sales@net-ctrl.com
01473 281 211

Net-Ctrl Blog

“What’s Next” Technology in Your Hotel? Start by Building a Solid Foundation

June 26th, 2017

By: Matthew FitzGerald, Director Systems Engineering at Ruckus

“What’s next for hospitality?” Our answer covers IoT, 802.3bz, 802.11ax, more content options, plus more smaller devices, and it always includes “and whatever you can imagine!” The follow-up question for hotel owners is, “How do we prepare?” Having your network ready for 5GHz and 802.11ac and understanding the value of in-room access points (APs) are some examples of Wi-Fi readiness.

We believe a solid foundation is critical to the future success of your hotel’s technology strategy. Your network should be able to handle today’s demands and scale up to support future requirements.

Ruckus has been working with hotels on Wi-Fi since the early installation of 802.11b/g. Hotels have transitioned through many Wi-Fi standards and advances: 802.11b to 11g, 11g to 11n, 11n to 11ac and eventually placing more emphasis on 5 GHz over 2.4 GHz. While there have been financial outlays, frustration, mistakes and hard lessons, as an industry, we’ve learned that proper AP placement is the cornerstone for a solid foundation. And, while standards and Ethernet switch architecture evolve, cable foundations provide a great conduit for the coming wave of new technology. It’s yet another layer to build on.

As the next big Wi-Fi protocol update, 802.11ax, hits the market in 2018, the physics of the unlicensed 2.4 and 5GHz bands will remain unchanged and should allow for changing AP endpoints, not the cabling. Moreover, 802.11ax will be doing a lot more in the same spectrum and coverage area.

Having the correct cabling media, power sources, design and architecture is one of the most important decisions you will make concerning Wi-Fi protocols. The Layer 1 choices you make today will impact your network for years to come. We are now seeing APs that are truly over the 1 GbE mark, such as the Ruckus R720 and, in the future, 802.11ax APs. These APs will also require greater PoE power budgets—Ethernet switches will need to provide power greater than 802.3af (15.4W) or even 802.3at (30W), and they will need to support PoH (60W).

Ruckus sees this as a staged process unfolding over the course of several years. To help hotels move in this direction, we have rolled out switches in the ICX 7000 series, which support 802.3bz (2.5GbE over CAT 5e and above) and PoH. As you plan your strategy and budget for Ethernet switching, be sure to include switches with the capability of the ICX 7150 Z-series for key applications such as conference areas.

Yes, more wireless is coming to hotels. At Ruckus, we are doing more with 3.5GHz LTE (OpenG) and radio technologies like Zigbee, BLE, Z-Wave and others. These run on top of the Ruckus platform in a Ruckus framework that provides control, visibility and analytics. The foundation of Ruckus wired and wireless products will allow new radio services to be added quickly and cost effectively to your hotel network. We’re very excited about this development, so stay tuned.

Of course, having this great technology in a hotel without a way to manage it would be like letting heat out of the window in winter. Ruckus offers a suite of software solutions—the SmartZone WLAN System, Smart Cell Insight Analytics and SPoT Location—that work together to provide full control of the system, advanced monitoring and detailed analytics. We continue to develop our products with an eye toward allowing holistic views of all our equipment (wireless and wireline). With many available options—from on-premises equipment to hosted solutions—a hotel can choose the model that fits their needs. Plus, the Ruckus architecture and our advanced APIs enable integration with third-party partner solutions, resulting in an end-to-end networking ecosystem.

Ruckus has been committed to the hotel industry since our inception and continues to focus on this sector.

This article has been taken from The Ruckus Room.

Are we done with WannaCry?

June 26th, 2017

Several customers and industry analysts frequently ask us (and other vendors) about independent validation of our capabilities. We wanted to share information about a recent test conducted by MRG-Effitas to validate the effectiveness of various traditional and next-generation endpoint security suites against the EternalBlue and Doublepulsar exploits/backdoor. These threats were unearthed by “The Shadow Brokers” hacking group and are said to have been used by the NSA-linked Equation Group to launch cyber-attacks. The EternalBlue exploit received recent worldwide attention due to the WannaCry outbreak that used this exploit to infect over 230,000 machines in over 150 countries.

And unfortunately, WannaCry does not seem to be the end of these threats. Attackers can use these same exploits to not only lock up data to demand ransom but also to steal employee credentials to exfiltrate other sensitive information (think of this as two-for-one attack – advanced threat combined with ransomware). Worse yet, as seen in this particular case, attackers can bypass traditional and next-generation security measures, including hundreds of intelligence feeds. Further, security researchers who’ve tested security tools claim that these threats bypass 99% of security tools out there and we’re likely sitting with thousands more computers infected across several industries.

MRG-Effitas tested for these exploits against various traditional and next-generation endpoint security suites, including SentinelOne, Cylance, ESET, Symantec and others. The tests began in May 2017 – two months after Microsoft disclosed the MS17-010 vulnerability (EternalBlue exploit) and within weeks of the WannaCry outbreak.

The summary of the MRG-Effitas tests are as follows:

  1. We’re happy to see that SentinelOne passed this test with flying colours.
    – In the words of MRG-Effitas: “SentinelOne 1.8.4.6202 was able to block every malicious payload DLL or shellcode introduced to the system via the Eternalblue exploit, by blocking it in a generic way. Both original Eternalblue with Doublepulsar and Metasploit port was tested. SentinelOne not only blocks the Meterpreter payload but the original Peddlecheap payload as well. As more and more tests were ongoing, we have seen that multiple (typically next-gen) products were able to block the Meterpreter payload loading in a generic way, but not the Peddlecheap one.”
  2. Other traditional endpoint security suites such as ESET and Kaspersky also stopped the backdoor from being installed.
  3. Symantec EPP seems to have failed with blue-screen-of-death when run within VMWare, but caught the attack on a physical endpoint.
  4. Cylance was the only vendor that failed this test.
    – In the words of MRG-Effitas: “The interesting part of the video starts at 5:00. The Doublepulsar backdoor is already installed and this means the system is already compromised and it would appear that Cylance did not realise this.”
    – The video referenced above is Cylance’s video on WannaCry protection

One of the other pieces explored by the blog is looking beyond the tactics used by WannaCry to other capabilities that may be exploited in the future. For instance, WannaCry is a strain of Windows ransomware that took advantage of the EternalBlue exploit along with a file-based payload. However, the EternalBlue exploit could easily be used with fileless (in-memory) malware that can completely work around the defenses of solutions that miss the exploit or focus on file-based detection. This methodology is discussed in the blog and was also used in the wild by another ransomware family dubbed UIWIX. In other words, customers without holistic protection will leave themselves exposed to another WannaCry-like attack in the future. So look at your security vendors carefully.

Interested in the versions of Windows impacted by MS17-010 – check out the Microsoft Security Bulletin. The most popular versions, such as Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2016 and Windows 10 all have this vulnerability. It’s obviously wise to get the patches and updates installed as soon as possible.

To learn more about how SentinelOne can help, check out our Endpoint Protection Platform online or our datasheet.

Related Posts

What is Next Generation Endpoint Protection?
By now you have probably heard the term “Next Generation Endpoint Protection. A slew of…

Why Anti-Exploitation Only Solves Part of the Endpoint Security Problem
In July Microsoft introduced an updated version of its Enhanced Mitigation Experience Toolkit (EMET), designed…

The First AV-TEST Certified Enterprise Anti-Virus Replacement and Next Generation Endpoint Protection Platform IS HERE
AV-TEST, a leading independent anti-virus research institute, has awarded SentinelOne EPP the Approved Corporate Endpoint…

Post published by Rajiv Raghunarayan and SentinelOne. View the original article.

Ruckus adds Multi-Gigabit Networking Solution to its High-Performance WiFi Portfolio

June 21st, 2017

Ruckus, announced it now offers both wired and wireless networking for enterprise, hospitality, service provider, government and small-and-medium business (SMB) customers worldwide.

By combining its industry-leading wireless products with the ICX® wired switching portfolio from Brocade, Ruckus now offers a complete line of high-performance access infrastructure designed to optimise the end-user experience, simplify network setup and management for IT managers, and help business leaders deliver great experiences for their employees, guests and customers.

As part of its expanded offering to deliver simply better connections, Ruckus announced a new multi-gigabit solution that delivers more efficient performance while providing flexible scalability and simplified management to meet the needs of businesses and organisations of all types and sizes.

“The expansion of Ruckus to include both wired and wireless products is a tremendous opportunity for us to carry forward the outstanding ICX product line and technology innovation we have gained as part of Brocade,” said Dan Rabinovitsj, chief operating officer of Ruckus

“Combining the product lines means we can offer our partners a comprehensive set of access infrastructure and meet customers’ networking needs beyond simply wireless, without sacrificing performance. Our new multi-gig solution sets the tone for the type of innovation to come.”

The new ICX 7150 Z-Series switch and Ruckus R720 access point (AP) together solve the problems associated with increasing device densities and bandwidth-consuming applications by maximising network access performance with a complete multi-gigabit 802.11ac Wave 2 solution. The Ruckus solution does not require the need to rip and replace existing CAT 5e cabling infrastructure – the switch and AP can simply be dropped into current environments, thus substantially saving costs and installation time while increasing performance.

The latest addition to the Ruckus portfolio also includes Cloudpath Enrollment System software, a security and policy management platform that enables organisations to easily establish secure, policy-based access for all wired and wireless devices. Cloudpath is infrastructure-agnostic, allowing organisations to apply a single unified approach to device security and policy, regardless of client OS or underlying networking infrastructure.

“The announcement that Ruckus will expand its solution set by fully incorporating wired Ethernet switching into its portfolio makes absolute sense and was expected as part of the acquisition announcement from ARRIS earlier this year,” said Nolan Greene, senior research analyst, IDC. “With this new multi-gig solution, Ruckus is formally expressing its intent to be a dominant player in the network access infrastructure market for its target segments—education, hospitality, service provider, government and SMB.”

Optimising Wired and Wireless Access

End-user quality-of-service expectations are increasing but IT budgets and time aren’t rising with them. Ruckus has developed two new products designed to work in combination to deliver the performance end users expect with the scalability, manageability and value IT departments require:

Ruckus ICX 7150 Z-Series Switch. A full-featured layer 3-capable 48-port switch that includes sixteen 2.5 GbE ports and thirty-two 10/100/1000 ports. The 7150-Z includes dual hot-swappable power supplies and fans and is stackable with other switches in the ICX 7150 family. Eight 10 GbE uplink/stacking ports doubles stacking and uplink bandwidth over previous ICX 7150 models.

Ruckus R720 Access Point. A 4×4:4 dual-band 802.11ac Wave 2 AP with one 10/100/1000 and one 2.5 GbE port. Featuring patented BeamFlex+™ and ChannelFly™ technologies, the R720 is capable of 160MHz and 80+80MHz channelization and is designed for use in high-density indoor applications.

When paired, the new switch and AP uniquely solve the IT challenge of accommodating spiking network traffic—caused by increased device density and bandwidth-intensive applications—while minimising deployment time and expense.

WanaCrypt0r aka WannaCry ransomware wreaks havoc worldwide

May 16th, 2017

The WanaCrypt0r ransomware hit with a vengeance on Friday, with the outbreak beginning in Europe, striking hospitals and other organisations, then quickly spreading across the globe. As of 1:00pm Pacific Time, it is believed more than 57,000 systems in more than 74 countries had been affected.

Researchers at SentinelOne have determined that the Endpoint Protection Platform does successfully detect and block this ransomware strain. Customers are advised to make sure that they are running the latest version.

Additional reports indicate that this ransomware strain was distributed using the EternalBlue exploit that was released by the ShadowBrokers in April. This vulnerability was patched by Microsoft (MS17-010) before ShadowBrokers released the exploit. This shows that in the real world keeping up-to-date with patches and critical updates can be difficult but is a crucial step for all organisations.

Watch SentinelOne’s advanced machine learning engines at work against WannaCry:

This article was taken from SentinelOne.

Palo Alto Networks Protections Against WanaCrypt0r Ransomware Attacks

May 16th, 2017

What Happened

On Friday, May 12, 2017, a series of broad attacks began that spread the latest version of the WanaCrypt0r ransomware. These attacks, also referred to as WannaCrypt or WannaCry, reportedly impacted systems of public and private organisations worldwide. Our Next-Generation Security Platform automatically created, delivered and enforced protections from this attack.

How the Attack Works

While the initial infection vector for WanaCrypt0r is unclear, it is certain that once inside the network, it attempts to spread to other hosts using the SMB protocol by exploiting the EternalBlue vulnerability (CVE-2017-0144) on Microsoft Windows systems. This vulnerability was publicly disclosed by the Shadow Brokers group in April 2017, and was addressed by Microsoft in March 2017 with MS17-010.

Microsoft published a post on protections from the WanaCrypt0r attacks here, and has taken the step of providing patches for versions of Windows software that are no longer supported, including Windows XP. Organisations that have applied the MS17-010 update are not at risk for the spread of WanaCrypt0r across the network, but given it addresses a remotely exploitable vulnerability in a networking component that is now under active attack, we strongly urge making deployment of this security update a priority.

Preventions

Palo Alto Networks customers are protected through our Next-Generation Security Platform, which employs a prevention-based approach that automatically stops threats across the attack lifecycle. Palo Alto Networks customers are protected from WanaCrypt0r ransomware through multiple complementary prevention controls across our Next-Generation Security Platform, including:

  • WildFire classifies all known samples as malware, automatically blocking malicious content from being delivered to users.
  • Threat Prevention enforces IPS signatures for the vulnerability exploit (CVE-2017-0144 – MS17-010) used in this attack: SMB vulnerability – ETERNALBLUE.
  • URL Filtering monitors malicious URLs used and will enforce protections if needed.
  • DNS Sinkholing can be used to identify infected hosts on the network. For more, please reference our product documentation for best practices.
  • Traps prevents the execution of the WanaCrypt0r malware on endpoints.
  • AutoFocus tracks the attack for threat analytics and hunting via the WanaCrypt0r tag.
  • GlobalProtect extends WildFire and Threat Prevention protections to remote users and ensures consistent coverage across all locations.

For best practices on preventing ransomware with the Palo Alto Networks Next-Generation Security Platform, please refer to their Knowledge Base article. We strongly recommend that all Windows users ensure they have the latest patches made available by Microsoft installed, including versions of software that have reached end-of-life support.

This article was originally published by Palo Alto Networks.View the original article.

Change Log:

On May 13, 2017, this post was updated to include:

  • Link to Microsoft blog on protections against WanaCrypt0r attacks
  • Details on additional protections via DNS sinkholing
  • Updated URL Filtering section to reflect new analysis

On May 15, 2017, this post was updated to clarify the WanaCrypt0r attack delivery method based on additional information.

May 17, 2017:

  • Added Threat Prevention signature information for anti-malware and command-and-control activity.
  • Added link to Traps blog.
  • Practice These 10 Basic Cyber Hygiene Tips for Risk Mitigation

    May 9th, 2017

    For six years in a row, cybersecurity has been identified as the #1 “problematic shortage” area across all of IT. What’s more concerning is that in 2016 and 2017, there was a dramatic increase in the shortage across organisations.

    With companies scrambling for cybersecurity personnel, they are also distracted by involvement in an innovation race. Today, intense pressure is placed on organisations to stay on top of new technology without slowing daily operations. As rapid implementations of these technologies continue, security measures and risks that tend to cause vulnerabilities in the IT environment are overlooked. With the popularity of Internet of Things and BYOD, we’re also witnessing the creation of weak spots that IT departments do not have the bandwidth or expertise to address.

    In today’s modern cybersecurity, a large emphasis is placed on managing risk, which is dire for companies lacking professionals that can respond to attacks. With ever-evolving threats, it’s nearly impossible to always know what is coming. That’s why it is so imperative to practice basic cyber hygiene as a way to eliminate and mitigate possible threats, especially during a time of digital transformation.

    What is Basic Cyber Hygiene?

    The Center for Internet Security (CIS) and the Council on Cyber Security (CCS) defines cyber hygiene as a means to appropriately protect and maintain IT systems and devices and implement cyber security best practices.

    This risk mitigation technique is a must for all businesses deploying emerging technologies to their networks. Without clear assessments and interventions, hackers will have an easy in through unpatched and outdated solutions, and unforeseen security gaps in newer technologies.Executive Brief Endpoint Protection

    Keeping Good Cyber Hygiene Habits

    While cyber hygiene isn’t an ironclad protection, it’s important for everyone in contact with your network, from the CEO to the lowly intern, to act securely with these ten tips:

    1. Keep an inventory of hardware and software on the company network.
    2. Develop a process for software installation by end users. That could include limiting installation of trusted software or prohibiting and blocking all installation without prior approval from IT.
    3. Educate users on practising good cyber behaviour, including password management, identifying potential phishing efforts, and which devices to connect to the network.
    4. Identify vulnerable applications that aren’t in use and disable them.
    5. Consistently back up data and keep multiple copies. Consider using a secure cloud solution as well as on premise.
    6. Turn to industry-accepted secure configurations/standards like NIST and CIS Benchmark. These can help organisations define items like password length, encryption, port access, and double authentication.
    7. Patch all applications right away–regularly. Unpatched systems are one the biggest risk factors in attacks.
    8. Create complex passwords.
    9. Limit the number of users with administrative privileges.
    10. Upgrade ageing infrastructure and systems.

    Reduce the Human Impact

    Even with the best protection, there are no guarantees that your business won’t become the victim of a ransomware attack, data breach, or other cybersecurity threat. That’s why it is so important to reduce human impact by automating security practices whenever possible.

    Providing double authentication sign-ons that require complex passwords, blocking certain file types, and testing users on their security knowledge are steps that all companies can take to protect today’s diversified networks.

    For businesses with a shortage of cybersecurity professionals, these steps while simple may still prove to be a challenge. That’s why it is helpful to find tools like machine learning that can react and predict malicious behaviour for you.

    With machine learning and behavior-based detection, you can relieve your IT team of exhaustive manual procedures. SentinelOne automates security for you with EPP. To learn more on how to protect your network in our quickly evolving technological world, download our executive brief Get Your Endpoint Protection Out of the 90’s!

    Item take from SentinelOne blog.

    New SentinelOne Enterprise Risk Index Provides Evidence of Growing Use of In-Memory Attacks; Renders Traditional Antivirus Protection Methods Redundant

    April 28th, 2017

    SentinelOne, the company transforming endpoint protection by delivering unified, multi-layer protection driven by machine learning and intelligent automation, today launched its first Enterprise Risk Index which highlights the growing use of in-memory attacks, further proof that attacks simply cannot be stopped by traditional, static, file inspection security solutions.

    The report includes an analysis of filtered data from more than one million SentinelOne Enterprise Platform agents deployed worldwide during the last half of 2016. Findings are based on behavioural analysis of malware programs that bypassed firewalls and network controls to infect endpoint devices.

    “These days, infecting a target is just a matter of resources; but how long the hackers get to stay inside the network is a matter of good detection,” said Andy Norton, EMEA risk officer for SentinelOne and lead researcher for the Enterprise Risk Index. “In our analysis we focused on the attacks that are successful in making their way past traditional defences to reach endpoint targets because these are the threats that pose the greatest risk to an organisation. That’s what we should be measuring – not what’s stopped at the gateway.”

    The report focuses on attack methods classified into three risk categories:

  • Attacks detected from document-based files, largely associated with Microsoft Word or Adobe PDF.
  • Attacks detected from traditional portable executable-based files.
  • Attacks detected only from the memory of the system with no associated new artefacts on the system.
  • From the report, “we won’t be announcing what the top malware family is – for example, Zeus, Diamond Fox or Updare – however, we do build indicators of compromise to help with identification and response, and when a hash value exists we have submitted the hash to malware repositories to see what other submissions there have been for them.”

    Key findings of the report include:

  • The growing menace of in-memory attacks: in this timeframe, we found that these attacks have doubled in comparison to the infection rates of file based vectors.
  • Even for file-based attacks, only 20 percent of threats had corresponding signatures from existing AV engines.
  • Nation-state actors are trading infection sustainability for stealth, leaving no new artefacts on the file system and relying on memory-based attacks, even if it means needing to re-infect the target.
  • Three-pronged infections are becoming the norm as attackers no longer rely solely on .exe files to deliver malware, but instead use hybrid attacks that multiple attack vectors can utilise in one attack chain.
  • “Our goal with the Enterprise Risk Index is to help organisations get a better view of which threats are successful in reaching the final barrier in enterprise defences,” said Norton. “With this data in mind, customers can better determine not only what the risks are but where they are and can adjust their security planning and investments accordingly.”

    A copy of the full SentinelOne Enterprise Risk Index is available for download here.

    Brocade Study Reveals More than Half of IT Teams Will Struggle with Business Demands in Next 12 Months

    April 27th, 2017

    Germany and U.S. Ahead of the Digital Transformation Skills Game, While UK Lags Behind

    Brocade announced a new GLOBAL DIGITAL TRANSFORMATION SKILLS STUDY, which aims to uncover how well-placed global IT leaders consider themselves and their teams to be in terms of meeting current and future business demands. Of the six markets surveyed, Germany was found to be the best prepared to meet its digital transformation goals, closely followed by the U.S., while the UK lagged well behind its counterparts.

    The research, which surveyed 630 IT leaders in the U.S., UK, France, Germany, Australia, and Singapore, indicates that many organisations are at a tipping point, as new technology demands are set to outstrip the skills supply. Organisations that address this now through additional skills training will be in the strongest position to ensure business growth and competitive advantage.

    Overall, an encouraging 91 percent of global IT leaders acknowledge that IT departments are currently recognised as very important or critical to innovation and business growth. However, more than half (54 percent) predict they will struggle with a lack of IT talent in 12 months. Contributing factors identified from the research include skills shortages, a prevalence of outdated skills, lack of commitment to training at the corporate board level, and the rapidly changing technology environment.

    “Businesses are approaching the peak of IT strategic influence. Now is the moment that IT teams feel they have the strongest opportunity to influence the transformation of their organisations,” said Christine Heckart, chief marketing officer and senior vice president of ecosystems, Brocade. However, with a rapidly changing technology landscape and potential impact on international labour markets, it is critical that IT receives the right training to further develop their skills and business relevance.”

    The research also found that skills planning had to be aligned with other areas of business planning to avoid the risk of a technology skills deficit, where IT teams are expected to deliver the benefits of technologies that they are ill-equipped to implement.

    Staff shortages and outdated skills are preventing ITDMs from delivering on current business demands

    Organisations are attempting to move their IT departments away from their traditional roles, but the lack of skills and the time required to learn those skills have held them back. IT decision makers (ITDM) believe this could be a major contributor to their inability to meet business demands, putting organisations at risk of falling behind their competitors and losing customers.

  • Approximately one in four respondents in Australia, France, Germany, Singapore, and the U.S. claim that they cannot deliver on current business demand due to staff shortages. This number rises to 42 percent in the UK.
  • Respondents claim that the lack of access to talent will prevent them from implementing new technologies efficiently, lead to a decrease in employee satisfaction, and result in the loss of market share.
  • The IT skills gap is only likely to get worse and organisations need to act now

    The political landscape is also a contributing factor in the widening skills gap. As market uncertainty intensifies in the next few years, it is more important than ever for IT departments to remain agile and take advantage of new technologies.

  • Ninety-two percent of those questioned had some level of concern about future hiring of IT staff, while 54 percent were concerned about a lack of skilled talent to choose from.
  • Forty-three percent of global respondents agreed or strongly agreed that the current political climate makes it difficult to hire employees with the right skills. In the U.S. and Australia, the numbers were 52 percent and 54 percent, respectively.
  • Even with the uncertainty surrounding the Brexit situation, EMEA respondents were less concerned, with only 31 percent of UK ITDMs believing it presented a challenge compared to 39 percent in Germany and 35 percent in France.
  • Training time and investment will prove to be business-critical

    Training continues to be an issue as day-to-day IT maintenance tasks take priority. For organizations to address the technical skills deficit, they first need to invest time and money — or face the consequences.

  • There is consistent demand globally to spend more time on increasing skills — from 15 percent of time that is currently spent on this to 22 percent.
  • Respondents reported that insufficient budget (45 percent) and training time (45 percent) are constraining IT departments’ attempts to develop skills more than any other factors. These factors rise to 60 percent and 50 percent respectively in Australia but drop to 37 percent and 30 percent in Germany.
  • Currently, only three hours are allocated per week for learning and skills development. Respondents in Singapore average four hours of skills development per week.
  • Sixty-seven percent of respondents agree that the key to closing the skills gap would be to spend more money on training.
  • IT professionals need to take control of their professional future

    The research also showed that IT professionals at all levels must take increased responsibility for their own professional destiny, embracing the opportunities delivered by new technologies such as artificial intelligence (AI) and all areas of IoT from device management to security.

  • Thirty-five percent of global respondents agreed or strongly agreed that their organisation’s IT team does not have the right skills to protect their jobs in the future.
  • When asked to identify the one skill that they see as critical to their future career progression, cybersecurity was the most frequently cited, by 22 percent of respondents globally.
  • AI and IoT security tied for second as the most critical skill at 18 percent. While AI was the most critical skill in France and Australia, IoT security was the most valued skill in Germany.
  • AI could be a friend or foe

    AI could revolutionise the IT skills that are required and the way that we work. AI is likely to replace a number of IT roles and tasks, but this doesn’t mean the end for the IT department. Employees need to have the right skills to be in a position to work alongside AI and embrace its future impact, so that organizations can unleash its full potential.

  • When asked which current roles were already being replaced by AI, desktop support (23 percent), data analyst (20 percent), software testers (17 percent), system architects (14 percent), and network engineers (11 percent) topped the list.
  • Within the next 10 years, these numbers are expected to increase: desktop support (37 percent), data analyst (34 percent), software testers (33 percent), system architects (31 percent), and network engineers (31 percent).
  • AI will also impact the role of the CIO, with almost half of the global respondents claiming increased focus from the business.
  • Fifty-six percent of respondents believe that developing AI-related skills is key to securing a role in the future.
  • Vital role of the board in ensuring long-term IT skills development

    Organisations’ boards will often dictate whether employees have the time and empowerment to develop their skills, but this is common in organisations that do not have the right support. The boards also have to ensure that skills and training improvements are aligned with other areas of business planning.

  • Forty-four percent of respondents think that new skills acquisition is not seen as being as valuable as it should be by the board. This rises to 59 percent in Australia and 50 percent in the UK. The U.S. (42 percent), Germany (41 percent), Singapore (40 percent), and France (34 percent) had slightly more positive results.
  • Almost a fifth of global respondents think their boards view gaining knowledge and skills as a cost to the business, rather than an asset. This rises to 35 percent in Australia.
  • However, the majority of respondents in France (63 percent) and Germany (62 percent) see knowledge and skills growth as an asset.
  • Despite respondents claiming that they plan approximately two years in advance for most areas of the business, staffing and recruitment is still on average only planned for a maximum of a year.
  • This is creating a disconnect where organisations are attempting to address key IT challenges with teams not as well equipped in terms of skills and experience as they could be.
  • Additional Resources

    Data in the study also revealed four main personas of global IT leaders, all with different levels of effectiveness when it comes to pioneering digital transformation projects and managing the skills of their teams.

    EXECUTIVE SUMMARY
    GLOBAL AND REGIONAL ANALYSIS OF EACH PERSONA IN EACH OF THE COUNTRIES SURVEYED

    The study was conducted by independent research house Vanson Bourne in March 2017. 630 IT decision-makers in organisations with more than 500 employees in the U.S., U.K., France, Germany, Singapore and Australia were surveyed.

    This article has been taken from Brocade.com.

    Dump the Sandbox

    April 20th, 2017

    By Andy Norton at SentinelOne

    Technology becomes obsolete quickly in a variety of industries as “newer” and “more innovative” options crop up on what feels like an almost daily basis. The same is true for the pace of technological innovation in the information security space.

    Traditional antivirus vendors spurred on by waning detection rates and unhappy customers have been acquiring companies that offer potential solutions to the satisfactory prevention of the latest threat of the day, that currently pose enormous risks to its already languishing and disgruntled customers.

    Sandboxes grew in popularity as a stop gap because organisations needed to apply reasonable levels of certainty to security controls in the absence of confidence in endpoint AV to protect the organisation. But, at what cost?

    Apart from being hideously expensive because they knew about “Chinese” attackers, sandboxes identified thousands of Indicators of Compromise (IoCs), that had every security analyst chasing every instance to determine if the attack only detonated in the sandbox, or if it also ran on the endpoint. And, if so, did it successfully communicate with its command-and-control infrastructure? If it did that, then they had to determine what it actually did to the endpoint.

    This Pyrrhic victory in malware defence has been the reality for many organisations for the past few years. The lack of efficiency in the sandbox has forced organisations to consume intel feeds and hope that an IoC somewhere might turn up in the environment at some point, only to find out that the level of false positive reduction in that feed was not satisfactory.

    Here´s the message for the CISO

    If you are about to renew a really expensive purchase order for sandboxes… don´t sign the renewal agreement without first considering alternative approaches.

    It´s time to get rid of high maintenance security technology. It´s time to stop shouldering the burden of proof of what might occur at the endpoint, based on what was detected on the network.

    Even a leading sandbox vendor admits: “the endpoint has always been the most reliable source of truth.” The endpoint is ground-zero for the organisation, and as such it should be the most accurate and least costly source of security escalation.

    Microsoft operates 12 security operation centres, they found IoC led investigations have a negative value to security. Instead, they base their analysis of threats on observed behaviours in their environment, behaviour analysis is responsible for tracking nearly 100% of the active threats at Microsoft.

    Total Cost of Risk Ownership

    Information security controls are placed into an organisation to manage risk. The big questions to ask: does the capital and operational burden of sandboxes actually reduce the risk? What is the delta in risk between running sandbox technology and not running it? Further, what is the savings in expenditure and operational costs?

    The quantitative answer is determined by how many threats are detected in the sandbox that would not have been detected by other security controls. For example, if you have a system that monitors the actual behaviour of the endpoint, then the risk delta value of the sandbox is zero. In addition, the cost savings are enormous because the wild goose chases of analyst time disappears too. Instrumenting the endpoint with behavioural modeling instead of using sandboxes reduces the Total Cost of Ownership massively, as the expenditure drops while the residual risk remains the same.

    Related Posts from SentinelOne:

    Cyber Security Importance Doesn’t Always Translate in Business
    We hear a lot about cyber security these days, both in the business world and…

    Deepening threat intelligence: SentinelOne’s DFI engine now part of VirusTotal
    A short while ago, SentinelOne—in the latest release of EPP– brought to market a powerful…

    SentinelOne Now Supports Windows Legacy Systems
    Not all operating systems are created equal Last month, at South China University of Technology…

    Three Common Misconceptions about Designing Your Cybersecurity Solution

    April 12th, 2017

    Outdated cybersecurity solutions with data backhaul and hardware upgrades cost organisations millions of dollars each year. There are other alternatives to backhauling data that keep your network secure and your costs down. Here are three misconceptions of designing your cybersecurity solution.

    1. Thinking that backhauling data from remote offices and mobile workers to on-prem appliances is the only way to protect a distributed organisation.

    Since the age of the mainframe in the late 60s, centralising your IT infrastructure was logical. Most companies had large headquarters where a majority of their employees worked, and infrastructure was housed centrally to provide compute power and business resources. As technology advanced through the mid-90s, internet and email became common work tools, meaning organisations now had the flexibility to conduct business from multiple office locations. Enter the Blackberry in the early 2000s, and now we’ve reached the distributed age. Businesses are rarely in one location. If you consider every mobile device accessing work applications a “remote office,” you have now gone from securing one site to securing hundreds.

    This exponential increase in business locations puts increasing strain on your network security plan. While the pain of backhauling data as you added individual remote offices was manageable, the concept of backhauling data was never designed to scale to the mobile world we live in. This new paradigm shift in business requires a new approach to network security. Continuing to backhaul data from mobile users and remote offices is like. It might work for today, and maybe for tomorrow, but you either keep paying for more sandbags, or consider a new approach that is designed for the current situation.

    2. Completely rearchitecting your network by moving to an all-cloud solution is the only way to avoid excessive backhaul

    There are cloud-only SWG solutions that provide infrastructure cost benefits, but they come with a pricey compromise – rearchitecting your entire network to direct all traffic to cloud-based SWGs. A cloud-only approach is not for every business. There are compliance issues for many industries, legal ramifications from data privacy laws, and operational security concerns that arise from using a multitenant cloud. If you have requirements that can’t completely be met by a cloud-only SWG, it’s critical that you find a solution that’s built for the cloud, but not built exclusively in the cloud.

    3. Believing that leveraging cloud and on-prem capabilities mean you have to manage two separate interfaces or sacrifice policy consistency.

    If you’re already one step ahead and know that you don’t have to rely on solely cloud or on-prem secure web gateways, perhaps you are exploring a hybrid solution. Traditional “hybrid” solutions have two different systems operating in tandem. While this seems like a good idea, in theory, it creates significant management overhead and headaches to administer the two systems. For example, policies often only sync in one direction, which creates gaps in your security plan as you work to ensure each system is managed correctly. Not to mention that the two systems frequently lack feature parity, making uniform policy enforcement a real challenge.

    Your experiences managing your network security should be seamless and should not require separate management systems just to reap the benefits of both cloud and hybrid deployment. Your secure web gateway should give you the flexibility to define your own network security policies without reconfiguration or sacrificing user experience.

    Beyond backhauling

    Most companies haven’t reevaluated their network security solution because the thought of ripping and replacing appliances or completely reconfiguring their network is enough to scare them away. But SWG solutions designed 10-15 years ago were built to secure a different type of organisation than we see today, so it’s worth considering other options. It is not financially sustainable to backhaul the increasing amount of data created by a mobile workforce. Instead, find a solution that leverages the cloud to avoid expensive VPN and MPLS links, but also doesn’t force you to overhaul your network architecture.

    Believe it or not, there are network security solutions that were built specifically to support the distributed organisation. iboss designed the first Distributed Gateway Platform to address the challenges facing decentralised organisations today by leveraging an elastic, node-based architecture that scales to meet changing bandwidth needs. Learn more about the changing secure web gateway landscape and the needs posed by distributed organisations.

    As you think about your security needs over the next five to ten years, evaluate whether your current vendor can help you scale and grow without network re-architecture, management of multiple, isolated systems, or increased bandwidth costs from backhauling data. Here are 11 things to consider as you evaluate and plan for your cybersecurity needs in the coming years.

    Original article published by Ed Gaudet. https://blog.iboss.com/sled/3-common-misconceptions-about-designing-your-cybersecurity-solution

    Net-Ctrl Blog - mobile

    “What’s Next” Technology in Your Hotel? Start by Building a Solid Foundation

    June 26th, 2017

    By: Matthew FitzGerald, Director Systems Engineering at Ruckus

    “What’s next for hospitality?” Our answer covers IoT, 802.3bz, 802.11ax, more content options, plus more smaller devices, and it always includes “and whatever you can imagine!” The follow-up question for hotel owners is, “How do we prepare?” Having your network ready for 5GHz and 802.11ac and understanding the value of in-room access points (APs) are some examples of Wi-Fi readiness.

    We believe a solid foundation is critical to the future success of your hotel’s technology strategy. Your network should be able to handle today’s demands and scale up to support future requirements.

    Ruckus has been working with hotels on Wi-Fi since the early installation of 802.11b/g. Hotels have transitioned through many Wi-Fi standards and advances: 802.11b to 11g, 11g to 11n, 11n to 11ac and eventually placing more emphasis on 5 GHz over 2.4 GHz. While there have been financial outlays, frustration, mistakes and hard lessons, as an industry, we’ve learned that proper AP placement is the cornerstone for a solid foundation. And, while standards and Ethernet switch architecture evolve, cable foundations provide a great conduit for the coming wave of new technology. It’s yet another layer to build on.

    As the next big Wi-Fi protocol update, 802.11ax, hits the market in 2018, the physics of the unlicensed 2.4 and 5GHz bands will remain unchanged and should allow for changing AP endpoints, not the cabling. Moreover, 802.11ax will be doing a lot more in the same spectrum and coverage area.

    Having the correct cabling media, power sources, design and architecture is one of the most important decisions you will make concerning Wi-Fi protocols. The Layer 1 choices you make today will impact your network for years to come. We are now seeing APs that are truly over the 1 GbE mark, such as the Ruckus R720 and, in the future, 802.11ax APs. These APs will also require greater PoE power budgets—Ethernet switches will need to provide power greater than 802.3af (15.4W) or even 802.3at (30W), and they will need to support PoH (60W).

    Ruckus sees this as a staged process unfolding over the course of several years. To help hotels move in this direction, we have rolled out switches in the ICX 7000 series, which support 802.3bz (2.5GbE over CAT 5e and above) and PoH. As you plan your strategy and budget for Ethernet switching, be sure to include switches with the capability of the ICX 7150 Z-series for key applications such as conference areas.

    Yes, more wireless is coming to hotels. At Ruckus, we are doing more with 3.5GHz LTE (OpenG) and radio technologies like Zigbee, BLE, Z-Wave and others. These run on top of the Ruckus platform in a Ruckus framework that provides control, visibility and analytics. The foundation of Ruckus wired and wireless products will allow new radio services to be added quickly and cost effectively to your hotel network. We’re very excited about this development, so stay tuned.

    Of course, having this great technology in a hotel without a way to manage it would be like letting heat out of the window in winter. Ruckus offers a suite of software solutions—the SmartZone WLAN System, Smart Cell Insight Analytics and SPoT Location—that work together to provide full control of the system, advanced monitoring and detailed analytics. We continue to develop our products with an eye toward allowing holistic views of all our equipment (wireless and wireline). With many available options—from on-premises equipment to hosted solutions—a hotel can choose the model that fits their needs. Plus, the Ruckus architecture and our advanced APIs enable integration with third-party partner solutions, resulting in an end-to-end networking ecosystem.

    Ruckus has been committed to the hotel industry since our inception and continues to focus on this sector.

    This article has been taken from The Ruckus Room.

    Are we done with WannaCry?

    June 26th, 2017

    Several customers and industry analysts frequently ask us (and other vendors) about independent validation of our capabilities. We wanted to share information about a recent test conducted by MRG-Effitas to validate the effectiveness of various traditional and next-generation endpoint security suites against the EternalBlue and Doublepulsar exploits/backdoor. These threats were unearthed by “The Shadow Brokers” hacking group and are said to have been used by the NSA-linked Equation Group to launch cyber-attacks. The EternalBlue exploit received recent worldwide attention due to the WannaCry outbreak that used this exploit to infect over 230,000 machines in over 150 countries.

    And unfortunately, WannaCry does not seem to be the end of these threats. Attackers can use these same exploits to not only lock up data to demand ransom but also to steal employee credentials to exfiltrate other sensitive information (think of this as two-for-one attack – advanced threat combined with ransomware). Worse yet, as seen in this particular case, attackers can bypass traditional and next-generation security measures, including hundreds of intelligence feeds. Further, security researchers who’ve tested security tools claim that these threats bypass 99% of security tools out there and we’re likely sitting with thousands more computers infected across several industries.

    MRG-Effitas tested for these exploits against various traditional and next-generation endpoint security suites, including SentinelOne, Cylance, ESET, Symantec and others. The tests began in May 2017 – two months after Microsoft disclosed the MS17-010 vulnerability (EternalBlue exploit) and within weeks of the WannaCry outbreak.

    The summary of the MRG-Effitas tests are as follows:

    1. We’re happy to see that SentinelOne passed this test with flying colours.
      – In the words of MRG-Effitas: “SentinelOne 1.8.4.6202 was able to block every malicious payload DLL or shellcode introduced to the system via the Eternalblue exploit, by blocking it in a generic way. Both original Eternalblue with Doublepulsar and Metasploit port was tested. SentinelOne not only blocks the Meterpreter payload but the original Peddlecheap payload as well. As more and more tests were ongoing, we have seen that multiple (typically next-gen) products were able to block the Meterpreter payload loading in a generic way, but not the Peddlecheap one.”
    2. Other traditional endpoint security suites such as ESET and Kaspersky also stopped the backdoor from being installed.
    3. Symantec EPP seems to have failed with blue-screen-of-death when run within VMWare, but caught the attack on a physical endpoint.
    4. Cylance was the only vendor that failed this test.
      – In the words of MRG-Effitas: “The interesting part of the video starts at 5:00. The Doublepulsar backdoor is already installed and this means the system is already compromised and it would appear that Cylance did not realise this.”
      – The video referenced above is Cylance’s video on WannaCry protection

    One of the other pieces explored by the blog is looking beyond the tactics used by WannaCry to other capabilities that may be exploited in the future. For instance, WannaCry is a strain of Windows ransomware that took advantage of the EternalBlue exploit along with a file-based payload. However, the EternalBlue exploit could easily be used with fileless (in-memory) malware that can completely work around the defenses of solutions that miss the exploit or focus on file-based detection. This methodology is discussed in the blog and was also used in the wild by another ransomware family dubbed UIWIX. In other words, customers without holistic protection will leave themselves exposed to another WannaCry-like attack in the future. So look at your security vendors carefully.

    Interested in the versions of Windows impacted by MS17-010 – check out the Microsoft Security Bulletin. The most popular versions, such as Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2016 and Windows 10 all have this vulnerability. It’s obviously wise to get the patches and updates installed as soon as possible.

    To learn more about how SentinelOne can help, check out our Endpoint Protection Platform online or our datasheet.

    Related Posts

    What is Next Generation Endpoint Protection?
    By now you have probably heard the term “Next Generation Endpoint Protection. A slew of…

    Why Anti-Exploitation Only Solves Part of the Endpoint Security Problem
    In July Microsoft introduced an updated version of its Enhanced Mitigation Experience Toolkit (EMET), designed…

    The First AV-TEST Certified Enterprise Anti-Virus Replacement and Next Generation Endpoint Protection Platform IS HERE
    AV-TEST, a leading independent anti-virus research institute, has awarded SentinelOne EPP the Approved Corporate Endpoint…

    Post published by Rajiv Raghunarayan and SentinelOne. View the original article.

    Ruckus adds Multi-Gigabit Networking Solution to its High-Performance WiFi Portfolio

    June 21st, 2017

    Ruckus, announced it now offers both wired and wireless networking for enterprise, hospitality, service provider, government and small-and-medium business (SMB) customers worldwide.

    By combining its industry-leading wireless products with the ICX® wired switching portfolio from Brocade, Ruckus now offers a complete line of high-performance access infrastructure designed to optimise the end-user experience, simplify network setup and management for IT managers, and help business leaders deliver great experiences for their employees, guests and customers.

    As part of its expanded offering to deliver simply better connections, Ruckus announced a new multi-gigabit solution that delivers more efficient performance while providing flexible scalability and simplified management to meet the needs of businesses and organisations of all types and sizes.

    “The expansion of Ruckus to include both wired and wireless products is a tremendous opportunity for us to carry forward the outstanding ICX product line and technology innovation we have gained as part of Brocade,” said Dan Rabinovitsj, chief operating officer of Ruckus

    “Combining the product lines means we can offer our partners a comprehensive set of access infrastructure and meet customers’ networking needs beyond simply wireless, without sacrificing performance. Our new multi-gig solution sets the tone for the type of innovation to come.”

    The new ICX 7150 Z-Series switch and Ruckus R720 access point (AP) together solve the problems associated with increasing device densities and bandwidth-consuming applications by maximising network access performance with a complete multi-gigabit 802.11ac Wave 2 solution. The Ruckus solution does not require the need to rip and replace existing CAT 5e cabling infrastructure – the switch and AP can simply be dropped into current environments, thus substantially saving costs and installation time while increasing performance.

    The latest addition to the Ruckus portfolio also includes Cloudpath Enrollment System software, a security and policy management platform that enables organisations to easily establish secure, policy-based access for all wired and wireless devices. Cloudpath is infrastructure-agnostic, allowing organisations to apply a single unified approach to device security and policy, regardless of client OS or underlying networking infrastructure.

    “The announcement that Ruckus will expand its solution set by fully incorporating wired Ethernet switching into its portfolio makes absolute sense and was expected as part of the acquisition announcement from ARRIS earlier this year,” said Nolan Greene, senior research analyst, IDC. “With this new multi-gig solution, Ruckus is formally expressing its intent to be a dominant player in the network access infrastructure market for its target segments—education, hospitality, service provider, government and SMB.”

    Optimising Wired and Wireless Access

    End-user quality-of-service expectations are increasing but IT budgets and time aren’t rising with them. Ruckus has developed two new products designed to work in combination to deliver the performance end users expect with the scalability, manageability and value IT departments require:

    Ruckus ICX 7150 Z-Series Switch. A full-featured layer 3-capable 48-port switch that includes sixteen 2.5 GbE ports and thirty-two 10/100/1000 ports. The 7150-Z includes dual hot-swappable power supplies and fans and is stackable with other switches in the ICX 7150 family. Eight 10 GbE uplink/stacking ports doubles stacking and uplink bandwidth over previous ICX 7150 models.

    Ruckus R720 Access Point. A 4×4:4 dual-band 802.11ac Wave 2 AP with one 10/100/1000 and one 2.5 GbE port. Featuring patented BeamFlex+™ and ChannelFly™ technologies, the R720 is capable of 160MHz and 80+80MHz channelization and is designed for use in high-density indoor applications.

    When paired, the new switch and AP uniquely solve the IT challenge of accommodating spiking network traffic—caused by increased device density and bandwidth-intensive applications—while minimising deployment time and expense.

    WanaCrypt0r aka WannaCry ransomware wreaks havoc worldwide

    May 16th, 2017

    The WanaCrypt0r ransomware hit with a vengeance on Friday, with the outbreak beginning in Europe, striking hospitals and other organisations, then quickly spreading across the globe. As of 1:00pm Pacific Time, it is believed more than 57,000 systems in more than 74 countries had been affected.

    Researchers at SentinelOne have determined that the Endpoint Protection Platform does successfully detect and block this ransomware strain. Customers are advised to make sure that they are running the latest version.

    Additional reports indicate that this ransomware strain was distributed using the EternalBlue exploit that was released by the ShadowBrokers in April. This vulnerability was patched by Microsoft (MS17-010) before ShadowBrokers released the exploit. This shows that in the real world keeping up-to-date with patches and critical updates can be difficult but is a crucial step for all organisations.

    Watch SentinelOne’s advanced machine learning engines at work against WannaCry:

    This article was taken from SentinelOne.

    Palo Alto Networks Protections Against WanaCrypt0r Ransomware Attacks

    May 16th, 2017

    What Happened

    On Friday, May 12, 2017, a series of broad attacks began that spread the latest version of the WanaCrypt0r ransomware. These attacks, also referred to as WannaCrypt or WannaCry, reportedly impacted systems of public and private organisations worldwide. Our Next-Generation Security Platform automatically created, delivered and enforced protections from this attack.

    How the Attack Works

    While the initial infection vector for WanaCrypt0r is unclear, it is certain that once inside the network, it attempts to spread to other hosts using the SMB protocol by exploiting the EternalBlue vulnerability (CVE-2017-0144) on Microsoft Windows systems. This vulnerability was publicly disclosed by the Shadow Brokers group in April 2017, and was addressed by Microsoft in March 2017 with MS17-010.

    Microsoft published a post on protections from the WanaCrypt0r attacks here, and has taken the step of providing patches for versions of Windows software that are no longer supported, including Windows XP. Organisations that have applied the MS17-010 update are not at risk for the spread of WanaCrypt0r across the network, but given it addresses a remotely exploitable vulnerability in a networking component that is now under active attack, we strongly urge making deployment of this security update a priority.

    Preventions

    Palo Alto Networks customers are protected through our Next-Generation Security Platform, which employs a prevention-based approach that automatically stops threats across the attack lifecycle. Palo Alto Networks customers are protected from WanaCrypt0r ransomware through multiple complementary prevention controls across our Next-Generation Security Platform, including:

    • WildFire classifies all known samples as malware, automatically blocking malicious content from being delivered to users.
    • Threat Prevention enforces IPS signatures for the vulnerability exploit (CVE-2017-0144 – MS17-010) used in this attack: SMB vulnerability – ETERNALBLUE.
    • URL Filtering monitors malicious URLs used and will enforce protections if needed.
    • DNS Sinkholing can be used to identify infected hosts on the network. For more, please reference our product documentation for best practices.
    • Traps prevents the execution of the WanaCrypt0r malware on endpoints.
    • AutoFocus tracks the attack for threat analytics and hunting via the WanaCrypt0r tag.
    • GlobalProtect extends WildFire and Threat Prevention protections to remote users and ensures consistent coverage across all locations.

    For best practices on preventing ransomware with the Palo Alto Networks Next-Generation Security Platform, please refer to their Knowledge Base article. We strongly recommend that all Windows users ensure they have the latest patches made available by Microsoft installed, including versions of software that have reached end-of-life support.

    This article was originally published by Palo Alto Networks.View the original article.

    Change Log:

    On May 13, 2017, this post was updated to include:

    • Link to Microsoft blog on protections against WanaCrypt0r attacks
    • Details on additional protections via DNS sinkholing
    • Updated URL Filtering section to reflect new analysis

    On May 15, 2017, this post was updated to clarify the WanaCrypt0r attack delivery method based on additional information.

    May 17, 2017:

  • Added Threat Prevention signature information for anti-malware and command-and-control activity.
  • Added link to Traps blog.
  • Practice These 10 Basic Cyber Hygiene Tips for Risk Mitigation

    May 9th, 2017

    For six years in a row, cybersecurity has been identified as the #1 “problematic shortage” area across all of IT. What’s more concerning is that in 2016 and 2017, there was a dramatic increase in the shortage across organisations.

    With companies scrambling for cybersecurity personnel, they are also distracted by involvement in an innovation race. Today, intense pressure is placed on organisations to stay on top of new technology without slowing daily operations. As rapid implementations of these technologies continue, security measures and risks that tend to cause vulnerabilities in the IT environment are overlooked. With the popularity of Internet of Things and BYOD, we’re also witnessing the creation of weak spots that IT departments do not have the bandwidth or expertise to address.

    In today’s modern cybersecurity, a large emphasis is placed on managing risk, which is dire for companies lacking professionals that can respond to attacks. With ever-evolving threats, it’s nearly impossible to always know what is coming. That’s why it is so imperative to practice basic cyber hygiene as a way to eliminate and mitigate possible threats, especially during a time of digital transformation.

    What is Basic Cyber Hygiene?

    The Center for Internet Security (CIS) and the Council on Cyber Security (CCS) defines cyber hygiene as a means to appropriately protect and maintain IT systems and devices and implement cyber security best practices.

    This risk mitigation technique is a must for all businesses deploying emerging technologies to their networks. Without clear assessments and interventions, hackers will have an easy in through unpatched and outdated solutions, and unforeseen security gaps in newer technologies.Executive Brief Endpoint Protection

    Keeping Good Cyber Hygiene Habits

    While cyber hygiene isn’t an ironclad protection, it’s important for everyone in contact with your network, from the CEO to the lowly intern, to act securely with these ten tips:

    1. Keep an inventory of hardware and software on the company network.
    2. Develop a process for software installation by end users. That could include limiting installation of trusted software or prohibiting and blocking all installation without prior approval from IT.
    3. Educate users on practising good cyber behaviour, including password management, identifying potential phishing efforts, and which devices to connect to the network.
    4. Identify vulnerable applications that aren’t in use and disable them.
    5. Consistently back up data and keep multiple copies. Consider using a secure cloud solution as well as on premise.
    6. Turn to industry-accepted secure configurations/standards like NIST and CIS Benchmark. These can help organisations define items like password length, encryption, port access, and double authentication.
    7. Patch all applications right away–regularly. Unpatched systems are one the biggest risk factors in attacks.
    8. Create complex passwords.
    9. Limit the number of users with administrative privileges.
    10. Upgrade ageing infrastructure and systems.

    Reduce the Human Impact

    Even with the best protection, there are no guarantees that your business won’t become the victim of a ransomware attack, data breach, or other cybersecurity threat. That’s why it is so important to reduce human impact by automating security practices whenever possible.

    Providing double authentication sign-ons that require complex passwords, blocking certain file types, and testing users on their security knowledge are steps that all companies can take to protect today’s diversified networks.

    For businesses with a shortage of cybersecurity professionals, these steps while simple may still prove to be a challenge. That’s why it is helpful to find tools like machine learning that can react and predict malicious behaviour for you.

    With machine learning and behavior-based detection, you can relieve your IT team of exhaustive manual procedures. SentinelOne automates security for you with EPP. To learn more on how to protect your network in our quickly evolving technological world, download our executive brief Get Your Endpoint Protection Out of the 90’s!

    Item take from SentinelOne blog.

    New SentinelOne Enterprise Risk Index Provides Evidence of Growing Use of In-Memory Attacks; Renders Traditional Antivirus Protection Methods Redundant

    April 28th, 2017

    SentinelOne, the company transforming endpoint protection by delivering unified, multi-layer protection driven by machine learning and intelligent automation, today launched its first Enterprise Risk Index which highlights the growing use of in-memory attacks, further proof that attacks simply cannot be stopped by traditional, static, file inspection security solutions.

    The report includes an analysis of filtered data from more than one million SentinelOne Enterprise Platform agents deployed worldwide during the last half of 2016. Findings are based on behavioural analysis of malware programs that bypassed firewalls and network controls to infect endpoint devices.

    “These days, infecting a target is just a matter of resources; but how long the hackers get to stay inside the network is a matter of good detection,” said Andy Norton, EMEA risk officer for SentinelOne and lead researcher for the Enterprise Risk Index. “In our analysis we focused on the attacks that are successful in making their way past traditional defences to reach endpoint targets because these are the threats that pose the greatest risk to an organisation. That’s what we should be measuring – not what’s stopped at the gateway.”

    The report focuses on attack methods classified into three risk categories:

  • Attacks detected from document-based files, largely associated with Microsoft Word or Adobe PDF.
  • Attacks detected from traditional portable executable-based files.
  • Attacks detected only from the memory of the system with no associated new artefacts on the system.
  • From the report, “we won’t be announcing what the top malware family is – for example, Zeus, Diamond Fox or Updare – however, we do build indicators of compromise to help with identification and response, and when a hash value exists we have submitted the hash to malware repositories to see what other submissions there have been for them.”

    Key findings of the report include:

  • The growing menace of in-memory attacks: in this timeframe, we found that these attacks have doubled in comparison to the infection rates of file based vectors.
  • Even for file-based attacks, only 20 percent of threats had corresponding signatures from existing AV engines.
  • Nation-state actors are trading infection sustainability for stealth, leaving no new artefacts on the file system and relying on memory-based attacks, even if it means needing to re-infect the target.
  • Three-pronged infections are becoming the norm as attackers no longer rely solely on .exe files to deliver malware, but instead use hybrid attacks that multiple attack vectors can utilise in one attack chain.
  • “Our goal with the Enterprise Risk Index is to help organisations get a better view of which threats are successful in reaching the final barrier in enterprise defences,” said Norton. “With this data in mind, customers can better determine not only what the risks are but where they are and can adjust their security planning and investments accordingly.”

    A copy of the full SentinelOne Enterprise Risk Index is available for download here.

    Brocade Study Reveals More than Half of IT Teams Will Struggle with Business Demands in Next 12 Months

    April 27th, 2017

    Germany and U.S. Ahead of the Digital Transformation Skills Game, While UK Lags Behind

    Brocade announced a new GLOBAL DIGITAL TRANSFORMATION SKILLS STUDY, which aims to uncover how well-placed global IT leaders consider themselves and their teams to be in terms of meeting current and future business demands. Of the six markets surveyed, Germany was found to be the best prepared to meet its digital transformation goals, closely followed by the U.S., while the UK lagged well behind its counterparts.

    The research, which surveyed 630 IT leaders in the U.S., UK, France, Germany, Australia, and Singapore, indicates that many organisations are at a tipping point, as new technology demands are set to outstrip the skills supply. Organisations that address this now through additional skills training will be in the strongest position to ensure business growth and competitive advantage.

    Overall, an encouraging 91 percent of global IT leaders acknowledge that IT departments are currently recognised as very important or critical to innovation and business growth. However, more than half (54 percent) predict they will struggle with a lack of IT talent in 12 months. Contributing factors identified from the research include skills shortages, a prevalence of outdated skills, lack of commitment to training at the corporate board level, and the rapidly changing technology environment.

    “Businesses are approaching the peak of IT strategic influence. Now is the moment that IT teams feel they have the strongest opportunity to influence the transformation of their organisations,” said Christine Heckart, chief marketing officer and senior vice president of ecosystems, Brocade. However, with a rapidly changing technology landscape and potential impact on international labour markets, it is critical that IT receives the right training to further develop their skills and business relevance.”

    The research also found that skills planning had to be aligned with other areas of business planning to avoid the risk of a technology skills deficit, where IT teams are expected to deliver the benefits of technologies that they are ill-equipped to implement.

    Staff shortages and outdated skills are preventing ITDMs from delivering on current business demands

    Organisations are attempting to move their IT departments away from their traditional roles, but the lack of skills and the time required to learn those skills have held them back. IT decision makers (ITDM) believe this could be a major contributor to their inability to meet business demands, putting organisations at risk of falling behind their competitors and losing customers.

  • Approximately one in four respondents in Australia, France, Germany, Singapore, and the U.S. claim that they cannot deliver on current business demand due to staff shortages. This number rises to 42 percent in the UK.
  • Respondents claim that the lack of access to talent will prevent them from implementing new technologies efficiently, lead to a decrease in employee satisfaction, and result in the loss of market share.
  • The IT skills gap is only likely to get worse and organisations need to act now

    The political landscape is also a contributing factor in the widening skills gap. As market uncertainty intensifies in the next few years, it is more important than ever for IT departments to remain agile and take advantage of new technologies.

  • Ninety-two percent of those questioned had some level of concern about future hiring of IT staff, while 54 percent were concerned about a lack of skilled talent to choose from.
  • Forty-three percent of global respondents agreed or strongly agreed that the current political climate makes it difficult to hire employees with the right skills. In the U.S. and Australia, the numbers were 52 percent and 54 percent, respectively.
  • Even with the uncertainty surrounding the Brexit situation, EMEA respondents were less concerned, with only 31 percent of UK ITDMs believing it presented a challenge compared to 39 percent in Germany and 35 percent in France.
  • Training time and investment will prove to be business-critical

    Training continues to be an issue as day-to-day IT maintenance tasks take priority. For organizations to address the technical skills deficit, they first need to invest time and money — or face the consequences.

  • There is consistent demand globally to spend more time on increasing skills — from 15 percent of time that is currently spent on this to 22 percent.
  • Respondents reported that insufficient budget (45 percent) and training time (45 percent) are constraining IT departments’ attempts to develop skills more than any other factors. These factors rise to 60 percent and 50 percent respectively in Australia but drop to 37 percent and 30 percent in Germany.
  • Currently, only three hours are allocated per week for learning and skills development. Respondents in Singapore average four hours of skills development per week.
  • Sixty-seven percent of respondents agree that the key to closing the skills gap would be to spend more money on training.
  • IT professionals need to take control of their professional future

    The research also showed that IT professionals at all levels must take increased responsibility for their own professional destiny, embracing the opportunities delivered by new technologies such as artificial intelligence (AI) and all areas of IoT from device management to security.

  • Thirty-five percent of global respondents agreed or strongly agreed that their organisation’s IT team does not have the right skills to protect their jobs in the future.
  • When asked to identify the one skill that they see as critical to their future career progression, cybersecurity was the most frequently cited, by 22 percent of respondents globally.
  • AI and IoT security tied for second as the most critical skill at 18 percent. While AI was the most critical skill in France and Australia, IoT security was the most valued skill in Germany.
  • AI could be a friend or foe

    AI could revolutionise the IT skills that are required and the way that we work. AI is likely to replace a number of IT roles and tasks, but this doesn’t mean the end for the IT department. Employees need to have the right skills to be in a position to work alongside AI and embrace its future impact, so that organizations can unleash its full potential.

  • When asked which current roles were already being replaced by AI, desktop support (23 percent), data analyst (20 percent), software testers (17 percent), system architects (14 percent), and network engineers (11 percent) topped the list.
  • Within the next 10 years, these numbers are expected to increase: desktop support (37 percent), data analyst (34 percent), software testers (33 percent), system architects (31 percent), and network engineers (31 percent).
  • AI will also impact the role of the CIO, with almost half of the global respondents claiming increased focus from the business.
  • Fifty-six percent of respondents believe that developing AI-related skills is key to securing a role in the future.
  • Vital role of the board in ensuring long-term IT skills development

    Organisations’ boards will often dictate whether employees have the time and empowerment to develop their skills, but this is common in organisations that do not have the right support. The boards also have to ensure that skills and training improvements are aligned with other areas of business planning.

  • Forty-four percent of respondents think that new skills acquisition is not seen as being as valuable as it should be by the board. This rises to 59 percent in Australia and 50 percent in the UK. The U.S. (42 percent), Germany (41 percent), Singapore (40 percent), and France (34 percent) had slightly more positive results.
  • Almost a fifth of global respondents think their boards view gaining knowledge and skills as a cost to the business, rather than an asset. This rises to 35 percent in Australia.
  • However, the majority of respondents in France (63 percent) and Germany (62 percent) see knowledge and skills growth as an asset.
  • Despite respondents claiming that they plan approximately two years in advance for most areas of the business, staffing and recruitment is still on average only planned for a maximum of a year.
  • This is creating a disconnect where organisations are attempting to address key IT challenges with teams not as well equipped in terms of skills and experience as they could be.
  • Additional Resources

    Data in the study also revealed four main personas of global IT leaders, all with different levels of effectiveness when it comes to pioneering digital transformation projects and managing the skills of their teams.

    EXECUTIVE SUMMARY
    GLOBAL AND REGIONAL ANALYSIS OF EACH PERSONA IN EACH OF THE COUNTRIES SURVEYED

    The study was conducted by independent research house Vanson Bourne in March 2017. 630 IT decision-makers in organisations with more than 500 employees in the U.S., U.K., France, Germany, Singapore and Australia were surveyed.

    This article has been taken from Brocade.com.

    Dump the Sandbox

    April 20th, 2017

    By Andy Norton at SentinelOne

    Technology becomes obsolete quickly in a variety of industries as “newer” and “more innovative” options crop up on what feels like an almost daily basis. The same is true for the pace of technological innovation in the information security space.

    Traditional antivirus vendors spurred on by waning detection rates and unhappy customers have been acquiring companies that offer potential solutions to the satisfactory prevention of the latest threat of the day, that currently pose enormous risks to its already languishing and disgruntled customers.

    Sandboxes grew in popularity as a stop gap because organisations needed to apply reasonable levels of certainty to security controls in the absence of confidence in endpoint AV to protect the organisation. But, at what cost?

    Apart from being hideously expensive because they knew about “Chinese” attackers, sandboxes identified thousands of Indicators of Compromise (IoCs), that had every security analyst chasing every instance to determine if the attack only detonated in the sandbox, or if it also ran on the endpoint. And, if so, did it successfully communicate with its command-and-control infrastructure? If it did that, then they had to determine what it actually did to the endpoint.

    This Pyrrhic victory in malware defence has been the reality for many organisations for the past few years. The lack of efficiency in the sandbox has forced organisations to consume intel feeds and hope that an IoC somewhere might turn up in the environment at some point, only to find out that the level of false positive reduction in that feed was not satisfactory.

    Here´s the message for the CISO

    If you are about to renew a really expensive purchase order for sandboxes… don´t sign the renewal agreement without first considering alternative approaches.

    It´s time to get rid of high maintenance security technology. It´s time to stop shouldering the burden of proof of what might occur at the endpoint, based on what was detected on the network.

    Even a leading sandbox vendor admits: “the endpoint has always been the most reliable source of truth.” The endpoint is ground-zero for the organisation, and as such it should be the most accurate and least costly source of security escalation.

    Microsoft operates 12 security operation centres, they found IoC led investigations have a negative value to security. Instead, they base their analysis of threats on observed behaviours in their environment, behaviour analysis is responsible for tracking nearly 100% of the active threats at Microsoft.

    Total Cost of Risk Ownership

    Information security controls are placed into an organisation to manage risk. The big questions to ask: does the capital and operational burden of sandboxes actually reduce the risk? What is the delta in risk between running sandbox technology and not running it? Further, what is the savings in expenditure and operational costs?

    The quantitative answer is determined by how many threats are detected in the sandbox that would not have been detected by other security controls. For example, if you have a system that monitors the actual behaviour of the endpoint, then the risk delta value of the sandbox is zero. In addition, the cost savings are enormous because the wild goose chases of analyst time disappears too. Instrumenting the endpoint with behavioural modeling instead of using sandboxes reduces the Total Cost of Ownership massively, as the expenditure drops while the residual risk remains the same.

    Related Posts from SentinelOne:

    Cyber Security Importance Doesn’t Always Translate in Business
    We hear a lot about cyber security these days, both in the business world and…

    Deepening threat intelligence: SentinelOne’s DFI engine now part of VirusTotal
    A short while ago, SentinelOne—in the latest release of EPP– brought to market a powerful…

    SentinelOne Now Supports Windows Legacy Systems
    Not all operating systems are created equal Last month, at South China University of Technology…

    Three Common Misconceptions about Designing Your Cybersecurity Solution

    April 12th, 2017

    Outdated cybersecurity solutions with data backhaul and hardware upgrades cost organisations millions of dollars each year. There are other alternatives to backhauling data that keep your network secure and your costs down. Here are three misconceptions of designing your cybersecurity solution.

    1. Thinking that backhauling data from remote offices and mobile workers to on-prem appliances is the only way to protect a distributed organisation.

    Since the age of the mainframe in the late 60s, centralising your IT infrastructure was logical. Most companies had large headquarters where a majority of their employees worked, and infrastructure was housed centrally to provide compute power and business resources. As technology advanced through the mid-90s, internet and email became common work tools, meaning organisations now had the flexibility to conduct business from multiple office locations. Enter the Blackberry in the early 2000s, and now we’ve reached the distributed age. Businesses are rarely in one location. If you consider every mobile device accessing work applications a “remote office,” you have now gone from securing one site to securing hundreds.

    This exponential increase in business locations puts increasing strain on your network security plan. While the pain of backhauling data as you added individual remote offices was manageable, the concept of backhauling data was never designed to scale to the mobile world we live in. This new paradigm shift in business requires a new approach to network security. Continuing to backhaul data from mobile users and remote offices is like. It might work for today, and maybe for tomorrow, but you either keep paying for more sandbags, or consider a new approach that is designed for the current situation.

    2. Completely rearchitecting your network by moving to an all-cloud solution is the only way to avoid excessive backhaul

    There are cloud-only SWG solutions that provide infrastructure cost benefits, but they come with a pricey compromise – rearchitecting your entire network to direct all traffic to cloud-based SWGs. A cloud-only approach is not for every business. There are compliance issues for many industries, legal ramifications from data privacy laws, and operational security concerns that arise from using a multitenant cloud. If you have requirements that can’t completely be met by a cloud-only SWG, it’s critical that you find a solution that’s built for the cloud, but not built exclusively in the cloud.

    3. Believing that leveraging cloud and on-prem capabilities mean you have to manage two separate interfaces or sacrifice policy consistency.

    If you’re already one step ahead and know that you don’t have to rely on solely cloud or on-prem secure web gateways, perhaps you are exploring a hybrid solution. Traditional “hybrid” solutions have two different systems operating in tandem. While this seems like a good idea, in theory, it creates significant management overhead and headaches to administer the two systems. For example, policies often only sync in one direction, which creates gaps in your security plan as you work to ensure each system is managed correctly. Not to mention that the two systems frequently lack feature parity, making uniform policy enforcement a real challenge.

    Your experiences managing your network security should be seamless and should not require separate management systems just to reap the benefits of both cloud and hybrid deployment. Your secure web gateway should give you the flexibility to define your own network security policies without reconfiguration or sacrificing user experience.

    Beyond backhauling

    Most companies haven’t reevaluated their network security solution because the thought of ripping and replacing appliances or completely reconfiguring their network is enough to scare them away. But SWG solutions designed 10-15 years ago were built to secure a different type of organisation than we see today, so it’s worth considering other options. It is not financially sustainable to backhaul the increasing amount of data created by a mobile workforce. Instead, find a solution that leverages the cloud to avoid expensive VPN and MPLS links, but also doesn’t force you to overhaul your network architecture.

    Believe it or not, there are network security solutions that were built specifically to support the distributed organisation. iboss designed the first Distributed Gateway Platform to address the challenges facing decentralised organisations today by leveraging an elastic, node-based architecture that scales to meet changing bandwidth needs. Learn more about the changing secure web gateway landscape and the needs posed by distributed organisations.

    As you think about your security needs over the next five to ten years, evaluate whether your current vendor can help you scale and grow without network re-architecture, management of multiple, isolated systems, or increased bandwidth costs from backhauling data. Here are 11 things to consider as you evaluate and plan for your cybersecurity needs in the coming years.

    Original article published by Ed Gaudet. https://blog.iboss.com/sled/3-common-misconceptions-about-designing-your-cybersecurity-solution

    Net-Ctrl Blog

    “What’s Next” Technology in Your Hotel? Start by Building a Solid Foundation

    June 26th, 2017

    By: Matthew FitzGerald, Director Systems Engineering at Ruckus

    “What’s next for hospitality?” Our answer covers IoT, 802.3bz, 802.11ax, more content options, plus more smaller devices, and it always includes “and whatever you can imagine!” The follow-up question for hotel owners is, “How do we prepare?” Having your network ready for 5GHz and 802.11ac and understanding the value of in-room access points (APs) are some examples of Wi-Fi readiness.

    We believe a solid foundation is critical to the future success of your hotel’s technology strategy. Your network should be able to handle today’s demands and scale up to support future requirements.

    Ruckus has been working with hotels on Wi-Fi since the early installation of 802.11b/g. Hotels have transitioned through many Wi-Fi standards and advances: 802.11b to 11g, 11g to 11n, 11n to 11ac and eventually placing more emphasis on 5 GHz over 2.4 GHz. While there have been financial outlays, frustration, mistakes and hard lessons, as an industry, we’ve learned that proper AP placement is the cornerstone for a solid foundation. And, while standards and Ethernet switch architecture evolve, cable foundations provide a great conduit for the coming wave of new technology. It’s yet another layer to build on.

    As the next big Wi-Fi protocol update, 802.11ax, hits the market in 2018, the physics of the unlicensed 2.4 and 5GHz bands will remain unchanged and should allow for changing AP endpoints, not the cabling. Moreover, 802.11ax will be doing a lot more in the same spectrum and coverage area.

    Having the correct cabling media, power sources, design and architecture is one of the most important decisions you will make concerning Wi-Fi protocols. The Layer 1 choices you make today will impact your network for years to come. We are now seeing APs that are truly over the 1 GbE mark, such as the Ruckus R720 and, in the future, 802.11ax APs. These APs will also require greater PoE power budgets—Ethernet switches will need to provide power greater than 802.3af (15.4W) or even 802.3at (30W), and they will need to support PoH (60W).

    Ruckus sees this as a staged process unfolding over the course of several years. To help hotels move in this direction, we have rolled out switches in the ICX 7000 series, which support 802.3bz (2.5GbE over CAT 5e and above) and PoH. As you plan your strategy and budget for Ethernet switching, be sure to include switches with the capability of the ICX 7150 Z-series for key applications such as conference areas.

    Yes, more wireless is coming to hotels. At Ruckus, we are doing more with 3.5GHz LTE (OpenG) and radio technologies like Zigbee, BLE, Z-Wave and others. These run on top of the Ruckus platform in a Ruckus framework that provides control, visibility and analytics. The foundation of Ruckus wired and wireless products will allow new radio services to be added quickly and cost effectively to your hotel network. We’re very excited about this development, so stay tuned.

    Of course, having this great technology in a hotel without a way to manage it would be like letting heat out of the window in winter. Ruckus offers a suite of software solutions—the SmartZone WLAN System, Smart Cell Insight Analytics and SPoT Location—that work together to provide full control of the system, advanced monitoring and detailed analytics. We continue to develop our products with an eye toward allowing holistic views of all our equipment (wireless and wireline). With many available options—from on-premises equipment to hosted solutions—a hotel can choose the model that fits their needs. Plus, the Ruckus architecture and our advanced APIs enable integration with third-party partner solutions, resulting in an end-to-end networking ecosystem.

    Ruckus has been committed to the hotel industry since our inception and continues to focus on this sector.

    This article has been taken from The Ruckus Room.

    Are we done with WannaCry?

    June 26th, 2017

    Several customers and industry analysts frequently ask us (and other vendors) about independent validation of our capabilities. We wanted to share information about a recent test conducted by MRG-Effitas to validate the effectiveness of various traditional and next-generation endpoint security suites against the EternalBlue and Doublepulsar exploits/backdoor. These threats were unearthed by “The Shadow Brokers” hacking group and are said to have been used by the NSA-linked Equation Group to launch cyber-attacks. The EternalBlue exploit received recent worldwide attention due to the WannaCry outbreak that used this exploit to infect over 230,000 machines in over 150 countries.

    And unfortunately, WannaCry does not seem to be the end of these threats. Attackers can use these same exploits to not only lock up data to demand ransom but also to steal employee credentials to exfiltrate other sensitive information (think of this as two-for-one attack – advanced threat combined with ransomware). Worse yet, as seen in this particular case, attackers can bypass traditional and next-generation security measures, including hundreds of intelligence feeds. Further, security researchers who’ve tested security tools claim that these threats bypass 99% of security tools out there and we’re likely sitting with thousands more computers infected across several industries.

    MRG-Effitas tested for these exploits against various traditional and next-generation endpoint security suites, including SentinelOne, Cylance, ESET, Symantec and others. The tests began in May 2017 – two months after Microsoft disclosed the MS17-010 vulnerability (EternalBlue exploit) and within weeks of the WannaCry outbreak.

    The summary of the MRG-Effitas tests are as follows:

    1. We’re happy to see that SentinelOne passed this test with flying colours.
      – In the words of MRG-Effitas: “SentinelOne 1.8.4.6202 was able to block every malicious payload DLL or shellcode introduced to the system via the Eternalblue exploit, by blocking it in a generic way. Both original Eternalblue with Doublepulsar and Metasploit port was tested. SentinelOne not only blocks the Meterpreter payload but the original Peddlecheap payload as well. As more and more tests were ongoing, we have seen that multiple (typically next-gen) products were able to block the Meterpreter payload loading in a generic way, but not the Peddlecheap one.”
    2. Other traditional endpoint security suites such as ESET and Kaspersky also stopped the backdoor from being installed.
    3. Symantec EPP seems to have failed with blue-screen-of-death when run within VMWare, but caught the attack on a physical endpoint.
    4. Cylance was the only vendor that failed this test.
      – In the words of MRG-Effitas: “The interesting part of the video starts at 5:00. The Doublepulsar backdoor is already installed and this means the system is already compromised and it would appear that Cylance did not realise this.”
      – The video referenced above is Cylance’s video on WannaCry protection

    One of the other pieces explored by the blog is looking beyond the tactics used by WannaCry to other capabilities that may be exploited in the future. For instance, WannaCry is a strain of Windows ransomware that took advantage of the EternalBlue exploit along with a file-based payload. However, the EternalBlue exploit could easily be used with fileless (in-memory) malware that can completely work around the defenses of solutions that miss the exploit or focus on file-based detection. This methodology is discussed in the blog and was also used in the wild by another ransomware family dubbed UIWIX. In other words, customers without holistic protection will leave themselves exposed to another WannaCry-like attack in the future. So look at your security vendors carefully.

    Interested in the versions of Windows impacted by MS17-010 – check out the Microsoft Security Bulletin. The most popular versions, such as Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2016 and Windows 10 all have this vulnerability. It’s obviously wise to get the patches and updates installed as soon as possible.

    To learn more about how SentinelOne can help, check out our Endpoint Protection Platform online or our datasheet.

    Related Posts

    What is Next Generation Endpoint Protection?
    By now you have probably heard the term “Next Generation Endpoint Protection. A slew of…

    Why Anti-Exploitation Only Solves Part of the Endpoint Security Problem
    In July Microsoft introduced an updated version of its Enhanced Mitigation Experience Toolkit (EMET), designed…

    The First AV-TEST Certified Enterprise Anti-Virus Replacement and Next Generation Endpoint Protection Platform IS HERE
    AV-TEST, a leading independent anti-virus research institute, has awarded SentinelOne EPP the Approved Corporate Endpoint…

    Post published by Rajiv Raghunarayan and SentinelOne. View the original article.

    Ruckus adds Multi-Gigabit Networking Solution to its High-Performance WiFi Portfolio

    June 21st, 2017

    Ruckus, announced it now offers both wired and wireless networking for enterprise, hospitality, service provider, government and small-and-medium business (SMB) customers worldwide.

    By combining its industry-leading wireless products with the ICX® wired switching portfolio from Brocade, Ruckus now offers a complete line of high-performance access infrastructure designed to optimise the end-user experience, simplify network setup and management for IT managers, and help business leaders deliver great experiences for their employees, guests and customers.

    As part of its expanded offering to deliver simply better connections, Ruckus announced a new multi-gigabit solution that delivers more efficient performance while providing flexible scalability and simplified management to meet the needs of businesses and organisations of all types and sizes.

    “The expansion of Ruckus to include both wired and wireless products is a tremendous opportunity for us to carry forward the outstanding ICX product line and technology innovation we have gained as part of Brocade,” said Dan Rabinovitsj, chief operating officer of Ruckus

    “Combining the product lines means we can offer our partners a comprehensive set of access infrastructure and meet customers’ networking needs beyond simply wireless, without sacrificing performance. Our new multi-gig solution sets the tone for the type of innovation to come.”

    The new ICX 7150 Z-Series switch and Ruckus R720 access point (AP) together solve the problems associated with increasing device densities and bandwidth-consuming applications by maximising network access performance with a complete multi-gigabit 802.11ac Wave 2 solution. The Ruckus solution does not require the need to rip and replace existing CAT 5e cabling infrastructure – the switch and AP can simply be dropped into current environments, thus substantially saving costs and installation time while increasing performance.

    The latest addition to the Ruckus portfolio also includes Cloudpath Enrollment System software, a security and policy management platform that enables organisations to easily establish secure, policy-based access for all wired and wireless devices. Cloudpath is infrastructure-agnostic, allowing organisations to apply a single unified approach to device security and policy, regardless of client OS or underlying networking infrastructure.

    “The announcement that Ruckus will expand its solution set by fully incorporating wired Ethernet switching into its portfolio makes absolute sense and was expected as part of the acquisition announcement from ARRIS earlier this year,” said Nolan Greene, senior research analyst, IDC. “With this new multi-gig solution, Ruckus is formally expressing its intent to be a dominant player in the network access infrastructure market for its target segments—education, hospitality, service provider, government and SMB.”

    Optimising Wired and Wireless Access

    End-user quality-of-service expectations are increasing but IT budgets and time aren’t rising with them. Ruckus has developed two new products designed to work in combination to deliver the performance end users expect with the scalability, manageability and value IT departments require:

    Ruckus ICX 7150 Z-Series Switch. A full-featured layer 3-capable 48-port switch that includes sixteen 2.5 GbE ports and thirty-two 10/100/1000 ports. The 7150-Z includes dual hot-swappable power supplies and fans and is stackable with other switches in the ICX 7150 family. Eight 10 GbE uplink/stacking ports doubles stacking and uplink bandwidth over previous ICX 7150 models.

    Ruckus R720 Access Point. A 4×4:4 dual-band 802.11ac Wave 2 AP with one 10/100/1000 and one 2.5 GbE port. Featuring patented BeamFlex+™ and ChannelFly™ technologies, the R720 is capable of 160MHz and 80+80MHz channelization and is designed for use in high-density indoor applications.

    When paired, the new switch and AP uniquely solve the IT challenge of accommodating spiking network traffic—caused by increased device density and bandwidth-intensive applications—while minimising deployment time and expense.

    WanaCrypt0r aka WannaCry ransomware wreaks havoc worldwide

    May 16th, 2017

    The WanaCrypt0r ransomware hit with a vengeance on Friday, with the outbreak beginning in Europe, striking hospitals and other organisations, then quickly spreading across the globe. As of 1:00pm Pacific Time, it is believed more than 57,000 systems in more than 74 countries had been affected.

    Researchers at SentinelOne have determined that the Endpoint Protection Platform does successfully detect and block this ransomware strain. Customers are advised to make sure that they are running the latest version.

    Additional reports indicate that this ransomware strain was distributed using the EternalBlue exploit that was released by the ShadowBrokers in April. This vulnerability was patched by Microsoft (MS17-010) before ShadowBrokers released the exploit. This shows that in the real world keeping up-to-date with patches and critical updates can be difficult but is a crucial step for all organisations.

    Watch SentinelOne’s advanced machine learning engines at work against WannaCry:

    This article was taken from SentinelOne.

    Palo Alto Networks Protections Against WanaCrypt0r Ransomware Attacks

    May 16th, 2017

    What Happened

    On Friday, May 12, 2017, a series of broad attacks began that spread the latest version of the WanaCrypt0r ransomware. These attacks, also referred to as WannaCrypt or WannaCry, reportedly impacted systems of public and private organisations worldwide. Our Next-Generation Security Platform automatically created, delivered and enforced protections from this attack.

    How the Attack Works

    While the initial infection vector for WanaCrypt0r is unclear, it is certain that once inside the network, it attempts to spread to other hosts using the SMB protocol by exploiting the EternalBlue vulnerability (CVE-2017-0144) on Microsoft Windows systems. This vulnerability was publicly disclosed by the Shadow Brokers group in April 2017, and was addressed by Microsoft in March 2017 with MS17-010.

    Microsoft published a post on protections from the WanaCrypt0r attacks here, and has taken the step of providing patches for versions of Windows software that are no longer supported, including Windows XP. Organisations that have applied the MS17-010 update are not at risk for the spread of WanaCrypt0r across the network, but given it addresses a remotely exploitable vulnerability in a networking component that is now under active attack, we strongly urge making deployment of this security update a priority.

    Preventions

    Palo Alto Networks customers are protected through our Next-Generation Security Platform, which employs a prevention-based approach that automatically stops threats across the attack lifecycle. Palo Alto Networks customers are protected from WanaCrypt0r ransomware through multiple complementary prevention controls across our Next-Generation Security Platform, including:

    • WildFire classifies all known samples as malware, automatically blocking malicious content from being delivered to users.
    • Threat Prevention enforces IPS signatures for the vulnerability exploit (CVE-2017-0144 – MS17-010) used in this attack: SMB vulnerability – ETERNALBLUE.
    • URL Filtering monitors malicious URLs used and will enforce protections if needed.
    • DNS Sinkholing can be used to identify infected hosts on the network. For more, please reference our product documentation for best practices.
    • Traps prevents the execution of the WanaCrypt0r malware on endpoints.
    • AutoFocus tracks the attack for threat analytics and hunting via the WanaCrypt0r tag.
    • GlobalProtect extends WildFire and Threat Prevention protections to remote users and ensures consistent coverage across all locations.

    For best practices on preventing ransomware with the Palo Alto Networks Next-Generation Security Platform, please refer to their Knowledge Base article. We strongly recommend that all Windows users ensure they have the latest patches made available by Microsoft installed, including versions of software that have reached end-of-life support.

    This article was originally published by Palo Alto Networks.View the original article.

    Change Log:

    On May 13, 2017, this post was updated to include:

    • Link to Microsoft blog on protections against WanaCrypt0r attacks
    • Details on additional protections via DNS sinkholing
    • Updated URL Filtering section to reflect new analysis

    On May 15, 2017, this post was updated to clarify the WanaCrypt0r attack delivery method based on additional information.

    May 17, 2017:

  • Added Threat Prevention signature information for anti-malware and command-and-control activity.
  • Added link to Traps blog.
  • Practice These 10 Basic Cyber Hygiene Tips for Risk Mitigation

    May 9th, 2017

    For six years in a row, cybersecurity has been identified as the #1 “problematic shortage” area across all of IT. What’s more concerning is that in 2016 and 2017, there was a dramatic increase in the shortage across organisations.

    With companies scrambling for cybersecurity personnel, they are also distracted by involvement in an innovation race. Today, intense pressure is placed on organisations to stay on top of new technology without slowing daily operations. As rapid implementations of these technologies continue, security measures and risks that tend to cause vulnerabilities in the IT environment are overlooked. With the popularity of Internet of Things and BYOD, we’re also witnessing the creation of weak spots that IT departments do not have the bandwidth or expertise to address.

    In today’s modern cybersecurity, a large emphasis is placed on managing risk, which is dire for companies lacking professionals that can respond to attacks. With ever-evolving threats, it’s nearly impossible to always know what is coming. That’s why it is so imperative to practice basic cyber hygiene as a way to eliminate and mitigate possible threats, especially during a time of digital transformation.

    What is Basic Cyber Hygiene?

    The Center for Internet Security (CIS) and the Council on Cyber Security (CCS) defines cyber hygiene as a means to appropriately protect and maintain IT systems and devices and implement cyber security best practices.

    This risk mitigation technique is a must for all businesses deploying emerging technologies to their networks. Without clear assessments and interventions, hackers will have an easy in through unpatched and outdated solutions, and unforeseen security gaps in newer technologies.Executive Brief Endpoint Protection

    Keeping Good Cyber Hygiene Habits

    While cyber hygiene isn’t an ironclad protection, it’s important for everyone in contact with your network, from the CEO to the lowly intern, to act securely with these ten tips:

    1. Keep an inventory of hardware and software on the company network.
    2. Develop a process for software installation by end users. That could include limiting installation of trusted software or prohibiting and blocking all installation without prior approval from IT.
    3. Educate users on practising good cyber behaviour, including password management, identifying potential phishing efforts, and which devices to connect to the network.
    4. Identify vulnerable applications that aren’t in use and disable them.
    5. Consistently back up data and keep multiple copies. Consider using a secure cloud solution as well as on premise.
    6. Turn to industry-accepted secure configurations/standards like NIST and CIS Benchmark. These can help organisations define items like password length, encryption, port access, and double authentication.
    7. Patch all applications right away–regularly. Unpatched systems are one the biggest risk factors in attacks.
    8. Create complex passwords.
    9. Limit the number of users with administrative privileges.
    10. Upgrade ageing infrastructure and systems.

    Reduce the Human Impact

    Even with the best protection, there are no guarantees that your business won’t become the victim of a ransomware attack, data breach, or other cybersecurity threat. That’s why it is so important to reduce human impact by automating security practices whenever possible.

    Providing double authentication sign-ons that require complex passwords, blocking certain file types, and testing users on their security knowledge are steps that all companies can take to protect today’s diversified networks.

    For businesses with a shortage of cybersecurity professionals, these steps while simple may still prove to be a challenge. That’s why it is helpful to find tools like machine learning that can react and predict malicious behaviour for you.

    With machine learning and behavior-based detection, you can relieve your IT team of exhaustive manual procedures. SentinelOne automates security for you with EPP. To learn more on how to protect your network in our quickly evolving technological world, download our executive brief Get Your Endpoint Protection Out of the 90’s!

    Item take from SentinelOne blog.

    New SentinelOne Enterprise Risk Index Provides Evidence of Growing Use of In-Memory Attacks; Renders Traditional Antivirus Protection Methods Redundant

    April 28th, 2017

    SentinelOne, the company transforming endpoint protection by delivering unified, multi-layer protection driven by machine learning and intelligent automation, today launched its first Enterprise Risk Index which highlights the growing use of in-memory attacks, further proof that attacks simply cannot be stopped by traditional, static, file inspection security solutions.

    The report includes an analysis of filtered data from more than one million SentinelOne Enterprise Platform agents deployed worldwide during the last half of 2016. Findings are based on behavioural analysis of malware programs that bypassed firewalls and network controls to infect endpoint devices.

    “These days, infecting a target is just a matter of resources; but how long the hackers get to stay inside the network is a matter of good detection,” said Andy Norton, EMEA risk officer for SentinelOne and lead researcher for the Enterprise Risk Index. “In our analysis we focused on the attacks that are successful in making their way past traditional defences to reach endpoint targets because these are the threats that pose the greatest risk to an organisation. That’s what we should be measuring – not what’s stopped at the gateway.”

    The report focuses on attack methods classified into three risk categories:

  • Attacks detected from document-based files, largely associated with Microsoft Word or Adobe PDF.
  • Attacks detected from traditional portable executable-based files.
  • Attacks detected only from the memory of the system with no associated new artefacts on the system.
  • From the report, “we won’t be announcing what the top malware family is – for example, Zeus, Diamond Fox or Updare – however, we do build indicators of compromise to help with identification and response, and when a hash value exists we have submitted the hash to malware repositories to see what other submissions there have been for them.”

    Key findings of the report include:

  • The growing menace of in-memory attacks: in this timeframe, we found that these attacks have doubled in comparison to the infection rates of file based vectors.
  • Even for file-based attacks, only 20 percent of threats had corresponding signatures from existing AV engines.
  • Nation-state actors are trading infection sustainability for stealth, leaving no new artefacts on the file system and relying on memory-based attacks, even if it means needing to re-infect the target.
  • Three-pronged infections are becoming the norm as attackers no longer rely solely on .exe files to deliver malware, but instead use hybrid attacks that multiple attack vectors can utilise in one attack chain.
  • “Our goal with the Enterprise Risk Index is to help organisations get a better view of which threats are successful in reaching the final barrier in enterprise defences,” said Norton. “With this data in mind, customers can better determine not only what the risks are but where they are and can adjust their security planning and investments accordingly.”

    A copy of the full SentinelOne Enterprise Risk Index is available for download here.

    Brocade Study Reveals More than Half of IT Teams Will Struggle with Business Demands in Next 12 Months

    April 27th, 2017

    Germany and U.S. Ahead of the Digital Transformation Skills Game, While UK Lags Behind

    Brocade announced a new GLOBAL DIGITAL TRANSFORMATION SKILLS STUDY, which aims to uncover how well-placed global IT leaders consider themselves and their teams to be in terms of meeting current and future business demands. Of the six markets surveyed, Germany was found to be the best prepared to meet its digital transformation goals, closely followed by the U.S., while the UK lagged well behind its counterparts.

    The research, which surveyed 630 IT leaders in the U.S., UK, France, Germany, Australia, and Singapore, indicates that many organisations are at a tipping point, as new technology demands are set to outstrip the skills supply. Organisations that address this now through additional skills training will be in the strongest position to ensure business growth and competitive advantage.

    Overall, an encouraging 91 percent of global IT leaders acknowledge that IT departments are currently recognised as very important or critical to innovation and business growth. However, more than half (54 percent) predict they will struggle with a lack of IT talent in 12 months. Contributing factors identified from the research include skills shortages, a prevalence of outdated skills, lack of commitment to training at the corporate board level, and the rapidly changing technology environment.

    “Businesses are approaching the peak of IT strategic influence. Now is the moment that IT teams feel they have the strongest opportunity to influence the transformation of their organisations,” said Christine Heckart, chief marketing officer and senior vice president of ecosystems, Brocade. However, with a rapidly changing technology landscape and potential impact on international labour markets, it is critical that IT receives the right training to further develop their skills and business relevance.”

    The research also found that skills planning had to be aligned with other areas of business planning to avoid the risk of a technology skills deficit, where IT teams are expected to deliver the benefits of technologies that they are ill-equipped to implement.

    Staff shortages and outdated skills are preventing ITDMs from delivering on current business demands

    Organisations are attempting to move their IT departments away from their traditional roles, but the lack of skills and the time required to learn those skills have held them back. IT decision makers (ITDM) believe this could be a major contributor to their inability to meet business demands, putting organisations at risk of falling behind their competitors and losing customers.

  • Approximately one in four respondents in Australia, France, Germany, Singapore, and the U.S. claim that they cannot deliver on current business demand due to staff shortages. This number rises to 42 percent in the UK.
  • Respondents claim that the lack of access to talent will prevent them from implementing new technologies efficiently, lead to a decrease in employee satisfaction, and result in the loss of market share.
  • The IT skills gap is only likely to get worse and organisations need to act now

    The political landscape is also a contributing factor in the widening skills gap. As market uncertainty intensifies in the next few years, it is more important than ever for IT departments to remain agile and take advantage of new technologies.

  • Ninety-two percent of those questioned had some level of concern about future hiring of IT staff, while 54 percent were concerned about a lack of skilled talent to choose from.
  • Forty-three percent of global respondents agreed or strongly agreed that the current political climate makes it difficult to hire employees with the right skills. In the U.S. and Australia, the numbers were 52 percent and 54 percent, respectively.
  • Even with the uncertainty surrounding the Brexit situation, EMEA respondents were less concerned, with only 31 percent of UK ITDMs believing it presented a challenge compared to 39 percent in Germany and 35 percent in France.
  • Training time and investment will prove to be business-critical

    Training continues to be an issue as day-to-day IT maintenance tasks take priority. For organizations to address the technical skills deficit, they first need to invest time and money — or face the consequences.

  • There is consistent demand globally to spend more time on increasing skills — from 15 percent of time that is currently spent on this to 22 percent.
  • Respondents reported that insufficient budget (45 percent) and training time (45 percent) are constraining IT departments’ attempts to develop skills more than any other factors. These factors rise to 60 percent and 50 percent respectively in Australia but drop to 37 percent and 30 percent in Germany.
  • Currently, only three hours are allocated per week for learning and skills development. Respondents in Singapore average four hours of skills development per week.
  • Sixty-seven percent of respondents agree that the key to closing the skills gap would be to spend more money on training.
  • IT professionals need to take control of their professional future

    The research also showed that IT professionals at all levels must take increased responsibility for their own professional destiny, embracing the opportunities delivered by new technologies such as artificial intelligence (AI) and all areas of IoT from device management to security.

  • Thirty-five percent of global respondents agreed or strongly agreed that their organisation’s IT team does not have the right skills to protect their jobs in the future.
  • When asked to identify the one skill that they see as critical to their future career progression, cybersecurity was the most frequently cited, by 22 percent of respondents globally.
  • AI and IoT security tied for second as the most critical skill at 18 percent. While AI was the most critical skill in France and Australia, IoT security was the most valued skill in Germany.
  • AI could be a friend or foe

    AI could revolutionise the IT skills that are required and the way that we work. AI is likely to replace a number of IT roles and tasks, but this doesn’t mean the end for the IT department. Employees need to have the right skills to be in a position to work alongside AI and embrace its future impact, so that organizations can unleash its full potential.

  • When asked which current roles were already being replaced by AI, desktop support (23 percent), data analyst (20 percent), software testers (17 percent), system architects (14 percent), and network engineers (11 percent) topped the list.
  • Within the next 10 years, these numbers are expected to increase: desktop support (37 percent), data analyst (34 percent), software testers (33 percent), system architects (31 percent), and network engineers (31 percent).
  • AI will also impact the role of the CIO, with almost half of the global respondents claiming increased focus from the business.
  • Fifty-six percent of respondents believe that developing AI-related skills is key to securing a role in the future.
  • Vital role of the board in ensuring long-term IT skills development

    Organisations’ boards will often dictate whether employees have the time and empowerment to develop their skills, but this is common in organisations that do not have the right support. The boards also have to ensure that skills and training improvements are aligned with other areas of business planning.

  • Forty-four percent of respondents think that new skills acquisition is not seen as being as valuable as it should be by the board. This rises to 59 percent in Australia and 50 percent in the UK. The U.S. (42 percent), Germany (41 percent), Singapore (40 percent), and France (34 percent) had slightly more positive results.
  • Almost a fifth of global respondents think their boards view gaining knowledge and skills as a cost to the business, rather than an asset. This rises to 35 percent in Australia.
  • However, the majority of respondents in France (63 percent) and Germany (62 percent) see knowledge and skills growth as an asset.
  • Despite respondents claiming that they plan approximately two years in advance for most areas of the business, staffing and recruitment is still on average only planned for a maximum of a year.
  • This is creating a disconnect where organisations are attempting to address key IT challenges with teams not as well equipped in terms of skills and experience as they could be.
  • Additional Resources

    Data in the study also revealed four main personas of global IT leaders, all with different levels of effectiveness when it comes to pioneering digital transformation projects and managing the skills of their teams.

    EXECUTIVE SUMMARY
    GLOBAL AND REGIONAL ANALYSIS OF EACH PERSONA IN EACH OF THE COUNTRIES SURVEYED

    The study was conducted by independent research house Vanson Bourne in March 2017. 630 IT decision-makers in organisations with more than 500 employees in the U.S., U.K., France, Germany, Singapore and Australia were surveyed.

    This article has been taken from Brocade.com.

    Dump the Sandbox

    April 20th, 2017

    By Andy Norton at SentinelOne

    Technology becomes obsolete quickly in a variety of industries as “newer” and “more innovative” options crop up on what feels like an almost daily basis. The same is true for the pace of technological innovation in the information security space.

    Traditional antivirus vendors spurred on by waning detection rates and unhappy customers have been acquiring companies that offer potential solutions to the satisfactory prevention of the latest threat of the day, that currently pose enormous risks to its already languishing and disgruntled customers.

    Sandboxes grew in popularity as a stop gap because organisations needed to apply reasonable levels of certainty to security controls in the absence of confidence in endpoint AV to protect the organisation. But, at what cost?

    Apart from being hideously expensive because they knew about “Chinese” attackers, sandboxes identified thousands of Indicators of Compromise (IoCs), that had every security analyst chasing every instance to determine if the attack only detonated in the sandbox, or if it also ran on the endpoint. And, if so, did it successfully communicate with its command-and-control infrastructure? If it did that, then they had to determine what it actually did to the endpoint.

    This Pyrrhic victory in malware defence has been the reality for many organisations for the past few years. The lack of efficiency in the sandbox has forced organisations to consume intel feeds and hope that an IoC somewhere might turn up in the environment at some point, only to find out that the level of false positive reduction in that feed was not satisfactory.

    Here´s the message for the CISO

    If you are about to renew a really expensive purchase order for sandboxes… don´t sign the renewal agreement without first considering alternative approaches.

    It´s time to get rid of high maintenance security technology. It´s time to stop shouldering the burden of proof of what might occur at the endpoint, based on what was detected on the network.

    Even a leading sandbox vendor admits: “the endpoint has always been the most reliable source of truth.” The endpoint is ground-zero for the organisation, and as such it should be the most accurate and least costly source of security escalation.

    Microsoft operates 12 security operation centres, they found IoC led investigations have a negative value to security. Instead, they base their analysis of threats on observed behaviours in their environment, behaviour analysis is responsible for tracking nearly 100% of the active threats at Microsoft.

    Total Cost of Risk Ownership

    Information security controls are placed into an organisation to manage risk. The big questions to ask: does the capital and operational burden of sandboxes actually reduce the risk? What is the delta in risk between running sandbox technology and not running it? Further, what is the savings in expenditure and operational costs?

    The quantitative answer is determined by how many threats are detected in the sandbox that would not have been detected by other security controls. For example, if you have a system that monitors the actual behaviour of the endpoint, then the risk delta value of the sandbox is zero. In addition, the cost savings are enormous because the wild goose chases of analyst time disappears too. Instrumenting the endpoint with behavioural modeling instead of using sandboxes reduces the Total Cost of Ownership massively, as the expenditure drops while the residual risk remains the same.

    Related Posts from SentinelOne:

    Cyber Security Importance Doesn’t Always Translate in Business
    We hear a lot about cyber security these days, both in the business world and…

    Deepening threat intelligence: SentinelOne’s DFI engine now part of VirusTotal
    A short while ago, SentinelOne—in the latest release of EPP– brought to market a powerful…

    SentinelOne Now Supports Windows Legacy Systems
    Not all operating systems are created equal Last month, at South China University of Technology…

    Three Common Misconceptions about Designing Your Cybersecurity Solution

    April 12th, 2017

    Outdated cybersecurity solutions with data backhaul and hardware upgrades cost organisations millions of dollars each year. There are other alternatives to backhauling data that keep your network secure and your costs down. Here are three misconceptions of designing your cybersecurity solution.

    1. Thinking that backhauling data from remote offices and mobile workers to on-prem appliances is the only way to protect a distributed organisation.

    Since the age of the mainframe in the late 60s, centralising your IT infrastructure was logical. Most companies had large headquarters where a majority of their employees worked, and infrastructure was housed centrally to provide compute power and business resources. As technology advanced through the mid-90s, internet and email became common work tools, meaning organisations now had the flexibility to conduct business from multiple office locations. Enter the Blackberry in the early 2000s, and now we’ve reached the distributed age. Businesses are rarely in one location. If you consider every mobile device accessing work applications a “remote office,” you have now gone from securing one site to securing hundreds.

    This exponential increase in business locations puts increasing strain on your network security plan. While the pain of backhauling data as you added individual remote offices was manageable, the concept of backhauling data was never designed to scale to the mobile world we live in. This new paradigm shift in business requires a new approach to network security. Continuing to backhaul data from mobile users and remote offices is like. It might work for today, and maybe for tomorrow, but you either keep paying for more sandbags, or consider a new approach that is designed for the current situation.

    2. Completely rearchitecting your network by moving to an all-cloud solution is the only way to avoid excessive backhaul

    There are cloud-only SWG solutions that provide infrastructure cost benefits, but they come with a pricey compromise – rearchitecting your entire network to direct all traffic to cloud-based SWGs. A cloud-only approach is not for every business. There are compliance issues for many industries, legal ramifications from data privacy laws, and operational security concerns that arise from using a multitenant cloud. If you have requirements that can’t completely be met by a cloud-only SWG, it’s critical that you find a solution that’s built for the cloud, but not built exclusively in the cloud.

    3. Believing that leveraging cloud and on-prem capabilities mean you have to manage two separate interfaces or sacrifice policy consistency.

    If you’re already one step ahead and know that you don’t have to rely on solely cloud or on-prem secure web gateways, perhaps you are exploring a hybrid solution. Traditional “hybrid” solutions have two different systems operating in tandem. While this seems like a good idea, in theory, it creates significant management overhead and headaches to administer the two systems. For example, policies often only sync in one direction, which creates gaps in your security plan as you work to ensure each system is managed correctly. Not to mention that the two systems frequently lack feature parity, making uniform policy enforcement a real challenge.

    Your experiences managing your network security should be seamless and should not require separate management systems just to reap the benefits of both cloud and hybrid deployment. Your secure web gateway should give you the flexibility to define your own network security policies without reconfiguration or sacrificing user experience.

    Beyond backhauling

    Most companies haven’t reevaluated their network security solution because the thought of ripping and replacing appliances or completely reconfiguring their network is enough to scare them away. But SWG solutions designed 10-15 years ago were built to secure a different type of organisation than we see today, so it’s worth considering other options. It is not financially sustainable to backhaul the increasing amount of data created by a mobile workforce. Instead, find a solution that leverages the cloud to avoid expensive VPN and MPLS links, but also doesn’t force you to overhaul your network architecture.

    Believe it or not, there are network security solutions that were built specifically to support the distributed organisation. iboss designed the first Distributed Gateway Platform to address the challenges facing decentralised organisations today by leveraging an elastic, node-based architecture that scales to meet changing bandwidth needs. Learn more about the changing secure web gateway landscape and the needs posed by distributed organisations.

    As you think about your security needs over the next five to ten years, evaluate whether your current vendor can help you scale and grow without network re-architecture, management of multiple, isolated systems, or increased bandwidth costs from backhauling data. Here are 11 things to consider as you evaluate and plan for your cybersecurity needs in the coming years.

    Original article published by Ed Gaudet. https://blog.iboss.com/sled/3-common-misconceptions-about-designing-your-cybersecurity-solution

    Keep up-to-date with Net-Ctrl

    Simply fill in the fields below to sign up for the Net-Ctrl Newsletter.

    Don't worry we only send it once a month.

    • New Solution Announcements
    • Latest Promotions
    • Links to some great content.