Repeat Itself

    As we race towards building infrastructure and apps (as we did with LAN years ago), as we invest heavily into transforming into Smart Nations, we absolutely need to keep security top of mind. Just think about the number of high-profile hacks, breaches, and threats we’ve read about this year. The vast majority of them could have been prevented.

    The stakes are higher than before. In 2018, data is going to be collected like never before. And increasingly personal data at that. Bank accounts, medical conditions, criminal histories, you name it. Security needs to be baked-in to every design concept and not a bolt-on at a later stage.

    Goodbye Corporate Device, Hello Dynamic Policies

    The company issued device is dead. Users want to use their own device to get their work done. And it shouldn’t matter whether they’re at home or in the office, users need that consistent user experience. But, with the multitude of corporate apps for dozens of different uses, admins have had to play a game of policy juggling. An exception here, an allowance there, each turn into a hole you punch in your firewall and perimeter defenses.

    Dynamic policies are the happy silver bullet here. Make decisions based on the user, their profile and therefore their policy. It shouldn’t matter where or how they’re connecting.

    The truth is there is no hard deadline here like the millennium bug, so the journeys we all take are bound to be different. The dynamic data centre of cloud and IoT is an exciting destination, and we’ll figure out the most optimal way there eventually. But till then, if we keep secure access in mind, our colleagues, users, stakeholders will thank us.

    View the original post by Don Tan at Pulse Secure.

    3 lessons to learn from Blade Runner 2049

    December 8th, 2017

    Last month, a very long wait came to an end for Blade Runner fans. Since the original (set in 2019) was released in 1982, a cult-following of fans from all over the world has been waiting (and hoping) for a sequel. 35 years later, their patience has been rewarded with a masterpiece; Blade Runner 2049 has been heralded as five-star blockbuster, visually stunning, and a philosophically profound classic.

    For those that haven’t seen it yet, here’s the trailer:

    2049 raises several questions that encourage us to think carefully about the future in relation to AI. Is there anything we can learn from the way the film deals with human and machine existence?

    1. AI’s potential is incredible, and for some unsettling

    The potential of artificial intelligence has been well-documented, particularly in the last few years. However, 2049 does highlight AI’s potential in a brilliant and concerning way. It shows us that if perfected, we might be able to create forms of the intelligence that could execute tasks, jobs and assignments more effectively than we humans ever could. Indeed, we’re getting close now when it comes to diagnosing some cancers.

    The performance of Ryan Gosling’s K throughout the film shows us incredible skill, reasoning, quick thinking, strength and bravery. If, someday, we become able to create replicants such as this, the possibilities are endless – these forms of intelligence could revolutionize everything, from education, to medicine, to services, to policing, to transport.

    In fact, we’re already seeing how machine-learning, in ways a precursor to a fully-realized AI, can enhance mobile marketing strategies and payments right now… and if these forms of AI continue to progress (which is likely), we may even see a Zero UI System (or screen-less) in the future, which would be truly incredible. For more on this fascinating concept, check out Rand Hindi’s Ted Talk.

    But the capability of AI in the film is unsettling. The potential of AI is wondrous, of course, but 2049 shows us a myriad of ethical problems and dilemmas relating to the rights and treatment of the film’s AI protagonists (known as replicants). And without providing too many spoilers, it also shows us the possibility of AI thinking completely independently, which is a difficult scenario for many to deal with. This brings us to our second lesson.

    2. Distrust of AI is highly likely

    Early into the story, we see a widespread distrust of replicants. The humans of 2049 are clearly uncomfortable in the presence of AI, and we’re already seeing some distrust today. A recent survey has found that 85% of Brits believe that AI in marketing should be governed by a key principle from the Blade Runner franchise, now known as the “Blade Runner rule”. This rule dictates that it is illegal for AI applications such as chatbots, social media bots and virtual assistants to conceal their identity and pose as humans. All companies considering the use of AI in these forms should bear this in mind, and ensure transparency, or risk alienating customers.

    3. AI could hold the key to building a truly connected world and greater civilizations

    If you’ve now watched the trailer above and listened carefully, you’ll remember how the eerie Niander Wallace claims that “every civilization was built off the back of a disposable workforce”. A chilling claim, but one with arguably some truth within it. Perhaps an AI-based workforce is the key to building an even greater world? It’s difficult to predict though, and ethical concerns spring to mind immediately. However, there is a point to be made when it comes to AI’s relationship with the IoT.

    The IoT is currently producing astounding volumes of data, so much that analysts won’t even come close to processing it all accurately. Simply put, big data is being produced more quickly than we can deal with it. One hope of getting a hold on it, and harnessing its potential is AI. It could be the only way to build an IoT to be proud of, and it’s something we’re working on with our Assurance Hub. This new platform aims to prevent online banking fraud through a detailed analysis of customer behaviour and biometric markers.

    View the original post by Gemalto.

    Ruckus joins the ARRIS family

    December 8th, 2017

    By Dan Rabinovitsj, President, Ruckus Networks, an ARRIS company

    Today we finalized the ARRIS acquisition of the Ruckus business! Our team is jubilant, relieved and ready to hit the ground running. I want to thank all of our partners, customers and employees for their loyalty, perseverance and passion throughout the past year as we found our way to our new home. Now that we are here at both the finish line and the starting gate, I want to provide more details about how our business fits into ARRIS and also share my thoughts on why the combination with ARRIS offers a compelling path forward for our business.

    Our updated brand name is “Ruckus Networks, an ARRIS company.” This reflects the expansion of our portfolio to include not only industry-leading wireless products, but also the integration of the high-performance ICX switching family to our overall portfolio. Internally, we will be called the Enterprise Networks business segment of ARRIS. This is important to understand because we will operate as a business unit with its own engineering, sales and marketing resources focused on the Enterprise market. This set-up will minimize integration time and ensure continuity for our partners and customers.

    However, please don’t construe the independence of our business unit as the creation of an island. The real value of integration with ARRIS will be to take advantage of our combined and complementary strengths:

    1. Continuity of user experience across all verticals and contexts. We see some of the most exciting innovation in networking starting in the residential market. The adoption of voice control, physical security, IoT, high density mesh and application visibility has taken off in the home and we want to exploit these trends in the Enterprise. Conversely, the performance expectations in the premium home segment are now closer to the Enterprise market, and we see opportunities to work with partners to create complete solutions for this segment using our combined assets. From the home, to the office, to school, to public venues like hotels, arenas and smart cities, ARRIS now has a soup-to-nuts capability in networking.

    2. Scale matters. Ruckus Networks is now integrated into a large and stable business with the potential for greater investment and ambition. This will become manifest in manufacturing, operations and supply chain but also in R&D where we will be able to tap into complementary skill sets and know-how from DOCSIS to Wi-Fi, Ethernet and Optical communications.

    3. Serving the Service Providers. In the service provider market, we believe we have a very clear leadership position in Wi-Fi with significant investments and commitment in all major markets serving residential, hotspot and managed services needs. Ruckus and ARRIS have common DNA in this area and can take advantage of our complementary footprint to better serve SPs of all shapes and sizes, while expanding our offer using our Ethernet switching, analytics from SCI and the Cloudpath security platform.

    4. Transition to Cloud. Ruckus and ARRIS both have strong commitments to the future transition to IaaS for networking. The combination will allow us to double-down on our Cloud investment, which is critical to our continued growth in the market.

    5. Technology Innovation. Finally, we share a passion for innovation such as our common interest in CBRS and the proliferation of OpenG LTE networks. ARRIS now has the potential to invest more aggressively on this front with solutions spanning the enterprise, smart city and residential markets using common platforms with a consistent user experience and integration with Wi-Fi. Some of our innovation will be focused on simplicity and hitting “the easy button” for networking. A great example of this is Unleashed and how we keep making this product family better and better for the SMB and premium home segment.

    This is the beginning of a new journey for our team, but we are nothing without our partners, distributors and customers. Ruckus Networks will work to earn the nickname, “the Partner Networking Company,” because nurturing our critical partner and customer relationships is the most important ingredient for future growth and scale.

    Thanks again for all of the support we have received from the Ruckus team who have humbled me with their passion, the ARRIS team who worked tirelessly to get this deal done, and to all of you who count yourselves as part of the Ruckus Pack.

    Your Worst Nightmare: Fileless Malware

    November 30th, 2017

    By now, everyone pretty much knows what malware is and how it works: Victims receive an email telling them that if they just open the attached PDF, their entire life will morph into heaven on earth. Or they get an email telling them that they need to click on a link to avoid blowing up the universe, or some such catastrophe. In any event, the malware can be stymied by simply not opening the attachment, clicking on the link or whatever. It’s pretty simple. Just educate the users not to open attachments from unfamiliar email senders, links from what appear to be legitimate e-commerce sites and so on. Bad actors defeated. World safe again.

    Unfortunately, the bad guys are hip to this, which is why a new type of cyberattack is taking hold: fileless malware. Unlike the malware described in the opening paragraph, fileless malware does not depend on the victim downloading any files. That’s because it doesn’t require any files. It invades systems in two ways:

    • The malware’s code resides in RAM or in the system registry.
    • The malware infects its host through scripts.

    Conventional Delivery Methods and Unconventional Purposes

    Even though files are not used to deliver the malicious code, phishing schemes can still be used to allow the code to infiltrate systems. For example, malicious code can be delivered in the form of a Word document, which, when opened, releases the malware. Of further concern is that fileless malware often uses anti-forensics techniques to erase its tracks, thus making it completely invisible.

    The purpose of fileless malware is most often similar to that of conventional attacks: get access to credentialed data and personal information. However, because of its stealthy and persistent nature, there is some suspicion that fileless malware will be used to support espionage activities and to set the stage for future acts of sabotage.

    Can Fileless Malware Be Stopped?

    The problem is complex. To begin with, organizations have to realize that processes that run scripts, like Microsoft PowerShell, are just as capable of delivering malware as processes that execute them, like opening a PDF. Secondly, companies must make sure that their employees are educated about the dangers of opening ANY attachments that aren’t from known senders, and third, every patch issued by any vendor must be installed immediately. This includes, of course, the antivirus software on the system, as well as the operating system itself. Simple steps like these can prevent a lot of future pain.

    Pick the Right Security Software

    It’s essential to realize that the threat is getting more common and the attackers more creative. Whether it’s through email spam with attachments, PowerShell or the Windows Registry database, fileless malware may very well try to find a home in the systems environment. The best defence against any type of malware attack is proper education and a multi-layered security software. When evaluating different security solutions to hinder the threat of fileless malware, there are several things to consider, including, but not limited, to:

    • What’s the vendor’s level of sophistication with regard to understanding the threat?
    • Will the vendor provide access to current users?
    • Is the software user reviewed? This can reveal things like ease of implementation and customer service.
    • Does it emphasize endpoint protection?
    • What’s the upgrade history? Once a year won’t hack it (no pun intended) in this environment.
    • Does the vendor offer a cyber warranty? Not many do, and this can tell a lot (mainly because it requires an insurance underwriter).

    The threat vectors are ever-increasing, but due diligence in employee education, and choosing the right security solution still offers the best chance of not becoming the next victim of the new bad kid on the block, fileless malware.

    Want to see how SentinelOne can stop file-less attacks? Request a Demo Now.

    View the original article by SetinelOne.

    Majority of consumers would stop doing business with companies following a data breach, finds Gemalto

    November 29th, 2017

    A majority (70%) of consumers would stop doing business with a company if it experienced a data breach, according to a survey of more than 10,000 consumers worldwide conducted on behalf of Gemalto, the world leader in digital security. In addition, seven in ten consumers (69%) feel businesses don’t take the security of customer data very seriously.

    Despite these concerns, the Gemalto study found that consumers are failing to adequately secure themselves, with over half (56%) still using the same password for multiple online accounts. Even when businesses offer robust security solutions, such as two-factor authentication, two fifths (41%) of consumers admit to not using the technology to secure social media accounts, leaving them vulnerable to data breaches.

    This may be because the majority of consumers (62%) believe the business holding their data is mostly responsible for its security. This is resulting in businesses being forced to take additional steps to protect consumers and enforce robust security measures, as well as educate them on the benefits of adopting these. Retailers (61%), banks (59%) and social media sites (58%) were found to have a lot of work to do, with these being sectors that consumers would leave if they suffered a breach.

    “Consumers are evidently happy to relinquish the responsibility of protecting their data to a business, but are expecting it to be kept secure without any effort on their part,” says Jason Hart, CTO, Identity and Data Protection at Gemalto. “In the face of upcoming data regulations such as GDPR, it’s now up to businesses to ensure they are forcing security protocols on their customers to keep data secure. It’s no longer enough to offer these solutions as an option. These protocols must be mandatory from the start – otherwise, businesses will face not only financial consequences but a potential legal action from consumers.”

    Despite their behaviour, consumers’ security concerns are high, as two thirds (67%) worry they will be victims of a data breach in the near future. Consequently, consumers now hold businesses accountable – if their data is stolen, the majority (93%) of consumers would take or consider taking legal action against the compromised business.

    Consumers Trust Some Industries More Than Others

    When it comes to the businesses that consumers trust least, over half (58%) believe that social media sites are one of the biggest threats to their data, with one in five (20%) fearful of travel sites – worryingly, one in ten (9%) think no sites pose a risk to them.

    On the other hand, a third (33%) of consumers trust banks the most with their personal data, despite them being frequent targets and victims of data breaches, with industry certified bodies (12%), device manufacturers (11%) and the government (10%) next on the list.

    Hart continues, “It’s astonishing that consumers are now putting their own data at risk, by failing to use these measures, despite growing concerns around their security. It’s resulting in an alarming amount of breaches – 80% – being caused by weak or previously stolen credentials. Something has to change soon on both the business and consumer sides or this is only going to get worse.”

    Additional Resources

    About the Survey

    10,500 Adult con sumers were interviewed by Vanson Bourne globally. Countries included were the US, UK, France, Germany, India, Japan, Australia, Brazil, Benelux, UAE and South Africa. All of those surveyed actively use online/mobile banking, social media accounts or online retail accounts.

    View the original post by Gemalto.

    The Cybersecurity Skills Gap Is Putting Businesses at Risk

    November 24th, 2017


    The gap between the supply of trained cybersecurity professionals and the demand for their skills is steadily widening. The ISACA reports that by 2019 the global cybersecurity shortage will reach two million jobs, and a Brocade global study reveals that 54% of businesses expect to struggle in the next year due to a lack of cybersecurity skills.

    Additionally, the rise of cyber-attacks over the last several years shows no sign of letting up. Not only are more and more attacks being created, but their sophistication continues to grow. Juniper Research reports that the average cost of a data breach could exceed $150 million by 2020 as more business infrastructure becomes connected, while globally the annual cost of cybercrime will rise above $21 trillion in 2019.

    Numbers aren’t everything, but it’s clear that many businesses will struggle to secure the talented individuals they need to protect their organisation – and further casualties are highly likely. At a time when cybersecurity skills are stretched, this could prove disastrous for many businesses.

    What does the cybersecurity skills gap mean for businesses?

    A Skills Gap Significantly Increases Cybersecurity Risk

    The lack of skilled cybersecurity experts is going to increase a business’ risk in several ways.

    To begin, fewer employees mean fewer eyes monitoring and fewer man-hours spent working. This increases the risk of a vulnerability lying unfixed until it is too late and, consequently, increases the overall likelihood of a breach occurring.

    Second, fewer workers mean businesses will be less prepared to respond in the event that a breach does occur. For many businesses, especially small to medium-sized enterprises, this can be devastating as long periods of downtime could spell potential bankruptcy for companies already in a weakened state following a breach.

    Ultimately, no matter the size or status of a business the skills gap overall effect is a significant increase in risk. It is highly likely that over the next few years, as threat actors become more sophisticated in their attack methods that we will see the effects of the skill gap amplified resulting in breaches that are even more damaging than those in recent memory.

    As Demand Increases, So Will Wages

    In addition to having to cope with a skills gap and the resulting risk this creates, businesses will also struggle to hold on to their top professionals.

    The high demand for cybersecurity talent, relative to supply, will cause wages and competition amongst employers to increase. Organisations that do not provide competitive offers will struggle to attract and retain skilled workers. When this happens organisations tend to fill the gaps by hiring less qualified professionals that they train to bring up to speed. The problem with this is as the individual’s skill set increases so do their demand in a competitive marketplace which means that the employer will still be forced to pay a higher wage or risk losing the time they have invested in that employee to a better offer.

    Technology Must Fill the Gap

    With the number of trained professionals forecast to fall far below demand, businesses will need to rely on their security tools to fill in the gaps more than ever before. Businesses should be constantly reviewing new tools on the market to see if emerging technologies offer any opportunity to fill in some of these gaps and provide more effective and efficient protection for critical systems.

    Ideally, an organisation’s security tools should augment their security team’s efforts and protect them against a broad array of attacks (including executables, document exploits, scripts and false credentials) throughout the entire threat life-cycle: pre-execution through post-execution.

    Conclusion

    The gap between the supply of trained cybersecurity professionals and the demand for their skills is only going to continue to widen as we move forward. As a result of this, businesses will face increased risk, increased employment costs, and a growing reliance on tools that improve security efforts. Businesses need to be aware of and have a plan for dealing with these challenges, otherwise, we will continue to see more and more high profile breaches over the next several years.

    View the original article by SentinelOne.

    Ruckus Launches New Versatile Switch Family for Next Generation Networks

    November 20th, 2017

    Ruckus, today announced a new family of switches to support next-generation network edge and aggregation/core requirements. The Ruckus ICX® 7650 family delivers high-performance switching capabilities to meet current and future network demands, including high-density 802.11ac / 802.11ax Wi-Fi deployments, UHD video streaming, line rate encryption and single point of management.

    The Ruckus ICX 7650 is the industry’s highest performing, scalable edge switch to deliver support for 100 Gigabit Ethernet—the highest port density for IEEE 802.3bz (multi-gigabit) Ethernet ports, along with the highest number of IEEE 802.3bt-ready (90 W PoE) ports on the market today. This family is the first fixed configuration switch to offer 100 Gigabit Ethernet for campus networks.

    “As more wireless users access cloud and data-intensive applications on their devices, the demand for high-speed, resilient edge networks continues to increase,” said Siva Valliappan, vice president of campus product management, Ruckus. “The innovative technology behind the ICX 7650 switch family captures all these requirements, enabling users to scale and future-proof their network infrastructure to meet the increasing demand of wired and wireless network requirements for seven to ten years.”

    The high-performance Ruckus ICX 7650 family offers a flexible, scalable architecture for simplified management and is available as a multi-gigabit access switch or a medium core/aggregation switch. The ICX 7650 is the industry’s first multi-gigabit (IEEE 802.3bz) Ethernet stackable switch with 100GbE connectivity, In-Service Software Upgrades (ISSU) for high availability in a stack, up to 90 Watts (IEEE 802.3bt ready) of PoE power per port and dual hot-swappable power supplies and fans for added resiliency. The ICX 7650 has fixed 40 Gigabit and 100 Gigabit Ethernet ports that can be used as uplinks or stacking ports, further supplementing user bandwidth requirements by providing modular uplinks that can scale from 10 to 100 Gigabits. With all the features of ICX switches, such as simplified management with campus fabric and advanced stacking capabilities, these switches are ideal for customers in markets with high-bandwidth requirements including education, hospitality, federal government and small-to-medium enterprise (SME).

    “The new Ruckus ICX 7650 switch expands Ruckus’ offering in multi-gigabit Ethernet switching, delivering more multi-gigabit ports, higher performance with up to 100G uplinks and more PoE power to support high density wireless deployments, including future Wi-Fi standards such as 802.11ax and beyond,” said Nolan Greene, senior research analyst, enterprise networks, IDC. “This new family of switches is well suited for many vertical segments including Primary and Higher Education, Carpeted Enterprise, Large Public Venues and Government markets that value a high-performance, future-proof network platform.”

    Features for Ruckus ICX 7650 Family

    The new ICX 7650 family includes three new models including:
    1) the ICX 7650-48ZP multi-gigabit access switch.
    2) the ICX7650-48F core/aggregation switch.
    3) ICX 7650-48P high-performance gigabit switch.

  • The ICX 7650-48ZP access switch provides 24 ports of multi-gigabit (IEEE 802.3bz) Ethernet ports to also support 90 W of PoE power (IEEE 802.3bt ready), as well as 24 ports of Gigabit Ethernet to support PoE+.
  • The ICX 7650-48F core/aggregation switch provides a high-performance platform with up to 24 10G and 24 1G fiber ports with the premium L3 features of a large core switch as well as 256-bit MACsec line rate encryption.
  • The ICX 7650-48P can be flexibly deployed in multiple management models – as a stack of up to 12 switches, stacked over long distances up to 10 km, or in a fabric bringing the ease of plug-and-play while retaining a secure and scalable design.
  • ​With the advancement of Wi-Fi technologies delivered by 802.11ac and 802.11ax capable APs, customers require networks that will support their current and future needs. The ICX 7650 provides the right network infrastructure delivering high-performance connectivity for existing and future Wi-Fi networks where reliability, simplified management and future-proofing is essential.

    What’s Wrong with PSKs and MAC Authentication for BYOD?

    November 20th, 2017

    When a BYOD user or visitor needs network access, how do you roll out the welcome mat without leaving the door wide open to anyone who wanders by? Plenty of organizations use conventional pre-shared keys or MAC authentication to get BYOD users and visitors on the network. Seems reasonable—until you learn that these mechanisms come with serious security flaws. What’s so bad about traditional pre-shared keys (PSKs) and MAC authentication for guest and BYOD onboarding from an IT security perspective? Let’s find some answers.

    What’s the problem with pre-shared keys?

    When users ask for “the Wi-Fi password”, they are using the common vernacular for pre-shared keys. Suppose an IT administrator sets up a Wi-Fi SSID with an assigned PSK, and then simply gives that PSK to anyone who requires network access. Maybe you even use this approach yourself—why not? Well, for a few reasons.

    Start with the fact that when you have a single Wi-Fi password, you have no way to control who has access to it. Users can—and do—share Wi-Fi passwords with others, even people you might not want to have access to your network.

    When everybody’s sharing the same password, there’s also no way to revoke access to an individual user—say, when someone leaves the organization. Do you really want former employees to be able to just hop on your network after they’ve left? Probably not. But you can’t change that password without disrupting access for everyone—so you might be tempted never to change it. Not a good policy.

    OK, then what about MAC Authentication?

    At least PSKs encrypt data traffic in transit over the air. When you use MAC authentication to provide network access for BYOD and guest users, that’s not the case. Anyone can intercept that data traffic. Attackers also find it easy to spoof MAC addresses and thereby gain unauthorized access to the network.

    Heard enough? There’s more.

    With both PSKs and MAC authentication, you have no way to associate each device with a user. Suppose you become aware of a device that’s wasting bandwidth by downloading huge video files—and, even worse, it’s copyrighted content being downloaded illegally over your network. You would want to put a stop to that right away. If you have no way to link that device with a specific person, good luck figuring out who it is.

    Secure environments use “role-based access” to control what different types of users can do on the network. On a K-12 school network, for example, you might want to let teachers access Netflix to play a documentary but block that application for students. Or you might need to restrict access to a server housing sensitive student data to only a few privileged users. If you use PSKs or MAC authentication to grant access, you can forget it—neither works with your infrastructure to support granular policy enforcement.

    Additionally, neither traditional PSKs nor MAC authentication let you perform an up-front assessment of a device’s security posture, or automatically remediate any issues discovered. For example, before you let a BYOD user on the network, you probably want to make sure that tablet he’s about to connect has a passcode enabled. Otherwise, when it’s lost or stolen, an unauthorized user can get unfettered access to confidential data on your network. You also probably want to make sure that laptop a contractor just brought into your environment has the desktop firewall turned on, and current anti-malware protection in place, before you allow it to connect. These are sound, straightforward IT security practices—and you can’t use them if you’re using traditional PSKs or MAC authentication.

    There’s a better way to do this.

    A secure onboarding solution is an important element of a layered approach to IT security—and traditional PSKs and MAC authentication just don’t get the job done. Fortunately, Ruckus offers a solution that does: Cloudpath Enrollment System (ES). Cloudpath ES provides secure network access with role-based policy control for any user and any device—and you don’t have to swap out your WLAN or wired infrastructure to use it.

    You’ll always need to get BYOD users and guests up and running. By putting aside legacy access methods, you can do it without giving away the keys to the kingdom.

    Learn more about Cloudpath ES. You can also check out the product overview video:

    Keep up-to-date with Net-Ctrl

    Simply fill in the fields below to sign up for the Net-Ctrl Newsletter.

    Don't worry we only send it once a month.

    • New Solution Announcements
    • Latest Promotions
    • Links to some great content.