sales@net-ctrl.com
01473 281 211

Net-Ctrl Blog

Embracing Hybrid IT with Cloud Secure

September 29th, 2016

Organisations of all sizes, across all verticals are trying to take advantage of the latest tech while also looking for operating efficiencies. As current systems show their age, organisations have a choice to make; upgrade and maintain local systems, or subscribe to a cloud service which requires less maintenance and administration. Using Office 365’s success as an indicator, the migration is happening at a rapid pace.

While migration is happening in some areas, it doesn’t necessarily mean that everything will be migrated. Some applications such as unified communication tend to stay on-prem. Moreover, custom applications, which do not have a cloud app equivalent tend to stay on-prem. This means that a hybrid model is often needed.

Hybrid-IT-Model

What does the hybrid model mean for the key stakeholders, admins and end-users?

For the admin, it may mean less maintenance and administration, which is desired, but it can also mean less control and visibility.

For the end-user, this may mean added confusion and the need to learn a new set of steps to connect. With any change, users need to be educated and IT needs to be prepared to work with a 3rd party to address issues.

Traditional remote access customers have trusted Pulse Secure and now the power of Pulse Secure extends to the cloud. With the Cloud Secure functionality in Connect Secure, the features that make us the leader in Secure Access are now available for any cloud app.

Admins can ensure the same device compliance regardless of where the application lives. Even when users are accessing cloud apps, admins will have visibility into these connections without the need of monitoring each cloud app individually. For the end-user, connectivity is improved and there is no need to know if the app is on-prem or in the cloud. End-user experience is further enhanced since Secure Single Sign-On is used so new processes do not need to be learned.

The transition doesn’t have to be hard for admins or end-users. Let Pulse Secure help accelerate your transition to Hybrid IT.

To learn more visit https://www.pulsesecure.net/cloud-secure/.

By Ashur Kanoon – September 20, 2016. View the original article.

MOBOTIX Solutions Provide Added Value for Retail, Transportation and Perimeter Protection

September 29th, 2016

MOBOTIX, in collaboration with Konica Minolta, has developed a new security concept that offers the best possible perimeter protection.

The concept combines video and thermal technology from MOBOTIX in conjunction with the 3D laser scanner (3D LiDAR) from Konica Minolta. This combination of technologies makes it possible to better automatically analyze data collected from events. This provides the possibility to optimally limit events and represent them in three dimensions not only through the movement in the frames but also through defining distances between objects, object sizes and temperature.

MOBOTIX solution features integrated cash registers (POS) and camera-supported image and data analysis, which is suited specifically for the retail sector. This solution provides valuable additional information regarding cash transactions.

The thermal radiometry and event logic technologies make it possible to reliably monitor temperature; with the ability to prevent possible dangers ahead of time by monitoring critical processes used in industrial applications and infrastructures. The security solution from MOBOTIX is ideal for mobile deployment thanks to its robust design, tried-and-tested hemispheric camera technology, decentralised recording system and event logic.

Optimised Interface : New MxMC 1.3 Version

With the MxMC 1.3 Version, MOBOTIX has included a new device bar with a tree structure that provides users with a more structured overview, as well as the ability to more easily navigate between cameras and views. Another added feature is the capacity to mark any cameras or camera groups as favorites. In addition, this newly optimized version stands out by providing improved performance on both Windows and Mac OS X devices.

Fast, Simple Installation: Plug-And-Play Technology From MOBOTIX

MOBOTIX has developed two different plug-and-play solutions that make it fast and simple to commission the MOBOTIX system.

The two plug-and-play solutions, one of them being a Camera/NAS combination and the other a complete IP video system for the front door, are shipped preconfigured for easy installation. The pre-configuration supports standard applications of a video surveillance system and the IP Video Door Station. MOBOTIX relies on high-quality network storage systems from technology partners for the Camera/NAS combination such as Overland/Tandberg.

For more information, email sales@net-ctrl.com.

802.11ac and BeamFlex Are a Match Made In Heaven

September 28th, 2016

Which RF technology do you choose?

One of Ruckus’ strong benefits has always been BeamFlex™, their adaptive antenna solution. Instead of a general purpose omnidirectional antenna, Ruckus found that using an intelligent antenna design clients could receive a more reliable signal from the access point AND interference could be mitigated in areas to improve overall performance.

With the advent of 802.11ac, a standardised, chip-level transmit beamforming (TxBF) is supported. A popular misconception, spread by our competitors, is that TxBF accomplishes the same end goals as BeamFlex, rendering BeamFlex useless. They are wrong.

While the chip-level beamforming is beneficial, it does not provide the same benefit set as Ruckus BeamFlex. The 802.11ac standard TxBF is designed to address the issue of strengthening the client SNR through constructive interference. Based on feedback from client devices, TxBF involves minuscule adjustments to the timing (phase) of signals transmitted by the different radio chains of the AP.

However, to provide a maximised customer wireless experience, this is only half the story. With the Ruckus solutions, BeamFlex manipulates the electrical properties of the AP antennas in order to adaptively control the direction in which transmissions are sent from the AP. The software algorithm behind BeamFlex makes its antenna control decisions to optimise throughput on a packet-by-packet basis. Since BeamFlex ensures that signals are transmitted in directions that optimise throughput, it also means that signals are directed away from areas in the network where they would be seen as interference. In other words, BeamFlex delivers the added benefit of interference mitigation. This compounds any benefit you might get from an omnidirectional antenna that is typically used in competitive access points.

The assumption that the standard 802.11ac beamforming support obviates any benefit of BeamFlex is not correct. TxBF maximizes signal-to-noise at the client device by manipulating signal timing, whereas BeamFlex maximizes throughput by manipulating signal direction. These are very different and complimentary technologies.

So, what is the answer as to which technology to choose? Both!

View the original article by Richard Watson, Product Marketing Manager at Ruckus Wireless.

Adaptive and multi-factor authentication: What is the difference and what are the benefits?

September 23rd, 2016

Understand multi-factor authentication (MFA) but not adaptive authentication? Not sure where one term ends and the other begins? Keen to know what all adaptive noise is about? Read on…

MFA & adaptive authentication: what’s the difference?

Think of it like this: Adaptive authentication is an evolved form of MFA. It applies the principles of MFA, but instead of issuing blanket procedures for everyone to follow under all circumstances, it issues challenges intelligently instead, according to a predetermined risk model. This enables an organisation to apply precisely the right level of gateway security to each and every login request.

An adaptive system is purpose-built to measure the risk of a user’s login, along with their post-login activities, to determine the level of risk their access request poses to the business. Appropriate levels of authentication are then triggered to protect an organisation’s data, websites, portals, browsers and applications.

What are the benefits of adaptive authentication?

There are a variety of significant benefits that set adaptive authentication apart from traditional multi-factor authentication:

It optimises the user’s security experience.

None of us want our network experience to be inhibited by needlessly heavy-handed levels of authentication. At the same time, however, we all accept that some access requests require more security than others. Adaptive authentication enables precisely the most appropriate level of ‘friction’ to be applied to each and every access request. Looking beyond traditional binary authentication to adaptive risk-based solutions allows companies to maintain strong data security but not at the expense of usability.

It enables the IT department to embody an organisation’s risk policies.

An organisation can lock down its most sensitive gateways with strong multi-factor authentication, ensuring only those with network clearance can participate in the authentication process (blocking entry completely for everyone else). At the same time, unfettered access (or a weaker form of authentication like a username and password) can be applied when access to non-sensitive data is requested.

It solves the BYOD security headache.

In the age of BYOD, everyone wants to access corporate data remotely, from different devices.

Not only can adaptive authentication differentiate between different mobile devices (and their varying security vulnerabilities) it can also address the risks associated with the remote access networks used to connect to the corporate gateway. For example, if an employee uses a lower risk connection, like connecting their work-protected laptop to the corporate network while in the head office, an adaptive authentication platform could apply only a basic authentication challenge, such as a username and password. Should that employee switch to their personal smartphone, however, and attempt to connect beyond the network perimeter, via Starbucks public Wi-Fi, for example, an adaptive authentication platform would automatically recognise the increased in risk and apply a stronger authentication challenge before granting access, if indeed it grants it at all. All such scenarios can be planned for, assessed for risk, and dealt with accordingly.

It evolves in line with the evolution of the business.

With an adaptive authentication solution, the benefits of mobility and remote access can be harnessed without sacrificing security. Need to expand a remote workforce? No problem. The Board approves a new remote working policy? Great – let’s set the risk parameters and enable everyone to connect in the most convenient manner possible. Need to respond to an overseas cyber threat? Now you can do so precisely by locking down access requested that conform to a defining set of criteria, enabling the rest of the business to continue to function uninterrupted.

Who uses adaptive authentication?

Adaptive authentication has been successfully applied to verify the identity of access requestors across a variety of different sectors, particularly in government services and banking. As the popularity of the system increases, so too does the information gathered in order to provide a risk-of-fraud assessment. Information such as geo-locations, behavioural profiling and device profiling allow for an increasingly varied data range that is enabling adaptive authentication to become perpetually smarter and more efficient.

Keen to learn more? Check out our approach to adaptive authentication here.

Article taken from swivelsecure.com.

Brocade Achieves Leader Position in IHS 2016 WLAN Scorecard

September 23rd, 2016

IHS Selected WLAN Provider Ruckus Wireless, Now Part of Brocade, Due to Its Top Revenue Performance for Enterprise WLAN Infrastructure

Brocade has announced the company has achieved leader status in the IHS Markit Wireless LAN Infrastructure Vendor Scorecard – 2016 for Ruckus Wireless‘ significant presence in the market and fast-paced momentum in wireless LAN growth. Brocade acquired Ruckus Wireless in May 2016, and Ruckus now operates as a business unit within Brocade. Prior to the acquisition, Ruckus was already the largest standalone vendor of WLAN products.

According to IHS, “Due to market consolidation, the WLAN vendor landscape has bifurcated into end-to-end networking providers that can address the whole range of enterprise networking requirements and specialists that focus on a particular niche or new ways of solving old problems. The leaders—Brocade, Cisco, and HPE Aruba—are end-to-end networking providers that compete broadly in all segments of the market, leveraging the completeness of their portfolio and their installed bases.”

“Brocade is honored to be recognized as a leader in the IHS Markit WLAN Scorecard,” said Dan Rabinovitsj, chief operating officer, Ruckus Wireless business unit at Brocade. “We continue to offer our customers high-performing wireless technology, and the recognition by IHS further validates the considerable steps we’ve taken this year in the enterprise WLAN infrastructure market—a market that many forecast will continue to experience growth due to the rise in Internet traffic and next-gen connected devices. We look forward to further supporting our customers’ WLAN needs.”

Brocade now offers a broad range of indoor and outdoor WLAN access points with Ruckus BeamFlex™ technology, which delivers strong performance and one of the industry’s most comprehensive choices of architectures—physical controller appliance, virtual controller appliance, cloud and controller-less—built on the ZoneDirector™ and SmartZone™ platforms. With the third-highest market share of all WLAN vendors, Brocade continues to offer strong support to its customers to deploy more agile network architectures.

To read more about Brocade’s leadership position in the IHS Markit Wireless LAN Infrastructure Vendor Scorecard, download a complimentary copy of the report.

Gemalto releases findings of first half 2016 Breach Level Index

September 20th, 2016

Data breaches up 15% and compromised data records up 31% compared to previous six months. Identity and personal data theft account for 64% of all data breaches. Healthcare organizations account for nearly one-third of all data breaches.

Gemalto, the world leader in digital security, today released the findings of the Breach Level Index revealing that data breaches increased 15% in the first six months of 2016 compared to the last six months of 2015. Worldwide, there were 974 reported data breaches and more than 554 million compromised data records in the first half of 2016, compared to 844 data breaches and 424 million compromised data records in the previous six months. In addition, 52% percent of the data breaches in the first half of this year did not disclose the number of compromised records at the time they were reported.

The Breach Level Index is a global database that tracks data breaches and measures their severity based on multiple dimensions, including the number of records compromised, the type of data, the source of the breach, how the data was used, and whether or not the data was encrypted. By assigning a severity score to each breach, the Breach Level Index provides a comparative list of breaches, distinguishing data breaches that are a not serious versus those that are truly impactful.

According to the Breach Level Index, more than 4.8 billion data records have been exposed since 2013 when the index began benchmarking publicly disclosed data breaches. For the first six months of 2016, identity theft was the leading type of data breach, accounting for 64% of all data breaches, up from 53% in the previous six months. Malicious outsiders were the leading source of data breaches, accounting for 69% of breaches, up from 56% in the previous six months.

“Over the past twelve months hackers have continued to go after both low hanging fruit and unprotected sensitive personal data that can be used to steal identities,” Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. “The theft of user names and account affiliation may be irritating for consumers, but the failure of organizations to protect sensitive personal information and identities is a growing problem that will have implications for consumer confidence in the digital services and companies they entrust with their personal data.”

Across industries, the healthcare industry accounted for 27% of data breaches and saw its number of data breaches increase 25% compared to the previous six months. However, healthcare represented just 5% of compromised data records versus 12% in the previous six months. Government accounted for 14% of all data breaches, which was the same as the previous six months, but represented 57% of compromised records. Financial services companies accounted for 12% of all data breaches, a 4% decline compared to previous six months, but accounted for just 2% of compromised data records. Retail accounted for 11% of data breaches, and declined 6% versus the previous six months, and accounted for 3% of compromised data records. Education accounted for 11% of data breaches and represented less than one percent of all compromised records. All other industries represented 16% of data breaches and 16% of compromised data records.

In terms of top three geographic regions for reported data breaches, 79% were in North America, 9% were in Europe, and 8% were in Asia-Pacific.

Breach Level Index: Understanding That Not All Data Breaches Are Equal in Severity

As data breaches continue to grow in frequency and size, it is becoming more difficult for consumers, government regulatory agencies and companies to distinguish between nuisance data breaches and truly impactful mega breaches,” said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. “News reports fail to make these distinctions, but they are important to understand because each have different consequences. A breach involving 100 million user names is not as severe as a breach of one million accounts with social security numbers and other personally identifiable information that are used for financial gain.”

“In this increasingly digital world, companies, organizations and governments are storing greater and greater amounts of data that has varying levels of sensitivity. At the same time, it is clear that data breaches are going to happen and that companies need to shift from a total reliance on breach prevention to strategies that help them secure the breach. That is why more focus needs to be understanding what really constitutes sensitive data, where it is stored, and using the best means to defend it. At the end of the day, the best way to protect data is to kill it. That means ensuring user credentials are secured with strong authentication and sensitive data is protected with encryption so it is useless to the thieves.”

For a full summary of data breach incidents by industry, source, type and geographic region, download the H1 2016 Breach Level Index Report.

Related Resources
Infographic: H1 2016 Breach Level Index
Web Site: Breach Level Index
Blog Post: 2016 Data Breach Statistics
White Paper: Secure the Breach Manifesto
Web Site: Secure the Breach

Not All Next-Generation Firewalls Are Created Equal

August 9th, 2016

As cybersecurity threats increase in sophistication, the security solutions used to defend against these threats must also evolve. Developers no longer adhere to standard port/protocol/application mapping; applications are capable of operating on non-standard ports, as well as port hopping; and users are able to force applications to run over non-standard ports, rendering first-generation firewalls ineffective in today’s threat environment. Enter the “next-generation firewall” (NGFW), the next stage of firewall and intrusion prevention systems (IPS) technology.

A common understanding of an NGFW is a network platform that combines the traditional firewall functionalities with IPS and application control. However, merely bundling traditional firewalls with IPS and application control does not result in an NGFW. A true NGFW emphasizes native integration, classifies traffic based on applications rather than ports, performs a deep inspection of traffic and blocks attacks before a network can be infiltrated. Here is a list of key features of a true NGFW to better inform your next purchase decision.

Identify and control applications and functions on all ports, all the time

An NGFW should identify traffic on all ports at all times, and classify each application, while monitoring for changes that may indicate when an unpermitted function is being used. For example, using Citrix GoToMeeting for desktop sharing is permitted but allowing an external user to take control is not.

Identify users regardless of device or IP address

Knowing who is using which applications on the network, and who is transferring files that may contain threats, strengthens an organization’s security policies and reduces incident response times. An NGFW must get user identity from multiple sources – such as VPN solutions, WLAN controllers and directory servers – and allow policies that safely enable applications based on users, or groups of users, in outbound or inbound directions.

Identify and control security evasion tactics

There are two different classes of applications that evade security policies: applications that are designed to evade security, like external proxies and non-VPN-related encrypted tunnels (e.g., CGIProxy), and those that can be adapted to achieve the same goal such as remote server/desktop management tools (e.g., TeamViewer). An NGFW must have specific techniques that identify and control all applications, regardless of port, protocol, encryption or other evasive tactics and know how often that firewall’s application intelligence is updated and maintained.

Decrypt and inspect SSL and control SSH

An NGFW should be able to recognize and decrypt SSL and SSH on any port, inbound or outbound; have policy control over decryption; and offer the necessary hardware and software elements to perform SSL decryption simultaneously across tens of thousands of SSL connections with predictable performance.

Systematically manage unknown traffic

Unknown traffic represents significant risks and is highly correlated to threats that move along the network. An NGFW must classify and manage all traffic on all ports in one location and quickly analyze the traffic, known and unknown, to determine if it’s an internal/custom application, a commercial application without a signature, or a threat.

Protect the network against known and unknown threats in all applications and on all ports

Applications enable businesses, but they also act as a cyberthreat vector, supporting technologies that are frequent targets for exploits. An NGFW must first identify the application, determine the functions that should be permitted or blocked, and protect the organization from known and unknown threats, exploits, viruses/malware or spyware. This must be done automatically with near-real time updates to protect from newly discovered threats globally.

Deliver consistent policy control over all traffic, regardless of user location or device type

An NGFW should provide consistent visibility and control over traffic, regardless of where the user is and what device is being used, without introducing performance latency for the user, additional work for the administrator, or significant cost for the organization.

Simplify network security

To simplify and effectively manage already overloaded security processes and people, an NGFW must enable easy translation of your business policy to your security rules. This will allow policies that directly support business initiatives.

Perform computationally intensive tasks without impacting performance

An increase in security features often means significantly lower throughput and performance. An NGFW should deliver visibility and control including content scanning, which is computationally intensive, in high-throughput networks with little tolerance for latency.

Deliver the same firewall functions in both a hardware and virtualized form factor

Virtualization and cloud computing environments introduce new security challenges, including inconsistent functionality, disparate management and a lack of integration points. An NGFW must provide flexibility and in-depth integration with virtual data centers in private and public cloud environments to streamline the creation of application-centric policies.

To learn more about what features a NGFW must have to safely enable applications and organizations, read the 10 Things Your Next Firewall Must Do white paper.

POSTED BY: Eila Shargh on August 8, 2016 on Palo Alto Network Research Portal

Palo Alto Networks Raises the Bar for Endpoint Security

August 8th, 2016

Palo Alto Networks®, the next-generation security company, announced new functionality, including significant machine learning capabilities for real-time unknown malware prevention, to its Traps™ advanced endpoint protection offering. These updates further strengthen the malware and exploit prevention capabilities of Traps and alleviate the need for legacy antivirus products to protect endpoints, such as laptops, servers and VDI instances.

Many organisations deploy a number of security products and software agents on their endpoint systems, including one or more traditional antivirus products. Nevertheless, cyber breaches continue to increase in frequency, variety and sophistication. Traditional antivirus products struggle to keep pace and invariably fail to prevent these attacks on endpoints.

An alternative to legacy antivirus point products, Traps uniquely combines the most effective, purpose-built malware and exploit detection methods to prevent known and unknown threats before they can successfully compromise an endpoint. By focusing on detecting and blocking the techniques at the core of these attacks, Traps can prevent sophisticated, targeted and never-before-seen attacks.

As a component of the Palo Alto Networks Next-Generation Security Platform, a natively integrated and automated platform designed to safely enable applications and prevent cyber breaches, Traps both shares with and receives threat intelligence information from the Palo Alto Networks WildFire™ cloud-based malware analysis environment. Threat intelligence information is passed to WildFire by each component of the security platform, and Traps uses this information to block threats on the endpoint no matter where they originated.

The new functionality announced today, which includes static analysis via machine learning and trusted publisher capabilities, will allow Traps to detect and immediately prevent malware that has never been seen.

Quotes

“The sophistication and frequency of cyberattacks are growing too quickly for legacy antivirus tools that rely on malware signatures to keep pace. The Palo Alto Networks Traps offering takes an innovative approach to endpoint security, keeping endpoints more secure despite a growing landscape of cyberthreats and reducing the resources required by IT teams to track and install security patches.”

Rob Westervelt, research manager, Security Products, IDC

“Antivirus point products give organisations a false sense of security, because while they technically make users compliant with regulatory and corporate governance requirements, they do not protect against today’s advanced cyberthreats. To do that, organisations must adopt a cybersecurity platform that prevents malware from infiltrating the enterprise at any point, including the endpoint, even if it has never been seen before.”

Lee Klarich, executive vice president, Product Management, Palo Alto Networks

The latest version of Traps, version 3.4, will be available by the end of August on the Palo Alto Networks Support Portal and will include the following updates:

  • Static analysis via machine learning examines hundreds of characteristics of a file to determine if it is malware. Threat intelligence available through the Palo Alto Networks WildFire subscription is used to train a machine learning model to recognise malware, especially previously unknown variants, with unmatched effectiveness and accuracy. This new functionality allows Traps to rapidly determine if a file should be allowed to run even before receiving a verdict from WildFire.
  • Trusted publisher identification allows organisations to automatically and immediately identify new executable files published by trusted and reputable software publishers. These executable files are allowed to run, cutting down on unnecessary analysis and allowing them to execute without delay or impact to the user.
  • Quarantine of malicious executables immediately removes malicious files and prevents further propagation or execution attempts of the files.
  • Grayware classification allows enterprises to identify non-malicious, but otherwise undesirable, software and prevent it from running in their environment.
  • Learn More

  • Read the Traps 3.4 blog post
  • Register for the upcoming webinar, Protect Yourself From Antivirus
  • Read the white paper, Protect Yourself From Antivirus
  • Palo Alto Networks Traps Advanced Endpoint Protection
  • Palo Alto Networks WildFire Cloud-Based Malware Analysis Environment
  • Palo Alto Networks Next-Generation Security Platform
  • View the original article at Palo Alto Networks.

    New Structure at Net-Ctrl

    July 28th, 2016

    Net-Ctrl has been going through a period of change over the last few months. As many of you will be aware the business was previously co-owned by Tony Pullon and Lee Georgio. Tony has now left the business, and we wish him a great Summer break and thank him for his years of dedication.

    The departure has bought change to Net-Ctrl, below is our revised senior management team structure:

  • Lee Georgio – Director
  • Lesley Cook – Finance and Office Manager
  • Mark Power – Major Accounts Sales Manager
  • Josh Moore – Marketing and Internal Sales Manager
  • Carol Gorman – Renewals and Major Accounts Sales Manager
  • In addition to those listed above we have our internal and external sales and technical teams.

    We’re all very excited about what the future holds for Net-Ctrl, and we are all dedicated more than ever to delivering great solutions and services to our customers.

    Following the changes, if you’re unsure who your account manager is please contact josh.moore@net-ctrl.com.

    We wish you all a great Summer.

    No Brexcuses: GDPR preparations must continue

    July 28th, 2016

    Whether or not you voted for Brexit, whether or not you believe it’s a done deal, there’s one thing post-referendum that surely isn’t up for debate. For British companies wanting to trade with Europe, the bureaucracy of Brussels isn’t going away. And that particularly applies to data protection. Some business people may well have heaved a sigh of relief on June 24th at the thought that GDPR (General Data Protection Regulation) the tough new European data protection regulation that was adopted in April 2016 and comes into force in May 2018 would no longer apply in the UK. That idea was based on the premise that the important thing is where the data is stored.

    Unfortunately, that’s not true under GDPR. What matters is whether the data concerns EU citizens, irrespective of where it is stored. Current UK data protection legislation comes from the Data Protection Act 1998, based on the 1995 Data Protection Directive. That will be superseded in Europe by GDPR less than two years from now. In other words, even if Article 50 were notified right now, GDPR would come into force before the Article 50 two-year post notification period runs out. Because GDPR is a Regulation and not a Directive, it does not require enabling national legislation to become law. That means it will apply in the United Kingdom, whether we like it or not. Even once Brexit is fully negotiated and implemented the chances are that the UK will either have to comply with GDPR or implement data protection legislation of its own that the EU deems adequate (i.e. the same or very similar) if it wishes to keep trading with the European Union. This is likely to be equally applicable to the Network and Information Security Directive which has until May 2018 to be implemented in national law.

    So, if UK businesses have any ambition to continue selling to European customers, viewing Brexit as an opportunity to side-step data protection obligations is a serious mistake. Despite the GDPR’s short term disruption, the regulation is likely to have a positive impact on data security industry. It will accelerate the modernisation of Europe’s data security practices and enforce consistency of approach between EU member states. Nonetheless, it will require European business of all sizes to take a very close look at their security, including those in the UK. From both commercial and practical perspectives, preparations must continue. Regardless of what you make of either Brexit or the GDPR, businesses in the UK have no choice but to keep pace with the regulation.

    Original post by Swivel Secure. View original post.

    Net-Ctrl Blog - mobile

    Embracing Hybrid IT with Cloud Secure

    September 29th, 2016

    Organisations of all sizes, across all verticals are trying to take advantage of the latest tech while also looking for operating efficiencies. As current systems show their age, organisations have a choice to make; upgrade and maintain local systems, or subscribe to a cloud service which requires less maintenance and administration. Using Office 365’s success as an indicator, the migration is happening at a rapid pace.

    While migration is happening in some areas, it doesn’t necessarily mean that everything will be migrated. Some applications such as unified communication tend to stay on-prem. Moreover, custom applications, which do not have a cloud app equivalent tend to stay on-prem. This means that a hybrid model is often needed.

    Hybrid-IT-Model

    What does the hybrid model mean for the key stakeholders, admins and end-users?

    For the admin, it may mean less maintenance and administration, which is desired, but it can also mean less control and visibility.

    For the end-user, this may mean added confusion and the need to learn a new set of steps to connect. With any change, users need to be educated and IT needs to be prepared to work with a 3rd party to address issues.

    Traditional remote access customers have trusted Pulse Secure and now the power of Pulse Secure extends to the cloud. With the Cloud Secure functionality in Connect Secure, the features that make us the leader in Secure Access are now available for any cloud app.

    Admins can ensure the same device compliance regardless of where the application lives. Even when users are accessing cloud apps, admins will have visibility into these connections without the need of monitoring each cloud app individually. For the end-user, connectivity is improved and there is no need to know if the app is on-prem or in the cloud. End-user experience is further enhanced since Secure Single Sign-On is used so new processes do not need to be learned.

    The transition doesn’t have to be hard for admins or end-users. Let Pulse Secure help accelerate your transition to Hybrid IT.

    To learn more visit https://www.pulsesecure.net/cloud-secure/.

    By Ashur Kanoon – September 20, 2016. View the original article.

    MOBOTIX Solutions Provide Added Value for Retail, Transportation and Perimeter Protection

    September 29th, 2016

    MOBOTIX, in collaboration with Konica Minolta, has developed a new security concept that offers the best possible perimeter protection.

    The concept combines video and thermal technology from MOBOTIX in conjunction with the 3D laser scanner (3D LiDAR) from Konica Minolta. This combination of technologies makes it possible to better automatically analyze data collected from events. This provides the possibility to optimally limit events and represent them in three dimensions not only through the movement in the frames but also through defining distances between objects, object sizes and temperature.

    MOBOTIX solution features integrated cash registers (POS) and camera-supported image and data analysis, which is suited specifically for the retail sector. This solution provides valuable additional information regarding cash transactions.

    The thermal radiometry and event logic technologies make it possible to reliably monitor temperature; with the ability to prevent possible dangers ahead of time by monitoring critical processes used in industrial applications and infrastructures. The security solution from MOBOTIX is ideal for mobile deployment thanks to its robust design, tried-and-tested hemispheric camera technology, decentralised recording system and event logic.

    Optimised Interface : New MxMC 1.3 Version

    With the MxMC 1.3 Version, MOBOTIX has included a new device bar with a tree structure that provides users with a more structured overview, as well as the ability to more easily navigate between cameras and views. Another added feature is the capacity to mark any cameras or camera groups as favorites. In addition, this newly optimized version stands out by providing improved performance on both Windows and Mac OS X devices.

    Fast, Simple Installation: Plug-And-Play Technology From MOBOTIX

    MOBOTIX has developed two different plug-and-play solutions that make it fast and simple to commission the MOBOTIX system.

    The two plug-and-play solutions, one of them being a Camera/NAS combination and the other a complete IP video system for the front door, are shipped preconfigured for easy installation. The pre-configuration supports standard applications of a video surveillance system and the IP Video Door Station. MOBOTIX relies on high-quality network storage systems from technology partners for the Camera/NAS combination such as Overland/Tandberg.

    For more information, email sales@net-ctrl.com.

    802.11ac and BeamFlex Are a Match Made In Heaven

    September 28th, 2016

    Which RF technology do you choose?

    One of Ruckus’ strong benefits has always been BeamFlex™, their adaptive antenna solution. Instead of a general purpose omnidirectional antenna, Ruckus found that using an intelligent antenna design clients could receive a more reliable signal from the access point AND interference could be mitigated in areas to improve overall performance.

    With the advent of 802.11ac, a standardised, chip-level transmit beamforming (TxBF) is supported. A popular misconception, spread by our competitors, is that TxBF accomplishes the same end goals as BeamFlex, rendering BeamFlex useless. They are wrong.

    While the chip-level beamforming is beneficial, it does not provide the same benefit set as Ruckus BeamFlex. The 802.11ac standard TxBF is designed to address the issue of strengthening the client SNR through constructive interference. Based on feedback from client devices, TxBF involves minuscule adjustments to the timing (phase) of signals transmitted by the different radio chains of the AP.

    However, to provide a maximised customer wireless experience, this is only half the story. With the Ruckus solutions, BeamFlex manipulates the electrical properties of the AP antennas in order to adaptively control the direction in which transmissions are sent from the AP. The software algorithm behind BeamFlex makes its antenna control decisions to optimise throughput on a packet-by-packet basis. Since BeamFlex ensures that signals are transmitted in directions that optimise throughput, it also means that signals are directed away from areas in the network where they would be seen as interference. In other words, BeamFlex delivers the added benefit of interference mitigation. This compounds any benefit you might get from an omnidirectional antenna that is typically used in competitive access points.

    The assumption that the standard 802.11ac beamforming support obviates any benefit of BeamFlex is not correct. TxBF maximizes signal-to-noise at the client device by manipulating signal timing, whereas BeamFlex maximizes throughput by manipulating signal direction. These are very different and complimentary technologies.

    So, what is the answer as to which technology to choose? Both!

    View the original article by Richard Watson, Product Marketing Manager at Ruckus Wireless.

    Adaptive and multi-factor authentication: What is the difference and what are the benefits?

    September 23rd, 2016

    Understand multi-factor authentication (MFA) but not adaptive authentication? Not sure where one term ends and the other begins? Keen to know what all adaptive noise is about? Read on…

    MFA & adaptive authentication: what’s the difference?

    Think of it like this: Adaptive authentication is an evolved form of MFA. It applies the principles of MFA, but instead of issuing blanket procedures for everyone to follow under all circumstances, it issues challenges intelligently instead, according to a predetermined risk model. This enables an organisation to apply precisely the right level of gateway security to each and every login request.

    An adaptive system is purpose-built to measure the risk of a user’s login, along with their post-login activities, to determine the level of risk their access request poses to the business. Appropriate levels of authentication are then triggered to protect an organisation’s data, websites, portals, browsers and applications.

    What are the benefits of adaptive authentication?

    There are a variety of significant benefits that set adaptive authentication apart from traditional multi-factor authentication:

    It optimises the user’s security experience.

    None of us want our network experience to be inhibited by needlessly heavy-handed levels of authentication. At the same time, however, we all accept that some access requests require more security than others. Adaptive authentication enables precisely the most appropriate level of ‘friction’ to be applied to each and every access request. Looking beyond traditional binary authentication to adaptive risk-based solutions allows companies to maintain strong data security but not at the expense of usability.

    It enables the IT department to embody an organisation’s risk policies.

    An organisation can lock down its most sensitive gateways with strong multi-factor authentication, ensuring only those with network clearance can participate in the authentication process (blocking entry completely for everyone else). At the same time, unfettered access (or a weaker form of authentication like a username and password) can be applied when access to non-sensitive data is requested.

    It solves the BYOD security headache.

    In the age of BYOD, everyone wants to access corporate data remotely, from different devices.

    Not only can adaptive authentication differentiate between different mobile devices (and their varying security vulnerabilities) it can also address the risks associated with the remote access networks used to connect to the corporate gateway. For example, if an employee uses a lower risk connection, like connecting their work-protected laptop to the corporate network while in the head office, an adaptive authentication platform could apply only a basic authentication challenge, such as a username and password. Should that employee switch to their personal smartphone, however, and attempt to connect beyond the network perimeter, via Starbucks public Wi-Fi, for example, an adaptive authentication platform would automatically recognise the increased in risk and apply a stronger authentication challenge before granting access, if indeed it grants it at all. All such scenarios can be planned for, assessed for risk, and dealt with accordingly.

    It evolves in line with the evolution of the business.

    With an adaptive authentication solution, the benefits of mobility and remote access can be harnessed without sacrificing security. Need to expand a remote workforce? No problem. The Board approves a new remote working policy? Great – let’s set the risk parameters and enable everyone to connect in the most convenient manner possible. Need to respond to an overseas cyber threat? Now you can do so precisely by locking down access requested that conform to a defining set of criteria, enabling the rest of the business to continue to function uninterrupted.

    Who uses adaptive authentication?

    Adaptive authentication has been successfully applied to verify the identity of access requestors across a variety of different sectors, particularly in government services and banking. As the popularity of the system increases, so too does the information gathered in order to provide a risk-of-fraud assessment. Information such as geo-locations, behavioural profiling and device profiling allow for an increasingly varied data range that is enabling adaptive authentication to become perpetually smarter and more efficient.

    Keen to learn more? Check out our approach to adaptive authentication here.

    Article taken from swivelsecure.com.

    Brocade Achieves Leader Position in IHS 2016 WLAN Scorecard

    September 23rd, 2016

    IHS Selected WLAN Provider Ruckus Wireless, Now Part of Brocade, Due to Its Top Revenue Performance for Enterprise WLAN Infrastructure

    Brocade has announced the company has achieved leader status in the IHS Markit Wireless LAN Infrastructure Vendor Scorecard – 2016 for Ruckus Wireless‘ significant presence in the market and fast-paced momentum in wireless LAN growth. Brocade acquired Ruckus Wireless in May 2016, and Ruckus now operates as a business unit within Brocade. Prior to the acquisition, Ruckus was already the largest standalone vendor of WLAN products.

    According to IHS, “Due to market consolidation, the WLAN vendor landscape has bifurcated into end-to-end networking providers that can address the whole range of enterprise networking requirements and specialists that focus on a particular niche or new ways of solving old problems. The leaders—Brocade, Cisco, and HPE Aruba—are end-to-end networking providers that compete broadly in all segments of the market, leveraging the completeness of their portfolio and their installed bases.”

    “Brocade is honored to be recognized as a leader in the IHS Markit WLAN Scorecard,” said Dan Rabinovitsj, chief operating officer, Ruckus Wireless business unit at Brocade. “We continue to offer our customers high-performing wireless technology, and the recognition by IHS further validates the considerable steps we’ve taken this year in the enterprise WLAN infrastructure market—a market that many forecast will continue to experience growth due to the rise in Internet traffic and next-gen connected devices. We look forward to further supporting our customers’ WLAN needs.”

    Brocade now offers a broad range of indoor and outdoor WLAN access points with Ruckus BeamFlex™ technology, which delivers strong performance and one of the industry’s most comprehensive choices of architectures—physical controller appliance, virtual controller appliance, cloud and controller-less—built on the ZoneDirector™ and SmartZone™ platforms. With the third-highest market share of all WLAN vendors, Brocade continues to offer strong support to its customers to deploy more agile network architectures.

    To read more about Brocade’s leadership position in the IHS Markit Wireless LAN Infrastructure Vendor Scorecard, download a complimentary copy of the report.

    Gemalto releases findings of first half 2016 Breach Level Index

    September 20th, 2016

    Data breaches up 15% and compromised data records up 31% compared to previous six months. Identity and personal data theft account for 64% of all data breaches. Healthcare organizations account for nearly one-third of all data breaches.

    Gemalto, the world leader in digital security, today released the findings of the Breach Level Index revealing that data breaches increased 15% in the first six months of 2016 compared to the last six months of 2015. Worldwide, there were 974 reported data breaches and more than 554 million compromised data records in the first half of 2016, compared to 844 data breaches and 424 million compromised data records in the previous six months. In addition, 52% percent of the data breaches in the first half of this year did not disclose the number of compromised records at the time they were reported.

    The Breach Level Index is a global database that tracks data breaches and measures their severity based on multiple dimensions, including the number of records compromised, the type of data, the source of the breach, how the data was used, and whether or not the data was encrypted. By assigning a severity score to each breach, the Breach Level Index provides a comparative list of breaches, distinguishing data breaches that are a not serious versus those that are truly impactful.

    According to the Breach Level Index, more than 4.8 billion data records have been exposed since 2013 when the index began benchmarking publicly disclosed data breaches. For the first six months of 2016, identity theft was the leading type of data breach, accounting for 64% of all data breaches, up from 53% in the previous six months. Malicious outsiders were the leading source of data breaches, accounting for 69% of breaches, up from 56% in the previous six months.

    “Over the past twelve months hackers have continued to go after both low hanging fruit and unprotected sensitive personal data that can be used to steal identities,” Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. “The theft of user names and account affiliation may be irritating for consumers, but the failure of organizations to protect sensitive personal information and identities is a growing problem that will have implications for consumer confidence in the digital services and companies they entrust with their personal data.”

    Across industries, the healthcare industry accounted for 27% of data breaches and saw its number of data breaches increase 25% compared to the previous six months. However, healthcare represented just 5% of compromised data records versus 12% in the previous six months. Government accounted for 14% of all data breaches, which was the same as the previous six months, but represented 57% of compromised records. Financial services companies accounted for 12% of all data breaches, a 4% decline compared to previous six months, but accounted for just 2% of compromised data records. Retail accounted for 11% of data breaches, and declined 6% versus the previous six months, and accounted for 3% of compromised data records. Education accounted for 11% of data breaches and represented less than one percent of all compromised records. All other industries represented 16% of data breaches and 16% of compromised data records.

    In terms of top three geographic regions for reported data breaches, 79% were in North America, 9% were in Europe, and 8% were in Asia-Pacific.

    Breach Level Index: Understanding That Not All Data Breaches Are Equal in Severity

    As data breaches continue to grow in frequency and size, it is becoming more difficult for consumers, government regulatory agencies and companies to distinguish between nuisance data breaches and truly impactful mega breaches,” said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. “News reports fail to make these distinctions, but they are important to understand because each have different consequences. A breach involving 100 million user names is not as severe as a breach of one million accounts with social security numbers and other personally identifiable information that are used for financial gain.”

    “In this increasingly digital world, companies, organizations and governments are storing greater and greater amounts of data that has varying levels of sensitivity. At the same time, it is clear that data breaches are going to happen and that companies need to shift from a total reliance on breach prevention to strategies that help them secure the breach. That is why more focus needs to be understanding what really constitutes sensitive data, where it is stored, and using the best means to defend it. At the end of the day, the best way to protect data is to kill it. That means ensuring user credentials are secured with strong authentication and sensitive data is protected with encryption so it is useless to the thieves.”

    For a full summary of data breach incidents by industry, source, type and geographic region, download the H1 2016 Breach Level Index Report.

    Related Resources
    Infographic: H1 2016 Breach Level Index
    Web Site: Breach Level Index
    Blog Post: 2016 Data Breach Statistics
    White Paper: Secure the Breach Manifesto
    Web Site: Secure the Breach

    Not All Next-Generation Firewalls Are Created Equal

    August 9th, 2016

    As cybersecurity threats increase in sophistication, the security solutions used to defend against these threats must also evolve. Developers no longer adhere to standard port/protocol/application mapping; applications are capable of operating on non-standard ports, as well as port hopping; and users are able to force applications to run over non-standard ports, rendering first-generation firewalls ineffective in today’s threat environment. Enter the “next-generation firewall” (NGFW), the next stage of firewall and intrusion prevention systems (IPS) technology.

    A common understanding of an NGFW is a network platform that combines the traditional firewall functionalities with IPS and application control. However, merely bundling traditional firewalls with IPS and application control does not result in an NGFW. A true NGFW emphasizes native integration, classifies traffic based on applications rather than ports, performs a deep inspection of traffic and blocks attacks before a network can be infiltrated. Here is a list of key features of a true NGFW to better inform your next purchase decision.

    Identify and control applications and functions on all ports, all the time

    An NGFW should identify traffic on all ports at all times, and classify each application, while monitoring for changes that may indicate when an unpermitted function is being used. For example, using Citrix GoToMeeting for desktop sharing is permitted but allowing an external user to take control is not.

    Identify users regardless of device or IP address

    Knowing who is using which applications on the network, and who is transferring files that may contain threats, strengthens an organization’s security policies and reduces incident response times. An NGFW must get user identity from multiple sources – such as VPN solutions, WLAN controllers and directory servers – and allow policies that safely enable applications based on users, or groups of users, in outbound or inbound directions.

    Identify and control security evasion tactics

    There are two different classes of applications that evade security policies: applications that are designed to evade security, like external proxies and non-VPN-related encrypted tunnels (e.g., CGIProxy), and those that can be adapted to achieve the same goal such as remote server/desktop management tools (e.g., TeamViewer). An NGFW must have specific techniques that identify and control all applications, regardless of port, protocol, encryption or other evasive tactics and know how often that firewall’s application intelligence is updated and maintained.

    Decrypt and inspect SSL and control SSH

    An NGFW should be able to recognize and decrypt SSL and SSH on any port, inbound or outbound; have policy control over decryption; and offer the necessary hardware and software elements to perform SSL decryption simultaneously across tens of thousands of SSL connections with predictable performance.

    Systematically manage unknown traffic

    Unknown traffic represents significant risks and is highly correlated to threats that move along the network. An NGFW must classify and manage all traffic on all ports in one location and quickly analyze the traffic, known and unknown, to determine if it’s an internal/custom application, a commercial application without a signature, or a threat.

    Protect the network against known and unknown threats in all applications and on all ports

    Applications enable businesses, but they also act as a cyberthreat vector, supporting technologies that are frequent targets for exploits. An NGFW must first identify the application, determine the functions that should be permitted or blocked, and protect the organization from known and unknown threats, exploits, viruses/malware or spyware. This must be done automatically with near-real time updates to protect from newly discovered threats globally.

    Deliver consistent policy control over all traffic, regardless of user location or device type

    An NGFW should provide consistent visibility and control over traffic, regardless of where the user is and what device is being used, without introducing performance latency for the user, additional work for the administrator, or significant cost for the organization.

    Simplify network security

    To simplify and effectively manage already overloaded security processes and people, an NGFW must enable easy translation of your business policy to your security rules. This will allow policies that directly support business initiatives.

    Perform computationally intensive tasks without impacting performance

    An increase in security features often means significantly lower throughput and performance. An NGFW should deliver visibility and control including content scanning, which is computationally intensive, in high-throughput networks with little tolerance for latency.

    Deliver the same firewall functions in both a hardware and virtualized form factor

    Virtualization and cloud computing environments introduce new security challenges, including inconsistent functionality, disparate management and a lack of integration points. An NGFW must provide flexibility and in-depth integration with virtual data centers in private and public cloud environments to streamline the creation of application-centric policies.

    To learn more about what features a NGFW must have to safely enable applications and organizations, read the 10 Things Your Next Firewall Must Do white paper.

    POSTED BY: Eila Shargh on August 8, 2016 on Palo Alto Network Research Portal

    Palo Alto Networks Raises the Bar for Endpoint Security

    August 8th, 2016

    Palo Alto Networks®, the next-generation security company, announced new functionality, including significant machine learning capabilities for real-time unknown malware prevention, to its Traps™ advanced endpoint protection offering. These updates further strengthen the malware and exploit prevention capabilities of Traps and alleviate the need for legacy antivirus products to protect endpoints, such as laptops, servers and VDI instances.

    Many organisations deploy a number of security products and software agents on their endpoint systems, including one or more traditional antivirus products. Nevertheless, cyber breaches continue to increase in frequency, variety and sophistication. Traditional antivirus products struggle to keep pace and invariably fail to prevent these attacks on endpoints.

    An alternative to legacy antivirus point products, Traps uniquely combines the most effective, purpose-built malware and exploit detection methods to prevent known and unknown threats before they can successfully compromise an endpoint. By focusing on detecting and blocking the techniques at the core of these attacks, Traps can prevent sophisticated, targeted and never-before-seen attacks.

    As a component of the Palo Alto Networks Next-Generation Security Platform, a natively integrated and automated platform designed to safely enable applications and prevent cyber breaches, Traps both shares with and receives threat intelligence information from the Palo Alto Networks WildFire™ cloud-based malware analysis environment. Threat intelligence information is passed to WildFire by each component of the security platform, and Traps uses this information to block threats on the endpoint no matter where they originated.

    The new functionality announced today, which includes static analysis via machine learning and trusted publisher capabilities, will allow Traps to detect and immediately prevent malware that has never been seen.

    Quotes

    “The sophistication and frequency of cyberattacks are growing too quickly for legacy antivirus tools that rely on malware signatures to keep pace. The Palo Alto Networks Traps offering takes an innovative approach to endpoint security, keeping endpoints more secure despite a growing landscape of cyberthreats and reducing the resources required by IT teams to track and install security patches.”

    Rob Westervelt, research manager, Security Products, IDC

    “Antivirus point products give organisations a false sense of security, because while they technically make users compliant with regulatory and corporate governance requirements, they do not protect against today’s advanced cyberthreats. To do that, organisations must adopt a cybersecurity platform that prevents malware from infiltrating the enterprise at any point, including the endpoint, even if it has never been seen before.”

    Lee Klarich, executive vice president, Product Management, Palo Alto Networks

    The latest version of Traps, version 3.4, will be available by the end of August on the Palo Alto Networks Support Portal and will include the following updates:

  • Static analysis via machine learning examines hundreds of characteristics of a file to determine if it is malware. Threat intelligence available through the Palo Alto Networks WildFire subscription is used to train a machine learning model to recognise malware, especially previously unknown variants, with unmatched effectiveness and accuracy. This new functionality allows Traps to rapidly determine if a file should be allowed to run even before receiving a verdict from WildFire.
  • Trusted publisher identification allows organisations to automatically and immediately identify new executable files published by trusted and reputable software publishers. These executable files are allowed to run, cutting down on unnecessary analysis and allowing them to execute without delay or impact to the user.
  • Quarantine of malicious executables immediately removes malicious files and prevents further propagation or execution attempts of the files.
  • Grayware classification allows enterprises to identify non-malicious, but otherwise undesirable, software and prevent it from running in their environment.
  • Learn More

  • Read the Traps 3.4 blog post
  • Register for the upcoming webinar, Protect Yourself From Antivirus
  • Read the white paper, Protect Yourself From Antivirus
  • Palo Alto Networks Traps Advanced Endpoint Protection
  • Palo Alto Networks WildFire Cloud-Based Malware Analysis Environment
  • Palo Alto Networks Next-Generation Security Platform
  • View the original article at Palo Alto Networks.

    New Structure at Net-Ctrl

    July 28th, 2016

    Net-Ctrl has been going through a period of change over the last few months. As many of you will be aware the business was previously co-owned by Tony Pullon and Lee Georgio. Tony has now left the business, and we wish him a great Summer break and thank him for his years of dedication.

    The departure has bought change to Net-Ctrl, below is our revised senior management team structure:

  • Lee Georgio – Director
  • Lesley Cook – Finance and Office Manager
  • Mark Power – Major Accounts Sales Manager
  • Josh Moore – Marketing and Internal Sales Manager
  • Carol Gorman – Renewals and Major Accounts Sales Manager
  • In addition to those listed above we have our internal and external sales and technical teams.

    We’re all very excited about what the future holds for Net-Ctrl, and we are all dedicated more than ever to delivering great solutions and services to our customers.

    Following the changes, if you’re unsure who your account manager is please contact josh.moore@net-ctrl.com.

    We wish you all a great Summer.

    No Brexcuses: GDPR preparations must continue

    July 28th, 2016

    Whether or not you voted for Brexit, whether or not you believe it’s a done deal, there’s one thing post-referendum that surely isn’t up for debate. For British companies wanting to trade with Europe, the bureaucracy of Brussels isn’t going away. And that particularly applies to data protection. Some business people may well have heaved a sigh of relief on June 24th at the thought that GDPR (General Data Protection Regulation) the tough new European data protection regulation that was adopted in April 2016 and comes into force in May 2018 would no longer apply in the UK. That idea was based on the premise that the important thing is where the data is stored.

    Unfortunately, that’s not true under GDPR. What matters is whether the data concerns EU citizens, irrespective of where it is stored. Current UK data protection legislation comes from the Data Protection Act 1998, based on the 1995 Data Protection Directive. That will be superseded in Europe by GDPR less than two years from now. In other words, even if Article 50 were notified right now, GDPR would come into force before the Article 50 two-year post notification period runs out. Because GDPR is a Regulation and not a Directive, it does not require enabling national legislation to become law. That means it will apply in the United Kingdom, whether we like it or not. Even once Brexit is fully negotiated and implemented the chances are that the UK will either have to comply with GDPR or implement data protection legislation of its own that the EU deems adequate (i.e. the same or very similar) if it wishes to keep trading with the European Union. This is likely to be equally applicable to the Network and Information Security Directive which has until May 2018 to be implemented in national law.

    So, if UK businesses have any ambition to continue selling to European customers, viewing Brexit as an opportunity to side-step data protection obligations is a serious mistake. Despite the GDPR’s short term disruption, the regulation is likely to have a positive impact on data security industry. It will accelerate the modernisation of Europe’s data security practices and enforce consistency of approach between EU member states. Nonetheless, it will require European business of all sizes to take a very close look at their security, including those in the UK. From both commercial and practical perspectives, preparations must continue. Regardless of what you make of either Brexit or the GDPR, businesses in the UK have no choice but to keep pace with the regulation.

    Original post by Swivel Secure. View original post.

    Net-Ctrl Blog

    Embracing Hybrid IT with Cloud Secure

    September 29th, 2016

    Organisations of all sizes, across all verticals are trying to take advantage of the latest tech while also looking for operating efficiencies. As current systems show their age, organisations have a choice to make; upgrade and maintain local systems, or subscribe to a cloud service which requires less maintenance and administration. Using Office 365’s success as an indicator, the migration is happening at a rapid pace.

    While migration is happening in some areas, it doesn’t necessarily mean that everything will be migrated. Some applications such as unified communication tend to stay on-prem. Moreover, custom applications, which do not have a cloud app equivalent tend to stay on-prem. This means that a hybrid model is often needed.

    Hybrid-IT-Model

    What does the hybrid model mean for the key stakeholders, admins and end-users?

    For the admin, it may mean less maintenance and administration, which is desired, but it can also mean less control and visibility.

    For the end-user, this may mean added confusion and the need to learn a new set of steps to connect. With any change, users need to be educated and IT needs to be prepared to work with a 3rd party to address issues.

    Traditional remote access customers have trusted Pulse Secure and now the power of Pulse Secure extends to the cloud. With the Cloud Secure functionality in Connect Secure, the features that make us the leader in Secure Access are now available for any cloud app.

    Admins can ensure the same device compliance regardless of where the application lives. Even when users are accessing cloud apps, admins will have visibility into these connections without the need of monitoring each cloud app individually. For the end-user, connectivity is improved and there is no need to know if the app is on-prem or in the cloud. End-user experience is further enhanced since Secure Single Sign-On is used so new processes do not need to be learned.

    The transition doesn’t have to be hard for admins or end-users. Let Pulse Secure help accelerate your transition to Hybrid IT.

    To learn more visit https://www.pulsesecure.net/cloud-secure/.

    By Ashur Kanoon – September 20, 2016. View the original article.

    MOBOTIX Solutions Provide Added Value for Retail, Transportation and Perimeter Protection

    September 29th, 2016

    MOBOTIX, in collaboration with Konica Minolta, has developed a new security concept that offers the best possible perimeter protection.

    The concept combines video and thermal technology from MOBOTIX in conjunction with the 3D laser scanner (3D LiDAR) from Konica Minolta. This combination of technologies makes it possible to better automatically analyze data collected from events. This provides the possibility to optimally limit events and represent them in three dimensions not only through the movement in the frames but also through defining distances between objects, object sizes and temperature.

    MOBOTIX solution features integrated cash registers (POS) and camera-supported image and data analysis, which is suited specifically for the retail sector. This solution provides valuable additional information regarding cash transactions.

    The thermal radiometry and event logic technologies make it possible to reliably monitor temperature; with the ability to prevent possible dangers ahead of time by monitoring critical processes used in industrial applications and infrastructures. The security solution from MOBOTIX is ideal for mobile deployment thanks to its robust design, tried-and-tested hemispheric camera technology, decentralised recording system and event logic.

    Optimised Interface : New MxMC 1.3 Version

    With the MxMC 1.3 Version, MOBOTIX has included a new device bar with a tree structure that provides users with a more structured overview, as well as the ability to more easily navigate between cameras and views. Another added feature is the capacity to mark any cameras or camera groups as favorites. In addition, this newly optimized version stands out by providing improved performance on both Windows and Mac OS X devices.

    Fast, Simple Installation: Plug-And-Play Technology From MOBOTIX

    MOBOTIX has developed two different plug-and-play solutions that make it fast and simple to commission the MOBOTIX system.

    The two plug-and-play solutions, one of them being a Camera/NAS combination and the other a complete IP video system for the front door, are shipped preconfigured for easy installation. The pre-configuration supports standard applications of a video surveillance system and the IP Video Door Station. MOBOTIX relies on high-quality network storage systems from technology partners for the Camera/NAS combination such as Overland/Tandberg.

    For more information, email sales@net-ctrl.com.

    802.11ac and BeamFlex Are a Match Made In Heaven

    September 28th, 2016

    Which RF technology do you choose?

    One of Ruckus’ strong benefits has always been BeamFlex™, their adaptive antenna solution. Instead of a general purpose omnidirectional antenna, Ruckus found that using an intelligent antenna design clients could receive a more reliable signal from the access point AND interference could be mitigated in areas to improve overall performance.

    With the advent of 802.11ac, a standardised, chip-level transmit beamforming (TxBF) is supported. A popular misconception, spread by our competitors, is that TxBF accomplishes the same end goals as BeamFlex, rendering BeamFlex useless. They are wrong.

    While the chip-level beamforming is beneficial, it does not provide the same benefit set as Ruckus BeamFlex. The 802.11ac standard TxBF is designed to address the issue of strengthening the client SNR through constructive interference. Based on feedback from client devices, TxBF involves minuscule adjustments to the timing (phase) of signals transmitted by the different radio chains of the AP.

    However, to provide a maximised customer wireless experience, this is only half the story. With the Ruckus solutions, BeamFlex manipulates the electrical properties of the AP antennas in order to adaptively control the direction in which transmissions are sent from the AP. The software algorithm behind BeamFlex makes its antenna control decisions to optimise throughput on a packet-by-packet basis. Since BeamFlex ensures that signals are transmitted in directions that optimise throughput, it also means that signals are directed away from areas in the network where they would be seen as interference. In other words, BeamFlex delivers the added benefit of interference mitigation. This compounds any benefit you might get from an omnidirectional antenna that is typically used in competitive access points.

    The assumption that the standard 802.11ac beamforming support obviates any benefit of BeamFlex is not correct. TxBF maximizes signal-to-noise at the client device by manipulating signal timing, whereas BeamFlex maximizes throughput by manipulating signal direction. These are very different and complimentary technologies.

    So, what is the answer as to which technology to choose? Both!

    View the original article by Richard Watson, Product Marketing Manager at Ruckus Wireless.

    Adaptive and multi-factor authentication: What is the difference and what are the benefits?

    September 23rd, 2016

    Understand multi-factor authentication (MFA) but not adaptive authentication? Not sure where one term ends and the other begins? Keen to know what all adaptive noise is about? Read on…

    MFA & adaptive authentication: what’s the difference?

    Think of it like this: Adaptive authentication is an evolved form of MFA. It applies the principles of MFA, but instead of issuing blanket procedures for everyone to follow under all circumstances, it issues challenges intelligently instead, according to a predetermined risk model. This enables an organisation to apply precisely the right level of gateway security to each and every login request.

    An adaptive system is purpose-built to measure the risk of a user’s login, along with their post-login activities, to determine the level of risk their access request poses to the business. Appropriate levels of authentication are then triggered to protect an organisation’s data, websites, portals, browsers and applications.

    What are the benefits of adaptive authentication?

    There are a variety of significant benefits that set adaptive authentication apart from traditional multi-factor authentication:

    It optimises the user’s security experience.

    None of us want our network experience to be inhibited by needlessly heavy-handed levels of authentication. At the same time, however, we all accept that some access requests require more security than others. Adaptive authentication enables precisely the most appropriate level of ‘friction’ to be applied to each and every access request. Looking beyond traditional binary authentication to adaptive risk-based solutions allows companies to maintain strong data security but not at the expense of usability.

    It enables the IT department to embody an organisation’s risk policies.

    An organisation can lock down its most sensitive gateways with strong multi-factor authentication, ensuring only those with network clearance can participate in the authentication process (blocking entry completely for everyone else). At the same time, unfettered access (or a weaker form of authentication like a username and password) can be applied when access to non-sensitive data is requested.

    It solves the BYOD security headache.

    In the age of BYOD, everyone wants to access corporate data remotely, from different devices.

    Not only can adaptive authentication differentiate between different mobile devices (and their varying security vulnerabilities) it can also address the risks associated with the remote access networks used to connect to the corporate gateway. For example, if an employee uses a lower risk connection, like connecting their work-protected laptop to the corporate network while in the head office, an adaptive authentication platform could apply only a basic authentication challenge, such as a username and password. Should that employee switch to their personal smartphone, however, and attempt to connect beyond the network perimeter, via Starbucks public Wi-Fi, for example, an adaptive authentication platform would automatically recognise the increased in risk and apply a stronger authentication challenge before granting access, if indeed it grants it at all. All such scenarios can be planned for, assessed for risk, and dealt with accordingly.

    It evolves in line with the evolution of the business.

    With an adaptive authentication solution, the benefits of mobility and remote access can be harnessed without sacrificing security. Need to expand a remote workforce? No problem. The Board approves a new remote working policy? Great – let’s set the risk parameters and enable everyone to connect in the most convenient manner possible. Need to respond to an overseas cyber threat? Now you can do so precisely by locking down access requested that conform to a defining set of criteria, enabling the rest of the business to continue to function uninterrupted.

    Who uses adaptive authentication?

    Adaptive authentication has been successfully applied to verify the identity of access requestors across a variety of different sectors, particularly in government services and banking. As the popularity of the system increases, so too does the information gathered in order to provide a risk-of-fraud assessment. Information such as geo-locations, behavioural profiling and device profiling allow for an increasingly varied data range that is enabling adaptive authentication to become perpetually smarter and more efficient.

    Keen to learn more? Check out our approach to adaptive authentication here.

    Article taken from swivelsecure.com.

    Brocade Achieves Leader Position in IHS 2016 WLAN Scorecard

    September 23rd, 2016

    IHS Selected WLAN Provider Ruckus Wireless, Now Part of Brocade, Due to Its Top Revenue Performance for Enterprise WLAN Infrastructure

    Brocade has announced the company has achieved leader status in the IHS Markit Wireless LAN Infrastructure Vendor Scorecard – 2016 for Ruckus Wireless‘ significant presence in the market and fast-paced momentum in wireless LAN growth. Brocade acquired Ruckus Wireless in May 2016, and Ruckus now operates as a business unit within Brocade. Prior to the acquisition, Ruckus was already the largest standalone vendor of WLAN products.

    According to IHS, “Due to market consolidation, the WLAN vendor landscape has bifurcated into end-to-end networking providers that can address the whole range of enterprise networking requirements and specialists that focus on a particular niche or new ways of solving old problems. The leaders—Brocade, Cisco, and HPE Aruba—are end-to-end networking providers that compete broadly in all segments of the market, leveraging the completeness of their portfolio and their installed bases.”

    “Brocade is honored to be recognized as a leader in the IHS Markit WLAN Scorecard,” said Dan Rabinovitsj, chief operating officer, Ruckus Wireless business unit at Brocade. “We continue to offer our customers high-performing wireless technology, and the recognition by IHS further validates the considerable steps we’ve taken this year in the enterprise WLAN infrastructure market—a market that many forecast will continue to experience growth due to the rise in Internet traffic and next-gen connected devices. We look forward to further supporting our customers’ WLAN needs.”

    Brocade now offers a broad range of indoor and outdoor WLAN access points with Ruckus BeamFlex™ technology, which delivers strong performance and one of the industry’s most comprehensive choices of architectures—physical controller appliance, virtual controller appliance, cloud and controller-less—built on the ZoneDirector™ and SmartZone™ platforms. With the third-highest market share of all WLAN vendors, Brocade continues to offer strong support to its customers to deploy more agile network architectures.

    To read more about Brocade’s leadership position in the IHS Markit Wireless LAN Infrastructure Vendor Scorecard, download a complimentary copy of the report.

    Gemalto releases findings of first half 2016 Breach Level Index

    September 20th, 2016

    Data breaches up 15% and compromised data records up 31% compared to previous six months. Identity and personal data theft account for 64% of all data breaches. Healthcare organizations account for nearly one-third of all data breaches.

    Gemalto, the world leader in digital security, today released the findings of the Breach Level Index revealing that data breaches increased 15% in the first six months of 2016 compared to the last six months of 2015. Worldwide, there were 974 reported data breaches and more than 554 million compromised data records in the first half of 2016, compared to 844 data breaches and 424 million compromised data records in the previous six months. In addition, 52% percent of the data breaches in the first half of this year did not disclose the number of compromised records at the time they were reported.

    The Breach Level Index is a global database that tracks data breaches and measures their severity based on multiple dimensions, including the number of records compromised, the type of data, the source of the breach, how the data was used, and whether or not the data was encrypted. By assigning a severity score to each breach, the Breach Level Index provides a comparative list of breaches, distinguishing data breaches that are a not serious versus those that are truly impactful.

    According to the Breach Level Index, more than 4.8 billion data records have been exposed since 2013 when the index began benchmarking publicly disclosed data breaches. For the first six months of 2016, identity theft was the leading type of data breach, accounting for 64% of all data breaches, up from 53% in the previous six months. Malicious outsiders were the leading source of data breaches, accounting for 69% of breaches, up from 56% in the previous six months.

    “Over the past twelve months hackers have continued to go after both low hanging fruit and unprotected sensitive personal data that can be used to steal identities,” Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. “The theft of user names and account affiliation may be irritating for consumers, but the failure of organizations to protect sensitive personal information and identities is a growing problem that will have implications for consumer confidence in the digital services and companies they entrust with their personal data.”

    Across industries, the healthcare industry accounted for 27% of data breaches and saw its number of data breaches increase 25% compared to the previous six months. However, healthcare represented just 5% of compromised data records versus 12% in the previous six months. Government accounted for 14% of all data breaches, which was the same as the previous six months, but represented 57% of compromised records. Financial services companies accounted for 12% of all data breaches, a 4% decline compared to previous six months, but accounted for just 2% of compromised data records. Retail accounted for 11% of data breaches, and declined 6% versus the previous six months, and accounted for 3% of compromised data records. Education accounted for 11% of data breaches and represented less than one percent of all compromised records. All other industries represented 16% of data breaches and 16% of compromised data records.

    In terms of top three geographic regions for reported data breaches, 79% were in North America, 9% were in Europe, and 8% were in Asia-Pacific.

    Breach Level Index: Understanding That Not All Data Breaches Are Equal in Severity

    As data breaches continue to grow in frequency and size, it is becoming more difficult for consumers, government regulatory agencies and companies to distinguish between nuisance data breaches and truly impactful mega breaches,” said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. “News reports fail to make these distinctions, but they are important to understand because each have different consequences. A breach involving 100 million user names is not as severe as a breach of one million accounts with social security numbers and other personally identifiable information that are used for financial gain.”

    “In this increasingly digital world, companies, organizations and governments are storing greater and greater amounts of data that has varying levels of sensitivity. At the same time, it is clear that data breaches are going to happen and that companies need to shift from a total reliance on breach prevention to strategies that help them secure the breach. That is why more focus needs to be understanding what really constitutes sensitive data, where it is stored, and using the best means to defend it. At the end of the day, the best way to protect data is to kill it. That means ensuring user credentials are secured with strong authentication and sensitive data is protected with encryption so it is useless to the thieves.”

    For a full summary of data breach incidents by industry, source, type and geographic region, download the H1 2016 Breach Level Index Report.

    Related Resources
    Infographic: H1 2016 Breach Level Index
    Web Site: Breach Level Index
    Blog Post: 2016 Data Breach Statistics
    White Paper: Secure the Breach Manifesto
    Web Site: Secure the Breach

    Not All Next-Generation Firewalls Are Created Equal

    August 9th, 2016

    As cybersecurity threats increase in sophistication, the security solutions used to defend against these threats must also evolve. Developers no longer adhere to standard port/protocol/application mapping; applications are capable of operating on non-standard ports, as well as port hopping; and users are able to force applications to run over non-standard ports, rendering first-generation firewalls ineffective in today’s threat environment. Enter the “next-generation firewall” (NGFW), the next stage of firewall and intrusion prevention systems (IPS) technology.

    A common understanding of an NGFW is a network platform that combines the traditional firewall functionalities with IPS and application control. However, merely bundling traditional firewalls with IPS and application control does not result in an NGFW. A true NGFW emphasizes native integration, classifies traffic based on applications rather than ports, performs a deep inspection of traffic and blocks attacks before a network can be infiltrated. Here is a list of key features of a true NGFW to better inform your next purchase decision.

    Identify and control applications and functions on all ports, all the time

    An NGFW should identify traffic on all ports at all times, and classify each application, while monitoring for changes that may indicate when an unpermitted function is being used. For example, using Citrix GoToMeeting for desktop sharing is permitted but allowing an external user to take control is not.

    Identify users regardless of device or IP address

    Knowing who is using which applications on the network, and who is transferring files that may contain threats, strengthens an organization’s security policies and reduces incident response times. An NGFW must get user identity from multiple sources – such as VPN solutions, WLAN controllers and directory servers – and allow policies that safely enable applications based on users, or groups of users, in outbound or inbound directions.

    Identify and control security evasion tactics

    There are two different classes of applications that evade security policies: applications that are designed to evade security, like external proxies and non-VPN-related encrypted tunnels (e.g., CGIProxy), and those that can be adapted to achieve the same goal such as remote server/desktop management tools (e.g., TeamViewer). An NGFW must have specific techniques that identify and control all applications, regardless of port, protocol, encryption or other evasive tactics and know how often that firewall’s application intelligence is updated and maintained.

    Decrypt and inspect SSL and control SSH

    An NGFW should be able to recognize and decrypt SSL and SSH on any port, inbound or outbound; have policy control over decryption; and offer the necessary hardware and software elements to perform SSL decryption simultaneously across tens of thousands of SSL connections with predictable performance.

    Systematically manage unknown traffic

    Unknown traffic represents significant risks and is highly correlated to threats that move along the network. An NGFW must classify and manage all traffic on all ports in one location and quickly analyze the traffic, known and unknown, to determine if it’s an internal/custom application, a commercial application without a signature, or a threat.

    Protect the network against known and unknown threats in all applications and on all ports

    Applications enable businesses, but they also act as a cyberthreat vector, supporting technologies that are frequent targets for exploits. An NGFW must first identify the application, determine the functions that should be permitted or blocked, and protect the organization from known and unknown threats, exploits, viruses/malware or spyware. This must be done automatically with near-real time updates to protect from newly discovered threats globally.

    Deliver consistent policy control over all traffic, regardless of user location or device type

    An NGFW should provide consistent visibility and control over traffic, regardless of where the user is and what device is being used, without introducing performance latency for the user, additional work for the administrator, or significant cost for the organization.

    Simplify network security

    To simplify and effectively manage already overloaded security processes and people, an NGFW must enable easy translation of your business policy to your security rules. This will allow policies that directly support business initiatives.

    Perform computationally intensive tasks without impacting performance

    An increase in security features often means significantly lower throughput and performance. An NGFW should deliver visibility and control including content scanning, which is computationally intensive, in high-throughput networks with little tolerance for latency.

    Deliver the same firewall functions in both a hardware and virtualized form factor

    Virtualization and cloud computing environments introduce new security challenges, including inconsistent functionality, disparate management and a lack of integration points. An NGFW must provide flexibility and in-depth integration with virtual data centers in private and public cloud environments to streamline the creation of application-centric policies.

    To learn more about what features a NGFW must have to safely enable applications and organizations, read the 10 Things Your Next Firewall Must Do white paper.

    POSTED BY: Eila Shargh on August 8, 2016 on Palo Alto Network Research Portal

    Palo Alto Networks Raises the Bar for Endpoint Security

    August 8th, 2016

    Palo Alto Networks®, the next-generation security company, announced new functionality, including significant machine learning capabilities for real-time unknown malware prevention, to its Traps™ advanced endpoint protection offering. These updates further strengthen the malware and exploit prevention capabilities of Traps and alleviate the need for legacy antivirus products to protect endpoints, such as laptops, servers and VDI instances.

    Many organisations deploy a number of security products and software agents on their endpoint systems, including one or more traditional antivirus products. Nevertheless, cyber breaches continue to increase in frequency, variety and sophistication. Traditional antivirus products struggle to keep pace and invariably fail to prevent these attacks on endpoints.

    An alternative to legacy antivirus point products, Traps uniquely combines the most effective, purpose-built malware and exploit detection methods to prevent known and unknown threats before they can successfully compromise an endpoint. By focusing on detecting and blocking the techniques at the core of these attacks, Traps can prevent sophisticated, targeted and never-before-seen attacks.

    As a component of the Palo Alto Networks Next-Generation Security Platform, a natively integrated and automated platform designed to safely enable applications and prevent cyber breaches, Traps both shares with and receives threat intelligence information from the Palo Alto Networks WildFire™ cloud-based malware analysis environment. Threat intelligence information is passed to WildFire by each component of the security platform, and Traps uses this information to block threats on the endpoint no matter where they originated.

    The new functionality announced today, which includes static analysis via machine learning and trusted publisher capabilities, will allow Traps to detect and immediately prevent malware that has never been seen.

    Quotes

    “The sophistication and frequency of cyberattacks are growing too quickly for legacy antivirus tools that rely on malware signatures to keep pace. The Palo Alto Networks Traps offering takes an innovative approach to endpoint security, keeping endpoints more secure despite a growing landscape of cyberthreats and reducing the resources required by IT teams to track and install security patches.”

    Rob Westervelt, research manager, Security Products, IDC

    “Antivirus point products give organisations a false sense of security, because while they technically make users compliant with regulatory and corporate governance requirements, they do not protect against today’s advanced cyberthreats. To do that, organisations must adopt a cybersecurity platform that prevents malware from infiltrating the enterprise at any point, including the endpoint, even if it has never been seen before.”

    Lee Klarich, executive vice president, Product Management, Palo Alto Networks

    The latest version of Traps, version 3.4, will be available by the end of August on the Palo Alto Networks Support Portal and will include the following updates:

  • Static analysis via machine learning examines hundreds of characteristics of a file to determine if it is malware. Threat intelligence available through the Palo Alto Networks WildFire subscription is used to train a machine learning model to recognise malware, especially previously unknown variants, with unmatched effectiveness and accuracy. This new functionality allows Traps to rapidly determine if a file should be allowed to run even before receiving a verdict from WildFire.
  • Trusted publisher identification allows organisations to automatically and immediately identify new executable files published by trusted and reputable software publishers. These executable files are allowed to run, cutting down on unnecessary analysis and allowing them to execute without delay or impact to the user.
  • Quarantine of malicious executables immediately removes malicious files and prevents further propagation or execution attempts of the files.
  • Grayware classification allows enterprises to identify non-malicious, but otherwise undesirable, software and prevent it from running in their environment.
  • Learn More

  • Read the Traps 3.4 blog post
  • Register for the upcoming webinar, Protect Yourself From Antivirus
  • Read the white paper, Protect Yourself From Antivirus
  • Palo Alto Networks Traps Advanced Endpoint Protection
  • Palo Alto Networks WildFire Cloud-Based Malware Analysis Environment
  • Palo Alto Networks Next-Generation Security Platform
  • View the original article at Palo Alto Networks.

    New Structure at Net-Ctrl

    July 28th, 2016

    Net-Ctrl has been going through a period of change over the last few months. As many of you will be aware the business was previously co-owned by Tony Pullon and Lee Georgio. Tony has now left the business, and we wish him a great Summer break and thank him for his years of dedication.

    The departure has bought change to Net-Ctrl, below is our revised senior management team structure:

  • Lee Georgio – Director
  • Lesley Cook – Finance and Office Manager
  • Mark Power – Major Accounts Sales Manager
  • Josh Moore – Marketing and Internal Sales Manager
  • Carol Gorman – Renewals and Major Accounts Sales Manager
  • In addition to those listed above we have our internal and external sales and technical teams.

    We’re all very excited about what the future holds for Net-Ctrl, and we are all dedicated more than ever to delivering great solutions and services to our customers.

    Following the changes, if you’re unsure who your account manager is please contact josh.moore@net-ctrl.com.

    We wish you all a great Summer.

    No Brexcuses: GDPR preparations must continue

    July 28th, 2016

    Whether or not you voted for Brexit, whether or not you believe it’s a done deal, there’s one thing post-referendum that surely isn’t up for debate. For British companies wanting to trade with Europe, the bureaucracy of Brussels isn’t going away. And that particularly applies to data protection. Some business people may well have heaved a sigh of relief on June 24th at the thought that GDPR (General Data Protection Regulation) the tough new European data protection regulation that was adopted in April 2016 and comes into force in May 2018 would no longer apply in the UK. That idea was based on the premise that the important thing is where the data is stored.

    Unfortunately, that’s not true under GDPR. What matters is whether the data concerns EU citizens, irrespective of where it is stored. Current UK data protection legislation comes from the Data Protection Act 1998, based on the 1995 Data Protection Directive. That will be superseded in Europe by GDPR less than two years from now. In other words, even if Article 50 were notified right now, GDPR would come into force before the Article 50 two-year post notification period runs out. Because GDPR is a Regulation and not a Directive, it does not require enabling national legislation to become law. That means it will apply in the United Kingdom, whether we like it or not. Even once Brexit is fully negotiated and implemented the chances are that the UK will either have to comply with GDPR or implement data protection legislation of its own that the EU deems adequate (i.e. the same or very similar) if it wishes to keep trading with the European Union. This is likely to be equally applicable to the Network and Information Security Directive which has until May 2018 to be implemented in national law.

    So, if UK businesses have any ambition to continue selling to European customers, viewing Brexit as an opportunity to side-step data protection obligations is a serious mistake. Despite the GDPR’s short term disruption, the regulation is likely to have a positive impact on data security industry. It will accelerate the modernisation of Europe’s data security practices and enforce consistency of approach between EU member states. Nonetheless, it will require European business of all sizes to take a very close look at their security, including those in the UK. From both commercial and practical perspectives, preparations must continue. Regardless of what you make of either Brexit or the GDPR, businesses in the UK have no choice but to keep pace with the regulation.

    Original post by Swivel Secure. View original post.

    Keep up-to-date with Net-Ctrl

    Simply fill in the fields below to sign up for the Net-Ctrl Newsletter.

    Don't worry we only send it once a month.

    • New Solution Announcements
    • Latest Promotions
    • Links to some great content.