sales@net-ctrl.com
01473 281 211

Net-Ctrl Blog

Ruckus Introduces Cloudpath 5.1 to Secure Connected IOT Devices

February 16th, 2017

Ruckus Wireless™, a part of Brocade, today announced version 5.1 of its Cloudpath™ ES security and policy management software. The latest software release enables organisations to automatically and securely connect Internet of Things (IoT) devices using certificates—the gold standard of device security—allowing IT to establish policies governing the behaviour of those devices. In conjunction with the Cloudpath software certificate authority (CA) and supported standards-based protocols, the new capabilities allow organisations and IoT device manufacturers to easily and automatically secure a wide range of connected IoT devices without changing existing security infrastructure.

Gartner reports that IoT endpoints will reach an installed base of 20.4 billion units by 2020. In addition, AT&T’s Cybersecurity Insights Report, which surveyed more than 5,000 enterprises around the world, found that 85 percent of enterprises are in the process of or intend to deploy IoT devices. Yet, according to the report, a mere 10 percent of those surveyed feel confident that they could secure those devices against hackers.

“The use of IoT-connected devices is now poised to grow exponentially, with IoT technology investments expected to reach $1.29 trillion by the year 2020 across multiple vertical segments and industries,” said Rohit Mehra, vice president, network infrastructure, IDC. “As with other aspects of IT infrastructure and applications, security risks and vulnerabilities associated with IoT are now a key area of focus for enterprise IT and LoB managers on an ongoing basis. These enterprises, along with their technology solution providers, need to find reliable, cost-effective ways to better secure their connected IoT applications and infrastructure, a challenge that Ruckus seeks to address with these new capabilities.”

Cloudpath ES 5.1 software introduces device fingerprinting, a technique that allows IT to automatically identify IoT device types by comparing the device profile to a device fingerprint database.

Together with other Cloudpath software features, the new release delivers the following benefits:

IT can automatically secure, using certificates, fingerprint-identified IoT devices. If the device is unable to use a certificate, a Ruckus Dynamic Pre-Shared Key™ can be used to secure it. Both approaches enable IT to establish IoT device-specific policies. For example, IoT devices may be authorised to connect only to the cloud service with which they’re associated.

IT can continue to use existing RADIUS and CAs to secure non-IoT devices. By using Cloudpath software and its dedicated CA to secure IoT devices, organisations avoid reconfiguring their current AAA and CA security implementation or, worse, creating custom middleware to secure devices using an existing CA.

Manufacturers can improve the security readiness of their IoT devices. They can leverage standards-based certificate retrieval protocols such as SCEP and EST, which are native to the Cloudpath CA.

Managed service providers (MSPs) can add new tenants at will. MSPs can utilise the multitenant capabilities in the Cloudpath virtual deployment implementation, thereby reducing deployment costs and management overhead compared to deploying a separate instance of security and policy management software for each end customer.

“Traditionally, configuring IoT devices has been a huge headache for IT. These devices not only expose organisations to new security threats, but often require manual onboarding, assuming they can be onboarded at all,” said Kevin Koster, chief Cloudpath architect, Ruckus Wireless Business Unit, Brocade. “Cloudpath helps IT departments ensure their IoT devices don’t put their network and their users at risk, while enabling IoT device manufacturers to meet their own customers’ need for IoT device security.”

The latest release of Cloudpath ES software will be generally available in the second quarter of 2017.

World’s Most Common Password Hasn’t Changed in Years

February 14th, 2017

At this point, it’s not even funny. In 2016, the world’s most common password was “123456.” Surprise galore, “123456” was also the most common password in 2015. In 2014, you may be shocked to learn, the most common password was also “123456.” That sound you’re hearing is the noise a broken record makes.

At this point, maybe let’s not focus on the sheer ridiculousness of this statistic. It’s overplayed—passwords are obsolete and people choose bad ones when given the choice. Instead, let’s look at some background facts. How are these “most common passwords” lists made, anyway? Does using a common password really make you insecure? How secure does using a “secure” password make you, anyway?

How do these “Most Common Password” Lists Even Get Made?

The first thing that you should know is that, while a lot of data gets stolen, not all of that data is valuable. Even lists of passwords aren’t necessarily that great. Hackers, as we’ve often said, are lazy. If you have an email address and a password, you might eventually be able to find someone’s address, get their credit card number, and start committing identity theft—but that takes a lot of work. Why’s this important?

Due to the rather fungible value of password lists, hacking groups will often post their spoils directly to the internet. This is usually for bragging rights, although it also might be a free sample. Either way, the venue for these postings is usually a site called Pastebin. The public nature of these posts means that companies are able to look for the most common passwords, and therefore assemble these yearly scorecards.

If You Use a Weak Password, Will You Get Hacked?

You’re not guaranteed to get hacked if you use one of the most common passwords from 2016—but you’ll make it very easy for any hacker who tries to target you. Here’s how this works:

Normally, when an attacker steals a list of passwords, they’ll come out as a list of encrypted phrases, called hashes. By design, hashes are one-way encryption—you’re not supposed to be able to use math to turn a hash back into plaintext. The problem, however, is that hashes with the same input always return the same output. In other words, if you take the password “123456” and run it through an MD5 hash generator, you’ll always get the output “e10adc3949ba59abbe56e057f20f883e.”

If you’re a hacker, and you’ve just stolen a bunch of hashed passwords, you know that the odds are that a bunch of the hashes in there are from people who picked “123456” as their password. If you know that the hashing algorithm was MD5, you can just do CTRL-F for “e10adc3949ba59abbe56e057f20f883e” and steal all those passwords right away. Hackers will usually do this with a whole bunch of the most common passwords, in what’s known as a “pre-computed dictionary attack.”

Is Your “Secure” Password As Secure As You Think It Is?

A lot of people are now wise to the fact that you shouldn’t choose a simple password. There’s a huge but coming up, however—the passwords that we generally think of as secure, aren’t. Choosing a password with capital letters, numbers, and symbols probably will pose a minor impediment to a hacker who seriously wants your information.

First of all, you’ve probably chosen a password that looks like this: 11Passw0rd! It’s got all of the “secure” elements, but the numbers are at the front, the zero replaces the “O,” and the symbol is at the back. It’s very common to use those elements in that order, which makes it easy for brute-force password-guessing software to reverse engineer even a relatively complex password—especially since it’s based on a word from the dictionary.

Second of all, a lot of websites do password security… poorly. For example, we used MD5 as an example hash. MD5 has been nearly obsolete since about the 1990s, and takes seconds to crack—but a lot of companies use it anyway. There’s actually a sizeable contingent of companies which store passwords in plain text. You could be using the most secure password on Earth, and still get burned by malfeasance.

If even “secure” passwords fail the sniff test, how should you protect your data? Establish fail-safes. A strong password on its own is no defense against malware, ransomware, or any of the other numerous ways that attackers can hack your systems. Choose a strong passwords, and choose to educate yourself about the importance of combatting insider threats with this whitepaper on Shadow IT and Security Information.

View the original article published by SentinelOne.

Palo Alto Networks Raises Bar with New Threat Prevention Capabilities for Its Next-Generation Security Platform

February 10th, 2017

New PAN-OS 8.0 Extends Safe Application Enablement and Successful Attack Prevention Capabilities of the Platform; Simplifies Security Operations

Palo Alto Networks, the next-generation security company, today announced advancements to its Next-Generation Security Platform that extend the ability for customer organisations to safely enable applications, prevent successful cyberattacks, simplify security operations, and safely embrace the cloud.

Cyber adversaries often use commoditized compute power and automated tools and evasion techniques to deploy sophisticated attacks at massive scale and little cost. Security teams can find themselves struggling to address the sophistication, speed and volume of these threats – both known and unknown – using a collection of legacy security point products, manual resources and tools that fail to provide thorough application visibility and control, can’t adequately identify and stop advanced attacks in an automated and timely manner, complicate security workflows, and require too much manual intervention.

These challenges are compounded as network perimeters become more vulnerable with the rapid adoption of cloud deployments – public, private, hybrid or SaaS – resulting in applications and data moving across networks and endpoints to and from the cloud with users accessing data dynamically from anywhere and any device. This dramatically expands and complicates the landscape customer organisations must protect against a growing volume and variety of threats.

The natively engineered Palo Alto Networks Next-Generation Security Platform addresses these challenges by safely enabling applications, content and users regardless of location, preventing successful attacks from known and unknown threats, while simplifying security operations and infrastructure, and giving organisations the freedom to safely embrace new cloud infrastructures.

Building upon the existing capabilities of the platform, new advancements included in the Palo Alto Networks PAN-OS® operating system version 8.0 take advantage of added automation, machine learning and threat prevention capabilities, among others.

Among the more than 70 new features introduced to the Next-Generation Security Platform as part of PAN-OS 8.0, threat prevention feature highlights include:

  • Stopping sandbox evasion techniques with a new 100 percent custom-built hypervisor and bare metal analysis environment for the WildFire™ service, designed to automatically identify and prevent the most evasive threats.
  • Automated command-and-control signatures using a new and unique payload-based signature generation engine. This new approach delivers researcher-grade, payload-based signatures in a delivery mechanism that is automated end to end for faster time to prevention of adversary phone home attempts.
  • Automated integration of threat intelligence delivered through the integration of the MineMeld application with the AutoFocus™ service, whereby security operations teams can easily ingest multiple data feeds, accelerate the digestion of all the threat intelligence, create customizable fields, and quickly automate remediation to the next-generation firewall, as well as alert SOC groups via third-party SIEM solutions or asset management products.
  • Management features that provide administrators fast and accurate insight delivered by Panorama™ network security management and now include ingestion of Traps™ advanced endpoint protection logs, as well as additional firewall logs. This enriches correlation of indicators of compromise and automates actions to update the next-generation firewall with new automated actions to prevent adversary lateral movement and alert IT via third-party IT service management and security response systems, such as ServiceNow, lowering operational burden for security teams.
  • Additional cloud security, hardware highlights and credential theft advancements are also available with the introduction of PAN-OS 8.0. See these related press releases:

  • Palo Alto Networks Extends Safe Application Enablement and Breach Prevention From the Network to the Cloud with Enhancements to Its Next-Generation Security Platform
  • Palo Alto Networks Delivers Industry-first Capabilities to Prevent Credential Theft and Abuse
  • Palo Alto Networks Expands Range of Next-Generation Firewall Devices with New Hardware and Virtual Appliances
  • QUOTES

    “With attackers adopting more sophisticated tactics and tools, it’s important that our security solutions are able to keep pace without requiring volumes of manual resources or chair swiveling from one product console to another, and that we have timely prevention mechanisms. The extended threat prevention capabilities introduced today in the Palo Alto Networks Next-Generation Security Platform allow us to better protect against advanced threats at the pace of our adversaries, safely enable application usage for our employees where ever they are, and reduce our management overhead.”
    – Eugene Purugganan, systems engineer, Animal Logic

    “Cloud and SaaS are revolutionising IT, but our customers, while eager to implement these technologies in their own network environments, are hesitant to adopt them due to cybersecurity concerns. Both current and prospective customers who currently leverage Palo Alto Networks Next-Generation Security Platform will be excited about how the newest innovations combine strong threat detection and prevention capabilities with automated features to ensure customers can secure their organisations against known and unknown cyberattacks targeting cloud, hybrid cloud and physical network environments.”
    – Luanne Tierney, managing member, Fivesky

    “Cyber adversaries are constantly finding new ways to evade detection by dynamic analysis environments, many of which share common open-source components. This has allowed advanced attackers to develop techniques to identify various analysis environments and evade detection. Custom analysis environments make it difficult for cyber criminals to predict system responses to these evasions – which should ultimately provide more protection for customers.”
    – Jason Pappalexis, distinguished research director, NSS Labs, Inc.

    “Using legacy security products and tools, organisations today face seemingly insurmountable challenges in protecting themselves from a growing volume of sophisticated threats. We are pleased to offer them an entirely different approach with our natively engineered Next-Generation Security Platform that raises the bar for organisations with new advancements in preventing malware sandbox evasion, automation of command-and-control protection, and threat intelligence ingestion that help our customers prevent successful attacks.”
    – Lee Klarich, executive vice president, Product Management, Palo Alto Networks

    AVAILABILITY

    PAN-OS 8.0 is now available globally to customers of Palo Alto Networks with a current support contract.
    To learn more about the Palo Alto Networks Next-Generation Security Platform, visit: https://www.paloaltonetworks.com/products/platforms.html.

    Palo Alto Networks Expands Range of Next-Generation Firewall Devices with New Hardware and Virtual Appliances

    February 9th, 2017

    Palo Alto Networks® (NYSE: PANW), the next-generation security company, today announced availability of new purpose-built hardware and virtual next-generation firewall appliances that safely enable applications and redefine security performance for both threat prevention and SSL decryption, enabling customers to safely embrace the cloud and prevent successful cyberattacks across network, endpoint and cloud environments.

    The new models complement enhancements to the Palo Alto Networks Next-Generation Security Platform PAN-OS® operating system version 8.0, also introduced today, which includes more than 70 new features that deliver threat and credential theft prevention, secure cloud enablement, and more. As organisations look to modernise their physical data centres, embrace hybrid cloud environments, and apply advanced security measures across their infrastructure, they require greater performance to handle the tremendous amount of traffic generated by the growing number of users, applications and devices. The introduction of new SaaS applications running at higher throughputs further increases demand for bandwidth performance to and from the network.

    Complicating matters, as more and more traffic is encrypted by SSL, enterprises are left blind to the applications and content their users are accessing, and advanced cyber adversaries are increasingly leveraging SSL encryption to obscure malicious activity, leaving organisations unaware of the hidden dangers lurking on their networks. Legacy security products are simply unable to perform at rates high enough to decrypt this traffic and restore the visibility required to prevent cyber breaches.

    To address these needs and more, six new hardware firewall appliances join the existing hardware family of 16 appliances to safely enable applications and offer threat prevention in large data centres, small branches and remote locations, all managed centrally from Panorama™ network security management. The new and powerful hardware appliances enable advanced security protections applied at speed and scale by delivering predictable performance with deep visibility into and control over all traffic, including encrypted traffic.

    The VM-Series virtualized next-generation firewall family also has been optimised and expanded with three new models to support customer organisations expanding cloud and virtualization initiatives – from virtualized branch offices to data centre and service provider deployments – that require high throughput and capacity. With the new additions, the VM-Series now represents the industry’s broadest line of virtualized firewall appliances, delivering groundbreaking cloud security performance of up to 16 Gbps with App-ID™ technology visibility and over 10 Gbps with full threat prevention enabled.

    Highlights of the new hardware and virtual firewalls include:

    New PA-5200 Series: This new series includes three devices: the PA-5260, PA-5250 and PA-5220. This new advanced architecture delivers 72 Gbps App-ID and 30 Gbps Threat Prevention performance, up to 32M sessions, 3.2M SSL-decrypt session capacity and 6.5 Gbps SSL-decrypt throughput on the PA-5260 model. Higher 10G port density and 40G and 100G interface supports diverse deployments. These models deliver security for high throughput environments within a compact form factor, making them ideal for data centre consolidation, increased gateway demands, and inspecting encrypted traffic.

    New PA-800 Series: The new PA-800 series includes two devices: the PA-850 and PA-820. This new architecture delivers 1.9 Gbps App-ID and 780 Mbps Threat Prevention performance on the PA-850. A high-performance management plane leverages multiple CPU cores and 8GB memory. The PA-850 features redundant power for additional hardware resiliency. These models are ideal for medium-sized networks, and branch and remote office environments.

    New PA-220 delivers full PAN-OS capabilities in a small desktop footprint with increased port density. The PA-220 features built-in resiliency via dual power adapters and complete high availability support for active/active and active/passive clusters. Passive and silent cooling eliminates noise and increases reliability. The small footprint makes these models ideal for small branch offices and remote locations.

    Three new VM-Series virtual firewall models: These new models deliver industry-leading cloud security performance options ranging from 200 Mbps up to an industry-leading 16 Gbps to deliver predictable performance in cloud deployments and address a variety of use cases, from virtualized branch office to data centre and service provider deployments.

    New VM-50 is optimised to consume minimal resources yet delivers 200 Mbps of App-ID performance for customer scenarios that range from virtual branch office/customer premise equipment (CPE) to high-density, multi-tenancy environments.

    Faster VM-100, VM-200, VM-300 and VM-1000-HV have been optimised to deliver 2-4 times their previous performance with 2 Gbps and 4 Gbps of App-ID performance for hybrid cloud, segmentation and internet gateway use cases.

    New VM-500 and VM-700 deliver an industry-leading 8 Gbps to 16 Gbps of App-ID performance, respectively, and can be deployed as NFV security components in fully virtualized data centre and service provider environments.

    Complementing these firewall introductions is the release of Palo Alto Networks Next-Generation Security Platform PAN-OS® operating system version 8.0, which includes threat and credential theft prevention, cloud security and management advancements. See these related press releases:

  • Palo Alto Networks Extends Safe Application Enablement and Breach Prevention From the Network to the Cloud with Enhancements to Its Next-Generation Security Platform
  • Palo Alto Networks Raises Bar with New Threat Prevention Capabilities for Its Next-Generation Security Platform
  • Palo Alto Networks Delivers Industry-First Capabilities to Prevent Credential Theft and Abuse
  • Quotes

    “Cloud migration is a dynamic, bi-directional, and continuous process – sending workloads back and forth between the multiple clouds and data centres. The advancements announced today by Palo Alto Networks, including their new VM-series firewalls, provide customers a critical solution that is flexible enough to facilitate efficient movement between private networks and public/private clouds as new use cases are implemented.”
    – Jeff Wilson, senior research director, Cybersecurity Technology, IHS Markit

    “Palo Alto Networks understands the growing performance and capacity needs as customer organisations look to expand cloud use cases and implement advanced security capabilities throughout their data centres and distributed organisations. We are pleased to expand the performance range and use case possibilities with our newest hardware and virtual firewall models.”
    – Lee Klarich, executive vice president, Product Management, Palo Alto Networks

    Pulse Policy Secure the leading NAC and BYOD solution for your enterprise

    February 3rd, 2017

    Network access control (NAC) is no longer just about role-based user access control, device authentication, and guest management. The Pulse Policy Secure (PPS) solution offers pre and post connect features to assess, characterise and correct operating system and software configurations in real time.

    Organisations can identify unhealthy endpoints, such as systems missing important security updates, running unauthorised software, or having other high-risk elements, and segment them away from the rest of the network.

    As more organisations adopt bring your own device (BYOD) policies and wireless initiatives, there is greater demand for continuous endpoint compliance, or knowing what is running on the endpoint at all times. With PPS in your network, you have real-time visibility into all the devices connecting to the network and to be able to enforce
    security policies on the devices.

    Benefits of Pulse Policy Secure

  • Centralised management of access and compliance policies.
  • Easy integration with several Authentication, Authorisation, and Accounting (AAA) servers.
  • Role-based, application-level enforcement.
  • Distributed enforcement of network access policies.
  • Supports leading global-device management solutions from MobileIron and AirWatch.
  • PPS works with the MDM solution to evaluate whether the BYOD or corporate devices are compliant with organisational and Mobile Device Management (MDM) policies.
  • Allows context-aware policy enforcement for wired and wireless connections across desktop and mobile platforms.
  • Supports captive portal capabilities for allowing users onto their guest networks and capturing relevant information.
  • Supports automated device on-boarding, self-service enrollment, and integration with existing infrastructure to simplify deployments.
  • Dynamic endpoint assessment and enforcement.
  • Supports Profiler functionality, which helps you to get visibility and enforce your security policies for corporate access, BYOD, and guest access.
  • Supports comprehensive network visibility with simplified auditing, and monitoring of devices.
  • Supports interoperability with existing network infrastructure such as switches, wireless controllers, AD, firewalls, IDS, and Security information and event management (SIEM).
  • For more information on Pulse Policy Secure, see https://www.pulsesecure.net/policy-secure/tech-info/

    New Malware Threats: Ransomworm Is Coming, Are You Ready?

    February 3rd, 2017

    In 2016, there were over 4,000 ransomware attacks every day. This was a 300% increase over 2015, when there were 1,000 attacks every day, and it’s likely to get worse in 2017.

    In the first quarter of 2016, cyber criminals used ransomware to steal $209 million from US businesses with an expected $1B for the entire year. Crypto ransomware has grown in popularity since it started with Cryptolocker in 2013, and we can expect to see more clever ransomware as cyber criminals try to make money in 2017.

    Ransomware: No Skills Required
    When ransomware first came out, it required some skill in order to create an attack. Now, with the growth of ransomware as a service (RaaS), it has become a business model that makes it easy for cyber criminals to attack without requiring technical knowledge of how to create ransomware.

    To launch an attack on a group of victims, the cyber thief simply needs a credit card and a mailing list of targets that they want to attack. The user-friendly service allows criminals to download a ransomware tool for a small fee, set the ransom, and enter a deadline for the payment. For every victim that pays a ransom, the service provider gets a cut and the rest goes to the attacker. Some of the RaaS companies even provide training and support.

    Ransomware Gets More Personal
    “Ransomware is unique among cybercrime because in order for the attack to be successful, it requires the victim to become a willing accomplice after the fact.” – James Scott, Sr. Fellow, Institute for Critical Infrastructure Technology

    In the past, many ransomware attacks were blasted to huge lists in hopes that someone would open the email. You can expect more targeted, personalised attacks in 2017. With newer versions of ransomware, once it identifies whether it is attacking a business or personal machine, it will adapt its ransom demands to match the victim.

    For example, it may choose different types of files to encrypt based upon whether it is a personal or business machine. In addition to encrypting these files, it may post your confidential data to social media or a file space if you don’t pay the ransom.

    Ransomworm: Ransomware That Spreads Across Your Network
    In 2017, it’s likely to get worse as more ransomware is augmented with code from traditional network worms like SQL Slammer, CodeRed, and Conficker to create new ransomware that is able to spread across a network. This will effectively increase the amount of damage that can be done with ransomware.

    Using this method, after infecting one computer, the malware will be able to spread to additional computers on the network. It will allow an initial machine to become infected, have a ransom paid, and then wait on other machines undetected until it is ready to attack again. This means you may end up paying ransoms multiple times to the same criminals.

    Ransomworms that can infect multiple machines on a network already exist. A good example is ZCryptor. This malware does not require an email in order to infect machines. It takes advantage of attack vectors that were created by other malware and then self-propagates to the network from the compromised machine.

    SamSam is another example. It is spread via unpatched vulnerabilities on servers, allowing it to infect a machine and then go undetected, causing more damage on their internal network.

    Preventing A Ransomware Attack
    “Ransomware is more about manipulating vulnerabilities in human psychology than the adversary’s technological sophistication.” – James Scott

    Becoming a victim of a ransomware attack can be time-consuming, costly, and damaging to a company’s reputation. Here are some tips to thwart the next ransomware attack:

    Educate your users: According to a Verizon 2015 Breach Investigation Report, 11% of users will open an attachment from someone they don’t know. Infections are often caused by end-users. They open an infected attachment, or click on a link that takes them to an infected site.

    Offer security awareness training for your end users. If they receive an unsolicited or unexpected email with an attachment from the sender, have them call the sender to verify they sent it. If they receive an email with a link they were not expecting, they should never click on it.

    Backup your data: There will never be a 100% guarantee that malware like ransomworm will not successfully infiltrate your network. Backing up your data and keeping it off site and disconnected from your network is the safest way to ensure you can recover after a ransomware attack. Consider using a service like Amazon Glacier Cloud Storage for off-site backups.

    Keep your software patches up-to-date: Once your users are trained to avoid opening email attachments or clicking on links, exploiting software flaws is another common way for malware to spread over your network. Keeping your software patches up to date will help prevent the spread of ransomworms that exploit a network or software flaws.

    Enforce the principle of least privilege: The principle of least privilege gives programs and users access to the programs they need, but no more. Combining least privilege management with application controls can allow you to revoke local administrator rights on workstations in many cases. This will minimise the spread of unwanted software.

    Use endpoint security software: Some people assume that if they keep security and software patches up-to-date and enforce least privilege, they will have things adequately locked down. This is not the case.

    Don’t think you have to worry about security because of your company’s size? After all, only large companies are in the news saying they’ve been breached, right? Don’t fall victim to this fallacy.

    In the case of the Target breach, it was a small HVAC contractor that opened the email that allowed them to get hacked. Companies of all sizes need to have endpoint security like SentinelOne regardless of their size.

    Keeping New Malware Threats At Bay
    Expect several new malware threats in 2017 as cyber thieves try to increase their revenues by improving ransomware. Following these tips will help reduce the risk for your business and check out this guide to protecting virtualized environments and cloud infrastructure to minimise damage from cyber threats.

    Is your business ready for the next new malware threat?

    This article has been taken from the SentinelOne webiste. To view the original article, please click here.

    SentinelOne Named a Visionary for Second Straight Year in the Gartner Magic Quadrant for Endpoint Protection Platforms

    February 3rd, 2017

    SentinelOne Placed Furthest in “Completeness of Vision”

    SentinelOne, the company transforming endpoint security by delivering real-time protection powered by machine learning and dynamic behaviour analysis, today announced it has been positioned by Gartner, Inc. in the Visionary quadrant of the Magic Quadrant for Endpoint Protection Platforms (EPP) for the second straight year.*

    SentinelOne’s Endpoint Protection Platform (EPP) unifies endpoint threat prevention, detection and response in a single platform driven by sophisticated machine learning and intelligent automation. With SentinelOne, organisations can detect malicious behaviour across multiple vectors, rapidly eliminate threats with fully-automated, integrated response capabilities, and adapt their defences against the most advanced cyber attacks.

    “We have long held a culture of innovation within SentinelOne and are thrilled to be recognised for that commitment and record of execution towards a disruptive vision,” said Tomer Weingarten, CEO of SentinelOne. “Our vision from day one has been based on the belief that this problem can only be solved through a multi-layered approach that combines behaviour and static-based detection into a single integrated solution. This is the only way to protect against attacks that are rapidly evolving towards a multi-vector approach that combine file and file-less malware with other advanced techniques such as the use of scripting languages. In doing so we’ve positioned SentinelOne to be a true replacement for antivirus solutions, not simply another tool to augment antivirus’ weaknesses.

    “We are truly honoured to be recognised as a visionary in this year’s Gartner Magic Quadrant, and we will continue to work with organisations around the globe that are actively seeking strong solutions to help combat today’s sophisticated attacks,” continued Weingarten.

    This latest news comes one week after the company announced it has secured an additional $70 million (USD) in a Series C round led by Redpoint Ventures, bringing total investment in SentinelOne to more than $110 million.

    For a copy of the Gartner Magic Quadrant for Endpoint Protection Platforms, please click here.

    *Gartner Inc., “Magic Quadrant for Endpoint Protection Platforms” by Eric Ouellet, Ian McShane, Avivah Litan, Jan. 30, 2017.

    About the Magic Quadrant

    Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organisation and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

    About SentinelOne

    SentinelOne is shaping the future of endpoint security with an integrated platform that unifies the detection, prevention and remediation of threats initiated by nation states, terrorists, and organised crime. SentinelOne’s unique approach is based on deep inspection of all system processes combined with innovative machine learning to quickly isolate malicious behaviours, protecting devices against advanced, targeted threats in real time. SentinelOne was formed by an elite team of cyber security and defence experts from IBM, Intel, Check Point Software Technologies, McAfee, Palo Alto Networks and the Israel Defense Forces. To learn more visit sentinelone.com or follow us at @SentinelSec.

    RaaS: Hacking Made Easy

    January 30th, 2017

    Do you know what the greatest motivator in 2016 was for cyber attacks?

    If you answered “ransom,” you were correct.

    Known as the year of ransomware, a whopping 49% of businesses fell victim to cyber ransom attacks. Based on these numbers, IT professionals certainly have cause for concern. Especially when taking into consideration “hacking made easy,” or what we know as Ransomware as a Service (RaaS).

    What is Ransomware as a Service?
    Modeled after software-as-a-service, RaaS extends hacking to would-be cybercriminals. Drawing in participants with a minimum of script kiddie abilities, they execute by:

  • Accessing a darkweb TOR site and registering with a Bitcoin address. From there, they tailor and download their own version of the malware.
  • Using multiple Bitcoin addresses to run simultaneous campaigns.
  • Employing typical infection vectors for the executable. Targeted spear-phishing, spray-and-pray phishing campaigns, malvertising with contaminated ads on websites compromised with Exploit Kits are available for criminal affiliates. Unknowingly, the malicious files are downloaded, manually hacking Linux servers or brute forcing terminal servers.
  • In the end, 5%-25% of all ransom collected goes to the original developers. By creating free and easy malware that doesn’t require specialist knowledge to deploy, the ransomware bosses can score big profits with a large number of infections.

    The remaining income goes directly to the script kiddies who get a taste of easy criminal profits. With access to hacking made easy tools like insider statistics and campaign settings, they can continue to conduct ransomware campaigns with little effort.

    Just $39.99 a Month for Our Hacking Made Easy Toolkit!

    It sounds like a cheesy infomercial, but hackers understand that hooking perspective evildoers is big business. A cryptoware program called Stampado, being sold on the darknet for $39 even had a YouTube video promoting the RaaS subscription.

    While less experienced online attackers might be drawn in by the “hacking made easy” value proposition. More sophisticated actors will go after stable, flexible, and refined vectors.

    In the wild we’ve seen this through the use of a Cerber variant, tied to a $2.5 million dollar a year RaaS ring. According to research reports, the RaaS ring included 161 active campaigns with eight new campaigns launched daily. In July 2016, it was estimated that criminals earned close to $200,000. Victims paid approximately 1 bitcoin ($590) to decrypt files locked by the Cerber ransomware.

    Protecting Against RaaS
    We urge victims against buckling to extortion if at all possible. Each time a ransom is paid, malicious actors gain resources to do more damage. While sometimes paying for decryption is unavoidable, we suggest taking these steps for the best possible outcomes.

  • Use a product that guarantees its protection technology. SentinelOne assures users that if we’re unable to block or remediate the effects of a ransomware attack, we’ll pay for it. We’ll reimburse your company or organisation up to $1,000 per endpoint, or $1,000,000 in protection overall for the company.
  • Go beyond signature-based endpoints with behavioural detection. Malware authors understand that endpoints identify malware based on structure. By using behavioural detection instead, it can watch the malware’s path and actions before taking steps to protect.
  • Backups are essential in neutralising the threat. Using 10-minute interval snapshots and sending the data to the cloud can provide insurance in the event of an attack.
  • Educate end users on Ransomware as a Service. In 2017, it’s likely that we will continue to suffer from ransomware attacks. The first line of defence is a knowledgeable workforce that understands the ramifications of opening a curious email or clicking a malicious ad. By giving them experience through simulated phishing attempts, you can gauge the preparedness of users to spot keepers of ransomware strains.
  • To learn more about the impacts of ransomware, visit our Global Ransomware Study 2016 infographic. Or for greater detail, view our research data summary.

    Please note the below has been produced by SentinelOne. To view the original article click here.

    Palo Alto Networks Launches Cybersecurity Guide for Directors and Officers

    January 30th, 2017

    Actionable Advice, Insights and Best Practices From Cybersecurity Experts and Top Advisors on Risk, Leadership, Human Resources, Legal and Reputation Management

    Palo Alto Networks® (NYSE: PANW), the next-generation security company, has announced the publication of “Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers – United Kingdom.” This guide will provide U.K. boards, executives and C-level officers at enterprises, government agencies and other organisations with practical, expert advice on how to raise the bar on cybersecurity.

    As threats continue to grow in number and complexity, new EU legislation, in the form of the General Data Protection Regulation (GDPR) and the Network and Information Security (NIS) Directive, provides a unique opportunity for business leaders to rethink how they can build state-of-the-art cybersecurity strategies and systems fit for current and future challenges. As such, the guide helps start necessary discussions and determine the next steps toward preventing cyber breaches and maintaining trust in our digital age.

    Building on the success of the U.S. edition of the guide launched in October 2015 with the New York Stock Exchange (NYSE), the U.K. edition was written in conjunction with U.K. thought leaders from the public and private sector, and published by Forbes.

    Collecting the expertise and experience of CEOs, CISOs, lawyers, consultants and former government officials, this U.K. guide is intended for those new to the cybersecurity topic as well as seasoned leaders in the field. It contains practical and expert advice on a range of cybersecurity issues to allow business leaders to start, or continue having, the conversation on such topics as EU legislation, enabling innovation, executive responsibility, your security leadership team/hiring the next generation CISO, and responding to crisis.

    Quotes:

    “A chief executive’s role is to balance both the risks and the op­portunities in all situations. Good governance around cybersecurity – essential risk manage­ment – can be a defining factor in organisation­al excellence, building compliance, enterprise-wide awareness, and commitment…this book is an indispensable tool to support indi­vidual leaders and teams that make the choice to master this risk rather than to fall victim to it.”

    Sir Iain Lobban, former chief of the U.K.’s intelligence and security agency, GCHQ, and now a senior adviser to a range of global companies on cybersecurity risk and governance; taken from “Preface – Mastering Cyber Risk in 10 Steps.”

    “What we are now seeing is the evolution of what is known as ‘privacy architecture’, a set of guidelines and principles that are embed­ded into your business and technology pro­cesses from the ground upwards, rather than overlaid upon it. This bakes cyber resilience into your operating DNA, with reduced compliance overhead and resource require­ments.”

    Gregory Albertyn, senior director, and Avi Berliner, manager, PwC; taken from “Chapter 1 – What is the Process for Achieving State-of-the-Art?”

    “The CISO position is now widely recog­nised—but they must understand the objec­tives of making a return for investors. An effective CISO is not expected to apply more controls and barriers across an organisa­tion. They need to be acutely commercially focused…”

    Chris Bray, Gavin Colman and Giles Orringe, partners, Heidrick & Struggles; taken from “Chapter 11 – Hiring the Next-Generation CISO.”

    “Our digital dependence is another business challenge with both risks and opportunities. We should not underestimate its breadth of impact, but we should also not burden boards of directors with overly technological conversation.”

    Edward M. Stroz, founder and executive chairman, Stroz Friedberg; taken from “Ensuring Your Board is on the Same Page Regarding Cyber Response.”

    “Upcoming EU legislation is an opportunity to raise the bar on cybersecurity, but there’s often a language disconnect between the virtual front line and organisational leadership. We’ve worked with experts, across public and private sectors, to translate complex topics into guidance that enables business leaders to join forces with cybersecurity teams on developing state-of-the-art preventative security strategies. In doing so, we hope to help them prevent cyber breaches and preserve trust in the digital age.”

    Greg Day, vice president and regional chief security officer, Europe, Middle East and Africa, Palo Alto Networks

    Other contributing authors include:

  • Joel Harrison – partner, Milbank, Tweed, Hadley & McCloy LLP
  • Ian West – chief of cyber security, NATO Communications and Information Agency
  • Sir Michael Rake – chairman, BT and Worldpay
  • Conrad Prince – cyber ambassador, Department for International Trade’s Defence and Security Organisation
  • Ryan Kalember – senior vice president of cybersecurity strategy, Proofpoint
  • Mark Hughes – president, BT Security, BT Global Services
  • Lee Barney – head of information security, Marks & Spencer
  • Troels Oerting – group chief security officer, and Elena Kvochko, CIO, group security function, Barclays
  • Alan Jenkins – associate partner, IBM Security
  • Mark Weil – CEO, Marsh UK and Ireland, Marsh Ltd
  • Richard Meredith and George Little – partners, Brunswick
  • To learn more about cybersecurity from leading experts and contributors, and download your own copy of the guide, visit: https://get.info.paloaltonetworks.com/webApp/ceos-navigating-the-digital-age-global-uk-en

    For more best practices, use cases, and expert advice on managing cybersecurity risks, visit: www.securityroundtable.org

    To learn more about how Palo Alto Networks helps organisations prevent successful cyberattacks with its Next-Generation Security Platform, visit: www.paloaltonetworks.com

    Ruckus Adds R510 to Unleashed Portfolio Plus Some Exciting New Updates!

    January 25th, 2017

    simply-better-wireless

    The Ruckus Unleashed access point line now includes the popular R510 802.11ac Wave 2 AP which is ideal for all enterprises and their wall-mount H510 802.11ac Wave 2 AP which works great as an in-room access point.

    In addition, with the upcoming 200.3 firmware release, Unleashed access points will now support Gateway Mode enabling direct connectivity to a cable or DSL modem leveraging built-in DHCP server and NAT support. This enables a service provider, owner or installer to deploy Unleashed APs in multi-dwelling units (MDU), small single-site retail shops and smart-homes. Here are the highlights:

    This enables the deployment of Unleashed APs in multi-dwelling units (MDU), small single-site retail shops and smart-homes. Here are the highlights:

    • R510 / H510 Unleashed APs – Ruckus’ popular 802.11ac Wave 2 APs now Unleashed
    • Gateway Mode – ease installation of an Unleashed AP directly to a cable/DSL modem
    • SpeedFlex – built-in speed test tool enabling troubleshooting between Mesh connected Unleashed APs
    • Unleashed Management App – installation of Unleashed APs will now be even easier
    • Static Client IP Addresses – connected clients can preserve assigned IP addresses

    One of the updates we are most excited about is the launch of the Unleashed management app. This app will further simplify an already easy to install portfolio of Unleashed access points.

    The app will be available in February 2017

    Net-Ctrl Blog - mobile

    Ruckus Introduces Cloudpath 5.1 to Secure Connected IOT Devices

    February 16th, 2017

    Ruckus Wireless™, a part of Brocade, today announced version 5.1 of its Cloudpath™ ES security and policy management software. The latest software release enables organisations to automatically and securely connect Internet of Things (IoT) devices using certificates—the gold standard of device security—allowing IT to establish policies governing the behaviour of those devices. In conjunction with the Cloudpath software certificate authority (CA) and supported standards-based protocols, the new capabilities allow organisations and IoT device manufacturers to easily and automatically secure a wide range of connected IoT devices without changing existing security infrastructure.

    Gartner reports that IoT endpoints will reach an installed base of 20.4 billion units by 2020. In addition, AT&T’s Cybersecurity Insights Report, which surveyed more than 5,000 enterprises around the world, found that 85 percent of enterprises are in the process of or intend to deploy IoT devices. Yet, according to the report, a mere 10 percent of those surveyed feel confident that they could secure those devices against hackers.

    “The use of IoT-connected devices is now poised to grow exponentially, with IoT technology investments expected to reach $1.29 trillion by the year 2020 across multiple vertical segments and industries,” said Rohit Mehra, vice president, network infrastructure, IDC. “As with other aspects of IT infrastructure and applications, security risks and vulnerabilities associated with IoT are now a key area of focus for enterprise IT and LoB managers on an ongoing basis. These enterprises, along with their technology solution providers, need to find reliable, cost-effective ways to better secure their connected IoT applications and infrastructure, a challenge that Ruckus seeks to address with these new capabilities.”

    Cloudpath ES 5.1 software introduces device fingerprinting, a technique that allows IT to automatically identify IoT device types by comparing the device profile to a device fingerprint database.

    Together with other Cloudpath software features, the new release delivers the following benefits:

    IT can automatically secure, using certificates, fingerprint-identified IoT devices. If the device is unable to use a certificate, a Ruckus Dynamic Pre-Shared Key™ can be used to secure it. Both approaches enable IT to establish IoT device-specific policies. For example, IoT devices may be authorised to connect only to the cloud service with which they’re associated.

    IT can continue to use existing RADIUS and CAs to secure non-IoT devices. By using Cloudpath software and its dedicated CA to secure IoT devices, organisations avoid reconfiguring their current AAA and CA security implementation or, worse, creating custom middleware to secure devices using an existing CA.

    Manufacturers can improve the security readiness of their IoT devices. They can leverage standards-based certificate retrieval protocols such as SCEP and EST, which are native to the Cloudpath CA.

    Managed service providers (MSPs) can add new tenants at will. MSPs can utilise the multitenant capabilities in the Cloudpath virtual deployment implementation, thereby reducing deployment costs and management overhead compared to deploying a separate instance of security and policy management software for each end customer.

    “Traditionally, configuring IoT devices has been a huge headache for IT. These devices not only expose organisations to new security threats, but often require manual onboarding, assuming they can be onboarded at all,” said Kevin Koster, chief Cloudpath architect, Ruckus Wireless Business Unit, Brocade. “Cloudpath helps IT departments ensure their IoT devices don’t put their network and their users at risk, while enabling IoT device manufacturers to meet their own customers’ need for IoT device security.”

    The latest release of Cloudpath ES software will be generally available in the second quarter of 2017.

    World’s Most Common Password Hasn’t Changed in Years

    February 14th, 2017

    At this point, it’s not even funny. In 2016, the world’s most common password was “123456.” Surprise galore, “123456” was also the most common password in 2015. In 2014, you may be shocked to learn, the most common password was also “123456.” That sound you’re hearing is the noise a broken record makes.

    At this point, maybe let’s not focus on the sheer ridiculousness of this statistic. It’s overplayed—passwords are obsolete and people choose bad ones when given the choice. Instead, let’s look at some background facts. How are these “most common passwords” lists made, anyway? Does using a common password really make you insecure? How secure does using a “secure” password make you, anyway?

    How do these “Most Common Password” Lists Even Get Made?

    The first thing that you should know is that, while a lot of data gets stolen, not all of that data is valuable. Even lists of passwords aren’t necessarily that great. Hackers, as we’ve often said, are lazy. If you have an email address and a password, you might eventually be able to find someone’s address, get their credit card number, and start committing identity theft—but that takes a lot of work. Why’s this important?

    Due to the rather fungible value of password lists, hacking groups will often post their spoils directly to the internet. This is usually for bragging rights, although it also might be a free sample. Either way, the venue for these postings is usually a site called Pastebin. The public nature of these posts means that companies are able to look for the most common passwords, and therefore assemble these yearly scorecards.

    If You Use a Weak Password, Will You Get Hacked?

    You’re not guaranteed to get hacked if you use one of the most common passwords from 2016—but you’ll make it very easy for any hacker who tries to target you. Here’s how this works:

    Normally, when an attacker steals a list of passwords, they’ll come out as a list of encrypted phrases, called hashes. By design, hashes are one-way encryption—you’re not supposed to be able to use math to turn a hash back into plaintext. The problem, however, is that hashes with the same input always return the same output. In other words, if you take the password “123456” and run it through an MD5 hash generator, you’ll always get the output “e10adc3949ba59abbe56e057f20f883e.”

    If you’re a hacker, and you’ve just stolen a bunch of hashed passwords, you know that the odds are that a bunch of the hashes in there are from people who picked “123456” as their password. If you know that the hashing algorithm was MD5, you can just do CTRL-F for “e10adc3949ba59abbe56e057f20f883e” and steal all those passwords right away. Hackers will usually do this with a whole bunch of the most common passwords, in what’s known as a “pre-computed dictionary attack.”

    Is Your “Secure” Password As Secure As You Think It Is?

    A lot of people are now wise to the fact that you shouldn’t choose a simple password. There’s a huge but coming up, however—the passwords that we generally think of as secure, aren’t. Choosing a password with capital letters, numbers, and symbols probably will pose a minor impediment to a hacker who seriously wants your information.

    First of all, you’ve probably chosen a password that looks like this: 11Passw0rd! It’s got all of the “secure” elements, but the numbers are at the front, the zero replaces the “O,” and the symbol is at the back. It’s very common to use those elements in that order, which makes it easy for brute-force password-guessing software to reverse engineer even a relatively complex password—especially since it’s based on a word from the dictionary.

    Second of all, a lot of websites do password security… poorly. For example, we used MD5 as an example hash. MD5 has been nearly obsolete since about the 1990s, and takes seconds to crack—but a lot of companies use it anyway. There’s actually a sizeable contingent of companies which store passwords in plain text. You could be using the most secure password on Earth, and still get burned by malfeasance.

    If even “secure” passwords fail the sniff test, how should you protect your data? Establish fail-safes. A strong password on its own is no defense against malware, ransomware, or any of the other numerous ways that attackers can hack your systems. Choose a strong passwords, and choose to educate yourself about the importance of combatting insider threats with this whitepaper on Shadow IT and Security Information.

    View the original article published by SentinelOne.

    Palo Alto Networks Raises Bar with New Threat Prevention Capabilities for Its Next-Generation Security Platform

    February 10th, 2017

    New PAN-OS 8.0 Extends Safe Application Enablement and Successful Attack Prevention Capabilities of the Platform; Simplifies Security Operations

    Palo Alto Networks, the next-generation security company, today announced advancements to its Next-Generation Security Platform that extend the ability for customer organisations to safely enable applications, prevent successful cyberattacks, simplify security operations, and safely embrace the cloud.

    Cyber adversaries often use commoditized compute power and automated tools and evasion techniques to deploy sophisticated attacks at massive scale and little cost. Security teams can find themselves struggling to address the sophistication, speed and volume of these threats – both known and unknown – using a collection of legacy security point products, manual resources and tools that fail to provide thorough application visibility and control, can’t adequately identify and stop advanced attacks in an automated and timely manner, complicate security workflows, and require too much manual intervention.

    These challenges are compounded as network perimeters become more vulnerable with the rapid adoption of cloud deployments – public, private, hybrid or SaaS – resulting in applications and data moving across networks and endpoints to and from the cloud with users accessing data dynamically from anywhere and any device. This dramatically expands and complicates the landscape customer organisations must protect against a growing volume and variety of threats.

    The natively engineered Palo Alto Networks Next-Generation Security Platform addresses these challenges by safely enabling applications, content and users regardless of location, preventing successful attacks from known and unknown threats, while simplifying security operations and infrastructure, and giving organisations the freedom to safely embrace new cloud infrastructures.

    Building upon the existing capabilities of the platform, new advancements included in the Palo Alto Networks PAN-OS® operating system version 8.0 take advantage of added automation, machine learning and threat prevention capabilities, among others.

    Among the more than 70 new features introduced to the Next-Generation Security Platform as part of PAN-OS 8.0, threat prevention feature highlights include:

  • Stopping sandbox evasion techniques with a new 100 percent custom-built hypervisor and bare metal analysis environment for the WildFire™ service, designed to automatically identify and prevent the most evasive threats.
  • Automated command-and-control signatures using a new and unique payload-based signature generation engine. This new approach delivers researcher-grade, payload-based signatures in a delivery mechanism that is automated end to end for faster time to prevention of adversary phone home attempts.
  • Automated integration of threat intelligence delivered through the integration of the MineMeld application with the AutoFocus™ service, whereby security operations teams can easily ingest multiple data feeds, accelerate the digestion of all the threat intelligence, create customizable fields, and quickly automate remediation to the next-generation firewall, as well as alert SOC groups via third-party SIEM solutions or asset management products.
  • Management features that provide administrators fast and accurate insight delivered by Panorama™ network security management and now include ingestion of Traps™ advanced endpoint protection logs, as well as additional firewall logs. This enriches correlation of indicators of compromise and automates actions to update the next-generation firewall with new automated actions to prevent adversary lateral movement and alert IT via third-party IT service management and security response systems, such as ServiceNow, lowering operational burden for security teams.
  • Additional cloud security, hardware highlights and credential theft advancements are also available with the introduction of PAN-OS 8.0. See these related press releases:

  • Palo Alto Networks Extends Safe Application Enablement and Breach Prevention From the Network to the Cloud with Enhancements to Its Next-Generation Security Platform
  • Palo Alto Networks Delivers Industry-first Capabilities to Prevent Credential Theft and Abuse
  • Palo Alto Networks Expands Range of Next-Generation Firewall Devices with New Hardware and Virtual Appliances
  • QUOTES

    “With attackers adopting more sophisticated tactics and tools, it’s important that our security solutions are able to keep pace without requiring volumes of manual resources or chair swiveling from one product console to another, and that we have timely prevention mechanisms. The extended threat prevention capabilities introduced today in the Palo Alto Networks Next-Generation Security Platform allow us to better protect against advanced threats at the pace of our adversaries, safely enable application usage for our employees where ever they are, and reduce our management overhead.”
    – Eugene Purugganan, systems engineer, Animal Logic

    “Cloud and SaaS are revolutionising IT, but our customers, while eager to implement these technologies in their own network environments, are hesitant to adopt them due to cybersecurity concerns. Both current and prospective customers who currently leverage Palo Alto Networks Next-Generation Security Platform will be excited about how the newest innovations combine strong threat detection and prevention capabilities with automated features to ensure customers can secure their organisations against known and unknown cyberattacks targeting cloud, hybrid cloud and physical network environments.”
    – Luanne Tierney, managing member, Fivesky

    “Cyber adversaries are constantly finding new ways to evade detection by dynamic analysis environments, many of which share common open-source components. This has allowed advanced attackers to develop techniques to identify various analysis environments and evade detection. Custom analysis environments make it difficult for cyber criminals to predict system responses to these evasions – which should ultimately provide more protection for customers.”
    – Jason Pappalexis, distinguished research director, NSS Labs, Inc.

    “Using legacy security products and tools, organisations today face seemingly insurmountable challenges in protecting themselves from a growing volume of sophisticated threats. We are pleased to offer them an entirely different approach with our natively engineered Next-Generation Security Platform that raises the bar for organisations with new advancements in preventing malware sandbox evasion, automation of command-and-control protection, and threat intelligence ingestion that help our customers prevent successful attacks.”
    – Lee Klarich, executive vice president, Product Management, Palo Alto Networks

    AVAILABILITY

    PAN-OS 8.0 is now available globally to customers of Palo Alto Networks with a current support contract.
    To learn more about the Palo Alto Networks Next-Generation Security Platform, visit: https://www.paloaltonetworks.com/products/platforms.html.

    Palo Alto Networks Expands Range of Next-Generation Firewall Devices with New Hardware and Virtual Appliances

    February 9th, 2017

    Palo Alto Networks® (NYSE: PANW), the next-generation security company, today announced availability of new purpose-built hardware and virtual next-generation firewall appliances that safely enable applications and redefine security performance for both threat prevention and SSL decryption, enabling customers to safely embrace the cloud and prevent successful cyberattacks across network, endpoint and cloud environments.

    The new models complement enhancements to the Palo Alto Networks Next-Generation Security Platform PAN-OS® operating system version 8.0, also introduced today, which includes more than 70 new features that deliver threat and credential theft prevention, secure cloud enablement, and more. As organisations look to modernise their physical data centres, embrace hybrid cloud environments, and apply advanced security measures across their infrastructure, they require greater performance to handle the tremendous amount of traffic generated by the growing number of users, applications and devices. The introduction of new SaaS applications running at higher throughputs further increases demand for bandwidth performance to and from the network.

    Complicating matters, as more and more traffic is encrypted by SSL, enterprises are left blind to the applications and content their users are accessing, and advanced cyber adversaries are increasingly leveraging SSL encryption to obscure malicious activity, leaving organisations unaware of the hidden dangers lurking on their networks. Legacy security products are simply unable to perform at rates high enough to decrypt this traffic and restore the visibility required to prevent cyber breaches.

    To address these needs and more, six new hardware firewall appliances join the existing hardware family of 16 appliances to safely enable applications and offer threat prevention in large data centres, small branches and remote locations, all managed centrally from Panorama™ network security management. The new and powerful hardware appliances enable advanced security protections applied at speed and scale by delivering predictable performance with deep visibility into and control over all traffic, including encrypted traffic.

    The VM-Series virtualized next-generation firewall family also has been optimised and expanded with three new models to support customer organisations expanding cloud and virtualization initiatives – from virtualized branch offices to data centre and service provider deployments – that require high throughput and capacity. With the new additions, the VM-Series now represents the industry’s broadest line of virtualized firewall appliances, delivering groundbreaking cloud security performance of up to 16 Gbps with App-ID™ technology visibility and over 10 Gbps with full threat prevention enabled.

    Highlights of the new hardware and virtual firewalls include:

    New PA-5200 Series: This new series includes three devices: the PA-5260, PA-5250 and PA-5220. This new advanced architecture delivers 72 Gbps App-ID and 30 Gbps Threat Prevention performance, up to 32M sessions, 3.2M SSL-decrypt session capacity and 6.5 Gbps SSL-decrypt throughput on the PA-5260 model. Higher 10G port density and 40G and 100G interface supports diverse deployments. These models deliver security for high throughput environments within a compact form factor, making them ideal for data centre consolidation, increased gateway demands, and inspecting encrypted traffic.

    New PA-800 Series: The new PA-800 series includes two devices: the PA-850 and PA-820. This new architecture delivers 1.9 Gbps App-ID and 780 Mbps Threat Prevention performance on the PA-850. A high-performance management plane leverages multiple CPU cores and 8GB memory. The PA-850 features redundant power for additional hardware resiliency. These models are ideal for medium-sized networks, and branch and remote office environments.

    New PA-220 delivers full PAN-OS capabilities in a small desktop footprint with increased port density. The PA-220 features built-in resiliency via dual power adapters and complete high availability support for active/active and active/passive clusters. Passive and silent cooling eliminates noise and increases reliability. The small footprint makes these models ideal for small branch offices and remote locations.

    Three new VM-Series virtual firewall models: These new models deliver industry-leading cloud security performance options ranging from 200 Mbps up to an industry-leading 16 Gbps to deliver predictable performance in cloud deployments and address a variety of use cases, from virtualized branch office to data centre and service provider deployments.

    New VM-50 is optimised to consume minimal resources yet delivers 200 Mbps of App-ID performance for customer scenarios that range from virtual branch office/customer premise equipment (CPE) to high-density, multi-tenancy environments.

    Faster VM-100, VM-200, VM-300 and VM-1000-HV have been optimised to deliver 2-4 times their previous performance with 2 Gbps and 4 Gbps of App-ID performance for hybrid cloud, segmentation and internet gateway use cases.

    New VM-500 and VM-700 deliver an industry-leading 8 Gbps to 16 Gbps of App-ID performance, respectively, and can be deployed as NFV security components in fully virtualized data centre and service provider environments.

    Complementing these firewall introductions is the release of Palo Alto Networks Next-Generation Security Platform PAN-OS® operating system version 8.0, which includes threat and credential theft prevention, cloud security and management advancements. See these related press releases:

  • Palo Alto Networks Extends Safe Application Enablement and Breach Prevention From the Network to the Cloud with Enhancements to Its Next-Generation Security Platform
  • Palo Alto Networks Raises Bar with New Threat Prevention Capabilities for Its Next-Generation Security Platform
  • Palo Alto Networks Delivers Industry-First Capabilities to Prevent Credential Theft and Abuse
  • Quotes

    “Cloud migration is a dynamic, bi-directional, and continuous process – sending workloads back and forth between the multiple clouds and data centres. The advancements announced today by Palo Alto Networks, including their new VM-series firewalls, provide customers a critical solution that is flexible enough to facilitate efficient movement between private networks and public/private clouds as new use cases are implemented.”
    – Jeff Wilson, senior research director, Cybersecurity Technology, IHS Markit

    “Palo Alto Networks understands the growing performance and capacity needs as customer organisations look to expand cloud use cases and implement advanced security capabilities throughout their data centres and distributed organisations. We are pleased to expand the performance range and use case possibilities with our newest hardware and virtual firewall models.”
    – Lee Klarich, executive vice president, Product Management, Palo Alto Networks

    Pulse Policy Secure the leading NAC and BYOD solution for your enterprise

    February 3rd, 2017

    Network access control (NAC) is no longer just about role-based user access control, device authentication, and guest management. The Pulse Policy Secure (PPS) solution offers pre and post connect features to assess, characterise and correct operating system and software configurations in real time.

    Organisations can identify unhealthy endpoints, such as systems missing important security updates, running unauthorised software, or having other high-risk elements, and segment them away from the rest of the network.

    As more organisations adopt bring your own device (BYOD) policies and wireless initiatives, there is greater demand for continuous endpoint compliance, or knowing what is running on the endpoint at all times. With PPS in your network, you have real-time visibility into all the devices connecting to the network and to be able to enforce
    security policies on the devices.

    Benefits of Pulse Policy Secure

  • Centralised management of access and compliance policies.
  • Easy integration with several Authentication, Authorisation, and Accounting (AAA) servers.
  • Role-based, application-level enforcement.
  • Distributed enforcement of network access policies.
  • Supports leading global-device management solutions from MobileIron and AirWatch.
  • PPS works with the MDM solution to evaluate whether the BYOD or corporate devices are compliant with organisational and Mobile Device Management (MDM) policies.
  • Allows context-aware policy enforcement for wired and wireless connections across desktop and mobile platforms.
  • Supports captive portal capabilities for allowing users onto their guest networks and capturing relevant information.
  • Supports automated device on-boarding, self-service enrollment, and integration with existing infrastructure to simplify deployments.
  • Dynamic endpoint assessment and enforcement.
  • Supports Profiler functionality, which helps you to get visibility and enforce your security policies for corporate access, BYOD, and guest access.
  • Supports comprehensive network visibility with simplified auditing, and monitoring of devices.
  • Supports interoperability with existing network infrastructure such as switches, wireless controllers, AD, firewalls, IDS, and Security information and event management (SIEM).
  • For more information on Pulse Policy Secure, see https://www.pulsesecure.net/policy-secure/tech-info/

    New Malware Threats: Ransomworm Is Coming, Are You Ready?

    February 3rd, 2017

    In 2016, there were over 4,000 ransomware attacks every day. This was a 300% increase over 2015, when there were 1,000 attacks every day, and it’s likely to get worse in 2017.

    In the first quarter of 2016, cyber criminals used ransomware to steal $209 million from US businesses with an expected $1B for the entire year. Crypto ransomware has grown in popularity since it started with Cryptolocker in 2013, and we can expect to see more clever ransomware as cyber criminals try to make money in 2017.

    Ransomware: No Skills Required
    When ransomware first came out, it required some skill in order to create an attack. Now, with the growth of ransomware as a service (RaaS), it has become a business model that makes it easy for cyber criminals to attack without requiring technical knowledge of how to create ransomware.

    To launch an attack on a group of victims, the cyber thief simply needs a credit card and a mailing list of targets that they want to attack. The user-friendly service allows criminals to download a ransomware tool for a small fee, set the ransom, and enter a deadline for the payment. For every victim that pays a ransom, the service provider gets a cut and the rest goes to the attacker. Some of the RaaS companies even provide training and support.

    Ransomware Gets More Personal
    “Ransomware is unique among cybercrime because in order for the attack to be successful, it requires the victim to become a willing accomplice after the fact.” – James Scott, Sr. Fellow, Institute for Critical Infrastructure Technology

    In the past, many ransomware attacks were blasted to huge lists in hopes that someone would open the email. You can expect more targeted, personalised attacks in 2017. With newer versions of ransomware, once it identifies whether it is attacking a business or personal machine, it will adapt its ransom demands to match the victim.

    For example, it may choose different types of files to encrypt based upon whether it is a personal or business machine. In addition to encrypting these files, it may post your confidential data to social media or a file space if you don’t pay the ransom.

    Ransomworm: Ransomware That Spreads Across Your Network
    In 2017, it’s likely to get worse as more ransomware is augmented with code from traditional network worms like SQL Slammer, CodeRed, and Conficker to create new ransomware that is able to spread across a network. This will effectively increase the amount of damage that can be done with ransomware.

    Using this method, after infecting one computer, the malware will be able to spread to additional computers on the network. It will allow an initial machine to become infected, have a ransom paid, and then wait on other machines undetected until it is ready to attack again. This means you may end up paying ransoms multiple times to the same criminals.

    Ransomworms that can infect multiple machines on a network already exist. A good example is ZCryptor. This malware does not require an email in order to infect machines. It takes advantage of attack vectors that were created by other malware and then self-propagates to the network from the compromised machine.

    SamSam is another example. It is spread via unpatched vulnerabilities on servers, allowing it to infect a machine and then go undetected, causing more damage on their internal network.

    Preventing A Ransomware Attack
    “Ransomware is more about manipulating vulnerabilities in human psychology than the adversary’s technological sophistication.” – James Scott

    Becoming a victim of a ransomware attack can be time-consuming, costly, and damaging to a company’s reputation. Here are some tips to thwart the next ransomware attack:

    Educate your users: According to a Verizon 2015 Breach Investigation Report, 11% of users will open an attachment from someone they don’t know. Infections are often caused by end-users. They open an infected attachment, or click on a link that takes them to an infected site.

    Offer security awareness training for your end users. If they receive an unsolicited or unexpected email with an attachment from the sender, have them call the sender to verify they sent it. If they receive an email with a link they were not expecting, they should never click on it.

    Backup your data: There will never be a 100% guarantee that malware like ransomworm will not successfully infiltrate your network. Backing up your data and keeping it off site and disconnected from your network is the safest way to ensure you can recover after a ransomware attack. Consider using a service like Amazon Glacier Cloud Storage for off-site backups.

    Keep your software patches up-to-date: Once your users are trained to avoid opening email attachments or clicking on links, exploiting software flaws is another common way for malware to spread over your network. Keeping your software patches up to date will help prevent the spread of ransomworms that exploit a network or software flaws.

    Enforce the principle of least privilege: The principle of least privilege gives programs and users access to the programs they need, but no more. Combining least privilege management with application controls can allow you to revoke local administrator rights on workstations in many cases. This will minimise the spread of unwanted software.

    Use endpoint security software: Some people assume that if they keep security and software patches up-to-date and enforce least privilege, they will have things adequately locked down. This is not the case.

    Don’t think you have to worry about security because of your company’s size? After all, only large companies are in the news saying they’ve been breached, right? Don’t fall victim to this fallacy.

    In the case of the Target breach, it was a small HVAC contractor that opened the email that allowed them to get hacked. Companies of all sizes need to have endpoint security like SentinelOne regardless of their size.

    Keeping New Malware Threats At Bay
    Expect several new malware threats in 2017 as cyber thieves try to increase their revenues by improving ransomware. Following these tips will help reduce the risk for your business and check out this guide to protecting virtualized environments and cloud infrastructure to minimise damage from cyber threats.

    Is your business ready for the next new malware threat?

    This article has been taken from the SentinelOne webiste. To view the original article, please click here.

    SentinelOne Named a Visionary for Second Straight Year in the Gartner Magic Quadrant for Endpoint Protection Platforms

    February 3rd, 2017

    SentinelOne Placed Furthest in “Completeness of Vision”

    SentinelOne, the company transforming endpoint security by delivering real-time protection powered by machine learning and dynamic behaviour analysis, today announced it has been positioned by Gartner, Inc. in the Visionary quadrant of the Magic Quadrant for Endpoint Protection Platforms (EPP) for the second straight year.*

    SentinelOne’s Endpoint Protection Platform (EPP) unifies endpoint threat prevention, detection and response in a single platform driven by sophisticated machine learning and intelligent automation. With SentinelOne, organisations can detect malicious behaviour across multiple vectors, rapidly eliminate threats with fully-automated, integrated response capabilities, and adapt their defences against the most advanced cyber attacks.

    “We have long held a culture of innovation within SentinelOne and are thrilled to be recognised for that commitment and record of execution towards a disruptive vision,” said Tomer Weingarten, CEO of SentinelOne. “Our vision from day one has been based on the belief that this problem can only be solved through a multi-layered approach that combines behaviour and static-based detection into a single integrated solution. This is the only way to protect against attacks that are rapidly evolving towards a multi-vector approach that combine file and file-less malware with other advanced techniques such as the use of scripting languages. In doing so we’ve positioned SentinelOne to be a true replacement for antivirus solutions, not simply another tool to augment antivirus’ weaknesses.

    “We are truly honoured to be recognised as a visionary in this year’s Gartner Magic Quadrant, and we will continue to work with organisations around the globe that are actively seeking strong solutions to help combat today’s sophisticated attacks,” continued Weingarten.

    This latest news comes one week after the company announced it has secured an additional $70 million (USD) in a Series C round led by Redpoint Ventures, bringing total investment in SentinelOne to more than $110 million.

    For a copy of the Gartner Magic Quadrant for Endpoint Protection Platforms, please click here.

    *Gartner Inc., “Magic Quadrant for Endpoint Protection Platforms” by Eric Ouellet, Ian McShane, Avivah Litan, Jan. 30, 2017.

    About the Magic Quadrant

    Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organisation and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

    About SentinelOne

    SentinelOne is shaping the future of endpoint security with an integrated platform that unifies the detection, prevention and remediation of threats initiated by nation states, terrorists, and organised crime. SentinelOne’s unique approach is based on deep inspection of all system processes combined with innovative machine learning to quickly isolate malicious behaviours, protecting devices against advanced, targeted threats in real time. SentinelOne was formed by an elite team of cyber security and defence experts from IBM, Intel, Check Point Software Technologies, McAfee, Palo Alto Networks and the Israel Defense Forces. To learn more visit sentinelone.com or follow us at @SentinelSec.

    RaaS: Hacking Made Easy

    January 30th, 2017

    Do you know what the greatest motivator in 2016 was for cyber attacks?

    If you answered “ransom,” you were correct.

    Known as the year of ransomware, a whopping 49% of businesses fell victim to cyber ransom attacks. Based on these numbers, IT professionals certainly have cause for concern. Especially when taking into consideration “hacking made easy,” or what we know as Ransomware as a Service (RaaS).

    What is Ransomware as a Service?
    Modeled after software-as-a-service, RaaS extends hacking to would-be cybercriminals. Drawing in participants with a minimum of script kiddie abilities, they execute by:

  • Accessing a darkweb TOR site and registering with a Bitcoin address. From there, they tailor and download their own version of the malware.
  • Using multiple Bitcoin addresses to run simultaneous campaigns.
  • Employing typical infection vectors for the executable. Targeted spear-phishing, spray-and-pray phishing campaigns, malvertising with contaminated ads on websites compromised with Exploit Kits are available for criminal affiliates. Unknowingly, the malicious files are downloaded, manually hacking Linux servers or brute forcing terminal servers.
  • In the end, 5%-25% of all ransom collected goes to the original developers. By creating free and easy malware that doesn’t require specialist knowledge to deploy, the ransomware bosses can score big profits with a large number of infections.

    The remaining income goes directly to the script kiddies who get a taste of easy criminal profits. With access to hacking made easy tools like insider statistics and campaign settings, they can continue to conduct ransomware campaigns with little effort.

    Just $39.99 a Month for Our Hacking Made Easy Toolkit!

    It sounds like a cheesy infomercial, but hackers understand that hooking perspective evildoers is big business. A cryptoware program called Stampado, being sold on the darknet for $39 even had a YouTube video promoting the RaaS subscription.

    While less experienced online attackers might be drawn in by the “hacking made easy” value proposition. More sophisticated actors will go after stable, flexible, and refined vectors.

    In the wild we’ve seen this through the use of a Cerber variant, tied to a $2.5 million dollar a year RaaS ring. According to research reports, the RaaS ring included 161 active campaigns with eight new campaigns launched daily. In July 2016, it was estimated that criminals earned close to $200,000. Victims paid approximately 1 bitcoin ($590) to decrypt files locked by the Cerber ransomware.

    Protecting Against RaaS
    We urge victims against buckling to extortion if at all possible. Each time a ransom is paid, malicious actors gain resources to do more damage. While sometimes paying for decryption is unavoidable, we suggest taking these steps for the best possible outcomes.

  • Use a product that guarantees its protection technology. SentinelOne assures users that if we’re unable to block or remediate the effects of a ransomware attack, we’ll pay for it. We’ll reimburse your company or organisation up to $1,000 per endpoint, or $1,000,000 in protection overall for the company.
  • Go beyond signature-based endpoints with behavioural detection. Malware authors understand that endpoints identify malware based on structure. By using behavioural detection instead, it can watch the malware’s path and actions before taking steps to protect.
  • Backups are essential in neutralising the threat. Using 10-minute interval snapshots and sending the data to the cloud can provide insurance in the event of an attack.
  • Educate end users on Ransomware as a Service. In 2017, it’s likely that we will continue to suffer from ransomware attacks. The first line of defence is a knowledgeable workforce that understands the ramifications of opening a curious email or clicking a malicious ad. By giving them experience through simulated phishing attempts, you can gauge the preparedness of users to spot keepers of ransomware strains.
  • To learn more about the impacts of ransomware, visit our Global Ransomware Study 2016 infographic. Or for greater detail, view our research data summary.

    Please note the below has been produced by SentinelOne. To view the original article click here.

    Palo Alto Networks Launches Cybersecurity Guide for Directors and Officers

    January 30th, 2017

    Actionable Advice, Insights and Best Practices From Cybersecurity Experts and Top Advisors on Risk, Leadership, Human Resources, Legal and Reputation Management

    Palo Alto Networks® (NYSE: PANW), the next-generation security company, has announced the publication of “Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers – United Kingdom.” This guide will provide U.K. boards, executives and C-level officers at enterprises, government agencies and other organisations with practical, expert advice on how to raise the bar on cybersecurity.

    As threats continue to grow in number and complexity, new EU legislation, in the form of the General Data Protection Regulation (GDPR) and the Network and Information Security (NIS) Directive, provides a unique opportunity for business leaders to rethink how they can build state-of-the-art cybersecurity strategies and systems fit for current and future challenges. As such, the guide helps start necessary discussions and determine the next steps toward preventing cyber breaches and maintaining trust in our digital age.

    Building on the success of the U.S. edition of the guide launched in October 2015 with the New York Stock Exchange (NYSE), the U.K. edition was written in conjunction with U.K. thought leaders from the public and private sector, and published by Forbes.

    Collecting the expertise and experience of CEOs, CISOs, lawyers, consultants and former government officials, this U.K. guide is intended for those new to the cybersecurity topic as well as seasoned leaders in the field. It contains practical and expert advice on a range of cybersecurity issues to allow business leaders to start, or continue having, the conversation on such topics as EU legislation, enabling innovation, executive responsibility, your security leadership team/hiring the next generation CISO, and responding to crisis.

    Quotes:

    “A chief executive’s role is to balance both the risks and the op­portunities in all situations. Good governance around cybersecurity – essential risk manage­ment – can be a defining factor in organisation­al excellence, building compliance, enterprise-wide awareness, and commitment…this book is an indispensable tool to support indi­vidual leaders and teams that make the choice to master this risk rather than to fall victim to it.”

    Sir Iain Lobban, former chief of the U.K.’s intelligence and security agency, GCHQ, and now a senior adviser to a range of global companies on cybersecurity risk and governance; taken from “Preface – Mastering Cyber Risk in 10 Steps.”

    “What we are now seeing is the evolution of what is known as ‘privacy architecture’, a set of guidelines and principles that are embed­ded into your business and technology pro­cesses from the ground upwards, rather than overlaid upon it. This bakes cyber resilience into your operating DNA, with reduced compliance overhead and resource require­ments.”

    Gregory Albertyn, senior director, and Avi Berliner, manager, PwC; taken from “Chapter 1 – What is the Process for Achieving State-of-the-Art?”

    “The CISO position is now widely recog­nised—but they must understand the objec­tives of making a return for investors. An effective CISO is not expected to apply more controls and barriers across an organisa­tion. They need to be acutely commercially focused…”

    Chris Bray, Gavin Colman and Giles Orringe, partners, Heidrick & Struggles; taken from “Chapter 11 – Hiring the Next-Generation CISO.”

    “Our digital dependence is another business challenge with both risks and opportunities. We should not underestimate its breadth of impact, but we should also not burden boards of directors with overly technological conversation.”

    Edward M. Stroz, founder and executive chairman, Stroz Friedberg; taken from “Ensuring Your Board is on the Same Page Regarding Cyber Response.”

    “Upcoming EU legislation is an opportunity to raise the bar on cybersecurity, but there’s often a language disconnect between the virtual front line and organisational leadership. We’ve worked with experts, across public and private sectors, to translate complex topics into guidance that enables business leaders to join forces with cybersecurity teams on developing state-of-the-art preventative security strategies. In doing so, we hope to help them prevent cyber breaches and preserve trust in the digital age.”

    Greg Day, vice president and regional chief security officer, Europe, Middle East and Africa, Palo Alto Networks

    Other contributing authors include:

  • Joel Harrison – partner, Milbank, Tweed, Hadley & McCloy LLP
  • Ian West – chief of cyber security, NATO Communications and Information Agency
  • Sir Michael Rake – chairman, BT and Worldpay
  • Conrad Prince – cyber ambassador, Department for International Trade’s Defence and Security Organisation
  • Ryan Kalember – senior vice president of cybersecurity strategy, Proofpoint
  • Mark Hughes – president, BT Security, BT Global Services
  • Lee Barney – head of information security, Marks & Spencer
  • Troels Oerting – group chief security officer, and Elena Kvochko, CIO, group security function, Barclays
  • Alan Jenkins – associate partner, IBM Security
  • Mark Weil – CEO, Marsh UK and Ireland, Marsh Ltd
  • Richard Meredith and George Little – partners, Brunswick
  • To learn more about cybersecurity from leading experts and contributors, and download your own copy of the guide, visit: https://get.info.paloaltonetworks.com/webApp/ceos-navigating-the-digital-age-global-uk-en

    For more best practices, use cases, and expert advice on managing cybersecurity risks, visit: www.securityroundtable.org

    To learn more about how Palo Alto Networks helps organisations prevent successful cyberattacks with its Next-Generation Security Platform, visit: www.paloaltonetworks.com

    Ruckus Adds R510 to Unleashed Portfolio Plus Some Exciting New Updates!

    January 25th, 2017

    simply-better-wireless

    The Ruckus Unleashed access point line now includes the popular R510 802.11ac Wave 2 AP which is ideal for all enterprises and their wall-mount H510 802.11ac Wave 2 AP which works great as an in-room access point.

    In addition, with the upcoming 200.3 firmware release, Unleashed access points will now support Gateway Mode enabling direct connectivity to a cable or DSL modem leveraging built-in DHCP server and NAT support. This enables a service provider, owner or installer to deploy Unleashed APs in multi-dwelling units (MDU), small single-site retail shops and smart-homes. Here are the highlights:

    This enables the deployment of Unleashed APs in multi-dwelling units (MDU), small single-site retail shops and smart-homes. Here are the highlights:

    • R510 / H510 Unleashed APs – Ruckus’ popular 802.11ac Wave 2 APs now Unleashed
    • Gateway Mode – ease installation of an Unleashed AP directly to a cable/DSL modem
    • SpeedFlex – built-in speed test tool enabling troubleshooting between Mesh connected Unleashed APs
    • Unleashed Management App – installation of Unleashed APs will now be even easier
    • Static Client IP Addresses – connected clients can preserve assigned IP addresses

    One of the updates we are most excited about is the launch of the Unleashed management app. This app will further simplify an already easy to install portfolio of Unleashed access points.

    The app will be available in February 2017

    Net-Ctrl Blog

    Ruckus Introduces Cloudpath 5.1 to Secure Connected IOT Devices

    February 16th, 2017

    Ruckus Wireless™, a part of Brocade, today announced version 5.1 of its Cloudpath™ ES security and policy management software. The latest software release enables organisations to automatically and securely connect Internet of Things (IoT) devices using certificates—the gold standard of device security—allowing IT to establish policies governing the behaviour of those devices. In conjunction with the Cloudpath software certificate authority (CA) and supported standards-based protocols, the new capabilities allow organisations and IoT device manufacturers to easily and automatically secure a wide range of connected IoT devices without changing existing security infrastructure.

    Gartner reports that IoT endpoints will reach an installed base of 20.4 billion units by 2020. In addition, AT&T’s Cybersecurity Insights Report, which surveyed more than 5,000 enterprises around the world, found that 85 percent of enterprises are in the process of or intend to deploy IoT devices. Yet, according to the report, a mere 10 percent of those surveyed feel confident that they could secure those devices against hackers.

    “The use of IoT-connected devices is now poised to grow exponentially, with IoT technology investments expected to reach $1.29 trillion by the year 2020 across multiple vertical segments and industries,” said Rohit Mehra, vice president, network infrastructure, IDC. “As with other aspects of IT infrastructure and applications, security risks and vulnerabilities associated with IoT are now a key area of focus for enterprise IT and LoB managers on an ongoing basis. These enterprises, along with their technology solution providers, need to find reliable, cost-effective ways to better secure their connected IoT applications and infrastructure, a challenge that Ruckus seeks to address with these new capabilities.”

    Cloudpath ES 5.1 software introduces device fingerprinting, a technique that allows IT to automatically identify IoT device types by comparing the device profile to a device fingerprint database.

    Together with other Cloudpath software features, the new release delivers the following benefits:

    IT can automatically secure, using certificates, fingerprint-identified IoT devices. If the device is unable to use a certificate, a Ruckus Dynamic Pre-Shared Key™ can be used to secure it. Both approaches enable IT to establish IoT device-specific policies. For example, IoT devices may be authorised to connect only to the cloud service with which they’re associated.

    IT can continue to use existing RADIUS and CAs to secure non-IoT devices. By using Cloudpath software and its dedicated CA to secure IoT devices, organisations avoid reconfiguring their current AAA and CA security implementation or, worse, creating custom middleware to secure devices using an existing CA.

    Manufacturers can improve the security readiness of their IoT devices. They can leverage standards-based certificate retrieval protocols such as SCEP and EST, which are native to the Cloudpath CA.

    Managed service providers (MSPs) can add new tenants at will. MSPs can utilise the multitenant capabilities in the Cloudpath virtual deployment implementation, thereby reducing deployment costs and management overhead compared to deploying a separate instance of security and policy management software for each end customer.

    “Traditionally, configuring IoT devices has been a huge headache for IT. These devices not only expose organisations to new security threats, but often require manual onboarding, assuming they can be onboarded at all,” said Kevin Koster, chief Cloudpath architect, Ruckus Wireless Business Unit, Brocade. “Cloudpath helps IT departments ensure their IoT devices don’t put their network and their users at risk, while enabling IoT device manufacturers to meet their own customers’ need for IoT device security.”

    The latest release of Cloudpath ES software will be generally available in the second quarter of 2017.

    World’s Most Common Password Hasn’t Changed in Years

    February 14th, 2017

    At this point, it’s not even funny. In 2016, the world’s most common password was “123456.” Surprise galore, “123456” was also the most common password in 2015. In 2014, you may be shocked to learn, the most common password was also “123456.” That sound you’re hearing is the noise a broken record makes.

    At this point, maybe let’s not focus on the sheer ridiculousness of this statistic. It’s overplayed—passwords are obsolete and people choose bad ones when given the choice. Instead, let’s look at some background facts. How are these “most common passwords” lists made, anyway? Does using a common password really make you insecure? How secure does using a “secure” password make you, anyway?

    How do these “Most Common Password” Lists Even Get Made?

    The first thing that you should know is that, while a lot of data gets stolen, not all of that data is valuable. Even lists of passwords aren’t necessarily that great. Hackers, as we’ve often said, are lazy. If you have an email address and a password, you might eventually be able to find someone’s address, get their credit card number, and start committing identity theft—but that takes a lot of work. Why’s this important?

    Due to the rather fungible value of password lists, hacking groups will often post their spoils directly to the internet. This is usually for bragging rights, although it also might be a free sample. Either way, the venue for these postings is usually a site called Pastebin. The public nature of these posts means that companies are able to look for the most common passwords, and therefore assemble these yearly scorecards.

    If You Use a Weak Password, Will You Get Hacked?

    You’re not guaranteed to get hacked if you use one of the most common passwords from 2016—but you’ll make it very easy for any hacker who tries to target you. Here’s how this works:

    Normally, when an attacker steals a list of passwords, they’ll come out as a list of encrypted phrases, called hashes. By design, hashes are one-way encryption—you’re not supposed to be able to use math to turn a hash back into plaintext. The problem, however, is that hashes with the same input always return the same output. In other words, if you take the password “123456” and run it through an MD5 hash generator, you’ll always get the output “e10adc3949ba59abbe56e057f20f883e.”

    If you’re a hacker, and you’ve just stolen a bunch of hashed passwords, you know that the odds are that a bunch of the hashes in there are from people who picked “123456” as their password. If you know that the hashing algorithm was MD5, you can just do CTRL-F for “e10adc3949ba59abbe56e057f20f883e” and steal all those passwords right away. Hackers will usually do this with a whole bunch of the most common passwords, in what’s known as a “pre-computed dictionary attack.”

    Is Your “Secure” Password As Secure As You Think It Is?

    A lot of people are now wise to the fact that you shouldn’t choose a simple password. There’s a huge but coming up, however—the passwords that we generally think of as secure, aren’t. Choosing a password with capital letters, numbers, and symbols probably will pose a minor impediment to a hacker who seriously wants your information.

    First of all, you’ve probably chosen a password that looks like this: 11Passw0rd! It’s got all of the “secure” elements, but the numbers are at the front, the zero replaces the “O,” and the symbol is at the back. It’s very common to use those elements in that order, which makes it easy for brute-force password-guessing software to reverse engineer even a relatively complex password—especially since it’s based on a word from the dictionary.

    Second of all, a lot of websites do password security… poorly. For example, we used MD5 as an example hash. MD5 has been nearly obsolete since about the 1990s, and takes seconds to crack—but a lot of companies use it anyway. There’s actually a sizeable contingent of companies which store passwords in plain text. You could be using the most secure password on Earth, and still get burned by malfeasance.

    If even “secure” passwords fail the sniff test, how should you protect your data? Establish fail-safes. A strong password on its own is no defense against malware, ransomware, or any of the other numerous ways that attackers can hack your systems. Choose a strong passwords, and choose to educate yourself about the importance of combatting insider threats with this whitepaper on Shadow IT and Security Information.

    View the original article published by SentinelOne.

    Palo Alto Networks Raises Bar with New Threat Prevention Capabilities for Its Next-Generation Security Platform

    February 10th, 2017

    New PAN-OS 8.0 Extends Safe Application Enablement and Successful Attack Prevention Capabilities of the Platform; Simplifies Security Operations

    Palo Alto Networks, the next-generation security company, today announced advancements to its Next-Generation Security Platform that extend the ability for customer organisations to safely enable applications, prevent successful cyberattacks, simplify security operations, and safely embrace the cloud.

    Cyber adversaries often use commoditized compute power and automated tools and evasion techniques to deploy sophisticated attacks at massive scale and little cost. Security teams can find themselves struggling to address the sophistication, speed and volume of these threats – both known and unknown – using a collection of legacy security point products, manual resources and tools that fail to provide thorough application visibility and control, can’t adequately identify and stop advanced attacks in an automated and timely manner, complicate security workflows, and require too much manual intervention.

    These challenges are compounded as network perimeters become more vulnerable with the rapid adoption of cloud deployments – public, private, hybrid or SaaS – resulting in applications and data moving across networks and endpoints to and from the cloud with users accessing data dynamically from anywhere and any device. This dramatically expands and complicates the landscape customer organisations must protect against a growing volume and variety of threats.

    The natively engineered Palo Alto Networks Next-Generation Security Platform addresses these challenges by safely enabling applications, content and users regardless of location, preventing successful attacks from known and unknown threats, while simplifying security operations and infrastructure, and giving organisations the freedom to safely embrace new cloud infrastructures.

    Building upon the existing capabilities of the platform, new advancements included in the Palo Alto Networks PAN-OS® operating system version 8.0 take advantage of added automation, machine learning and threat prevention capabilities, among others.

    Among the more than 70 new features introduced to the Next-Generation Security Platform as part of PAN-OS 8.0, threat prevention feature highlights include:

  • Stopping sandbox evasion techniques with a new 100 percent custom-built hypervisor and bare metal analysis environment for the WildFire™ service, designed to automatically identify and prevent the most evasive threats.
  • Automated command-and-control signatures using a new and unique payload-based signature generation engine. This new approach delivers researcher-grade, payload-based signatures in a delivery mechanism that is automated end to end for faster time to prevention of adversary phone home attempts.
  • Automated integration of threat intelligence delivered through the integration of the MineMeld application with the AutoFocus™ service, whereby security operations teams can easily ingest multiple data feeds, accelerate the digestion of all the threat intelligence, create customizable fields, and quickly automate remediation to the next-generation firewall, as well as alert SOC groups via third-party SIEM solutions or asset management products.
  • Management features that provide administrators fast and accurate insight delivered by Panorama™ network security management and now include ingestion of Traps™ advanced endpoint protection logs, as well as additional firewall logs. This enriches correlation of indicators of compromise and automates actions to update the next-generation firewall with new automated actions to prevent adversary lateral movement and alert IT via third-party IT service management and security response systems, such as ServiceNow, lowering operational burden for security teams.
  • Additional cloud security, hardware highlights and credential theft advancements are also available with the introduction of PAN-OS 8.0. See these related press releases:

  • Palo Alto Networks Extends Safe Application Enablement and Breach Prevention From the Network to the Cloud with Enhancements to Its Next-Generation Security Platform
  • Palo Alto Networks Delivers Industry-first Capabilities to Prevent Credential Theft and Abuse
  • Palo Alto Networks Expands Range of Next-Generation Firewall Devices with New Hardware and Virtual Appliances
  • QUOTES

    “With attackers adopting more sophisticated tactics and tools, it’s important that our security solutions are able to keep pace without requiring volumes of manual resources or chair swiveling from one product console to another, and that we have timely prevention mechanisms. The extended threat prevention capabilities introduced today in the Palo Alto Networks Next-Generation Security Platform allow us to better protect against advanced threats at the pace of our adversaries, safely enable application usage for our employees where ever they are, and reduce our management overhead.”
    – Eugene Purugganan, systems engineer, Animal Logic

    “Cloud and SaaS are revolutionising IT, but our customers, while eager to implement these technologies in their own network environments, are hesitant to adopt them due to cybersecurity concerns. Both current and prospective customers who currently leverage Palo Alto Networks Next-Generation Security Platform will be excited about how the newest innovations combine strong threat detection and prevention capabilities with automated features to ensure customers can secure their organisations against known and unknown cyberattacks targeting cloud, hybrid cloud and physical network environments.”
    – Luanne Tierney, managing member, Fivesky

    “Cyber adversaries are constantly finding new ways to evade detection by dynamic analysis environments, many of which share common open-source components. This has allowed advanced attackers to develop techniques to identify various analysis environments and evade detection. Custom analysis environments make it difficult for cyber criminals to predict system responses to these evasions – which should ultimately provide more protection for customers.”
    – Jason Pappalexis, distinguished research director, NSS Labs, Inc.

    “Using legacy security products and tools, organisations today face seemingly insurmountable challenges in protecting themselves from a growing volume of sophisticated threats. We are pleased to offer them an entirely different approach with our natively engineered Next-Generation Security Platform that raises the bar for organisations with new advancements in preventing malware sandbox evasion, automation of command-and-control protection, and threat intelligence ingestion that help our customers prevent successful attacks.”
    – Lee Klarich, executive vice president, Product Management, Palo Alto Networks

    AVAILABILITY

    PAN-OS 8.0 is now available globally to customers of Palo Alto Networks with a current support contract.
    To learn more about the Palo Alto Networks Next-Generation Security Platform, visit: https://www.paloaltonetworks.com/products/platforms.html.

    Palo Alto Networks Expands Range of Next-Generation Firewall Devices with New Hardware and Virtual Appliances

    February 9th, 2017

    Palo Alto Networks® (NYSE: PANW), the next-generation security company, today announced availability of new purpose-built hardware and virtual next-generation firewall appliances that safely enable applications and redefine security performance for both threat prevention and SSL decryption, enabling customers to safely embrace the cloud and prevent successful cyberattacks across network, endpoint and cloud environments.

    The new models complement enhancements to the Palo Alto Networks Next-Generation Security Platform PAN-OS® operating system version 8.0, also introduced today, which includes more than 70 new features that deliver threat and credential theft prevention, secure cloud enablement, and more. As organisations look to modernise their physical data centres, embrace hybrid cloud environments, and apply advanced security measures across their infrastructure, they require greater performance to handle the tremendous amount of traffic generated by the growing number of users, applications and devices. The introduction of new SaaS applications running at higher throughputs further increases demand for bandwidth performance to and from the network.

    Complicating matters, as more and more traffic is encrypted by SSL, enterprises are left blind to the applications and content their users are accessing, and advanced cyber adversaries are increasingly leveraging SSL encryption to obscure malicious activity, leaving organisations unaware of the hidden dangers lurking on their networks. Legacy security products are simply unable to perform at rates high enough to decrypt this traffic and restore the visibility required to prevent cyber breaches.

    To address these needs and more, six new hardware firewall appliances join the existing hardware family of 16 appliances to safely enable applications and offer threat prevention in large data centres, small branches and remote locations, all managed centrally from Panorama™ network security management. The new and powerful hardware appliances enable advanced security protections applied at speed and scale by delivering predictable performance with deep visibility into and control over all traffic, including encrypted traffic.

    The VM-Series virtualized next-generation firewall family also has been optimised and expanded with three new models to support customer organisations expanding cloud and virtualization initiatives – from virtualized branch offices to data centre and service provider deployments – that require high throughput and capacity. With the new additions, the VM-Series now represents the industry’s broadest line of virtualized firewall appliances, delivering groundbreaking cloud security performance of up to 16 Gbps with App-ID™ technology visibility and over 10 Gbps with full threat prevention enabled.

    Highlights of the new hardware and virtual firewalls include:

    New PA-5200 Series: This new series includes three devices: the PA-5260, PA-5250 and PA-5220. This new advanced architecture delivers 72 Gbps App-ID and 30 Gbps Threat Prevention performance, up to 32M sessions, 3.2M SSL-decrypt session capacity and 6.5 Gbps SSL-decrypt throughput on the PA-5260 model. Higher 10G port density and 40G and 100G interface supports diverse deployments. These models deliver security for high throughput environments within a compact form factor, making them ideal for data centre consolidation, increased gateway demands, and inspecting encrypted traffic.

    New PA-800 Series: The new PA-800 series includes two devices: the PA-850 and PA-820. This new architecture delivers 1.9 Gbps App-ID and 780 Mbps Threat Prevention performance on the PA-850. A high-performance management plane leverages multiple CPU cores and 8GB memory. The PA-850 features redundant power for additional hardware resiliency. These models are ideal for medium-sized networks, and branch and remote office environments.

    New PA-220 delivers full PAN-OS capabilities in a small desktop footprint with increased port density. The PA-220 features built-in resiliency via dual power adapters and complete high availability support for active/active and active/passive clusters. Passive and silent cooling eliminates noise and increases reliability. The small footprint makes these models ideal for small branch offices and remote locations.

    Three new VM-Series virtual firewall models: These new models deliver industry-leading cloud security performance options ranging from 200 Mbps up to an industry-leading 16 Gbps to deliver predictable performance in cloud deployments and address a variety of use cases, from virtualized branch office to data centre and service provider deployments.

    New VM-50 is optimised to consume minimal resources yet delivers 200 Mbps of App-ID performance for customer scenarios that range from virtual branch office/customer premise equipment (CPE) to high-density, multi-tenancy environments.

    Faster VM-100, VM-200, VM-300 and VM-1000-HV have been optimised to deliver 2-4 times their previous performance with 2 Gbps and 4 Gbps of App-ID performance for hybrid cloud, segmentation and internet gateway use cases.

    New VM-500 and VM-700 deliver an industry-leading 8 Gbps to 16 Gbps of App-ID performance, respectively, and can be deployed as NFV security components in fully virtualized data centre and service provider environments.

    Complementing these firewall introductions is the release of Palo Alto Networks Next-Generation Security Platform PAN-OS® operating system version 8.0, which includes threat and credential theft prevention, cloud security and management advancements. See these related press releases:

  • Palo Alto Networks Extends Safe Application Enablement and Breach Prevention From the Network to the Cloud with Enhancements to Its Next-Generation Security Platform
  • Palo Alto Networks Raises Bar with New Threat Prevention Capabilities for Its Next-Generation Security Platform
  • Palo Alto Networks Delivers Industry-First Capabilities to Prevent Credential Theft and Abuse
  • Quotes

    “Cloud migration is a dynamic, bi-directional, and continuous process – sending workloads back and forth between the multiple clouds and data centres. The advancements announced today by Palo Alto Networks, including their new VM-series firewalls, provide customers a critical solution that is flexible enough to facilitate efficient movement between private networks and public/private clouds as new use cases are implemented.”
    – Jeff Wilson, senior research director, Cybersecurity Technology, IHS Markit

    “Palo Alto Networks understands the growing performance and capacity needs as customer organisations look to expand cloud use cases and implement advanced security capabilities throughout their data centres and distributed organisations. We are pleased to expand the performance range and use case possibilities with our newest hardware and virtual firewall models.”
    – Lee Klarich, executive vice president, Product Management, Palo Alto Networks

    Pulse Policy Secure the leading NAC and BYOD solution for your enterprise

    February 3rd, 2017

    Network access control (NAC) is no longer just about role-based user access control, device authentication, and guest management. The Pulse Policy Secure (PPS) solution offers pre and post connect features to assess, characterise and correct operating system and software configurations in real time.

    Organisations can identify unhealthy endpoints, such as systems missing important security updates, running unauthorised software, or having other high-risk elements, and segment them away from the rest of the network.

    As more organisations adopt bring your own device (BYOD) policies and wireless initiatives, there is greater demand for continuous endpoint compliance, or knowing what is running on the endpoint at all times. With PPS in your network, you have real-time visibility into all the devices connecting to the network and to be able to enforce
    security policies on the devices.

    Benefits of Pulse Policy Secure

  • Centralised management of access and compliance policies.
  • Easy integration with several Authentication, Authorisation, and Accounting (AAA) servers.
  • Role-based, application-level enforcement.
  • Distributed enforcement of network access policies.
  • Supports leading global-device management solutions from MobileIron and AirWatch.
  • PPS works with the MDM solution to evaluate whether the BYOD or corporate devices are compliant with organisational and Mobile Device Management (MDM) policies.
  • Allows context-aware policy enforcement for wired and wireless connections across desktop and mobile platforms.
  • Supports captive portal capabilities for allowing users onto their guest networks and capturing relevant information.
  • Supports automated device on-boarding, self-service enrollment, and integration with existing infrastructure to simplify deployments.
  • Dynamic endpoint assessment and enforcement.
  • Supports Profiler functionality, which helps you to get visibility and enforce your security policies for corporate access, BYOD, and guest access.
  • Supports comprehensive network visibility with simplified auditing, and monitoring of devices.
  • Supports interoperability with existing network infrastructure such as switches, wireless controllers, AD, firewalls, IDS, and Security information and event management (SIEM).
  • For more information on Pulse Policy Secure, see https://www.pulsesecure.net/policy-secure/tech-info/

    New Malware Threats: Ransomworm Is Coming, Are You Ready?

    February 3rd, 2017

    In 2016, there were over 4,000 ransomware attacks every day. This was a 300% increase over 2015, when there were 1,000 attacks every day, and it’s likely to get worse in 2017.

    In the first quarter of 2016, cyber criminals used ransomware to steal $209 million from US businesses with an expected $1B for the entire year. Crypto ransomware has grown in popularity since it started with Cryptolocker in 2013, and we can expect to see more clever ransomware as cyber criminals try to make money in 2017.

    Ransomware: No Skills Required
    When ransomware first came out, it required some skill in order to create an attack. Now, with the growth of ransomware as a service (RaaS), it has become a business model that makes it easy for cyber criminals to attack without requiring technical knowledge of how to create ransomware.

    To launch an attack on a group of victims, the cyber thief simply needs a credit card and a mailing list of targets that they want to attack. The user-friendly service allows criminals to download a ransomware tool for a small fee, set the ransom, and enter a deadline for the payment. For every victim that pays a ransom, the service provider gets a cut and the rest goes to the attacker. Some of the RaaS companies even provide training and support.

    Ransomware Gets More Personal
    “Ransomware is unique among cybercrime because in order for the attack to be successful, it requires the victim to become a willing accomplice after the fact.” – James Scott, Sr. Fellow, Institute for Critical Infrastructure Technology

    In the past, many ransomware attacks were blasted to huge lists in hopes that someone would open the email. You can expect more targeted, personalised attacks in 2017. With newer versions of ransomware, once it identifies whether it is attacking a business or personal machine, it will adapt its ransom demands to match the victim.

    For example, it may choose different types of files to encrypt based upon whether it is a personal or business machine. In addition to encrypting these files, it may post your confidential data to social media or a file space if you don’t pay the ransom.

    Ransomworm: Ransomware That Spreads Across Your Network
    In 2017, it’s likely to get worse as more ransomware is augmented with code from traditional network worms like SQL Slammer, CodeRed, and Conficker to create new ransomware that is able to spread across a network. This will effectively increase the amount of damage that can be done with ransomware.

    Using this method, after infecting one computer, the malware will be able to spread to additional computers on the network. It will allow an initial machine to become infected, have a ransom paid, and then wait on other machines undetected until it is ready to attack again. This means you may end up paying ransoms multiple times to the same criminals.

    Ransomworms that can infect multiple machines on a network already exist. A good example is ZCryptor. This malware does not require an email in order to infect machines. It takes advantage of attack vectors that were created by other malware and then self-propagates to the network from the compromised machine.

    SamSam is another example. It is spread via unpatched vulnerabilities on servers, allowing it to infect a machine and then go undetected, causing more damage on their internal network.

    Preventing A Ransomware Attack
    “Ransomware is more about manipulating vulnerabilities in human psychology than the adversary’s technological sophistication.” – James Scott

    Becoming a victim of a ransomware attack can be time-consuming, costly, and damaging to a company’s reputation. Here are some tips to thwart the next ransomware attack:

    Educate your users: According to a Verizon 2015 Breach Investigation Report, 11% of users will open an attachment from someone they don’t know. Infections are often caused by end-users. They open an infected attachment, or click on a link that takes them to an infected site.

    Offer security awareness training for your end users. If they receive an unsolicited or unexpected email with an attachment from the sender, have them call the sender to verify they sent it. If they receive an email with a link they were not expecting, they should never click on it.

    Backup your data: There will never be a 100% guarantee that malware like ransomworm will not successfully infiltrate your network. Backing up your data and keeping it off site and disconnected from your network is the safest way to ensure you can recover after a ransomware attack. Consider using a service like Amazon Glacier Cloud Storage for off-site backups.

    Keep your software patches up-to-date: Once your users are trained to avoid opening email attachments or clicking on links, exploiting software flaws is another common way for malware to spread over your network. Keeping your software patches up to date will help prevent the spread of ransomworms that exploit a network or software flaws.

    Enforce the principle of least privilege: The principle of least privilege gives programs and users access to the programs they need, but no more. Combining least privilege management with application controls can allow you to revoke local administrator rights on workstations in many cases. This will minimise the spread of unwanted software.

    Use endpoint security software: Some people assume that if they keep security and software patches up-to-date and enforce least privilege, they will have things adequately locked down. This is not the case.

    Don’t think you have to worry about security because of your company’s size? After all, only large companies are in the news saying they’ve been breached, right? Don’t fall victim to this fallacy.

    In the case of the Target breach, it was a small HVAC contractor that opened the email that allowed them to get hacked. Companies of all sizes need to have endpoint security like SentinelOne regardless of their size.

    Keeping New Malware Threats At Bay
    Expect several new malware threats in 2017 as cyber thieves try to increase their revenues by improving ransomware. Following these tips will help reduce the risk for your business and check out this guide to protecting virtualized environments and cloud infrastructure to minimise damage from cyber threats.

    Is your business ready for the next new malware threat?

    This article has been taken from the SentinelOne webiste. To view the original article, please click here.

    SentinelOne Named a Visionary for Second Straight Year in the Gartner Magic Quadrant for Endpoint Protection Platforms

    February 3rd, 2017

    SentinelOne Placed Furthest in “Completeness of Vision”

    SentinelOne, the company transforming endpoint security by delivering real-time protection powered by machine learning and dynamic behaviour analysis, today announced it has been positioned by Gartner, Inc. in the Visionary quadrant of the Magic Quadrant for Endpoint Protection Platforms (EPP) for the second straight year.*

    SentinelOne’s Endpoint Protection Platform (EPP) unifies endpoint threat prevention, detection and response in a single platform driven by sophisticated machine learning and intelligent automation. With SentinelOne, organisations can detect malicious behaviour across multiple vectors, rapidly eliminate threats with fully-automated, integrated response capabilities, and adapt their defences against the most advanced cyber attacks.

    “We have long held a culture of innovation within SentinelOne and are thrilled to be recognised for that commitment and record of execution towards a disruptive vision,” said Tomer Weingarten, CEO of SentinelOne. “Our vision from day one has been based on the belief that this problem can only be solved through a multi-layered approach that combines behaviour and static-based detection into a single integrated solution. This is the only way to protect against attacks that are rapidly evolving towards a multi-vector approach that combine file and file-less malware with other advanced techniques such as the use of scripting languages. In doing so we’ve positioned SentinelOne to be a true replacement for antivirus solutions, not simply another tool to augment antivirus’ weaknesses.

    “We are truly honoured to be recognised as a visionary in this year’s Gartner Magic Quadrant, and we will continue to work with organisations around the globe that are actively seeking strong solutions to help combat today’s sophisticated attacks,” continued Weingarten.

    This latest news comes one week after the company announced it has secured an additional $70 million (USD) in a Series C round led by Redpoint Ventures, bringing total investment in SentinelOne to more than $110 million.

    For a copy of the Gartner Magic Quadrant for Endpoint Protection Platforms, please click here.

    *Gartner Inc., “Magic Quadrant for Endpoint Protection Platforms” by Eric Ouellet, Ian McShane, Avivah Litan, Jan. 30, 2017.

    About the Magic Quadrant

    Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organisation and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

    About SentinelOne

    SentinelOne is shaping the future of endpoint security with an integrated platform that unifies the detection, prevention and remediation of threats initiated by nation states, terrorists, and organised crime. SentinelOne’s unique approach is based on deep inspection of all system processes combined with innovative machine learning to quickly isolate malicious behaviours, protecting devices against advanced, targeted threats in real time. SentinelOne was formed by an elite team of cyber security and defence experts from IBM, Intel, Check Point Software Technologies, McAfee, Palo Alto Networks and the Israel Defense Forces. To learn more visit sentinelone.com or follow us at @SentinelSec.

    RaaS: Hacking Made Easy

    January 30th, 2017

    Do you know what the greatest motivator in 2016 was for cyber attacks?

    If you answered “ransom,” you were correct.

    Known as the year of ransomware, a whopping 49% of businesses fell victim to cyber ransom attacks. Based on these numbers, IT professionals certainly have cause for concern. Especially when taking into consideration “hacking made easy,” or what we know as Ransomware as a Service (RaaS).

    What is Ransomware as a Service?
    Modeled after software-as-a-service, RaaS extends hacking to would-be cybercriminals. Drawing in participants with a minimum of script kiddie abilities, they execute by:

  • Accessing a darkweb TOR site and registering with a Bitcoin address. From there, they tailor and download their own version of the malware.
  • Using multiple Bitcoin addresses to run simultaneous campaigns.
  • Employing typical infection vectors for the executable. Targeted spear-phishing, spray-and-pray phishing campaigns, malvertising with contaminated ads on websites compromised with Exploit Kits are available for criminal affiliates. Unknowingly, the malicious files are downloaded, manually hacking Linux servers or brute forcing terminal servers.
  • In the end, 5%-25% of all ransom collected goes to the original developers. By creating free and easy malware that doesn’t require specialist knowledge to deploy, the ransomware bosses can score big profits with a large number of infections.

    The remaining income goes directly to the script kiddies who get a taste of easy criminal profits. With access to hacking made easy tools like insider statistics and campaign settings, they can continue to conduct ransomware campaigns with little effort.

    Just $39.99 a Month for Our Hacking Made Easy Toolkit!

    It sounds like a cheesy infomercial, but hackers understand that hooking perspective evildoers is big business. A cryptoware program called Stampado, being sold on the darknet for $39 even had a YouTube video promoting the RaaS subscription.

    While less experienced online attackers might be drawn in by the “hacking made easy” value proposition. More sophisticated actors will go after stable, flexible, and refined vectors.

    In the wild we’ve seen this through the use of a Cerber variant, tied to a $2.5 million dollar a year RaaS ring. According to research reports, the RaaS ring included 161 active campaigns with eight new campaigns launched daily. In July 2016, it was estimated that criminals earned close to $200,000. Victims paid approximately 1 bitcoin ($590) to decrypt files locked by the Cerber ransomware.

    Protecting Against RaaS
    We urge victims against buckling to extortion if at all possible. Each time a ransom is paid, malicious actors gain resources to do more damage. While sometimes paying for decryption is unavoidable, we suggest taking these steps for the best possible outcomes.

  • Use a product that guarantees its protection technology. SentinelOne assures users that if we’re unable to block or remediate the effects of a ransomware attack, we’ll pay for it. We’ll reimburse your company or organisation up to $1,000 per endpoint, or $1,000,000 in protection overall for the company.
  • Go beyond signature-based endpoints with behavioural detection. Malware authors understand that endpoints identify malware based on structure. By using behavioural detection instead, it can watch the malware’s path and actions before taking steps to protect.
  • Backups are essential in neutralising the threat. Using 10-minute interval snapshots and sending the data to the cloud can provide insurance in the event of an attack.
  • Educate end users on Ransomware as a Service. In 2017, it’s likely that we will continue to suffer from ransomware attacks. The first line of defence is a knowledgeable workforce that understands the ramifications of opening a curious email or clicking a malicious ad. By giving them experience through simulated phishing attempts, you can gauge the preparedness of users to spot keepers of ransomware strains.
  • To learn more about the impacts of ransomware, visit our Global Ransomware Study 2016 infographic. Or for greater detail, view our research data summary.

    Please note the below has been produced by SentinelOne. To view the original article click here.

    Palo Alto Networks Launches Cybersecurity Guide for Directors and Officers

    January 30th, 2017

    Actionable Advice, Insights and Best Practices From Cybersecurity Experts and Top Advisors on Risk, Leadership, Human Resources, Legal and Reputation Management

    Palo Alto Networks® (NYSE: PANW), the next-generation security company, has announced the publication of “Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers – United Kingdom.” This guide will provide U.K. boards, executives and C-level officers at enterprises, government agencies and other organisations with practical, expert advice on how to raise the bar on cybersecurity.

    As threats continue to grow in number and complexity, new EU legislation, in the form of the General Data Protection Regulation (GDPR) and the Network and Information Security (NIS) Directive, provides a unique opportunity for business leaders to rethink how they can build state-of-the-art cybersecurity strategies and systems fit for current and future challenges. As such, the guide helps start necessary discussions and determine the next steps toward preventing cyber breaches and maintaining trust in our digital age.

    Building on the success of the U.S. edition of the guide launched in October 2015 with the New York Stock Exchange (NYSE), the U.K. edition was written in conjunction with U.K. thought leaders from the public and private sector, and published by Forbes.

    Collecting the expertise and experience of CEOs, CISOs, lawyers, consultants and former government officials, this U.K. guide is intended for those new to the cybersecurity topic as well as seasoned leaders in the field. It contains practical and expert advice on a range of cybersecurity issues to allow business leaders to start, or continue having, the conversation on such topics as EU legislation, enabling innovation, executive responsibility, your security leadership team/hiring the next generation CISO, and responding to crisis.

    Quotes:

    “A chief executive’s role is to balance both the risks and the op­portunities in all situations. Good governance around cybersecurity – essential risk manage­ment – can be a defining factor in organisation­al excellence, building compliance, enterprise-wide awareness, and commitment…this book is an indispensable tool to support indi­vidual leaders and teams that make the choice to master this risk rather than to fall victim to it.”

    Sir Iain Lobban, former chief of the U.K.’s intelligence and security agency, GCHQ, and now a senior adviser to a range of global companies on cybersecurity risk and governance; taken from “Preface – Mastering Cyber Risk in 10 Steps.”

    “What we are now seeing is the evolution of what is known as ‘privacy architecture’, a set of guidelines and principles that are embed­ded into your business and technology pro­cesses from the ground upwards, rather than overlaid upon it. This bakes cyber resilience into your operating DNA, with reduced compliance overhead and resource require­ments.”

    Gregory Albertyn, senior director, and Avi Berliner, manager, PwC; taken from “Chapter 1 – What is the Process for Achieving State-of-the-Art?”

    “The CISO position is now widely recog­nised—but they must understand the objec­tives of making a return for investors. An effective CISO is not expected to apply more controls and barriers across an organisa­tion. They need to be acutely commercially focused…”

    Chris Bray, Gavin Colman and Giles Orringe, partners, Heidrick & Struggles; taken from “Chapter 11 – Hiring the Next-Generation CISO.”

    “Our digital dependence is another business challenge with both risks and opportunities. We should not underestimate its breadth of impact, but we should also not burden boards of directors with overly technological conversation.”

    Edward M. Stroz, founder and executive chairman, Stroz Friedberg; taken from “Ensuring Your Board is on the Same Page Regarding Cyber Response.”

    “Upcoming EU legislation is an opportunity to raise the bar on cybersecurity, but there’s often a language disconnect between the virtual front line and organisational leadership. We’ve worked with experts, across public and private sectors, to translate complex topics into guidance that enables business leaders to join forces with cybersecurity teams on developing state-of-the-art preventative security strategies. In doing so, we hope to help them prevent cyber breaches and preserve trust in the digital age.”

    Greg Day, vice president and regional chief security officer, Europe, Middle East and Africa, Palo Alto Networks

    Other contributing authors include:

  • Joel Harrison – partner, Milbank, Tweed, Hadley & McCloy LLP
  • Ian West – chief of cyber security, NATO Communications and Information Agency
  • Sir Michael Rake – chairman, BT and Worldpay
  • Conrad Prince – cyber ambassador, Department for International Trade’s Defence and Security Organisation
  • Ryan Kalember – senior vice president of cybersecurity strategy, Proofpoint
  • Mark Hughes – president, BT Security, BT Global Services
  • Lee Barney – head of information security, Marks & Spencer
  • Troels Oerting – group chief security officer, and Elena Kvochko, CIO, group security function, Barclays
  • Alan Jenkins – associate partner, IBM Security
  • Mark Weil – CEO, Marsh UK and Ireland, Marsh Ltd
  • Richard Meredith and George Little – partners, Brunswick
  • To learn more about cybersecurity from leading experts and contributors, and download your own copy of the guide, visit: https://get.info.paloaltonetworks.com/webApp/ceos-navigating-the-digital-age-global-uk-en

    For more best practices, use cases, and expert advice on managing cybersecurity risks, visit: www.securityroundtable.org

    To learn more about how Palo Alto Networks helps organisations prevent successful cyberattacks with its Next-Generation Security Platform, visit: www.paloaltonetworks.com

    Ruckus Adds R510 to Unleashed Portfolio Plus Some Exciting New Updates!

    January 25th, 2017

    simply-better-wireless

    The Ruckus Unleashed access point line now includes the popular R510 802.11ac Wave 2 AP which is ideal for all enterprises and their wall-mount H510 802.11ac Wave 2 AP which works great as an in-room access point.

    In addition, with the upcoming 200.3 firmware release, Unleashed access points will now support Gateway Mode enabling direct connectivity to a cable or DSL modem leveraging built-in DHCP server and NAT support. This enables a service provider, owner or installer to deploy Unleashed APs in multi-dwelling units (MDU), small single-site retail shops and smart-homes. Here are the highlights:

    This enables the deployment of Unleashed APs in multi-dwelling units (MDU), small single-site retail shops and smart-homes. Here are the highlights:

    • R510 / H510 Unleashed APs – Ruckus’ popular 802.11ac Wave 2 APs now Unleashed
    • Gateway Mode – ease installation of an Unleashed AP directly to a cable/DSL modem
    • SpeedFlex – built-in speed test tool enabling troubleshooting between Mesh connected Unleashed APs
    • Unleashed Management App – installation of Unleashed APs will now be even easier
    • Static Client IP Addresses – connected clients can preserve assigned IP addresses

    One of the updates we are most excited about is the launch of the Unleashed management app. This app will further simplify an already easy to install portfolio of Unleashed access points.

    The app will be available in February 2017

    Keep up-to-date with Net-Ctrl

    Simply fill in the fields below to sign up for the Net-Ctrl Newsletter.

    Don't worry we only send it once a month.

    • New Solution Announcements
    • Latest Promotions
    • Links to some great content.