sales@net-ctrl.com
01473 281 211

Net-Ctrl Blog

Cybersecurity Education Efforts Yielding Results

July 21st, 2016

Cybersecurity education efforts are yielding results, with 61 percent of respondents to a survey conducted by Palo Alto Networks saying they would speak with IT before introducing new devices onto a corporate network or adding business applications and tools onto unsecured devices.

With more than 25% of identified attacks in enterprises expected to involve IoT by 2020, [1] – and many expected to enter the workplace – this survey finding represents a significant step in the right direction and demonstrates that employees’ knowledge and understanding of their role in cybersecurity is improving.

However, the contrasting findings from this survey of business managers – who typically have the salary and tendency to be early adopters of new technology – are that 39 percent would fly under IT’s radar. This leaves a large margin for risk.

Further still, of the group that doesn’t go to IT, one in every eight would “not tell anyone” about bringing a new device into an organisation or installing corporate tools, such as email, onto unsecured devices.

Attitude Impacts Adherence

The survey found that adherence to cybersecurity policies, such as those around the introduction of a new device, is largely guided by personal attitudes and views toward technology. Of those who have circumvented their company’s cybersecurity policy in the past, the prevailing reason for doing so was that they wanted to use a more efficient tool or service, or one that was considered to be the best in the market. Companies need to enable, not limit, employee choices, using technology and education to manage risk.

Temporary Employees Require Full-time Supervision

Contractors were the group most often seen to be bypassing company guidelines on cybersecurity, with 16 percent of respondents saying they had seen a temporary employee circumvent policies.

Quote

“BYOD is now a mature concept, but many still struggle to manage the blurry lines between personal and business data access by personal devices. Many organisations have deployed solutions to manage devices, but the anxiety comes from their broad connectivity, especially as the boundaries between business-driven cloud services and personal ones become less clear, which creates unknown bridges between business networks and the Internet at large. Modern state-of-the-art security must be able to prevent any device communication becoming the point of a breach and minimise risk for an organisation.”

Greg Day, VP and regional CSO, EMEA at Palo Alto Networks

Recommendations

  • Organisations should continue with employee education efforts to ensure that those on the front line of defences have the skills they need to identify threats.
  • Security professionals should closely monitor the activity of non-permanent employees or contractors and ensure they receive the same policy information as full-time staff.
  • Organisations should integrate up-to-date security solutions that fit with new technology trends in order to eliminate the weaknesses exposed in an evolving computing environment.
  • Businesses should look at how they identify and enable the safe use of trusted or sanctioned cloud services and applications and manage the use of those that are untrusted and unsanctioned.

Download “Preventing the Blocks to Cybersecurity in Business” at: https://www.paloaltonetworks.com/resources/research/preventing-blocks-to-cybersecurity-in-business

Research Methodology

The survey was conducted online among 765 business decision-makers in companies with 1,000+ employees in the U.K., Germany, France, the Netherlands and Belgium by Redshift Research in October 2015.

[1] Gartner-Press Release, “Gartner Says Worldwide IoT Security Spending to Reach $348 Million in 2016”, April 25, 2016, http://www.gartner.com/newsroom/id/3291817

Possible MOBOTIX Shipment Delay

July 21st, 2016

MOBOTIX will be shutting down their operations from Monday, August 8 to Friday to August 26, 2016.

All items which are in stock will be dispatched immediately once orders are confirmed.

Orders for larger quantities or special models may take longer. We recommend to place your order as soon as possible and will do everything in our power to assist you with your project.

For more information please contact Mark Power on 01473 281 211 or at mark.power@net-ctrl.com.

Why User-Based Controls Are Critical to Your Breach Prevention Strategy

July 20th, 2016

POSTED BY: Navneet Singh on Palo Alto Networks Blog.

Employees, customers and partners connect to different repositories of information within your network, as well as to the internet, to perform various aspects of their jobs. These people and their many devices represent your network’s users. It’s important to your organisation’s risk posture that you’re able to identify who they are — beyond IP address — and the inherent risks they bring with them based on the particular device they’re using, especially when security policies have been circumvented or new threats have been introduced to the organisation.

Here are two high-profile, real-world breaches that you can learn from. The key takeaway here is that, to make the most of your next-generation firewall investment, it is critical to implement user-based controls.

Example 1: Data Breach at a Large U.S. Retailer

This data breach started with the attackers stealing a third-party vendor’s login credentials. This allowed them to gain access to the third-party vendor environment and exploit a Windows vulnerability. Since the vendor had the privileges to access the corporate network, the attackers gained access, too. The attackers were then able to install memory-scraping malware on more than 7,500 self-checkout POS terminals. This malware was able to grab 56 million credit and debit card numbers. The malware was also able to capture 53 million email addresses.

The SANS Institute Reading Room for InfoSec has published a report on the breach. The report mentions several ways in which the breach could have been prevented. One of the most important is to have the right access controls in place. Quoting from the report:

  • An identity and access management solution should be used to manage the identities and access of all internal and external employees (third-party vendors).
  • Each external employee should have their own account, so that there is accountability for anything performed on their behalf.
  • Account review procedures should also be in place, specifically for third-party vendor accounts. Auditing of these third-party vendors is critical. This will allow the detection of abnormal behavior.
  • Having all of these controls in place for managing and monitoring the third-party vendor accounts will detect any misuse of third-party vendor credentials.
  • Example 2: Data Breach at a Large U.S. Banking and Financial Services Company

    This data breach started with the attackers infecting the personal computer of an employee. The malware stole the employee’s login credentials. When the employee used VPN to connect to the corporate network, the attackers were able to gain access to more than 90 corporate servers. The attackers stole private information for 76 million households and 7 million small businesses.

    The SANS Institute Reading Room for InfoSec’s report on this breach mentions the need to manage user privileges as one of the key ways to minimize the risk of a breach or minimise damage in case of a breach. Quoting from the report:

  • Least privilege simply means to give someone the least amount of access to perform his or her job. If least privilege control access were applied, these organisations would have reduced the amount of stolen data by 86 percent.
  • Anonymous access must be disabled because many Windows vulnerabilities are caused by null user sessions. A null user session is essentially a Server Message Block (SMB) session with blank username and password.
  • What This Means for You as the Security Practitioner

    Want to make sure your organisation does not end up in the headlines for the wrong reasons, like a massive data breach? You’d do well to implement user-based controls and restrict user access to least privilege, as the SANS Institute reports recommend. Employ the right user access mechanisms not only on the endpoints and on the applications that they access but also on your next-generation firewall.

    Call to Action

    If you own a Palo Alto Networks® Next-Generation Firewall, refer to the following resources to enable User-ID™, and increase your organization’s breach defenses:

  • User-ID documentation
  • Best practice internet gateway security policy
  • User-ID tech tips
  • The Theory of Wi-Fi Evolution and IEEE 802.11 Selection

    July 14th, 2016

    By: Sundar Sankaran, Chief Wireless Architect

    September 2015 marked the 25th anniversary of IEEE 802.11, commonly referred to as Wi-Fi. Over these 25 years, Wi-Fi has ascended from a technology that enabled computers to wirelessly transfer data at 2 Mbps to winning a spot in Maslow’s pyramid as the most basic human need.

    IEEE 802.11 got here, as Lewis Carroll suggested, by running twice as fast. The standard has continuously advanced itself by introducing amendments, such as 802.11n, 802.11ac and 802.11ax. These amendments support higher data rates to meet ever-increasing application demands through the adoption of higher-order modulation schemes such as 64-, 256-, and 1024-QAM, by supporting channel bonding up to 160 MHz and by employing MIMO techniques to transmit multiple streams to single client. In addition to increasing the peak data rate, efforts have been made to improve the spectral efficiency, which characterizes how well the system uses the available spectrum (how many bits of data can be pumped per second in 1 Hz of spectrum). Multi-user techniques such as MU-MIMO and OFDMA have been introduced in 802.11ac and 802.11ax to improve spectral efficiency and network capacity.

    The following table summarizes the key ingredients of various IEEE 802.11 amendments ranging from 802.11b to the recently ratified 802.11ac to the upcoming 802.11ax. As evident from this table, peak PHY data rate supported by IEEE 802.11 has gone up by a factor of 5000, and spectral efficiency has improved by a factor of 625. Enhancements like this have enabled Wi-Fi to become one of the basic needs of life on par with water, air and fire.

    WLAN-Protocols

    View the original article by The Ruckus Room.

    Conventional AV Systems Can Actually Harm You

    June 15th, 2016

    POSTED BY: Steve Gerrard on June 13, 2016 8:00 AM

    There’s barely a day goes by when I’m not reading another batch of stories about how unsuitable conventional endpoint AV security is for dealing with modern malware, APTs, zero-day threats and so forth.

    So replete are these tales of woe that it’s almost possible to switch off from the basic fact that in this uber-connected, cloud-enabled, everything-as-a-service, internet-of-thingamajigs world, most conventional endpoint AV systems are impotent and probably do more harm than good. I write almost, but not quite, because every now and again the occasional story jumps off the screen and gives you that all important wake-up call.

    One such story that came to light a few weeks ago, centered around an Adverse Event Report published by the U.S. Food and Drug Administration (FDA). Wherein, a patient (not named), undergoing a cardiac catheterisation procedure at a US Hospital (also not named) had to be sedated, mid-operation, for five minutes, while the procedure was suspended following the system crash of a vital piece of monitoring equipment.

    The system in question monitors, measures and records patient data during cardiac catheterization procedures. The system is made up of a patient data module, used to capture the patient’s vitals, and a hemo monitor PC to display them. The two elements are connected via a serial interface.

    During this particular procedure the monitor PC lost communication with the patient data module resulting in a black screen on the monitor and the patient having to be sedated while the system was rebooted. As the FDA report describes, the cause of this blackout was attributed to the installed conventional AV software, which at a critical point in the procedure initiated a scan of the system.

    Although the system could be rebooted and the patient fortunately survived it got me thinking about the real-life harm a conventional AV could do to me. Quoting from the Manufacturers Narrative in the FDA Report, “Our experience has shown that improper configuration of anti-virus software can have adverse effects including downtime and clinically unusable performance.” So, although I may be sensationalizing the FDA’s paragraph a little, I’m not feeling that confident after reading the manufacturer’s narrative. Let’s face it: the team performing a standard cardiac catheterisation procedure is not likely to include an IT security engineer who can be called upon at a moment’s notice.

    Could this scenario have been avoided with an Advanced Endpoint Protection system? The answer is probably yes. Traps, our advanced endpoint protection product, is not a conventional AV system — indeed, it’s a paradigm shift from “the way things used to be done.” Traps secures endpoints by preventing known and unknown malware and exploits from executing by focusing on blocking the few, core techniques used by attackers rather than application-specific characteristics. Furthermore, It does this in a lightweight, nonintrusive agent that definitely does not rely on system scanning.

    View the original post on the Palo Alto Network Research Centre Website.

    Learn more

    Watch a demo
    Ultimate Test Drive
    Traps

    General Data Protection Regulation: The compliance countdown has begun

    June 10th, 2016

    New regulations governing how European organisations approach data security will be enshrined into law on 25th May, imposing a host of new data security obligations for businesses operating within the EU. Chris Russell, CTO, Swivel Secure, explores the operational implications.

    The aim of the EU’s new General Data Protection Regulation (GDPR) is to drive the modernisation of Europe’s data security practices and, at the same time, harmonise the national laws that each member state enacted as a resulted of the now-defunct Data Protection Directive.

    Overall, the regulation is a force for good. Nonetheless, it will require European business of all sizes to ‘get serious’ about their security, and fast. There is a mere two-year grace period before the rules will be enforced, after which non-compliance becomes a very serious issue indeed – one that could result in fines of up to 4% of a firm’s worldwide annual turnover.

    The specific technical requirements of the regulation, concerning the pseudonymisation and encryption of sensitive data have already been widely documented. Less well discussed however, is how companies need to adapt their operations and policies to establish a perpetually compliant mode of working.

    One requirement, for example, requires the relevant data protection authority to be notified of a data breach within 72 hours of its occurrence. Moreover, under certain circumstances, the data subjects will also have to be notified of a breach. Put another way, to avoid hefty fines, firms will need to ‘own-up’ far sooner than many have done in the past. This will put companies on a continuous state of high alert, elevate the data security issue to Board level almost overnight, and refocus the IT department’s attention on bolstering its network defences.

    On initial inspection, this is no bad thing. But there are hidden costs to contend with. Countless firms across Europe are in the midst of migrating their company’s data, business tools and operations into the cloud in a bid to heighten operational flexibility, lower TCO, enable greater departmental integration and unify their communications infrastructures. The Bring Your Own Device revolution, combined with the rising popularity of flexible working initiatives, add yet more gateways for the IT department to protect. The rise of such initiatives has triggered a surrendering of corporate data security control; many of the ‘new network’s gateways now sit well beyond the control of the IT department. Cloud-based user authentication is most commonly delivered as part of the provider’s managed service.

    In this way, it is worth considering whether the GDPR’s threat of huge fines could, inadvertently, do more harm than good, by dissuading the Board from pressing on with progressive IT initiatives and hampering each company’s agility and flexibility as a result.

    One way through the maze is to apply user authentication policies and tools that are fit for this new multidimensional networked environment and appropriately support the new regulatory environment.

    Adaptive risk-based authentication solutions can help establish precisely the right level of visible security as is appropriate to the access being requested.

    Here, an appropriate level of ‘friction’ can be integrated into the authentication process; a high risk access request requires a higher degree of validation, for example. Unusual access requests can then also be quickly identified, from a masked IP address, for example, or a device attempting to access from a country far removed from its usual access location.

    By building this level of granularity and risk assessment into a firm’s security policies, adaptive authentication tools can then be parameterised to enable a company to achieve the best of both worlds: the new level of access and data protection that the GDPR demands and the flexibility that today’s networked business environment requires.

    By taking this strategic and unified approach to authentication, firms can generate a network-wide overview detailing all accesses to corporate data. This overview makes it far easier to guard against breaches, identify them when they do occur and also to respond effectively, by adding new layers of authentication, for example, or even restricting access under appropriate circumstances. By establishing this level of visibility and auditable transparency, companies will also find that they are better equipped for the greater scrutiny brought about by the new regulatory environment.

    As is so often the case with information security, it’s about striking a balance. Fortunately, the tools and best practices are already available for European firms to quickly adapt to the new regulation and continue to evolve their operations at the same time. Those with the vision and agility to begin their adaptation now will be able to turn a regulatory compliance countdown into an opportunity to future proof their organisations network defences for years to come.

    Original blog entry taken from Swivel Blog.

    The Disappearing Demarcation Between IT and Security

    June 8th, 2016

    POSTED BY: Brian Tokuyoshi on June 7, 2016 5:00 AM
    Taken from the Palo Alto Network Research Centre

    There’s been a longstanding belief that IT and security teams are at odds with each other. This is because their measures for performance are, on the surface, almost contradictory with one another. IT must find ways to provide the applications that the business needs. But business conditions change rapidly, and the applications the organization needs can shift on a dime. IT organizations must be agile and quick in response to new business drivers because no CIO wants to be the bottleneck in the boardroom for business change. Thus, IT tends to favor technologies that accelerate change, such as the rapid adoption of virtualized business workloads to the cloud.

    Security, on the other hand, operates on a different set of benchmarks and priorities. Security’s foremost concern is the protection of data by eliminating avenues of risk. As such, the general inclination of security tends to be conservative and values consistency over change. Introducing new applications and emerging technologies opens up new vectors for risk and data loss, which are precisely the opposite of what they’re tasked to minimize.

    Despite having a healthy appreciation for each other’s work, both sides feel conflicted. IT does not want to forsake security, and security does not want to slow down IT. Yet, it’s not uncommon to see IT and security teams working in completely different parts of the organization due to their conflicting missions.

    I found this recent article in Dark Reading interesting: “How Security and IT Teams Can Get Along,” in that there is precedent for change. It discusses several areas where change is occurring, including where new roles are emerging. For example, DevOps groups bridge the gap that traditionally separated application development (constructing new applications) and operations (keeping existing applications running at all times). When thinking about how a similar divide exists with IT and security, perhaps the first step will come through shifts in the expectations on what each group should do.

    The article goes into depth about how to make a difference when bringing the teams together, and one area is the problem of measuring goals when the metrics are not meaningful. I agree, because there is a major risk of losing sight of the goals when your metrics are based on the symptom rather than the problem. For instance, incidence response teams that work on investigating alerts often face a Sisyphus’s stone amount of work. There is no shortage of red alerts being generated throughout the organization, and quantity of alerts is seldom a good measure to determine the severity of the problem. The more patient attacker will not draw attention, but how do you find the events on which to focus? And how do you correlate that activity across systems that are traditionally unrelated to one another?

    One area that I think is particularly promising is the decoupling of security controls from the application. Phrased in a different way, the reason that I see IT and security competing, at times, is that there’s been no shortage of evidence showing what can happen if you deploy an application first and then bolt the security on afterwards, typically with a one-off point product. It’s seldom going to be as secure or easily managed as if it was designed to be deployed together with the application in the first place. The policy will certainly be fragmented, with a different control point for every point product deployed. And it will almost certainly create the issue described above, where every point product generates red alerts with no correlation on what to prioritize.

    That’s why I believe that the Palo Alto Networks Next-Generation Security Platform provides the security controls that bridge the intersection between the interests of IT, Security and DevOps. It does this because it positions critical security functions as the common denominator to all applications: the network. By seeing all traffic, and extending that visibility across all users, applications and devices, the organization can set up the underlying security that applies to all the applications that IT wants to deploy. The critical security controls for stopping an attack are in place ahead of the application, rather than trailing it.

    It’s important to note that “network,” in this sense, does not solely mean the traditional perimeter because the platform extends to the mobile user (through GlobalProtect), the public cloud (through VM-Series on AWS and Azure) and the virtualized data center/private cloud. These baseline principles set the foundation for additional controls that the organization deploys along with the application.

    Operationally, the use of the platform helps organizations get contextual views of network activity that bears investigation (through AutoFocus) as well as a deeper level of control through the enforcement of policy on the next-generation firewall.

    These principles deliver upon the premise of prevention first, while breaking the lifecycle of an attack across all stages, because the protection is inherently baked into the platform rather than bolted onto the application. It’s been designed to do this from the ground up.

    I think that, in the years ahead, there will be even greater discussion on how IT and security teams align in new ways, and every organization should be preparing for this conversation. Fortunately, the principles of the Next-Generation Security Platform can help pave the way.

    Gemalto research reveals most organizations not confident in ability to Protect Data after Data Breach

    June 8th, 2016

    Despite the increasing number of data breaches and more than 3.9 billion data records worldwide being lost or stolen since 2013, organizations continue to believe perimeter security technologies are effective against data breaches. This is one of the many findings of the third-annual Data Security Confidence Index released 08th June 2016 by Gemalto, the world leader in digital security.

    Key Findings

  • One-third of organizations have experienced a data breach in past 12 months
  • 69% of IT professionals are not confident their data would be secure if perimeter defenses were breached
  • 66% of IT professionals say unauthorized users can access their networks and 16% believe unauthorized users have access to their entire networks
  • Of the 1,100 IT decision makers surveyed worldwide, 61% said their perimeter security systems (firewall, IDPS, AV, content filtering, anomaly detection, etc.) were very effective at keeping unauthorized users out of their network. However, 69% said they are not confident their organization’s data would be secure if their perimeter security was breached. This is up from 66% in 2015 and 59% in 2014. Furthermore, 66% believe unauthorized users can access their network and nearly two in five (16%) said unauthorized users could access their entire network.

    “This research shows that there is indeed a big divide between perception and reality when it comes to the effectiveness of perimeter security,” said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. “The days of breach prevention are over, yet many IT organizations continue to rely on perimeter security as the foundation of their security strategies. The new reality is that IT professionals need to shift their mindset from breach prevention to breach acceptance and focus more on securing the breach by protecting the data itself and the users accessing the data.”

    Perimeter security is a focus, but not a panacea for data breaches

    According to the research findings, 78% of IT decision makers said they had adjusted their strategies as a result of high profile data breaches, up from 71% in 2015 and up 53% in 2014. 86% said they had increased spending on perimeter security and 85% believe that their current investments are going to the right security technologies.

    Despite the increased focus on perimeter security, the findings show the reality many organizations face when it comes to preventing data breaches. 64% of those surveyed said their organizations experienced a breach at some time over the past five years. More than a quarter (27%) said they experienced a breach in the past 12 months, with a similar number of IT decision makers (30%) reporting the same frequency in 2015. This suggests that organizations have not made significant improvements in reducing the number of data breaches despite increased investments in perimeter security.

    “While companies are confident in the amount of spending and where they are spending it, it’s clear the security protocols they are employing are not living up to expectations. While protecting the perimeter is important, organizations need to come to the realization that they need a layered approach to security in the event the perimeter is breached. By employing tools such as end-to-end encryption and two-factor authentication across the network and the cloud, they can protect the whole organization and, most importantly, the data,” concluded Hart.

    Download the entire report.

    About the Survey

    Independent technology market research specialist Vanson Bourne surveyed 1,100 IT decision makers across the US, UK, France, Germany, Russia, India, Japan, Australia, Brazil, Benelux and the Middle East on behalf of Gemalto. The sample was split between Manufacturing, Healthcare, Financial Services, Government, Telecoms, Retail, Utilities, Consultation and Real Estate, Insurance and Legal, organizations with 250 to more than 5,000 employees.​

    Related Resources

    Infographic, Report, Country Data: Please click here.​

    About Gemalto

    Gemalto is the global leader in digital security, with 2015 annual revenues of €3.1 billion and customers in over 180 countries. We bring trust to an increasingly connected world.

    Our technologies and services enable businesses and governments to authenticate identities and protect data so they stay safe and enable services in personal devices, connected objects, the cloud and in between.

    Gemalto’s solutions are at the heart of modern life, from payment to enterprise security and the internet of things. We authenticate people, transactions and objects, encrypt data and create value for software – enabling our clients to deliver secure digital services for billions of individuals and things.

    Our 14,000+ employees operate out of 118 offices, 45 personalization and data centers, and 27 research and software development centers located in 49 countries.

    For more information visit www.gemalto.com, or follow @gemalto on Twitter.

    Juniper Networks Expands Portfolio with New EX Series Switches

    June 1st, 2016

    Juniper Networks (NYSE: JNPR), an industry leader in automated, scalable and secure networks, today announced two new Juniper Networks® EX Series access switches that are expected to enable secure, simplified management for campus and branch networks, regardless of size and complexity. The EX2300, an entry-level switch, and EX3400, a mid-range switch, offer new options for companies to leverage Juniper Networks Unite for a cloud-enabled enterprise, including Junos® Fusion Enterprise and Juniper Networks Virtual Chassis technology to streamline network provisioning through a single point of management. The new solutions are expected to also further Juniper’s Software-Defined Secure Networks (SDSN) framework by serving as additional enforcement points throughout the network.

    As part of Juniper Unite, an agile enterprise architecture that provides a simplified network infrastructure, the new EX2300 and EX3400 switches provide small and mid-market organizations with an easy-to-manage network solution, liberating overextended IT resources to concentrate on high-impact projects. The new access switches also give large enterprises greater flexibility needed to significantly scale operations and implement resource-intensive IT projects. These switches enhance the EX Series switching portfolio, offering customers more choice while maintaining the same Junos-based EX feature set, including the endpoint functionality for Junos Fusion Enterprise. Additionally, by building enforcement capabilities into these new switches, companies can stop potential security threats closer to where they originate and help the network defend itself.

    Announced last fall, Juniper Unite provides a foundation to build an agile and secure network for enterprises looking to quickly deploy cloud applications and services in a streamlined manner. This is done through cutting-edge switching, security and routing products as well as software technologies — including the switches announced today and third-party solutions through the Open Convergence Framework (OCF). As a part of Juniper Unite, Junos Fusion Enterprise, the industry’s highest scaling software-enabled switching architecture for campus environments, based on the IEEE 802.1BR industry standard, provides automated network configuration and simplified scalability to meet business needs while promoting intelligent, flexible cloud-enabled enterprise networks. Junos Fusion Enterprise allows customers to collapse multiple network layers, including an on-premises data center, into one simple, smart and flexible cloud-enabled enterprise network.

    News Highlights:

    EX2300 and EX2300-C Access Switch:

  • Cost-effective 1 Gigabit Ethernet (GbE) fixed configuration access switch: Features 10 GbE uplinks to support increased demand for bandwidth from cloud, rich media and video.
  • Junos Fusion Enterprise technology-ready: EX2300 and EX2300-C can be deployed as endpoints in a Junos Fusion Enterprise fabric allowing for unprecedented operational simplification.
  • Virtual Chassis with zero touch provisioning (ZTP): For smaller scale deployments, up to four EX2300 and EX2300-C can be combined in a Virtual Chassis configuration to simplify operations and ZTP shortens the time to production.
  • Simplified on box management: The J-Web on box management provides direct, easy management, configuration and troubleshooting through a web browser-based interface. Multiple EX2300 and EX2300-C switches can be seamlessly managed with Network Director, which delivers full lifecycle management for simplified network control and automation across a distributed enterprise.
  • Flexible deployment: The compact, silent fanless EX2300-C offers a flexible deployment option for open or quiet environments.
  • EX3400 Access Switch:

  • Feature-rich mid-range 1 GbE fixed configuration access switch: Includes 10 GbE and 40 GbE uplinks to meet the increased demand for bandwidth-hungry applications.
  • Built-in high availability: The EX3400 features redundant power supplies and fans to meet additional hardware redundancy requirements of mission-critical environments.
  • Junos Fusion Enterprise technology-ready: EX3400 can be deployed as endpoints in a Junos Fusion Enterprise fabric allowing for unprecedented operational simplification.
  • Virtual Chassis with zero touch provisioning (ZTP): For smaller scale deployments, up to 10 EX3400 switches can be combined in a Virtual Chassis configuration to simplify operations and ZTP shortens the time to production.
  • Secure and encrypted access: Media Access Control Security (MACsec) hardware encryption on 1 GbE and 10 GbE interfaces support enhanced security requirements of government, financial services or other security-critical enterprise environments.
  • Simplified on box management: The J-Web on box management provides direct, easy management, configuration and troubleshooting through a web browser-based interface. Multiple EX3400 switches can be seamlessly managed with Network Director, which delivers full lifecycle management for simplified network control and automation across a distributed enterprise.
  • The Juniper Networks Professional Services team and its authorized Professional Services Partners can provide network assessments, customer on-boarding, design, deployment, and education services to help enterprise customers evolve their network architectures to meet cloud-based application and services requirements. The EX2300 and EX3400 are covered by Juniper’s Enhanced Limited Lifetime Warranty (eLLW). Additionally, Juniper’s highly trained Professional Services Partners offer their own unique brand of service offerings to help customers better integrate Juniper technologies into their environments.

    Supporting Quotes

    “As enterprises of all sizes are undergoing major IT networking transformations, Juniper is committed to continuing to provide a solution that makes it easier to manage network operations. Expanding the Unite architecture with the new EX switches offers our customers more choice, flexibility and investment protection. These new platforms also support Junos Fusion Enterprise — empowering IT teams to spend less time provisioning and more time delivering an innovative IT experience — and, by serving as enforcement points throughout the network, they also enhance Juniper’s Software-Defined Secure Networks framework by keeping the network and its users secure.”
    – Jennifer Blatnik, vice president of cloud, security and enterprise portfolio marketing, Juniper Networks

    “At the City of Dublin, our focus is to expand the influence of our broadband community, aligning clear economic goals with our technology strategy. The design targets business benefits in a way that scales for intensity or geography. We initiated our 100-gigabit Dublink Transport plan in 2015, designed to retain, expand and attract businesses within a legacy Office Park. Increasing the City’s fiber capability will serve as an economic development driver and expand capabilities for primary and secondary education. To do this, we need a flexible, scalable, and simple network solution and Juniper Networks’ technology is a perfect fit for us. We look forward to continuing our relationship with Juniper and building out our small and medium sites with the EX Series for improved network operations.”
    – Doug McCollough, chief information officer, City of Dublin

    “Juniper’s Junos Fusion Enterprise technology, with its single chassis view of more than 100 switches and its configuration sync features, will transform our distributed networks by consolidating them into a single, secure, logical point of management, configuration and operation. Combined with its operational simplicity and the ability to extend powerful features from the core to access devices, Junos Fusion Enterprise gives us flexible migration options and massive scalability while protecting existing investments.”
    – Rafi Brenner, vice president of information technology, ForeScout Technologies Inc.

    “To meet our customers’ software-defined and cloud data center business objectives, we required a network architecture that’s flexible, scalable, simple to operate, and will support the full range of applications in use. Juniper Networks’ Junos Fusion brings unparalleled simplicity, scalability, and flexibility to the data center by flattening the network, including on-premises data centers, into one simple, smart and flexible cloud-enabled enterprise network. Customers benefit from a new level of agility within the data center, enabling them to rapidly deploy applications and services.”
    – David Magee, chief technology officer, Atrion Communication Resources

    “Juniper’s new EX Series access switches provide more choice to support growing campus and branch requirements. Users demand increased bandwidth, while IT desires ease of provisioning and management. The addition of MACsec encryption on the EX3400 meets the security needs of regulated environments (e.g. government and financial services), while general capabilities such as zero-touch provisioning and Virtual Chassis technology deliver ease of deployment. Additionally, these new EX switches provide the building blocks for customers looking to Junos Fusion Enterprise for a scale-out, simplified management architecture.”
    – Daniel Conde, analyst, Enterprise Strategy Group

    Additional Resources

    Blog: New Switches Speed Move to the Cloud by Matt Hurley, corporate vice president of global channels and field marketing, Juniper Networks

    Blog: Are You Ready to Simplify Your Operations? New EX Models Give You More Options to Deploy Junos Fusion Enterprise by Tarek Radwan, product marketing manager, enterprise campus and branch portfolio, Juniper Networks

    Blog: SMB and Midmarket Customers Looking for a Switch “Box”? Let Juniper Switches Simplify Your Network (Now with Two New Models!) by Tarek Radwan, product marketing manager, enterprise campus and branch portfolio, Juniper Networks

    Product Datasheets: EX2300, EX2300-C, and EX3400

    Ruckus Expands Wave 2 Portfolio with R510 and T710 APs

    June 1st, 2016

    New High-end Outdoor Access Point Delivers Cutting-edge Wi-Fi Performance; Mid-range Indoor Access Point Brings Wave 2 Performance to Mainstream Market

    May 31, 2016 – Ruckus Wireless™, Inc., now part of Brocade (NASDAQ: BRCD), today launched two new wireless access points (APs) and upgraded management software that double Wi-Fi client density and data rates over previous generations, while improving the wireless experience for retail, hospitality, education, enterprise and service provider customers.

    The new APs are based on the 802.11ac Wave 2 standard featuring multiple user-multiple input, multiple output (MU-MIMO) technology, which can simultaneously transmit multiple client streams to different devices on the same RF channel. Ruckus was first-to-market with Wave 2 APs in April 2015, and will now have the industry’s broadest Wave 2 portfolio. All Ruckus Wave 2 APs combine MU-MIMO with Ruckus’ patented BeamFlex+™ adaptive antenna technology and ChannelFly™ predictive channel selection to deliver the highest performance Wi-Fi possible, optimizing signals for every client and transmission.

    The new products include:

    Ruckus ZoneFlex™ T710 access point – An outdoor version of the industry-first Wave 2 R710 AP delivering multi-gigabit Wi-Fi performance and unprecedented client capacity. The T710 includes four dual-band antennas—utilizing BeamFlex+ adaptive antenna technology—along with interfaces for Ethernet and fiber backhaul, plus built-in GPS for ease of location and inventory management, making it a flexible platform for enterprise and service provider outdoor deployments.

    Ruckus ZoneFlex R510 access point – A Wave 2 version of Ruckus’ most popular indoor AP (R500). The R510 is a competitively priced AP for mid-market customers, featuring two dual-band anntennas (also utilizing BeamFlex+ technology) that combine MU-MIMO to service more devices with the highest efficiency. Unlike competing products that require expensive switch upgrades to accommodate higher power requirements, the R510 can work with existing 802.3af-capable Ethernet switches.

    Both APs can be managed by Ruckus ZoneDirector™ and SmartZone™ controllers. ZoneDirector and SmartZone are software platforms for managing wireless networks, including user access controls, guest networking functions, advanced Wi-Fi security and traffic management. As part of today’s announcement, Ruckus is upgrading SmartZone to version 3.4 with new features for self-optimizing Wi-Fi networks, remote network management, simplified installation of new APs, and Amazon Web Services support. Ruckus is also upgrading ZoneDirector to version 9.13 to enable even better network installation and management. Both platforms also now provide built-in support for Ruckus’ Smart Positioning Technology (SPoT™) location-based service and Cloudpath™ certificate-based security management software, user onboarding and policy access management software.

    “Wave 2 is quickly becoming the high-performance Wi-Fi standard, especially when combined with patented Ruckus innovations like BeamFlex+ technology,” said Greg Beach, vice president of product management, Ruckus Wireless Business Unit at Brocade. “The early adopters across retail, hospitality and education are seeing tremendous benefits as they rely on Smart Wi-Fi™ to engage customers, deliver services and run their businesses. With today’s new indoor and outdoor access points, we’re excited to take Wave 2 mainstream for any enterprise or service provider deployment.”

    “Ruckus’ new APs expand options for Wave 2 deployment across multiple industries,” said Mike Fratto, research director, Current Analysis. “Fast, reliable wireless is clearly becoming more business critical, and we expect Wave 2 systems will stimulate faster growth for Wi-Fi throughout 2016 and 2017.”

    Ruckus ZoneFlex APs are available through Ruckus’ global distribution network. The R510, T710, SmartZone 3.4, and ZoneDirector 9.13 are currently scheduled to be released in July.

    Net-Ctrl Blog - mobile

    Cybersecurity Education Efforts Yielding Results

    July 21st, 2016

    Cybersecurity education efforts are yielding results, with 61 percent of respondents to a survey conducted by Palo Alto Networks saying they would speak with IT before introducing new devices onto a corporate network or adding business applications and tools onto unsecured devices.

    With more than 25% of identified attacks in enterprises expected to involve IoT by 2020, [1] – and many expected to enter the workplace – this survey finding represents a significant step in the right direction and demonstrates that employees’ knowledge and understanding of their role in cybersecurity is improving.

    However, the contrasting findings from this survey of business managers – who typically have the salary and tendency to be early adopters of new technology – are that 39 percent would fly under IT’s radar. This leaves a large margin for risk.

    Further still, of the group that doesn’t go to IT, one in every eight would “not tell anyone” about bringing a new device into an organisation or installing corporate tools, such as email, onto unsecured devices.

    Attitude Impacts Adherence

    The survey found that adherence to cybersecurity policies, such as those around the introduction of a new device, is largely guided by personal attitudes and views toward technology. Of those who have circumvented their company’s cybersecurity policy in the past, the prevailing reason for doing so was that they wanted to use a more efficient tool or service, or one that was considered to be the best in the market. Companies need to enable, not limit, employee choices, using technology and education to manage risk.

    Temporary Employees Require Full-time Supervision

    Contractors were the group most often seen to be bypassing company guidelines on cybersecurity, with 16 percent of respondents saying they had seen a temporary employee circumvent policies.

    Quote

    “BYOD is now a mature concept, but many still struggle to manage the blurry lines between personal and business data access by personal devices. Many organisations have deployed solutions to manage devices, but the anxiety comes from their broad connectivity, especially as the boundaries between business-driven cloud services and personal ones become less clear, which creates unknown bridges between business networks and the Internet at large. Modern state-of-the-art security must be able to prevent any device communication becoming the point of a breach and minimise risk for an organisation.”

    Greg Day, VP and regional CSO, EMEA at Palo Alto Networks

    Recommendations

    • Organisations should continue with employee education efforts to ensure that those on the front line of defences have the skills they need to identify threats.
    • Security professionals should closely monitor the activity of non-permanent employees or contractors and ensure they receive the same policy information as full-time staff.
    • Organisations should integrate up-to-date security solutions that fit with new technology trends in order to eliminate the weaknesses exposed in an evolving computing environment.
    • Businesses should look at how they identify and enable the safe use of trusted or sanctioned cloud services and applications and manage the use of those that are untrusted and unsanctioned.

    Download “Preventing the Blocks to Cybersecurity in Business” at: https://www.paloaltonetworks.com/resources/research/preventing-blocks-to-cybersecurity-in-business

    Research Methodology

    The survey was conducted online among 765 business decision-makers in companies with 1,000+ employees in the U.K., Germany, France, the Netherlands and Belgium by Redshift Research in October 2015.

    [1] Gartner-Press Release, “Gartner Says Worldwide IoT Security Spending to Reach $348 Million in 2016”, April 25, 2016, http://www.gartner.com/newsroom/id/3291817

    Possible MOBOTIX Shipment Delay

    July 21st, 2016

    MOBOTIX will be shutting down their operations from Monday, August 8 to Friday to August 26, 2016.

    All items which are in stock will be dispatched immediately once orders are confirmed.

    Orders for larger quantities or special models may take longer. We recommend to place your order as soon as possible and will do everything in our power to assist you with your project.

    For more information please contact Mark Power on 01473 281 211 or at mark.power@net-ctrl.com.

    Why User-Based Controls Are Critical to Your Breach Prevention Strategy

    July 20th, 2016

    POSTED BY: Navneet Singh on Palo Alto Networks Blog.

    Employees, customers and partners connect to different repositories of information within your network, as well as to the internet, to perform various aspects of their jobs. These people and their many devices represent your network’s users. It’s important to your organisation’s risk posture that you’re able to identify who they are — beyond IP address — and the inherent risks they bring with them based on the particular device they’re using, especially when security policies have been circumvented or new threats have been introduced to the organisation.

    Here are two high-profile, real-world breaches that you can learn from. The key takeaway here is that, to make the most of your next-generation firewall investment, it is critical to implement user-based controls.

    Example 1: Data Breach at a Large U.S. Retailer

    This data breach started with the attackers stealing a third-party vendor’s login credentials. This allowed them to gain access to the third-party vendor environment and exploit a Windows vulnerability. Since the vendor had the privileges to access the corporate network, the attackers gained access, too. The attackers were then able to install memory-scraping malware on more than 7,500 self-checkout POS terminals. This malware was able to grab 56 million credit and debit card numbers. The malware was also able to capture 53 million email addresses.

    The SANS Institute Reading Room for InfoSec has published a report on the breach. The report mentions several ways in which the breach could have been prevented. One of the most important is to have the right access controls in place. Quoting from the report:

  • An identity and access management solution should be used to manage the identities and access of all internal and external employees (third-party vendors).
  • Each external employee should have their own account, so that there is accountability for anything performed on their behalf.
  • Account review procedures should also be in place, specifically for third-party vendor accounts. Auditing of these third-party vendors is critical. This will allow the detection of abnormal behavior.
  • Having all of these controls in place for managing and monitoring the third-party vendor accounts will detect any misuse of third-party vendor credentials.
  • Example 2: Data Breach at a Large U.S. Banking and Financial Services Company

    This data breach started with the attackers infecting the personal computer of an employee. The malware stole the employee’s login credentials. When the employee used VPN to connect to the corporate network, the attackers were able to gain access to more than 90 corporate servers. The attackers stole private information for 76 million households and 7 million small businesses.

    The SANS Institute Reading Room for InfoSec’s report on this breach mentions the need to manage user privileges as one of the key ways to minimize the risk of a breach or minimise damage in case of a breach. Quoting from the report:

  • Least privilege simply means to give someone the least amount of access to perform his or her job. If least privilege control access were applied, these organisations would have reduced the amount of stolen data by 86 percent.
  • Anonymous access must be disabled because many Windows vulnerabilities are caused by null user sessions. A null user session is essentially a Server Message Block (SMB) session with blank username and password.
  • What This Means for You as the Security Practitioner

    Want to make sure your organisation does not end up in the headlines for the wrong reasons, like a massive data breach? You’d do well to implement user-based controls and restrict user access to least privilege, as the SANS Institute reports recommend. Employ the right user access mechanisms not only on the endpoints and on the applications that they access but also on your next-generation firewall.

    Call to Action

    If you own a Palo Alto Networks® Next-Generation Firewall, refer to the following resources to enable User-ID™, and increase your organization’s breach defenses:

  • User-ID documentation
  • Best practice internet gateway security policy
  • User-ID tech tips
  • The Theory of Wi-Fi Evolution and IEEE 802.11 Selection

    July 14th, 2016

    By: Sundar Sankaran, Chief Wireless Architect

    September 2015 marked the 25th anniversary of IEEE 802.11, commonly referred to as Wi-Fi. Over these 25 years, Wi-Fi has ascended from a technology that enabled computers to wirelessly transfer data at 2 Mbps to winning a spot in Maslow’s pyramid as the most basic human need.

    IEEE 802.11 got here, as Lewis Carroll suggested, by running twice as fast. The standard has continuously advanced itself by introducing amendments, such as 802.11n, 802.11ac and 802.11ax. These amendments support higher data rates to meet ever-increasing application demands through the adoption of higher-order modulation schemes such as 64-, 256-, and 1024-QAM, by supporting channel bonding up to 160 MHz and by employing MIMO techniques to transmit multiple streams to single client. In addition to increasing the peak data rate, efforts have been made to improve the spectral efficiency, which characterizes how well the system uses the available spectrum (how many bits of data can be pumped per second in 1 Hz of spectrum). Multi-user techniques such as MU-MIMO and OFDMA have been introduced in 802.11ac and 802.11ax to improve spectral efficiency and network capacity.

    The following table summarizes the key ingredients of various IEEE 802.11 amendments ranging from 802.11b to the recently ratified 802.11ac to the upcoming 802.11ax. As evident from this table, peak PHY data rate supported by IEEE 802.11 has gone up by a factor of 5000, and spectral efficiency has improved by a factor of 625. Enhancements like this have enabled Wi-Fi to become one of the basic needs of life on par with water, air and fire.

    WLAN-Protocols

    View the original article by The Ruckus Room.

    Conventional AV Systems Can Actually Harm You

    June 15th, 2016

    POSTED BY: Steve Gerrard on June 13, 2016 8:00 AM

    There’s barely a day goes by when I’m not reading another batch of stories about how unsuitable conventional endpoint AV security is for dealing with modern malware, APTs, zero-day threats and so forth.

    So replete are these tales of woe that it’s almost possible to switch off from the basic fact that in this uber-connected, cloud-enabled, everything-as-a-service, internet-of-thingamajigs world, most conventional endpoint AV systems are impotent and probably do more harm than good. I write almost, but not quite, because every now and again the occasional story jumps off the screen and gives you that all important wake-up call.

    One such story that came to light a few weeks ago, centered around an Adverse Event Report published by the U.S. Food and Drug Administration (FDA). Wherein, a patient (not named), undergoing a cardiac catheterisation procedure at a US Hospital (also not named) had to be sedated, mid-operation, for five minutes, while the procedure was suspended following the system crash of a vital piece of monitoring equipment.

    The system in question monitors, measures and records patient data during cardiac catheterization procedures. The system is made up of a patient data module, used to capture the patient’s vitals, and a hemo monitor PC to display them. The two elements are connected via a serial interface.

    During this particular procedure the monitor PC lost communication with the patient data module resulting in a black screen on the monitor and the patient having to be sedated while the system was rebooted. As the FDA report describes, the cause of this blackout was attributed to the installed conventional AV software, which at a critical point in the procedure initiated a scan of the system.

    Although the system could be rebooted and the patient fortunately survived it got me thinking about the real-life harm a conventional AV could do to me. Quoting from the Manufacturers Narrative in the FDA Report, “Our experience has shown that improper configuration of anti-virus software can have adverse effects including downtime and clinically unusable performance.” So, although I may be sensationalizing the FDA’s paragraph a little, I’m not feeling that confident after reading the manufacturer’s narrative. Let’s face it: the team performing a standard cardiac catheterisation procedure is not likely to include an IT security engineer who can be called upon at a moment’s notice.

    Could this scenario have been avoided with an Advanced Endpoint Protection system? The answer is probably yes. Traps, our advanced endpoint protection product, is not a conventional AV system — indeed, it’s a paradigm shift from “the way things used to be done.” Traps secures endpoints by preventing known and unknown malware and exploits from executing by focusing on blocking the few, core techniques used by attackers rather than application-specific characteristics. Furthermore, It does this in a lightweight, nonintrusive agent that definitely does not rely on system scanning.

    View the original post on the Palo Alto Network Research Centre Website.

    Learn more

    Watch a demo
    Ultimate Test Drive
    Traps

    General Data Protection Regulation: The compliance countdown has begun

    June 10th, 2016

    New regulations governing how European organisations approach data security will be enshrined into law on 25th May, imposing a host of new data security obligations for businesses operating within the EU. Chris Russell, CTO, Swivel Secure, explores the operational implications.

    The aim of the EU’s new General Data Protection Regulation (GDPR) is to drive the modernisation of Europe’s data security practices and, at the same time, harmonise the national laws that each member state enacted as a resulted of the now-defunct Data Protection Directive.

    Overall, the regulation is a force for good. Nonetheless, it will require European business of all sizes to ‘get serious’ about their security, and fast. There is a mere two-year grace period before the rules will be enforced, after which non-compliance becomes a very serious issue indeed – one that could result in fines of up to 4% of a firm’s worldwide annual turnover.

    The specific technical requirements of the regulation, concerning the pseudonymisation and encryption of sensitive data have already been widely documented. Less well discussed however, is how companies need to adapt their operations and policies to establish a perpetually compliant mode of working.

    One requirement, for example, requires the relevant data protection authority to be notified of a data breach within 72 hours of its occurrence. Moreover, under certain circumstances, the data subjects will also have to be notified of a breach. Put another way, to avoid hefty fines, firms will need to ‘own-up’ far sooner than many have done in the past. This will put companies on a continuous state of high alert, elevate the data security issue to Board level almost overnight, and refocus the IT department’s attention on bolstering its network defences.

    On initial inspection, this is no bad thing. But there are hidden costs to contend with. Countless firms across Europe are in the midst of migrating their company’s data, business tools and operations into the cloud in a bid to heighten operational flexibility, lower TCO, enable greater departmental integration and unify their communications infrastructures. The Bring Your Own Device revolution, combined with the rising popularity of flexible working initiatives, add yet more gateways for the IT department to protect. The rise of such initiatives has triggered a surrendering of corporate data security control; many of the ‘new network’s gateways now sit well beyond the control of the IT department. Cloud-based user authentication is most commonly delivered as part of the provider’s managed service.

    In this way, it is worth considering whether the GDPR’s threat of huge fines could, inadvertently, do more harm than good, by dissuading the Board from pressing on with progressive IT initiatives and hampering each company’s agility and flexibility as a result.

    One way through the maze is to apply user authentication policies and tools that are fit for this new multidimensional networked environment and appropriately support the new regulatory environment.

    Adaptive risk-based authentication solutions can help establish precisely the right level of visible security as is appropriate to the access being requested.

    Here, an appropriate level of ‘friction’ can be integrated into the authentication process; a high risk access request requires a higher degree of validation, for example. Unusual access requests can then also be quickly identified, from a masked IP address, for example, or a device attempting to access from a country far removed from its usual access location.

    By building this level of granularity and risk assessment into a firm’s security policies, adaptive authentication tools can then be parameterised to enable a company to achieve the best of both worlds: the new level of access and data protection that the GDPR demands and the flexibility that today’s networked business environment requires.

    By taking this strategic and unified approach to authentication, firms can generate a network-wide overview detailing all accesses to corporate data. This overview makes it far easier to guard against breaches, identify them when they do occur and also to respond effectively, by adding new layers of authentication, for example, or even restricting access under appropriate circumstances. By establishing this level of visibility and auditable transparency, companies will also find that they are better equipped for the greater scrutiny brought about by the new regulatory environment.

    As is so often the case with information security, it’s about striking a balance. Fortunately, the tools and best practices are already available for European firms to quickly adapt to the new regulation and continue to evolve their operations at the same time. Those with the vision and agility to begin their adaptation now will be able to turn a regulatory compliance countdown into an opportunity to future proof their organisations network defences for years to come.

    Original blog entry taken from Swivel Blog.

    The Disappearing Demarcation Between IT and Security

    June 8th, 2016

    POSTED BY: Brian Tokuyoshi on June 7, 2016 5:00 AM
    Taken from the Palo Alto Network Research Centre

    There’s been a longstanding belief that IT and security teams are at odds with each other. This is because their measures for performance are, on the surface, almost contradictory with one another. IT must find ways to provide the applications that the business needs. But business conditions change rapidly, and the applications the organization needs can shift on a dime. IT organizations must be agile and quick in response to new business drivers because no CIO wants to be the bottleneck in the boardroom for business change. Thus, IT tends to favor technologies that accelerate change, such as the rapid adoption of virtualized business workloads to the cloud.

    Security, on the other hand, operates on a different set of benchmarks and priorities. Security’s foremost concern is the protection of data by eliminating avenues of risk. As such, the general inclination of security tends to be conservative and values consistency over change. Introducing new applications and emerging technologies opens up new vectors for risk and data loss, which are precisely the opposite of what they’re tasked to minimize.

    Despite having a healthy appreciation for each other’s work, both sides feel conflicted. IT does not want to forsake security, and security does not want to slow down IT. Yet, it’s not uncommon to see IT and security teams working in completely different parts of the organization due to their conflicting missions.

    I found this recent article in Dark Reading interesting: “How Security and IT Teams Can Get Along,” in that there is precedent for change. It discusses several areas where change is occurring, including where new roles are emerging. For example, DevOps groups bridge the gap that traditionally separated application development (constructing new applications) and operations (keeping existing applications running at all times). When thinking about how a similar divide exists with IT and security, perhaps the first step will come through shifts in the expectations on what each group should do.

    The article goes into depth about how to make a difference when bringing the teams together, and one area is the problem of measuring goals when the metrics are not meaningful. I agree, because there is a major risk of losing sight of the goals when your metrics are based on the symptom rather than the problem. For instance, incidence response teams that work on investigating alerts often face a Sisyphus’s stone amount of work. There is no shortage of red alerts being generated throughout the organization, and quantity of alerts is seldom a good measure to determine the severity of the problem. The more patient attacker will not draw attention, but how do you find the events on which to focus? And how do you correlate that activity across systems that are traditionally unrelated to one another?

    One area that I think is particularly promising is the decoupling of security controls from the application. Phrased in a different way, the reason that I see IT and security competing, at times, is that there’s been no shortage of evidence showing what can happen if you deploy an application first and then bolt the security on afterwards, typically with a one-off point product. It’s seldom going to be as secure or easily managed as if it was designed to be deployed together with the application in the first place. The policy will certainly be fragmented, with a different control point for every point product deployed. And it will almost certainly create the issue described above, where every point product generates red alerts with no correlation on what to prioritize.

    That’s why I believe that the Palo Alto Networks Next-Generation Security Platform provides the security controls that bridge the intersection between the interests of IT, Security and DevOps. It does this because it positions critical security functions as the common denominator to all applications: the network. By seeing all traffic, and extending that visibility across all users, applications and devices, the organization can set up the underlying security that applies to all the applications that IT wants to deploy. The critical security controls for stopping an attack are in place ahead of the application, rather than trailing it.

    It’s important to note that “network,” in this sense, does not solely mean the traditional perimeter because the platform extends to the mobile user (through GlobalProtect), the public cloud (through VM-Series on AWS and Azure) and the virtualized data center/private cloud. These baseline principles set the foundation for additional controls that the organization deploys along with the application.

    Operationally, the use of the platform helps organizations get contextual views of network activity that bears investigation (through AutoFocus) as well as a deeper level of control through the enforcement of policy on the next-generation firewall.

    These principles deliver upon the premise of prevention first, while breaking the lifecycle of an attack across all stages, because the protection is inherently baked into the platform rather than bolted onto the application. It’s been designed to do this from the ground up.

    I think that, in the years ahead, there will be even greater discussion on how IT and security teams align in new ways, and every organization should be preparing for this conversation. Fortunately, the principles of the Next-Generation Security Platform can help pave the way.

    Gemalto research reveals most organizations not confident in ability to Protect Data after Data Breach

    June 8th, 2016

    Despite the increasing number of data breaches and more than 3.9 billion data records worldwide being lost or stolen since 2013, organizations continue to believe perimeter security technologies are effective against data breaches. This is one of the many findings of the third-annual Data Security Confidence Index released 08th June 2016 by Gemalto, the world leader in digital security.

    Key Findings

  • One-third of organizations have experienced a data breach in past 12 months
  • 69% of IT professionals are not confident their data would be secure if perimeter defenses were breached
  • 66% of IT professionals say unauthorized users can access their networks and 16% believe unauthorized users have access to their entire networks
  • Of the 1,100 IT decision makers surveyed worldwide, 61% said their perimeter security systems (firewall, IDPS, AV, content filtering, anomaly detection, etc.) were very effective at keeping unauthorized users out of their network. However, 69% said they are not confident their organization’s data would be secure if their perimeter security was breached. This is up from 66% in 2015 and 59% in 2014. Furthermore, 66% believe unauthorized users can access their network and nearly two in five (16%) said unauthorized users could access their entire network.

    “This research shows that there is indeed a big divide between perception and reality when it comes to the effectiveness of perimeter security,” said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. “The days of breach prevention are over, yet many IT organizations continue to rely on perimeter security as the foundation of their security strategies. The new reality is that IT professionals need to shift their mindset from breach prevention to breach acceptance and focus more on securing the breach by protecting the data itself and the users accessing the data.”

    Perimeter security is a focus, but not a panacea for data breaches

    According to the research findings, 78% of IT decision makers said they had adjusted their strategies as a result of high profile data breaches, up from 71% in 2015 and up 53% in 2014. 86% said they had increased spending on perimeter security and 85% believe that their current investments are going to the right security technologies.

    Despite the increased focus on perimeter security, the findings show the reality many organizations face when it comes to preventing data breaches. 64% of those surveyed said their organizations experienced a breach at some time over the past five years. More than a quarter (27%) said they experienced a breach in the past 12 months, with a similar number of IT decision makers (30%) reporting the same frequency in 2015. This suggests that organizations have not made significant improvements in reducing the number of data breaches despite increased investments in perimeter security.

    “While companies are confident in the amount of spending and where they are spending it, it’s clear the security protocols they are employing are not living up to expectations. While protecting the perimeter is important, organizations need to come to the realization that they need a layered approach to security in the event the perimeter is breached. By employing tools such as end-to-end encryption and two-factor authentication across the network and the cloud, they can protect the whole organization and, most importantly, the data,” concluded Hart.

    Download the entire report.

    About the Survey

    Independent technology market research specialist Vanson Bourne surveyed 1,100 IT decision makers across the US, UK, France, Germany, Russia, India, Japan, Australia, Brazil, Benelux and the Middle East on behalf of Gemalto. The sample was split between Manufacturing, Healthcare, Financial Services, Government, Telecoms, Retail, Utilities, Consultation and Real Estate, Insurance and Legal, organizations with 250 to more than 5,000 employees.​

    Related Resources

    Infographic, Report, Country Data: Please click here.​

    About Gemalto

    Gemalto is the global leader in digital security, with 2015 annual revenues of €3.1 billion and customers in over 180 countries. We bring trust to an increasingly connected world.

    Our technologies and services enable businesses and governments to authenticate identities and protect data so they stay safe and enable services in personal devices, connected objects, the cloud and in between.

    Gemalto’s solutions are at the heart of modern life, from payment to enterprise security and the internet of things. We authenticate people, transactions and objects, encrypt data and create value for software – enabling our clients to deliver secure digital services for billions of individuals and things.

    Our 14,000+ employees operate out of 118 offices, 45 personalization and data centers, and 27 research and software development centers located in 49 countries.

    For more information visit www.gemalto.com, or follow @gemalto on Twitter.

    Juniper Networks Expands Portfolio with New EX Series Switches

    June 1st, 2016

    Juniper Networks (NYSE: JNPR), an industry leader in automated, scalable and secure networks, today announced two new Juniper Networks® EX Series access switches that are expected to enable secure, simplified management for campus and branch networks, regardless of size and complexity. The EX2300, an entry-level switch, and EX3400, a mid-range switch, offer new options for companies to leverage Juniper Networks Unite for a cloud-enabled enterprise, including Junos® Fusion Enterprise and Juniper Networks Virtual Chassis technology to streamline network provisioning through a single point of management. The new solutions are expected to also further Juniper’s Software-Defined Secure Networks (SDSN) framework by serving as additional enforcement points throughout the network.

    As part of Juniper Unite, an agile enterprise architecture that provides a simplified network infrastructure, the new EX2300 and EX3400 switches provide small and mid-market organizations with an easy-to-manage network solution, liberating overextended IT resources to concentrate on high-impact projects. The new access switches also give large enterprises greater flexibility needed to significantly scale operations and implement resource-intensive IT projects. These switches enhance the EX Series switching portfolio, offering customers more choice while maintaining the same Junos-based EX feature set, including the endpoint functionality for Junos Fusion Enterprise. Additionally, by building enforcement capabilities into these new switches, companies can stop potential security threats closer to where they originate and help the network defend itself.

    Announced last fall, Juniper Unite provides a foundation to build an agile and secure network for enterprises looking to quickly deploy cloud applications and services in a streamlined manner. This is done through cutting-edge switching, security and routing products as well as software technologies — including the switches announced today and third-party solutions through the Open Convergence Framework (OCF). As a part of Juniper Unite, Junos Fusion Enterprise, the industry’s highest scaling software-enabled switching architecture for campus environments, based on the IEEE 802.1BR industry standard, provides automated network configuration and simplified scalability to meet business needs while promoting intelligent, flexible cloud-enabled enterprise networks. Junos Fusion Enterprise allows customers to collapse multiple network layers, including an on-premises data center, into one simple, smart and flexible cloud-enabled enterprise network.

    News Highlights:

    EX2300 and EX2300-C Access Switch:

  • Cost-effective 1 Gigabit Ethernet (GbE) fixed configuration access switch: Features 10 GbE uplinks to support increased demand for bandwidth from cloud, rich media and video.
  • Junos Fusion Enterprise technology-ready: EX2300 and EX2300-C can be deployed as endpoints in a Junos Fusion Enterprise fabric allowing for unprecedented operational simplification.
  • Virtual Chassis with zero touch provisioning (ZTP): For smaller scale deployments, up to four EX2300 and EX2300-C can be combined in a Virtual Chassis configuration to simplify operations and ZTP shortens the time to production.
  • Simplified on box management: The J-Web on box management provides direct, easy management, configuration and troubleshooting through a web browser-based interface. Multiple EX2300 and EX2300-C switches can be seamlessly managed with Network Director, which delivers full lifecycle management for simplified network control and automation across a distributed enterprise.
  • Flexible deployment: The compact, silent fanless EX2300-C offers a flexible deployment option for open or quiet environments.
  • EX3400 Access Switch:

  • Feature-rich mid-range 1 GbE fixed configuration access switch: Includes 10 GbE and 40 GbE uplinks to meet the increased demand for bandwidth-hungry applications.
  • Built-in high availability: The EX3400 features redundant power supplies and fans to meet additional hardware redundancy requirements of mission-critical environments.
  • Junos Fusion Enterprise technology-ready: EX3400 can be deployed as endpoints in a Junos Fusion Enterprise fabric allowing for unprecedented operational simplification.
  • Virtual Chassis with zero touch provisioning (ZTP): For smaller scale deployments, up to 10 EX3400 switches can be combined in a Virtual Chassis configuration to simplify operations and ZTP shortens the time to production.
  • Secure and encrypted access: Media Access Control Security (MACsec) hardware encryption on 1 GbE and 10 GbE interfaces support enhanced security requirements of government, financial services or other security-critical enterprise environments.
  • Simplified on box management: The J-Web on box management provides direct, easy management, configuration and troubleshooting through a web browser-based interface. Multiple EX3400 switches can be seamlessly managed with Network Director, which delivers full lifecycle management for simplified network control and automation across a distributed enterprise.
  • The Juniper Networks Professional Services team and its authorized Professional Services Partners can provide network assessments, customer on-boarding, design, deployment, and education services to help enterprise customers evolve their network architectures to meet cloud-based application and services requirements. The EX2300 and EX3400 are covered by Juniper’s Enhanced Limited Lifetime Warranty (eLLW). Additionally, Juniper’s highly trained Professional Services Partners offer their own unique brand of service offerings to help customers better integrate Juniper technologies into their environments.

    Supporting Quotes

    “As enterprises of all sizes are undergoing major IT networking transformations, Juniper is committed to continuing to provide a solution that makes it easier to manage network operations. Expanding the Unite architecture with the new EX switches offers our customers more choice, flexibility and investment protection. These new platforms also support Junos Fusion Enterprise — empowering IT teams to spend less time provisioning and more time delivering an innovative IT experience — and, by serving as enforcement points throughout the network, they also enhance Juniper’s Software-Defined Secure Networks framework by keeping the network and its users secure.”
    – Jennifer Blatnik, vice president of cloud, security and enterprise portfolio marketing, Juniper Networks

    “At the City of Dublin, our focus is to expand the influence of our broadband community, aligning clear economic goals with our technology strategy. The design targets business benefits in a way that scales for intensity or geography. We initiated our 100-gigabit Dublink Transport plan in 2015, designed to retain, expand and attract businesses within a legacy Office Park. Increasing the City’s fiber capability will serve as an economic development driver and expand capabilities for primary and secondary education. To do this, we need a flexible, scalable, and simple network solution and Juniper Networks’ technology is a perfect fit for us. We look forward to continuing our relationship with Juniper and building out our small and medium sites with the EX Series for improved network operations.”
    – Doug McCollough, chief information officer, City of Dublin

    “Juniper’s Junos Fusion Enterprise technology, with its single chassis view of more than 100 switches and its configuration sync features, will transform our distributed networks by consolidating them into a single, secure, logical point of management, configuration and operation. Combined with its operational simplicity and the ability to extend powerful features from the core to access devices, Junos Fusion Enterprise gives us flexible migration options and massive scalability while protecting existing investments.”
    – Rafi Brenner, vice president of information technology, ForeScout Technologies Inc.

    “To meet our customers’ software-defined and cloud data center business objectives, we required a network architecture that’s flexible, scalable, simple to operate, and will support the full range of applications in use. Juniper Networks’ Junos Fusion brings unparalleled simplicity, scalability, and flexibility to the data center by flattening the network, including on-premises data centers, into one simple, smart and flexible cloud-enabled enterprise network. Customers benefit from a new level of agility within the data center, enabling them to rapidly deploy applications and services.”
    – David Magee, chief technology officer, Atrion Communication Resources

    “Juniper’s new EX Series access switches provide more choice to support growing campus and branch requirements. Users demand increased bandwidth, while IT desires ease of provisioning and management. The addition of MACsec encryption on the EX3400 meets the security needs of regulated environments (e.g. government and financial services), while general capabilities such as zero-touch provisioning and Virtual Chassis technology deliver ease of deployment. Additionally, these new EX switches provide the building blocks for customers looking to Junos Fusion Enterprise for a scale-out, simplified management architecture.”
    – Daniel Conde, analyst, Enterprise Strategy Group

    Additional Resources

    Blog: New Switches Speed Move to the Cloud by Matt Hurley, corporate vice president of global channels and field marketing, Juniper Networks

    Blog: Are You Ready to Simplify Your Operations? New EX Models Give You More Options to Deploy Junos Fusion Enterprise by Tarek Radwan, product marketing manager, enterprise campus and branch portfolio, Juniper Networks

    Blog: SMB and Midmarket Customers Looking for a Switch “Box”? Let Juniper Switches Simplify Your Network (Now with Two New Models!) by Tarek Radwan, product marketing manager, enterprise campus and branch portfolio, Juniper Networks

    Product Datasheets: EX2300, EX2300-C, and EX3400

    Ruckus Expands Wave 2 Portfolio with R510 and T710 APs

    June 1st, 2016

    New High-end Outdoor Access Point Delivers Cutting-edge Wi-Fi Performance; Mid-range Indoor Access Point Brings Wave 2 Performance to Mainstream Market

    May 31, 2016 – Ruckus Wireless™, Inc., now part of Brocade (NASDAQ: BRCD), today launched two new wireless access points (APs) and upgraded management software that double Wi-Fi client density and data rates over previous generations, while improving the wireless experience for retail, hospitality, education, enterprise and service provider customers.

    The new APs are based on the 802.11ac Wave 2 standard featuring multiple user-multiple input, multiple output (MU-MIMO) technology, which can simultaneously transmit multiple client streams to different devices on the same RF channel. Ruckus was first-to-market with Wave 2 APs in April 2015, and will now have the industry’s broadest Wave 2 portfolio. All Ruckus Wave 2 APs combine MU-MIMO with Ruckus’ patented BeamFlex+™ adaptive antenna technology and ChannelFly™ predictive channel selection to deliver the highest performance Wi-Fi possible, optimizing signals for every client and transmission.

    The new products include:

    Ruckus ZoneFlex™ T710 access point – An outdoor version of the industry-first Wave 2 R710 AP delivering multi-gigabit Wi-Fi performance and unprecedented client capacity. The T710 includes four dual-band antennas—utilizing BeamFlex+ adaptive antenna technology—along with interfaces for Ethernet and fiber backhaul, plus built-in GPS for ease of location and inventory management, making it a flexible platform for enterprise and service provider outdoor deployments.

    Ruckus ZoneFlex R510 access point – A Wave 2 version of Ruckus’ most popular indoor AP (R500). The R510 is a competitively priced AP for mid-market customers, featuring two dual-band anntennas (also utilizing BeamFlex+ technology) that combine MU-MIMO to service more devices with the highest efficiency. Unlike competing products that require expensive switch upgrades to accommodate higher power requirements, the R510 can work with existing 802.3af-capable Ethernet switches.

    Both APs can be managed by Ruckus ZoneDirector™ and SmartZone™ controllers. ZoneDirector and SmartZone are software platforms for managing wireless networks, including user access controls, guest networking functions, advanced Wi-Fi security and traffic management. As part of today’s announcement, Ruckus is upgrading SmartZone to version 3.4 with new features for self-optimizing Wi-Fi networks, remote network management, simplified installation of new APs, and Amazon Web Services support. Ruckus is also upgrading ZoneDirector to version 9.13 to enable even better network installation and management. Both platforms also now provide built-in support for Ruckus’ Smart Positioning Technology (SPoT™) location-based service and Cloudpath™ certificate-based security management software, user onboarding and policy access management software.

    “Wave 2 is quickly becoming the high-performance Wi-Fi standard, especially when combined with patented Ruckus innovations like BeamFlex+ technology,” said Greg Beach, vice president of product management, Ruckus Wireless Business Unit at Brocade. “The early adopters across retail, hospitality and education are seeing tremendous benefits as they rely on Smart Wi-Fi™ to engage customers, deliver services and run their businesses. With today’s new indoor and outdoor access points, we’re excited to take Wave 2 mainstream for any enterprise or service provider deployment.”

    “Ruckus’ new APs expand options for Wave 2 deployment across multiple industries,” said Mike Fratto, research director, Current Analysis. “Fast, reliable wireless is clearly becoming more business critical, and we expect Wave 2 systems will stimulate faster growth for Wi-Fi throughout 2016 and 2017.”

    Ruckus ZoneFlex APs are available through Ruckus’ global distribution network. The R510, T710, SmartZone 3.4, and ZoneDirector 9.13 are currently scheduled to be released in July.

    Net-Ctrl Blog

    Cybersecurity Education Efforts Yielding Results

    July 21st, 2016

    Cybersecurity education efforts are yielding results, with 61 percent of respondents to a survey conducted by Palo Alto Networks saying they would speak with IT before introducing new devices onto a corporate network or adding business applications and tools onto unsecured devices.

    With more than 25% of identified attacks in enterprises expected to involve IoT by 2020, [1] – and many expected to enter the workplace – this survey finding represents a significant step in the right direction and demonstrates that employees’ knowledge and understanding of their role in cybersecurity is improving.

    However, the contrasting findings from this survey of business managers – who typically have the salary and tendency to be early adopters of new technology – are that 39 percent would fly under IT’s radar. This leaves a large margin for risk.

    Further still, of the group that doesn’t go to IT, one in every eight would “not tell anyone” about bringing a new device into an organisation or installing corporate tools, such as email, onto unsecured devices.

    Attitude Impacts Adherence

    The survey found that adherence to cybersecurity policies, such as those around the introduction of a new device, is largely guided by personal attitudes and views toward technology. Of those who have circumvented their company’s cybersecurity policy in the past, the prevailing reason for doing so was that they wanted to use a more efficient tool or service, or one that was considered to be the best in the market. Companies need to enable, not limit, employee choices, using technology and education to manage risk.

    Temporary Employees Require Full-time Supervision

    Contractors were the group most often seen to be bypassing company guidelines on cybersecurity, with 16 percent of respondents saying they had seen a temporary employee circumvent policies.

    Quote

    “BYOD is now a mature concept, but many still struggle to manage the blurry lines between personal and business data access by personal devices. Many organisations have deployed solutions to manage devices, but the anxiety comes from their broad connectivity, especially as the boundaries between business-driven cloud services and personal ones become less clear, which creates unknown bridges between business networks and the Internet at large. Modern state-of-the-art security must be able to prevent any device communication becoming the point of a breach and minimise risk for an organisation.”

    Greg Day, VP and regional CSO, EMEA at Palo Alto Networks

    Recommendations

    • Organisations should continue with employee education efforts to ensure that those on the front line of defences have the skills they need to identify threats.
    • Security professionals should closely monitor the activity of non-permanent employees or contractors and ensure they receive the same policy information as full-time staff.
    • Organisations should integrate up-to-date security solutions that fit with new technology trends in order to eliminate the weaknesses exposed in an evolving computing environment.
    • Businesses should look at how they identify and enable the safe use of trusted or sanctioned cloud services and applications and manage the use of those that are untrusted and unsanctioned.

    Download “Preventing the Blocks to Cybersecurity in Business” at: https://www.paloaltonetworks.com/resources/research/preventing-blocks-to-cybersecurity-in-business

    Research Methodology

    The survey was conducted online among 765 business decision-makers in companies with 1,000+ employees in the U.K., Germany, France, the Netherlands and Belgium by Redshift Research in October 2015.

    [1] Gartner-Press Release, “Gartner Says Worldwide IoT Security Spending to Reach $348 Million in 2016”, April 25, 2016, http://www.gartner.com/newsroom/id/3291817

    Possible MOBOTIX Shipment Delay

    July 21st, 2016

    MOBOTIX will be shutting down their operations from Monday, August 8 to Friday to August 26, 2016.

    All items which are in stock will be dispatched immediately once orders are confirmed.

    Orders for larger quantities or special models may take longer. We recommend to place your order as soon as possible and will do everything in our power to assist you with your project.

    For more information please contact Mark Power on 01473 281 211 or at mark.power@net-ctrl.com.

    Why User-Based Controls Are Critical to Your Breach Prevention Strategy

    July 20th, 2016

    POSTED BY: Navneet Singh on Palo Alto Networks Blog.

    Employees, customers and partners connect to different repositories of information within your network, as well as to the internet, to perform various aspects of their jobs. These people and their many devices represent your network’s users. It’s important to your organisation’s risk posture that you’re able to identify who they are — beyond IP address — and the inherent risks they bring with them based on the particular device they’re using, especially when security policies have been circumvented or new threats have been introduced to the organisation.

    Here are two high-profile, real-world breaches that you can learn from. The key takeaway here is that, to make the most of your next-generation firewall investment, it is critical to implement user-based controls.

    Example 1: Data Breach at a Large U.S. Retailer

    This data breach started with the attackers stealing a third-party vendor’s login credentials. This allowed them to gain access to the third-party vendor environment and exploit a Windows vulnerability. Since the vendor had the privileges to access the corporate network, the attackers gained access, too. The attackers were then able to install memory-scraping malware on more than 7,500 self-checkout POS terminals. This malware was able to grab 56 million credit and debit card numbers. The malware was also able to capture 53 million email addresses.

    The SANS Institute Reading Room for InfoSec has published a report on the breach. The report mentions several ways in which the breach could have been prevented. One of the most important is to have the right access controls in place. Quoting from the report:

  • An identity and access management solution should be used to manage the identities and access of all internal and external employees (third-party vendors).
  • Each external employee should have their own account, so that there is accountability for anything performed on their behalf.
  • Account review procedures should also be in place, specifically for third-party vendor accounts. Auditing of these third-party vendors is critical. This will allow the detection of abnormal behavior.
  • Having all of these controls in place for managing and monitoring the third-party vendor accounts will detect any misuse of third-party vendor credentials.
  • Example 2: Data Breach at a Large U.S. Banking and Financial Services Company

    This data breach started with the attackers infecting the personal computer of an employee. The malware stole the employee’s login credentials. When the employee used VPN to connect to the corporate network, the attackers were able to gain access to more than 90 corporate servers. The attackers stole private information for 76 million households and 7 million small businesses.

    The SANS Institute Reading Room for InfoSec’s report on this breach mentions the need to manage user privileges as one of the key ways to minimize the risk of a breach or minimise damage in case of a breach. Quoting from the report:

  • Least privilege simply means to give someone the least amount of access to perform his or her job. If least privilege control access were applied, these organisations would have reduced the amount of stolen data by 86 percent.
  • Anonymous access must be disabled because many Windows vulnerabilities are caused by null user sessions. A null user session is essentially a Server Message Block (SMB) session with blank username and password.
  • What This Means for You as the Security Practitioner

    Want to make sure your organisation does not end up in the headlines for the wrong reasons, like a massive data breach? You’d do well to implement user-based controls and restrict user access to least privilege, as the SANS Institute reports recommend. Employ the right user access mechanisms not only on the endpoints and on the applications that they access but also on your next-generation firewall.

    Call to Action

    If you own a Palo Alto Networks® Next-Generation Firewall, refer to the following resources to enable User-ID™, and increase your organization’s breach defenses:

  • User-ID documentation
  • Best practice internet gateway security policy
  • User-ID tech tips
  • The Theory of Wi-Fi Evolution and IEEE 802.11 Selection

    July 14th, 2016

    By: Sundar Sankaran, Chief Wireless Architect

    September 2015 marked the 25th anniversary of IEEE 802.11, commonly referred to as Wi-Fi. Over these 25 years, Wi-Fi has ascended from a technology that enabled computers to wirelessly transfer data at 2 Mbps to winning a spot in Maslow’s pyramid as the most basic human need.

    IEEE 802.11 got here, as Lewis Carroll suggested, by running twice as fast. The standard has continuously advanced itself by introducing amendments, such as 802.11n, 802.11ac and 802.11ax. These amendments support higher data rates to meet ever-increasing application demands through the adoption of higher-order modulation schemes such as 64-, 256-, and 1024-QAM, by supporting channel bonding up to 160 MHz and by employing MIMO techniques to transmit multiple streams to single client. In addition to increasing the peak data rate, efforts have been made to improve the spectral efficiency, which characterizes how well the system uses the available spectrum (how many bits of data can be pumped per second in 1 Hz of spectrum). Multi-user techniques such as MU-MIMO and OFDMA have been introduced in 802.11ac and 802.11ax to improve spectral efficiency and network capacity.

    The following table summarizes the key ingredients of various IEEE 802.11 amendments ranging from 802.11b to the recently ratified 802.11ac to the upcoming 802.11ax. As evident from this table, peak PHY data rate supported by IEEE 802.11 has gone up by a factor of 5000, and spectral efficiency has improved by a factor of 625. Enhancements like this have enabled Wi-Fi to become one of the basic needs of life on par with water, air and fire.

    WLAN-Protocols

    View the original article by The Ruckus Room.

    Conventional AV Systems Can Actually Harm You

    June 15th, 2016

    POSTED BY: Steve Gerrard on June 13, 2016 8:00 AM

    There’s barely a day goes by when I’m not reading another batch of stories about how unsuitable conventional endpoint AV security is for dealing with modern malware, APTs, zero-day threats and so forth.

    So replete are these tales of woe that it’s almost possible to switch off from the basic fact that in this uber-connected, cloud-enabled, everything-as-a-service, internet-of-thingamajigs world, most conventional endpoint AV systems are impotent and probably do more harm than good. I write almost, but not quite, because every now and again the occasional story jumps off the screen and gives you that all important wake-up call.

    One such story that came to light a few weeks ago, centered around an Adverse Event Report published by the U.S. Food and Drug Administration (FDA). Wherein, a patient (not named), undergoing a cardiac catheterisation procedure at a US Hospital (also not named) had to be sedated, mid-operation, for five minutes, while the procedure was suspended following the system crash of a vital piece of monitoring equipment.

    The system in question monitors, measures and records patient data during cardiac catheterization procedures. The system is made up of a patient data module, used to capture the patient’s vitals, and a hemo monitor PC to display them. The two elements are connected via a serial interface.

    During this particular procedure the monitor PC lost communication with the patient data module resulting in a black screen on the monitor and the patient having to be sedated while the system was rebooted. As the FDA report describes, the cause of this blackout was attributed to the installed conventional AV software, which at a critical point in the procedure initiated a scan of the system.

    Although the system could be rebooted and the patient fortunately survived it got me thinking about the real-life harm a conventional AV could do to me. Quoting from the Manufacturers Narrative in the FDA Report, “Our experience has shown that improper configuration of anti-virus software can have adverse effects including downtime and clinically unusable performance.” So, although I may be sensationalizing the FDA’s paragraph a little, I’m not feeling that confident after reading the manufacturer’s narrative. Let’s face it: the team performing a standard cardiac catheterisation procedure is not likely to include an IT security engineer who can be called upon at a moment’s notice.

    Could this scenario have been avoided with an Advanced Endpoint Protection system? The answer is probably yes. Traps, our advanced endpoint protection product, is not a conventional AV system — indeed, it’s a paradigm shift from “the way things used to be done.” Traps secures endpoints by preventing known and unknown malware and exploits from executing by focusing on blocking the few, core techniques used by attackers rather than application-specific characteristics. Furthermore, It does this in a lightweight, nonintrusive agent that definitely does not rely on system scanning.

    View the original post on the Palo Alto Network Research Centre Website.

    Learn more

    Watch a demo
    Ultimate Test Drive
    Traps

    General Data Protection Regulation: The compliance countdown has begun

    June 10th, 2016

    New regulations governing how European organisations approach data security will be enshrined into law on 25th May, imposing a host of new data security obligations for businesses operating within the EU. Chris Russell, CTO, Swivel Secure, explores the operational implications.

    The aim of the EU’s new General Data Protection Regulation (GDPR) is to drive the modernisation of Europe’s data security practices and, at the same time, harmonise the national laws that each member state enacted as a resulted of the now-defunct Data Protection Directive.

    Overall, the regulation is a force for good. Nonetheless, it will require European business of all sizes to ‘get serious’ about their security, and fast. There is a mere two-year grace period before the rules will be enforced, after which non-compliance becomes a very serious issue indeed – one that could result in fines of up to 4% of a firm’s worldwide annual turnover.

    The specific technical requirements of the regulation, concerning the pseudonymisation and encryption of sensitive data have already been widely documented. Less well discussed however, is how companies need to adapt their operations and policies to establish a perpetually compliant mode of working.

    One requirement, for example, requires the relevant data protection authority to be notified of a data breach within 72 hours of its occurrence. Moreover, under certain circumstances, the data subjects will also have to be notified of a breach. Put another way, to avoid hefty fines, firms will need to ‘own-up’ far sooner than many have done in the past. This will put companies on a continuous state of high alert, elevate the data security issue to Board level almost overnight, and refocus the IT department’s attention on bolstering its network defences.

    On initial inspection, this is no bad thing. But there are hidden costs to contend with. Countless firms across Europe are in the midst of migrating their company’s data, business tools and operations into the cloud in a bid to heighten operational flexibility, lower TCO, enable greater departmental integration and unify their communications infrastructures. The Bring Your Own Device revolution, combined with the rising popularity of flexible working initiatives, add yet more gateways for the IT department to protect. The rise of such initiatives has triggered a surrendering of corporate data security control; many of the ‘new network’s gateways now sit well beyond the control of the IT department. Cloud-based user authentication is most commonly delivered as part of the provider’s managed service.

    In this way, it is worth considering whether the GDPR’s threat of huge fines could, inadvertently, do more harm than good, by dissuading the Board from pressing on with progressive IT initiatives and hampering each company’s agility and flexibility as a result.

    One way through the maze is to apply user authentication policies and tools that are fit for this new multidimensional networked environment and appropriately support the new regulatory environment.

    Adaptive risk-based authentication solutions can help establish precisely the right level of visible security as is appropriate to the access being requested.

    Here, an appropriate level of ‘friction’ can be integrated into the authentication process; a high risk access request requires a higher degree of validation, for example. Unusual access requests can then also be quickly identified, from a masked IP address, for example, or a device attempting to access from a country far removed from its usual access location.

    By building this level of granularity and risk assessment into a firm’s security policies, adaptive authentication tools can then be parameterised to enable a company to achieve the best of both worlds: the new level of access and data protection that the GDPR demands and the flexibility that today’s networked business environment requires.

    By taking this strategic and unified approach to authentication, firms can generate a network-wide overview detailing all accesses to corporate data. This overview makes it far easier to guard against breaches, identify them when they do occur and also to respond effectively, by adding new layers of authentication, for example, or even restricting access under appropriate circumstances. By establishing this level of visibility and auditable transparency, companies will also find that they are better equipped for the greater scrutiny brought about by the new regulatory environment.

    As is so often the case with information security, it’s about striking a balance. Fortunately, the tools and best practices are already available for European firms to quickly adapt to the new regulation and continue to evolve their operations at the same time. Those with the vision and agility to begin their adaptation now will be able to turn a regulatory compliance countdown into an opportunity to future proof their organisations network defences for years to come.

    Original blog entry taken from Swivel Blog.

    The Disappearing Demarcation Between IT and Security

    June 8th, 2016

    POSTED BY: Brian Tokuyoshi on June 7, 2016 5:00 AM
    Taken from the Palo Alto Network Research Centre

    There’s been a longstanding belief that IT and security teams are at odds with each other. This is because their measures for performance are, on the surface, almost contradictory with one another. IT must find ways to provide the applications that the business needs. But business conditions change rapidly, and the applications the organization needs can shift on a dime. IT organizations must be agile and quick in response to new business drivers because no CIO wants to be the bottleneck in the boardroom for business change. Thus, IT tends to favor technologies that accelerate change, such as the rapid adoption of virtualized business workloads to the cloud.

    Security, on the other hand, operates on a different set of benchmarks and priorities. Security’s foremost concern is the protection of data by eliminating avenues of risk. As such, the general inclination of security tends to be conservative and values consistency over change. Introducing new applications and emerging technologies opens up new vectors for risk and data loss, which are precisely the opposite of what they’re tasked to minimize.

    Despite having a healthy appreciation for each other’s work, both sides feel conflicted. IT does not want to forsake security, and security does not want to slow down IT. Yet, it’s not uncommon to see IT and security teams working in completely different parts of the organization due to their conflicting missions.

    I found this recent article in Dark Reading interesting: “How Security and IT Teams Can Get Along,” in that there is precedent for change. It discusses several areas where change is occurring, including where new roles are emerging. For example, DevOps groups bridge the gap that traditionally separated application development (constructing new applications) and operations (keeping existing applications running at all times). When thinking about how a similar divide exists with IT and security, perhaps the first step will come through shifts in the expectations on what each group should do.

    The article goes into depth about how to make a difference when bringing the teams together, and one area is the problem of measuring goals when the metrics are not meaningful. I agree, because there is a major risk of losing sight of the goals when your metrics are based on the symptom rather than the problem. For instance, incidence response teams that work on investigating alerts often face a Sisyphus’s stone amount of work. There is no shortage of red alerts being generated throughout the organization, and quantity of alerts is seldom a good measure to determine the severity of the problem. The more patient attacker will not draw attention, but how do you find the events on which to focus? And how do you correlate that activity across systems that are traditionally unrelated to one another?

    One area that I think is particularly promising is the decoupling of security controls from the application. Phrased in a different way, the reason that I see IT and security competing, at times, is that there’s been no shortage of evidence showing what can happen if you deploy an application first and then bolt the security on afterwards, typically with a one-off point product. It’s seldom going to be as secure or easily managed as if it was designed to be deployed together with the application in the first place. The policy will certainly be fragmented, with a different control point for every point product deployed. And it will almost certainly create the issue described above, where every point product generates red alerts with no correlation on what to prioritize.

    That’s why I believe that the Palo Alto Networks Next-Generation Security Platform provides the security controls that bridge the intersection between the interests of IT, Security and DevOps. It does this because it positions critical security functions as the common denominator to all applications: the network. By seeing all traffic, and extending that visibility across all users, applications and devices, the organization can set up the underlying security that applies to all the applications that IT wants to deploy. The critical security controls for stopping an attack are in place ahead of the application, rather than trailing it.

    It’s important to note that “network,” in this sense, does not solely mean the traditional perimeter because the platform extends to the mobile user (through GlobalProtect), the public cloud (through VM-Series on AWS and Azure) and the virtualized data center/private cloud. These baseline principles set the foundation for additional controls that the organization deploys along with the application.

    Operationally, the use of the platform helps organizations get contextual views of network activity that bears investigation (through AutoFocus) as well as a deeper level of control through the enforcement of policy on the next-generation firewall.

    These principles deliver upon the premise of prevention first, while breaking the lifecycle of an attack across all stages, because the protection is inherently baked into the platform rather than bolted onto the application. It’s been designed to do this from the ground up.

    I think that, in the years ahead, there will be even greater discussion on how IT and security teams align in new ways, and every organization should be preparing for this conversation. Fortunately, the principles of the Next-Generation Security Platform can help pave the way.

    Gemalto research reveals most organizations not confident in ability to Protect Data after Data Breach

    June 8th, 2016

    Despite the increasing number of data breaches and more than 3.9 billion data records worldwide being lost or stolen since 2013, organizations continue to believe perimeter security technologies are effective against data breaches. This is one of the many findings of the third-annual Data Security Confidence Index released 08th June 2016 by Gemalto, the world leader in digital security.

    Key Findings

  • One-third of organizations have experienced a data breach in past 12 months
  • 69% of IT professionals are not confident their data would be secure if perimeter defenses were breached
  • 66% of IT professionals say unauthorized users can access their networks and 16% believe unauthorized users have access to their entire networks
  • Of the 1,100 IT decision makers surveyed worldwide, 61% said their perimeter security systems (firewall, IDPS, AV, content filtering, anomaly detection, etc.) were very effective at keeping unauthorized users out of their network. However, 69% said they are not confident their organization’s data would be secure if their perimeter security was breached. This is up from 66% in 2015 and 59% in 2014. Furthermore, 66% believe unauthorized users can access their network and nearly two in five (16%) said unauthorized users could access their entire network.

    “This research shows that there is indeed a big divide between perception and reality when it comes to the effectiveness of perimeter security,” said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. “The days of breach prevention are over, yet many IT organizations continue to rely on perimeter security as the foundation of their security strategies. The new reality is that IT professionals need to shift their mindset from breach prevention to breach acceptance and focus more on securing the breach by protecting the data itself and the users accessing the data.”

    Perimeter security is a focus, but not a panacea for data breaches

    According to the research findings, 78% of IT decision makers said they had adjusted their strategies as a result of high profile data breaches, up from 71% in 2015 and up 53% in 2014. 86% said they had increased spending on perimeter security and 85% believe that their current investments are going to the right security technologies.

    Despite the increased focus on perimeter security, the findings show the reality many organizations face when it comes to preventing data breaches. 64% of those surveyed said their organizations experienced a breach at some time over the past five years. More than a quarter (27%) said they experienced a breach in the past 12 months, with a similar number of IT decision makers (30%) reporting the same frequency in 2015. This suggests that organizations have not made significant improvements in reducing the number of data breaches despite increased investments in perimeter security.

    “While companies are confident in the amount of spending and where they are spending it, it’s clear the security protocols they are employing are not living up to expectations. While protecting the perimeter is important, organizations need to come to the realization that they need a layered approach to security in the event the perimeter is breached. By employing tools such as end-to-end encryption and two-factor authentication across the network and the cloud, they can protect the whole organization and, most importantly, the data,” concluded Hart.

    Download the entire report.

    About the Survey

    Independent technology market research specialist Vanson Bourne surveyed 1,100 IT decision makers across the US, UK, France, Germany, Russia, India, Japan, Australia, Brazil, Benelux and the Middle East on behalf of Gemalto. The sample was split between Manufacturing, Healthcare, Financial Services, Government, Telecoms, Retail, Utilities, Consultation and Real Estate, Insurance and Legal, organizations with 250 to more than 5,000 employees.​

    Related Resources

    Infographic, Report, Country Data: Please click here.​

    About Gemalto

    Gemalto is the global leader in digital security, with 2015 annual revenues of €3.1 billion and customers in over 180 countries. We bring trust to an increasingly connected world.

    Our technologies and services enable businesses and governments to authenticate identities and protect data so they stay safe and enable services in personal devices, connected objects, the cloud and in between.

    Gemalto’s solutions are at the heart of modern life, from payment to enterprise security and the internet of things. We authenticate people, transactions and objects, encrypt data and create value for software – enabling our clients to deliver secure digital services for billions of individuals and things.

    Our 14,000+ employees operate out of 118 offices, 45 personalization and data centers, and 27 research and software development centers located in 49 countries.

    For more information visit www.gemalto.com, or follow @gemalto on Twitter.

    Juniper Networks Expands Portfolio with New EX Series Switches

    June 1st, 2016

    Juniper Networks (NYSE: JNPR), an industry leader in automated, scalable and secure networks, today announced two new Juniper Networks® EX Series access switches that are expected to enable secure, simplified management for campus and branch networks, regardless of size and complexity. The EX2300, an entry-level switch, and EX3400, a mid-range switch, offer new options for companies to leverage Juniper Networks Unite for a cloud-enabled enterprise, including Junos® Fusion Enterprise and Juniper Networks Virtual Chassis technology to streamline network provisioning through a single point of management. The new solutions are expected to also further Juniper’s Software-Defined Secure Networks (SDSN) framework by serving as additional enforcement points throughout the network.

    As part of Juniper Unite, an agile enterprise architecture that provides a simplified network infrastructure, the new EX2300 and EX3400 switches provide small and mid-market organizations with an easy-to-manage network solution, liberating overextended IT resources to concentrate on high-impact projects. The new access switches also give large enterprises greater flexibility needed to significantly scale operations and implement resource-intensive IT projects. These switches enhance the EX Series switching portfolio, offering customers more choice while maintaining the same Junos-based EX feature set, including the endpoint functionality for Junos Fusion Enterprise. Additionally, by building enforcement capabilities into these new switches, companies can stop potential security threats closer to where they originate and help the network defend itself.

    Announced last fall, Juniper Unite provides a foundation to build an agile and secure network for enterprises looking to quickly deploy cloud applications and services in a streamlined manner. This is done through cutting-edge switching, security and routing products as well as software technologies — including the switches announced today and third-party solutions through the Open Convergence Framework (OCF). As a part of Juniper Unite, Junos Fusion Enterprise, the industry’s highest scaling software-enabled switching architecture for campus environments, based on the IEEE 802.1BR industry standard, provides automated network configuration and simplified scalability to meet business needs while promoting intelligent, flexible cloud-enabled enterprise networks. Junos Fusion Enterprise allows customers to collapse multiple network layers, including an on-premises data center, into one simple, smart and flexible cloud-enabled enterprise network.

    News Highlights:

    EX2300 and EX2300-C Access Switch:

  • Cost-effective 1 Gigabit Ethernet (GbE) fixed configuration access switch: Features 10 GbE uplinks to support increased demand for bandwidth from cloud, rich media and video.
  • Junos Fusion Enterprise technology-ready: EX2300 and EX2300-C can be deployed as endpoints in a Junos Fusion Enterprise fabric allowing for unprecedented operational simplification.
  • Virtual Chassis with zero touch provisioning (ZTP): For smaller scale deployments, up to four EX2300 and EX2300-C can be combined in a Virtual Chassis configuration to simplify operations and ZTP shortens the time to production.
  • Simplified on box management: The J-Web on box management provides direct, easy management, configuration and troubleshooting through a web browser-based interface. Multiple EX2300 and EX2300-C switches can be seamlessly managed with Network Director, which delivers full lifecycle management for simplified network control and automation across a distributed enterprise.
  • Flexible deployment: The compact, silent fanless EX2300-C offers a flexible deployment option for open or quiet environments.
  • EX3400 Access Switch:

  • Feature-rich mid-range 1 GbE fixed configuration access switch: Includes 10 GbE and 40 GbE uplinks to meet the increased demand for bandwidth-hungry applications.
  • Built-in high availability: The EX3400 features redundant power supplies and fans to meet additional hardware redundancy requirements of mission-critical environments.
  • Junos Fusion Enterprise technology-ready: EX3400 can be deployed as endpoints in a Junos Fusion Enterprise fabric allowing for unprecedented operational simplification.
  • Virtual Chassis with zero touch provisioning (ZTP): For smaller scale deployments, up to 10 EX3400 switches can be combined in a Virtual Chassis configuration to simplify operations and ZTP shortens the time to production.
  • Secure and encrypted access: Media Access Control Security (MACsec) hardware encryption on 1 GbE and 10 GbE interfaces support enhanced security requirements of government, financial services or other security-critical enterprise environments.
  • Simplified on box management: The J-Web on box management provides direct, easy management, configuration and troubleshooting through a web browser-based interface. Multiple EX3400 switches can be seamlessly managed with Network Director, which delivers full lifecycle management for simplified network control and automation across a distributed enterprise.
  • The Juniper Networks Professional Services team and its authorized Professional Services Partners can provide network assessments, customer on-boarding, design, deployment, and education services to help enterprise customers evolve their network architectures to meet cloud-based application and services requirements. The EX2300 and EX3400 are covered by Juniper’s Enhanced Limited Lifetime Warranty (eLLW). Additionally, Juniper’s highly trained Professional Services Partners offer their own unique brand of service offerings to help customers better integrate Juniper technologies into their environments.

    Supporting Quotes

    “As enterprises of all sizes are undergoing major IT networking transformations, Juniper is committed to continuing to provide a solution that makes it easier to manage network operations. Expanding the Unite architecture with the new EX switches offers our customers more choice, flexibility and investment protection. These new platforms also support Junos Fusion Enterprise — empowering IT teams to spend less time provisioning and more time delivering an innovative IT experience — and, by serving as enforcement points throughout the network, they also enhance Juniper’s Software-Defined Secure Networks framework by keeping the network and its users secure.”
    – Jennifer Blatnik, vice president of cloud, security and enterprise portfolio marketing, Juniper Networks

    “At the City of Dublin, our focus is to expand the influence of our broadband community, aligning clear economic goals with our technology strategy. The design targets business benefits in a way that scales for intensity or geography. We initiated our 100-gigabit Dublink Transport plan in 2015, designed to retain, expand and attract businesses within a legacy Office Park. Increasing the City’s fiber capability will serve as an economic development driver and expand capabilities for primary and secondary education. To do this, we need a flexible, scalable, and simple network solution and Juniper Networks’ technology is a perfect fit for us. We look forward to continuing our relationship with Juniper and building out our small and medium sites with the EX Series for improved network operations.”
    – Doug McCollough, chief information officer, City of Dublin

    “Juniper’s Junos Fusion Enterprise technology, with its single chassis view of more than 100 switches and its configuration sync features, will transform our distributed networks by consolidating them into a single, secure, logical point of management, configuration and operation. Combined with its operational simplicity and the ability to extend powerful features from the core to access devices, Junos Fusion Enterprise gives us flexible migration options and massive scalability while protecting existing investments.”
    – Rafi Brenner, vice president of information technology, ForeScout Technologies Inc.

    “To meet our customers’ software-defined and cloud data center business objectives, we required a network architecture that’s flexible, scalable, simple to operate, and will support the full range of applications in use. Juniper Networks’ Junos Fusion brings unparalleled simplicity, scalability, and flexibility to the data center by flattening the network, including on-premises data centers, into one simple, smart and flexible cloud-enabled enterprise network. Customers benefit from a new level of agility within the data center, enabling them to rapidly deploy applications and services.”
    – David Magee, chief technology officer, Atrion Communication Resources

    “Juniper’s new EX Series access switches provide more choice to support growing campus and branch requirements. Users demand increased bandwidth, while IT desires ease of provisioning and management. The addition of MACsec encryption on the EX3400 meets the security needs of regulated environments (e.g. government and financial services), while general capabilities such as zero-touch provisioning and Virtual Chassis technology deliver ease of deployment. Additionally, these new EX switches provide the building blocks for customers looking to Junos Fusion Enterprise for a scale-out, simplified management architecture.”
    – Daniel Conde, analyst, Enterprise Strategy Group

    Additional Resources

    Blog: New Switches Speed Move to the Cloud by Matt Hurley, corporate vice president of global channels and field marketing, Juniper Networks

    Blog: Are You Ready to Simplify Your Operations? New EX Models Give You More Options to Deploy Junos Fusion Enterprise by Tarek Radwan, product marketing manager, enterprise campus and branch portfolio, Juniper Networks

    Blog: SMB and Midmarket Customers Looking for a Switch “Box”? Let Juniper Switches Simplify Your Network (Now with Two New Models!) by Tarek Radwan, product marketing manager, enterprise campus and branch portfolio, Juniper Networks

    Product Datasheets: EX2300, EX2300-C, and EX3400

    Ruckus Expands Wave 2 Portfolio with R510 and T710 APs

    June 1st, 2016

    New High-end Outdoor Access Point Delivers Cutting-edge Wi-Fi Performance; Mid-range Indoor Access Point Brings Wave 2 Performance to Mainstream Market

    May 31, 2016 – Ruckus Wireless™, Inc., now part of Brocade (NASDAQ: BRCD), today launched two new wireless access points (APs) and upgraded management software that double Wi-Fi client density and data rates over previous generations, while improving the wireless experience for retail, hospitality, education, enterprise and service provider customers.

    The new APs are based on the 802.11ac Wave 2 standard featuring multiple user-multiple input, multiple output (MU-MIMO) technology, which can simultaneously transmit multiple client streams to different devices on the same RF channel. Ruckus was first-to-market with Wave 2 APs in April 2015, and will now have the industry’s broadest Wave 2 portfolio. All Ruckus Wave 2 APs combine MU-MIMO with Ruckus’ patented BeamFlex+™ adaptive antenna technology and ChannelFly™ predictive channel selection to deliver the highest performance Wi-Fi possible, optimizing signals for every client and transmission.

    The new products include:

    Ruckus ZoneFlex™ T710 access point – An outdoor version of the industry-first Wave 2 R710 AP delivering multi-gigabit Wi-Fi performance and unprecedented client capacity. The T710 includes four dual-band antennas—utilizing BeamFlex+ adaptive antenna technology—along with interfaces for Ethernet and fiber backhaul, plus built-in GPS for ease of location and inventory management, making it a flexible platform for enterprise and service provider outdoor deployments.

    Ruckus ZoneFlex R510 access point – A Wave 2 version of Ruckus’ most popular indoor AP (R500). The R510 is a competitively priced AP for mid-market customers, featuring two dual-band anntennas (also utilizing BeamFlex+ technology) that combine MU-MIMO to service more devices with the highest efficiency. Unlike competing products that require expensive switch upgrades to accommodate higher power requirements, the R510 can work with existing 802.3af-capable Ethernet switches.

    Both APs can be managed by Ruckus ZoneDirector™ and SmartZone™ controllers. ZoneDirector and SmartZone are software platforms for managing wireless networks, including user access controls, guest networking functions, advanced Wi-Fi security and traffic management. As part of today’s announcement, Ruckus is upgrading SmartZone to version 3.4 with new features for self-optimizing Wi-Fi networks, remote network management, simplified installation of new APs, and Amazon Web Services support. Ruckus is also upgrading ZoneDirector to version 9.13 to enable even better network installation and management. Both platforms also now provide built-in support for Ruckus’ Smart Positioning Technology (SPoT™) location-based service and Cloudpath™ certificate-based security management software, user onboarding and policy access management software.

    “Wave 2 is quickly becoming the high-performance Wi-Fi standard, especially when combined with patented Ruckus innovations like BeamFlex+ technology,” said Greg Beach, vice president of product management, Ruckus Wireless Business Unit at Brocade. “The early adopters across retail, hospitality and education are seeing tremendous benefits as they rely on Smart Wi-Fi™ to engage customers, deliver services and run their businesses. With today’s new indoor and outdoor access points, we’re excited to take Wave 2 mainstream for any enterprise or service provider deployment.”

    “Ruckus’ new APs expand options for Wave 2 deployment across multiple industries,” said Mike Fratto, research director, Current Analysis. “Fast, reliable wireless is clearly becoming more business critical, and we expect Wave 2 systems will stimulate faster growth for Wi-Fi throughout 2016 and 2017.”

    Ruckus ZoneFlex APs are available through Ruckus’ global distribution network. The R510, T710, SmartZone 3.4, and ZoneDirector 9.13 are currently scheduled to be released in July.

    Keep up-to-date with Net-Ctrl

    Simply fill in the fields below to sign up for the Net-Ctrl Newsletter.

    Don't worry we only send it once a month.

    • New Solution Announcements
    • Latest Promotions
    • Links to some great content.