sales@net-ctrl.com
01473 281 211

Net-Ctrl Blog

WanaCrypt0r aka WannaCry ransomware wreaks havoc worldwide

May 16th, 2017

The WanaCrypt0r ransomware hit with a vengeance on Friday, with the outbreak beginning in Europe, striking hospitals and other organisations, then quickly spreading across the globe. As of 1:00pm Pacific Time, it is believed more than 57,000 systems in more than 74 countries had been affected.

Researchers at SentinelOne have determined that the Endpoint Protection Platform does successfully detect and block this ransomware strain. Customers are advised to make sure that they are running the latest version.

Additional reports indicate that this ransomware strain was distributed using the EternalBlue exploit that was released by the ShadowBrokers in April. This vulnerability was patched by Microsoft (MS17-010) before ShadowBrokers released the exploit. This shows that in the real world keeping up-to-date with patches and critical updates can be difficult but is a crucial step for all organisations.

Watch SentinelOne’s advanced machine learning engines at work against WannaCry:

This article was taken from SentinelOne.

Palo Alto Networks Protections Against WanaCrypt0r Ransomware Attacks

May 16th, 2017

What Happened

On Friday, May 12, 2017, a series of broad attacks began that spread the latest version of the WanaCrypt0r ransomware. These attacks, also referred to as WannaCrypt or WannaCry, reportedly impacted systems of public and private organisations worldwide. Our Next-Generation Security Platform automatically created, delivered and enforced protections from this attack.

How the Attack Works

While the initial infection vector for WanaCrypt0r is unclear, it is certain that once inside the network, it attempts to spread to other hosts using the SMB protocol by exploiting the EternalBlue vulnerability (CVE-2017-0144) on Microsoft Windows systems. This vulnerability was publicly disclosed by the Shadow Brokers group in April 2017, and was addressed by Microsoft in March 2017 with MS17-010.

Microsoft published a post on protections from the WanaCrypt0r attacks here, and has taken the step of providing patches for versions of Windows software that are no longer supported, including Windows XP. Organisations that have applied the MS17-010 update are not at risk for the spread of WanaCrypt0r across the network, but given it addresses a remotely exploitable vulnerability in a networking component that is now under active attack, we strongly urge making deployment of this security update a priority.

Preventions

Palo Alto Networks customers are protected through our Next-Generation Security Platform, which employs a prevention-based approach that automatically stops threats across the attack lifecycle. Palo Alto Networks customers are protected from WanaCrypt0r ransomware through multiple complementary prevention controls across our Next-Generation Security Platform, including:

  • WildFire classifies all known samples as malware, automatically blocking malicious content from being delivered to users.
  • Threat Prevention enforces IPS signatures for the vulnerability exploit (CVE-2017-0144 – MS17-010) used in this attack: SMB vulnerability – ETERNALBLUE.
  • URL Filtering monitors malicious URLs used and will enforce protections if needed.
  • DNS Sinkholing can be used to identify infected hosts on the network. For more, please reference our product documentation for best practices.
  • Traps prevents the execution of the WanaCrypt0r malware on endpoints.
  • AutoFocus tracks the attack for threat analytics and hunting via the WanaCrypt0r tag.
  • GlobalProtect extends WildFire and Threat Prevention protections to remote users and ensures consistent coverage across all locations.

For best practices on preventing ransomware with the Palo Alto Networks Next-Generation Security Platform, please refer to their Knowledge Base article. We strongly recommend that all Windows users ensure they have the latest patches made available by Microsoft installed, including versions of software that have reached end-of-life support.

This article was originally published by Palo Alto Networks.View the original article.

Change Log:

On May 13, 2017, this post was updated to include:

  • Link to Microsoft blog on protections against WanaCrypt0r attacks
  • Details on additional protections via DNS sinkholing
  • Updated URL Filtering section to reflect new analysis

On May 15, 2017, this post was updated to clarify the WanaCrypt0r attack delivery method based on additional information.

May 17, 2017:

  • Added Threat Prevention signature information for anti-malware and command-and-control activity.
  • Added link to Traps blog.
  • Practice These 10 Basic Cyber Hygiene Tips for Risk Mitigation

    May 9th, 2017

    For six years in a row, cybersecurity has been identified as the #1 “problematic shortage” area across all of IT. What’s more concerning is that in 2016 and 2017, there was a dramatic increase in the shortage across organisations.

    With companies scrambling for cybersecurity personnel, they are also distracted by involvement in an innovation race. Today, intense pressure is placed on organisations to stay on top of new technology without slowing daily operations. As rapid implementations of these technologies continue, security measures and risks that tend to cause vulnerabilities in the IT environment are overlooked. With the popularity of Internet of Things and BYOD, we’re also witnessing the creation of weak spots that IT departments do not have the bandwidth or expertise to address.

    In today’s modern cybersecurity, a large emphasis is placed on managing risk, which is dire for companies lacking professionals that can respond to attacks. With ever-evolving threats, it’s nearly impossible to always know what is coming. That’s why it is so imperative to practice basic cyber hygiene as a way to eliminate and mitigate possible threats, especially during a time of digital transformation.

    What is Basic Cyber Hygiene?

    The Center for Internet Security (CIS) and the Council on Cyber Security (CCS) defines cyber hygiene as a means to appropriately protect and maintain IT systems and devices and implement cyber security best practices.

    This risk mitigation technique is a must for all businesses deploying emerging technologies to their networks. Without clear assessments and interventions, hackers will have an easy in through unpatched and outdated solutions, and unforeseen security gaps in newer technologies.Executive Brief Endpoint Protection

    Keeping Good Cyber Hygiene Habits

    While cyber hygiene isn’t an ironclad protection, it’s important for everyone in contact with your network, from the CEO to the lowly intern, to act securely with these ten tips:

    1. Keep an inventory of hardware and software on the company network.
    2. Develop a process for software installation by end users. That could include limiting installation of trusted software or prohibiting and blocking all installation without prior approval from IT.
    3. Educate users on practising good cyber behaviour, including password management, identifying potential phishing efforts, and which devices to connect to the network.
    4. Identify vulnerable applications that aren’t in use and disable them.
    5. Consistently back up data and keep multiple copies. Consider using a secure cloud solution as well as on premise.
    6. Turn to industry-accepted secure configurations/standards like NIST and CIS Benchmark. These can help organisations define items like password length, encryption, port access, and double authentication.
    7. Patch all applications right away–regularly. Unpatched systems are one the biggest risk factors in attacks.
    8. Create complex passwords.
    9. Limit the number of users with administrative privileges.
    10. Upgrade ageing infrastructure and systems.

    Reduce the Human Impact

    Even with the best protection, there are no guarantees that your business won’t become the victim of a ransomware attack, data breach, or other cybersecurity threat. That’s why it is so important to reduce human impact by automating security practices whenever possible.

    Providing double authentication sign-ons that require complex passwords, blocking certain file types, and testing users on their security knowledge are steps that all companies can take to protect today’s diversified networks.

    For businesses with a shortage of cybersecurity professionals, these steps while simple may still prove to be a challenge. That’s why it is helpful to find tools like machine learning that can react and predict malicious behaviour for you.

    With machine learning and behavior-based detection, you can relieve your IT team of exhaustive manual procedures. SentinelOne automates security for you with EPP. To learn more on how to protect your network in our quickly evolving technological world, download our executive brief Get Your Endpoint Protection Out of the 90’s!

    Item take from SentinelOne blog.

    New SentinelOne Enterprise Risk Index Provides Evidence of Growing Use of In-Memory Attacks; Renders Traditional Antivirus Protection Methods Redundant

    April 28th, 2017

    SentinelOne, the company transforming endpoint protection by delivering unified, multi-layer protection driven by machine learning and intelligent automation, today launched its first Enterprise Risk Index which highlights the growing use of in-memory attacks, further proof that attacks simply cannot be stopped by traditional, static, file inspection security solutions.

    The report includes an analysis of filtered data from more than one million SentinelOne Enterprise Platform agents deployed worldwide during the last half of 2016. Findings are based on behavioural analysis of malware programs that bypassed firewalls and network controls to infect endpoint devices.

    “These days, infecting a target is just a matter of resources; but how long the hackers get to stay inside the network is a matter of good detection,” said Andy Norton, EMEA risk officer for SentinelOne and lead researcher for the Enterprise Risk Index. “In our analysis we focused on the attacks that are successful in making their way past traditional defences to reach endpoint targets because these are the threats that pose the greatest risk to an organisation. That’s what we should be measuring – not what’s stopped at the gateway.”

    The report focuses on attack methods classified into three risk categories:

  • Attacks detected from document-based files, largely associated with Microsoft Word or Adobe PDF.
  • Attacks detected from traditional portable executable-based files.
  • Attacks detected only from the memory of the system with no associated new artefacts on the system.
  • From the report, “we won’t be announcing what the top malware family is – for example, Zeus, Diamond Fox or Updare – however, we do build indicators of compromise to help with identification and response, and when a hash value exists we have submitted the hash to malware repositories to see what other submissions there have been for them.”

    Key findings of the report include:

  • The growing menace of in-memory attacks: in this timeframe, we found that these attacks have doubled in comparison to the infection rates of file based vectors.
  • Even for file-based attacks, only 20 percent of threats had corresponding signatures from existing AV engines.
  • Nation-state actors are trading infection sustainability for stealth, leaving no new artefacts on the file system and relying on memory-based attacks, even if it means needing to re-infect the target.
  • Three-pronged infections are becoming the norm as attackers no longer rely solely on .exe files to deliver malware, but instead use hybrid attacks that multiple attack vectors can utilise in one attack chain.
  • “Our goal with the Enterprise Risk Index is to help organisations get a better view of which threats are successful in reaching the final barrier in enterprise defences,” said Norton. “With this data in mind, customers can better determine not only what the risks are but where they are and can adjust their security planning and investments accordingly.”

    A copy of the full SentinelOne Enterprise Risk Index is available for download here.

    Brocade Study Reveals More than Half of IT Teams Will Struggle with Business Demands in Next 12 Months

    April 27th, 2017

    Germany and U.S. Ahead of the Digital Transformation Skills Game, While UK Lags Behind

    Brocade announced a new GLOBAL DIGITAL TRANSFORMATION SKILLS STUDY, which aims to uncover how well-placed global IT leaders consider themselves and their teams to be in terms of meeting current and future business demands. Of the six markets surveyed, Germany was found to be the best prepared to meet its digital transformation goals, closely followed by the U.S., while the UK lagged well behind its counterparts.

    The research, which surveyed 630 IT leaders in the U.S., UK, France, Germany, Australia, and Singapore, indicates that many organisations are at a tipping point, as new technology demands are set to outstrip the skills supply. Organisations that address this now through additional skills training will be in the strongest position to ensure business growth and competitive advantage.

    Overall, an encouraging 91 percent of global IT leaders acknowledge that IT departments are currently recognised as very important or critical to innovation and business growth. However, more than half (54 percent) predict they will struggle with a lack of IT talent in 12 months. Contributing factors identified from the research include skills shortages, a prevalence of outdated skills, lack of commitment to training at the corporate board level, and the rapidly changing technology environment.

    “Businesses are approaching the peak of IT strategic influence. Now is the moment that IT teams feel they have the strongest opportunity to influence the transformation of their organisations,” said Christine Heckart, chief marketing officer and senior vice president of ecosystems, Brocade. However, with a rapidly changing technology landscape and potential impact on international labour markets, it is critical that IT receives the right training to further develop their skills and business relevance.”

    The research also found that skills planning had to be aligned with other areas of business planning to avoid the risk of a technology skills deficit, where IT teams are expected to deliver the benefits of technologies that they are ill-equipped to implement.

    Staff shortages and outdated skills are preventing ITDMs from delivering on current business demands

    Organisations are attempting to move their IT departments away from their traditional roles, but the lack of skills and the time required to learn those skills have held them back. IT decision makers (ITDM) believe this could be a major contributor to their inability to meet business demands, putting organisations at risk of falling behind their competitors and losing customers.

  • Approximately one in four respondents in Australia, France, Germany, Singapore, and the U.S. claim that they cannot deliver on current business demand due to staff shortages. This number rises to 42 percent in the UK.
  • Respondents claim that the lack of access to talent will prevent them from implementing new technologies efficiently, lead to a decrease in employee satisfaction, and result in the loss of market share.
  • The IT skills gap is only likely to get worse and organisations need to act now

    The political landscape is also a contributing factor in the widening skills gap. As market uncertainty intensifies in the next few years, it is more important than ever for IT departments to remain agile and take advantage of new technologies.

  • Ninety-two percent of those questioned had some level of concern about future hiring of IT staff, while 54 percent were concerned about a lack of skilled talent to choose from.
  • Forty-three percent of global respondents agreed or strongly agreed that the current political climate makes it difficult to hire employees with the right skills. In the U.S. and Australia, the numbers were 52 percent and 54 percent, respectively.
  • Even with the uncertainty surrounding the Brexit situation, EMEA respondents were less concerned, with only 31 percent of UK ITDMs believing it presented a challenge compared to 39 percent in Germany and 35 percent in France.
  • Training time and investment will prove to be business-critical

    Training continues to be an issue as day-to-day IT maintenance tasks take priority. For organizations to address the technical skills deficit, they first need to invest time and money — or face the consequences.

  • There is consistent demand globally to spend more time on increasing skills — from 15 percent of time that is currently spent on this to 22 percent.
  • Respondents reported that insufficient budget (45 percent) and training time (45 percent) are constraining IT departments’ attempts to develop skills more than any other factors. These factors rise to 60 percent and 50 percent respectively in Australia but drop to 37 percent and 30 percent in Germany.
  • Currently, only three hours are allocated per week for learning and skills development. Respondents in Singapore average four hours of skills development per week.
  • Sixty-seven percent of respondents agree that the key to closing the skills gap would be to spend more money on training.
  • IT professionals need to take control of their professional future

    The research also showed that IT professionals at all levels must take increased responsibility for their own professional destiny, embracing the opportunities delivered by new technologies such as artificial intelligence (AI) and all areas of IoT from device management to security.

  • Thirty-five percent of global respondents agreed or strongly agreed that their organisation’s IT team does not have the right skills to protect their jobs in the future.
  • When asked to identify the one skill that they see as critical to their future career progression, cybersecurity was the most frequently cited, by 22 percent of respondents globally.
  • AI and IoT security tied for second as the most critical skill at 18 percent. While AI was the most critical skill in France and Australia, IoT security was the most valued skill in Germany.
  • AI could be a friend or foe

    AI could revolutionise the IT skills that are required and the way that we work. AI is likely to replace a number of IT roles and tasks, but this doesn’t mean the end for the IT department. Employees need to have the right skills to be in a position to work alongside AI and embrace its future impact, so that organizations can unleash its full potential.

  • When asked which current roles were already being replaced by AI, desktop support (23 percent), data analyst (20 percent), software testers (17 percent), system architects (14 percent), and network engineers (11 percent) topped the list.
  • Within the next 10 years, these numbers are expected to increase: desktop support (37 percent), data analyst (34 percent), software testers (33 percent), system architects (31 percent), and network engineers (31 percent).
  • AI will also impact the role of the CIO, with almost half of the global respondents claiming increased focus from the business.
  • Fifty-six percent of respondents believe that developing AI-related skills is key to securing a role in the future.
  • Vital role of the board in ensuring long-term IT skills development

    Organisations’ boards will often dictate whether employees have the time and empowerment to develop their skills, but this is common in organisations that do not have the right support. The boards also have to ensure that skills and training improvements are aligned with other areas of business planning.

  • Forty-four percent of respondents think that new skills acquisition is not seen as being as valuable as it should be by the board. This rises to 59 percent in Australia and 50 percent in the UK. The U.S. (42 percent), Germany (41 percent), Singapore (40 percent), and France (34 percent) had slightly more positive results.
  • Almost a fifth of global respondents think their boards view gaining knowledge and skills as a cost to the business, rather than an asset. This rises to 35 percent in Australia.
  • However, the majority of respondents in France (63 percent) and Germany (62 percent) see knowledge and skills growth as an asset.
  • Despite respondents claiming that they plan approximately two years in advance for most areas of the business, staffing and recruitment is still on average only planned for a maximum of a year.
  • This is creating a disconnect where organisations are attempting to address key IT challenges with teams not as well equipped in terms of skills and experience as they could be.
  • Additional Resources

    Data in the study also revealed four main personas of global IT leaders, all with different levels of effectiveness when it comes to pioneering digital transformation projects and managing the skills of their teams.

    EXECUTIVE SUMMARY
    GLOBAL AND REGIONAL ANALYSIS OF EACH PERSONA IN EACH OF THE COUNTRIES SURVEYED

    The study was conducted by independent research house Vanson Bourne in March 2017. 630 IT decision-makers in organisations with more than 500 employees in the U.S., U.K., France, Germany, Singapore and Australia were surveyed.

    This article has been taken from Brocade.com.

    Dump the Sandbox

    April 20th, 2017

    By Andy Norton at SentinelOne

    Technology becomes obsolete quickly in a variety of industries as “newer” and “more innovative” options crop up on what feels like an almost daily basis. The same is true for the pace of technological innovation in the information security space.

    Traditional antivirus vendors spurred on by waning detection rates and unhappy customers have been acquiring companies that offer potential solutions to the satisfactory prevention of the latest threat of the day, that currently pose enormous risks to its already languishing and disgruntled customers.

    Sandboxes grew in popularity as a stop gap because organisations needed to apply reasonable levels of certainty to security controls in the absence of confidence in endpoint AV to protect the organisation. But, at what cost?

    Apart from being hideously expensive because they knew about “Chinese” attackers, sandboxes identified thousands of Indicators of Compromise (IoCs), that had every security analyst chasing every instance to determine if the attack only detonated in the sandbox, or if it also ran on the endpoint. And, if so, did it successfully communicate with its command-and-control infrastructure? If it did that, then they had to determine what it actually did to the endpoint.

    This Pyrrhic victory in malware defence has been the reality for many organisations for the past few years. The lack of efficiency in the sandbox has forced organisations to consume intel feeds and hope that an IoC somewhere might turn up in the environment at some point, only to find out that the level of false positive reduction in that feed was not satisfactory.

    Here´s the message for the CISO

    If you are about to renew a really expensive purchase order for sandboxes… don´t sign the renewal agreement without first considering alternative approaches.

    It´s time to get rid of high maintenance security technology. It´s time to stop shouldering the burden of proof of what might occur at the endpoint, based on what was detected on the network.

    Even a leading sandbox vendor admits: “the endpoint has always been the most reliable source of truth.” The endpoint is ground-zero for the organisation, and as such it should be the most accurate and least costly source of security escalation.

    Microsoft operates 12 security operation centres, they found IoC led investigations have a negative value to security. Instead, they base their analysis of threats on observed behaviours in their environment, behaviour analysis is responsible for tracking nearly 100% of the active threats at Microsoft.

    Total Cost of Risk Ownership

    Information security controls are placed into an organisation to manage risk. The big questions to ask: does the capital and operational burden of sandboxes actually reduce the risk? What is the delta in risk between running sandbox technology and not running it? Further, what is the savings in expenditure and operational costs?

    The quantitative answer is determined by how many threats are detected in the sandbox that would not have been detected by other security controls. For example, if you have a system that monitors the actual behaviour of the endpoint, then the risk delta value of the sandbox is zero. In addition, the cost savings are enormous because the wild goose chases of analyst time disappears too. Instrumenting the endpoint with behavioural modeling instead of using sandboxes reduces the Total Cost of Ownership massively, as the expenditure drops while the residual risk remains the same.

    Related Posts from SentinelOne:

    Cyber Security Importance Doesn’t Always Translate in Business
    We hear a lot about cyber security these days, both in the business world and…

    Deepening threat intelligence: SentinelOne’s DFI engine now part of VirusTotal
    A short while ago, SentinelOne—in the latest release of EPP– brought to market a powerful…

    SentinelOne Now Supports Windows Legacy Systems
    Not all operating systems are created equal Last month, at South China University of Technology…

    Three Common Misconceptions about Designing Your Cybersecurity Solution

    April 12th, 2017

    Outdated cybersecurity solutions with data backhaul and hardware upgrades cost organisations millions of dollars each year. There are other alternatives to backhauling data that keep your network secure and your costs down. Here are three misconceptions of designing your cybersecurity solution.

    1. Thinking that backhauling data from remote offices and mobile workers to on-prem appliances is the only way to protect a distributed organisation.

    Since the age of the mainframe in the late 60s, centralising your IT infrastructure was logical. Most companies had large headquarters where a majority of their employees worked, and infrastructure was housed centrally to provide compute power and business resources. As technology advanced through the mid-90s, internet and email became common work tools, meaning organisations now had the flexibility to conduct business from multiple office locations. Enter the Blackberry in the early 2000s, and now we’ve reached the distributed age. Businesses are rarely in one location. If you consider every mobile device accessing work applications a “remote office,” you have now gone from securing one site to securing hundreds.

    This exponential increase in business locations puts increasing strain on your network security plan. While the pain of backhauling data as you added individual remote offices was manageable, the concept of backhauling data was never designed to scale to the mobile world we live in. This new paradigm shift in business requires a new approach to network security. Continuing to backhaul data from mobile users and remote offices is like. It might work for today, and maybe for tomorrow, but you either keep paying for more sandbags, or consider a new approach that is designed for the current situation.

    2. Completely rearchitecting your network by moving to an all-cloud solution is the only way to avoid excessive backhaul

    There are cloud-only SWG solutions that provide infrastructure cost benefits, but they come with a pricey compromise – rearchitecting your entire network to direct all traffic to cloud-based SWGs. A cloud-only approach is not for every business. There are compliance issues for many industries, legal ramifications from data privacy laws, and operational security concerns that arise from using a multitenant cloud. If you have requirements that can’t completely be met by a cloud-only SWG, it’s critical that you find a solution that’s built for the cloud, but not built exclusively in the cloud.

    3. Believing that leveraging cloud and on-prem capabilities mean you have to manage two separate interfaces or sacrifice policy consistency.

    If you’re already one step ahead and know that you don’t have to rely on solely cloud or on-prem secure web gateways, perhaps you are exploring a hybrid solution. Traditional “hybrid” solutions have two different systems operating in tandem. While this seems like a good idea, in theory, it creates significant management overhead and headaches to administer the two systems. For example, policies often only sync in one direction, which creates gaps in your security plan as you work to ensure each system is managed correctly. Not to mention that the two systems frequently lack feature parity, making uniform policy enforcement a real challenge.

    Your experiences managing your network security should be seamless and should not require separate management systems just to reap the benefits of both cloud and hybrid deployment. Your secure web gateway should give you the flexibility to define your own network security policies without reconfiguration or sacrificing user experience.

    Beyond backhauling

    Most companies haven’t reevaluated their network security solution because the thought of ripping and replacing appliances or completely reconfiguring their network is enough to scare them away. But SWG solutions designed 10-15 years ago were built to secure a different type of organisation than we see today, so it’s worth considering other options. It is not financially sustainable to backhaul the increasing amount of data created by a mobile workforce. Instead, find a solution that leverages the cloud to avoid expensive VPN and MPLS links, but also doesn’t force you to overhaul your network architecture.

    Believe it or not, there are network security solutions that were built specifically to support the distributed organisation. iboss designed the first Distributed Gateway Platform to address the challenges facing decentralised organisations today by leveraging an elastic, node-based architecture that scales to meet changing bandwidth needs. Learn more about the changing secure web gateway landscape and the needs posed by distributed organisations.

    As you think about your security needs over the next five to ten years, evaluate whether your current vendor can help you scale and grow without network re-architecture, management of multiple, isolated systems, or increased bandwidth costs from backhauling data. Here are 11 things to consider as you evaluate and plan for your cybersecurity needs in the coming years.

    Original article published by Ed Gaudet. https://blog.iboss.com/sled/3-common-misconceptions-about-designing-your-cybersecurity-solution

    Ruckus Wireless Unveils New SmartZone Capabilities in New OS Release

    April 12th, 2017

    Ruckus Wireless, has announced the availability of version 3.5 of its SmartZone™ Operating System (OS). The new release powers the industry’s highest-capacity controller portfolio, including the SmartZone 300 (SZ300) high-scale control and management appliance, which is also being announced today. With more than 30 new features and enhancements, SmartZone OS 3.5 makes it easier than ever for IT to improve the end-user experience and to better align security and policy posture with a diverse user device constituency. New capabilities also enable enterprises and managed service providers to easily and securely implement complex network architectures and multi-tier business models.

    The SmartZone portfolio includes high-capacity appliances designed for service provider and large enterprise deployments—SZ300 and virtual SmartZone High-Scale (vSZ-H)—and enterprise-class appliances—SmartZone 100 (SZ100) and virtual SmartZone Essentials (vSZ-E)—designed for mid-sized enterprise networks. The virtual SmartZone Data Plane (vSZ-D) works in conjunction with virtual control and management appliances, enabling a high-throughput distributed data plane. Since their introduction in 2015, SmartZone controllers have been deployed by more than 2,000 enterprise and service provider organisations that are collectively managing more than 600,000 APs.

    “Cloud-managed wireless services revenue is growing at 26 percent, far faster than the enterprise WLAN equipment market,” said Rohit Mehra, vice president, network infrastructure, IDC. “WLAN vendors that can build products that enable those service providers to grow their own businesses profitably stand to outperform the market. With its SmartZone portfolio and its latest enhancements, Ruckus is clearly vying to be a dominant vendor in this segment. At the same time, the company is investing in universally critical functionality related to end-user experience management, security and analytics.”

    Enhancing End-user Experience Management

    As end-user quality-of-service expectations increase, IT departments are increasingly challenged to meet them. SmartZone OS 3.5 provides IT with tools to better ensure quality experience:

  • Visual Connection Diagnostics (VCD) enables IT to react in real time to end-user problems, visually troubleshooting the client connection process, pinpointing the failure stage and identifying the likely cause of failure.
  • New “super-KPIs,” combined with visual alerts and pivot-table functionality, provide IT with a more effective means of predicting end-user experience degradation, reducing the time IT must spend on identifying systemic failures.
  • Near real-time push-streaming enables IT to effectively respond to rapidly deteriorating network conditions by allowing third-party or custom-built analytics tools to consume key performance indicators (KPIs) with no delay, no fidelity loss and no need for IT to create a firewall pinhole.
  • Creating More Flexible Security and Policy Management

    Ensuring that the network, devices and users are protected without compromising expected service and access levels is critically important. The new release helps IT address these challenges more easily:

  • SmartZone integration with Ruckus Cloudpath™ security and policy management software allows IT to create a practically unlimited number of user and device roles, enabling user-specific VLAN, access control and bandwidth attributes. This capability enables IT to segment the network based on real security and policy needs, rather than on a one-size-fits-all basis.
  • Usability improvements to Ruckus Dynamic Pre-Shared Key™ (DPSK) technology include a group DPSK function and, with Cloudpath integration, automatic key distribution to end users. Group DPSK is designed to make it easier for organisations with “headless” Internet of Things (IoT) devices such as printers and Apple TVs to manually distribute keys to these devices by enabling groups of device types to use a common DPSK key.
  • Enabling More Sophisticated Business and Deployment Models

    The latest SmartZone release further enhances multi-tenant and data plane functionality and flexibility for service providers that host private clouds and for large enterprises and educational institutions:

  • Multi-tenant partner domain segmentation allows service providers that operate private clouds to establish secure, isolated operating domains for their non-hosting managed service provider clients. This new capability, combined with existing domain and zone functionality, enables the private-cloud service provider to support any single-tier or dual-tier managed services business model while meeting stringent operational and security requirements.
  • The zone affinity feature in the vSZ-D provides a common data plane to distributed sites, allowing customers to maintain a centralised data architecture in the event of a WLAN vendor change. Managed service providers can use the same capability to allow their customers to tunnel guest traffic away from their local area network (LAN).
  • Native DHCP/NAT functionality in the vSZ-D simplifies deployment complexity by enabling high-performance DHCP assignment in a centralised or distributed network context without the need for third-party DHCP/NAT servers.
  • The vSZ-D enables Layer 3 roaming without the need for a dedicated mobility controller. Parameters are defined just once in a centrally located vSZ-H/E instance. Distributed vSZ-D instances automatically establish tunnels between themselves. Roaming devices maintain their original IP address, ensuring session persistence for sensitive applications such as voice.
  • “With Ruckus’ latest version of its SmartZone control and management software, browsing across the user interface is straightforward and simple, with the ability to access configuration and monitoring on a single page,” said Yves Premel-Cabic, head of engineering, WiFirst. “Ruckus now goes far beyond its competitors, with call-flow diagnostics for client association issues and crystal clear technical data. By combining it with the Ruckus SmartCell Insight platform, we will now be able to enjoy state-of-the-art analytics. vSZ 3.5 is now the best carrier-grade Wi-Fi management solution, and WiFirst’s engineers and technicians can’t wait to upgrade to this major release.”

    “SmartZone allows service providers and large organisations to easily deploy high-scale, multi-site, multi-region WLANs while practically eliminating the usual costs associated with data plane scaling,” said Greg Beach, vice president of product management at Ruckus Wireless. “With this latest release, we’ve made SmartZone even more compelling for service providers of all kinds, while giving IT in every organisation easy-to-use tools that allow them to more effectively manage the entire end-user experience from service quality to security and policy.”

    To learn more about Ruckus Wireless’s SmartZone portfolio, visit https://www.ruckuswireless.com/products/system-management-control/smartzone.

    Original article: https://www.ruckuswireless.com/ruckus-wireless-unveils-experience-management-capabilities-with-new-smartzone-os-release

    Gemalto Wins 2017 Cybersecurity Excellence Award for Best Encryption Product with SafeNet KeySecure

    March 30th, 2017

    Gemalto, the world leader in digital security, announces that they have been named a winner of the 2017 Cybersecurity Excellence Awards. Gemalto’s SafeNet KeySecure was voted “best encryption product” by over 300,000 members of the global information security community.

    Gemalto’s SafeNet KeySecure provides an organisation’s security team with the ability to centrally manage and store encryption keys easily and securely. To demonstrate compliance with mandates or internal data protection policies, the solution offers IT administrators a single pane of glass to simplify the auditing processes. All key state changes are monitored through a centralised logging system, which immediately alerts a company’s security administrator to any key modifications or attempted breaches. This real-time information allows the security team to quickly address the situation and inform stakeholders saving valuable time.

    SafeNet KeySecure provides flexibility across physical, virtualized and public cloud environments, so customers can choose the deployment model that works best for them. The solution also integrates with a broad ecosystem of cloud service providers in addition to interoperability partners using the OASIS KMIP standard. Depending on what the customer needs, Gemalto’s SafeNet KeySecure and encryption and key management products support multiple encryption use cases in one single platform helping IT administrators reduce operating expenses and workloads.

    “The Cybersecurity Excellence Awards is an annual competition honouring individuals, products and companies that demonstrate excellence, innovation and leadership in information security,” said Holger Schulze, founder of the 300,000-member Information Security Community on LinkedIn. “Every year we receive hundreds of entries and only the very best-in-class cybersecurity products make the cut in our selection and voting process.”

    “The vote of excellence from our peers in the information security community recognises our commitment to providing customers with easy-to-use, business-driven security solutions,” said Todd Moore, Senior Vice President of Encryption Products at Gemalto. “Organisations suffer hefty consequences if their data is lost, stolen or compromised. Integrating Gemalto’s SafeNet KeySecure for encryption and key management helps companies secure their data mitigating the risks associated with data breaches.”

    Related Resources

    Charting your Path to Enterprise Key Management
    Own and Manage your Own Encryption Keys
    SafeNet KeySecure Product Brief

    Gemalto releases findings of 2016 Breach Level Index

    March 30th, 2017

    Almost 1.4 billion data records compromised in 2016 as hackers targeted large-scale databases across industries

    Gemalto, the world leader in digital security, today released the findings of the Breach Level Index revealing that 1,792 data breaches led to almost 1.4 billion data records being compromised worldwide during 2016, an increase of 86% compared to 2015. Identity theft was the leading type of data breach in 2016, accounting for 59% of all data breaches. In addition, 52% of the data breaches in 2016 did not disclose the number of compromised records at the time they were reported.

    The Breach Level Index is a global database that tracks data breaches and measures their severity based on multiple dimensions, including the number of records compromised, the type of data, the source of the breach, how the data was used, and whether or not the data was encrypted. By assigning a severity score to each breach, the Breach Level Index provides a comparative list of breaches, distinguishing data breaches that are a not serious versus those that are truly impactful (scores run 1-10). According to the Breach Level Index, more than 7 billion data records have been exposed since 2013 when the index began benchmarking publicly disclosed data breaches. Breaking it down that is over 3 million records compromised every day or roughly 44 records every second.

    Last year, the account access based attack on AdultFriend Finder exposing 400 million records scored a 10 in terms of severity on the Breach Level Index. Other notable breaches in 2016 included Fling (BLI: 9.8), Philippines’ Commission on Elections (COMELEC) (BLI: 9.8), 17 Media (BLI: 9.7) and Dailymotion (BLI: 9.5). In fact, the top 10 breaches in terms of severity accounted for over half of all compromised records. In 2016, Yahoo! reported two major data breaches involving 1.5 billion user accounts, but are not accounted for in the BLI’s 2016 numbers since they occurred in 2013 and 2014.

    “The Breach Level Index highlights four major cybercriminal trends over the past year. Hackers are casting a wider net and are using easily-attainable account and identity information as a starting point for high-value targets. Clearly, fraudsters are also shifting from attacks targeted at financial organisations to infiltrating large databases such as entertainment and social media sites. Lastly, fraudsters have been using encryption to make breached data unreadable, then hold it for ransom and decrypting once they are paid”, said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto.

    Data Breaches by Type

    In 2016, identity theft was the leading type of data breach, accounting for 59% of all data breaches, up by 5% from 2015. The second most prevalent type of breach in 2016 is account access based breaches. While the incidence of this type of data breach decreased by 3%, it made up 54 % of all breached records, which is an increase of 336% from the previous year. This highlights the cybercriminal trend from financial information attacks to bigger databases with large volumes of personally identifiable information. Another notable data point is the nuisance category with an increase of 101% accounting for 18% of all breached records up 1474% since 2015.

    Data Breaches by Source

    Malicious outsiders were the leading source of data breaches, accounting for 68% of breaches, up from 13% in 2015. The number of records breached in malicious outsider attacks increased by 286% from 2015. Hacktivist data breaches also increased in 2016 by 31%, but only account for 3% of all breaches that occurred last year.

    Data Breaches by Industry

    Across industries, the technology sector had the largest increase in data breaches in 2016. Breaches rose 55%, but only accounted for 11% of all breaches last year. Almost 80% of the breaches in this sector were account access and identity theft related. They also represented 28% of compromised records in 2016, an increase of 278% from 2015.

    The healthcare industry accounted for 28% of data breaches, rising 11% compared to 2015. However, the number of compromised data records in healthcare decreased by 75% since 2015. Education saw a 5% decrease in data breaches between 2015 and 2016 and a drop of 78% in compromised data records. Government accounted for 15% of all data breaches in 2016. However, the number of compromised data records increased 27% from 2015. Financial services companies accounted for 12% of all data breaches, a 23% decline compared to the previous year.

    All industries listed in the ‘Other’ category represented 13% of data breaches and 36% of compromised data records. In this category, the overall number of data breaches decreased by 29%, while the number of compromised records jumped by 300% since 2015. Social media and entertainment industry related data breaches made up the majority.

    Last year 4.2% of the total number of breach incidents involved data that had been encrypted in part or in full, compared to 4% in 2015. In some of these instances, the password was encrypted, but other information was left unencrypted. However, of the almost 1.4 billion records compromised, lost or stolen in 2016, only 6% were encrypted partially or in full (compared to 2% in 2015).

    “Knowing exactly where their data resides and who has access to it will help enterprises outline security strategies based on data categories that make the most sense for their organisations. Encryption and authentication are no longer ‘best practices’ but necessities. This is especially true with new and updated government mandates like the upcoming General Data Protection Regulation (GDPR) in Europe, U.S state-based and APAC country-based breach disclosure laws. But it’s also about protecting your business’ data integrity, so the right decisions can be made based on accurate information, therefore protecting your reputation and your profits.”​

    ​Additional Resources:

  • For a full summary of data breach incidents by industry, source, type and geographic region, download the 2016
    Breach Le​​vel Index Re​port
  • Download the infographic here.
  • Visit the BLI website here.​
  • Net-Ctrl Blog - mobile

    WanaCrypt0r aka WannaCry ransomware wreaks havoc worldwide

    May 16th, 2017

    The WanaCrypt0r ransomware hit with a vengeance on Friday, with the outbreak beginning in Europe, striking hospitals and other organisations, then quickly spreading across the globe. As of 1:00pm Pacific Time, it is believed more than 57,000 systems in more than 74 countries had been affected.

    Researchers at SentinelOne have determined that the Endpoint Protection Platform does successfully detect and block this ransomware strain. Customers are advised to make sure that they are running the latest version.

    Additional reports indicate that this ransomware strain was distributed using the EternalBlue exploit that was released by the ShadowBrokers in April. This vulnerability was patched by Microsoft (MS17-010) before ShadowBrokers released the exploit. This shows that in the real world keeping up-to-date with patches and critical updates can be difficult but is a crucial step for all organisations.

    Watch SentinelOne’s advanced machine learning engines at work against WannaCry:

    This article was taken from SentinelOne.

    Palo Alto Networks Protections Against WanaCrypt0r Ransomware Attacks

    May 16th, 2017

    What Happened

    On Friday, May 12, 2017, a series of broad attacks began that spread the latest version of the WanaCrypt0r ransomware. These attacks, also referred to as WannaCrypt or WannaCry, reportedly impacted systems of public and private organisations worldwide. Our Next-Generation Security Platform automatically created, delivered and enforced protections from this attack.

    How the Attack Works

    While the initial infection vector for WanaCrypt0r is unclear, it is certain that once inside the network, it attempts to spread to other hosts using the SMB protocol by exploiting the EternalBlue vulnerability (CVE-2017-0144) on Microsoft Windows systems. This vulnerability was publicly disclosed by the Shadow Brokers group in April 2017, and was addressed by Microsoft in March 2017 with MS17-010.

    Microsoft published a post on protections from the WanaCrypt0r attacks here, and has taken the step of providing patches for versions of Windows software that are no longer supported, including Windows XP. Organisations that have applied the MS17-010 update are not at risk for the spread of WanaCrypt0r across the network, but given it addresses a remotely exploitable vulnerability in a networking component that is now under active attack, we strongly urge making deployment of this security update a priority.

    Preventions

    Palo Alto Networks customers are protected through our Next-Generation Security Platform, which employs a prevention-based approach that automatically stops threats across the attack lifecycle. Palo Alto Networks customers are protected from WanaCrypt0r ransomware through multiple complementary prevention controls across our Next-Generation Security Platform, including:

    • WildFire classifies all known samples as malware, automatically blocking malicious content from being delivered to users.
    • Threat Prevention enforces IPS signatures for the vulnerability exploit (CVE-2017-0144 – MS17-010) used in this attack: SMB vulnerability – ETERNALBLUE.
    • URL Filtering monitors malicious URLs used and will enforce protections if needed.
    • DNS Sinkholing can be used to identify infected hosts on the network. For more, please reference our product documentation for best practices.
    • Traps prevents the execution of the WanaCrypt0r malware on endpoints.
    • AutoFocus tracks the attack for threat analytics and hunting via the WanaCrypt0r tag.
    • GlobalProtect extends WildFire and Threat Prevention protections to remote users and ensures consistent coverage across all locations.

    For best practices on preventing ransomware with the Palo Alto Networks Next-Generation Security Platform, please refer to their Knowledge Base article. We strongly recommend that all Windows users ensure they have the latest patches made available by Microsoft installed, including versions of software that have reached end-of-life support.

    This article was originally published by Palo Alto Networks.View the original article.

    Change Log:

    On May 13, 2017, this post was updated to include:

    • Link to Microsoft blog on protections against WanaCrypt0r attacks
    • Details on additional protections via DNS sinkholing
    • Updated URL Filtering section to reflect new analysis

    On May 15, 2017, this post was updated to clarify the WanaCrypt0r attack delivery method based on additional information.

    May 17, 2017:

  • Added Threat Prevention signature information for anti-malware and command-and-control activity.
  • Added link to Traps blog.
  • Practice These 10 Basic Cyber Hygiene Tips for Risk Mitigation

    May 9th, 2017

    For six years in a row, cybersecurity has been identified as the #1 “problematic shortage” area across all of IT. What’s more concerning is that in 2016 and 2017, there was a dramatic increase in the shortage across organisations.

    With companies scrambling for cybersecurity personnel, they are also distracted by involvement in an innovation race. Today, intense pressure is placed on organisations to stay on top of new technology without slowing daily operations. As rapid implementations of these technologies continue, security measures and risks that tend to cause vulnerabilities in the IT environment are overlooked. With the popularity of Internet of Things and BYOD, we’re also witnessing the creation of weak spots that IT departments do not have the bandwidth or expertise to address.

    In today’s modern cybersecurity, a large emphasis is placed on managing risk, which is dire for companies lacking professionals that can respond to attacks. With ever-evolving threats, it’s nearly impossible to always know what is coming. That’s why it is so imperative to practice basic cyber hygiene as a way to eliminate and mitigate possible threats, especially during a time of digital transformation.

    What is Basic Cyber Hygiene?

    The Center for Internet Security (CIS) and the Council on Cyber Security (CCS) defines cyber hygiene as a means to appropriately protect and maintain IT systems and devices and implement cyber security best practices.

    This risk mitigation technique is a must for all businesses deploying emerging technologies to their networks. Without clear assessments and interventions, hackers will have an easy in through unpatched and outdated solutions, and unforeseen security gaps in newer technologies.Executive Brief Endpoint Protection

    Keeping Good Cyber Hygiene Habits

    While cyber hygiene isn’t an ironclad protection, it’s important for everyone in contact with your network, from the CEO to the lowly intern, to act securely with these ten tips:

    1. Keep an inventory of hardware and software on the company network.
    2. Develop a process for software installation by end users. That could include limiting installation of trusted software or prohibiting and blocking all installation without prior approval from IT.
    3. Educate users on practising good cyber behaviour, including password management, identifying potential phishing efforts, and which devices to connect to the network.
    4. Identify vulnerable applications that aren’t in use and disable them.
    5. Consistently back up data and keep multiple copies. Consider using a secure cloud solution as well as on premise.
    6. Turn to industry-accepted secure configurations/standards like NIST and CIS Benchmark. These can help organisations define items like password length, encryption, port access, and double authentication.
    7. Patch all applications right away–regularly. Unpatched systems are one the biggest risk factors in attacks.
    8. Create complex passwords.
    9. Limit the number of users with administrative privileges.
    10. Upgrade ageing infrastructure and systems.

    Reduce the Human Impact

    Even with the best protection, there are no guarantees that your business won’t become the victim of a ransomware attack, data breach, or other cybersecurity threat. That’s why it is so important to reduce human impact by automating security practices whenever possible.

    Providing double authentication sign-ons that require complex passwords, blocking certain file types, and testing users on their security knowledge are steps that all companies can take to protect today’s diversified networks.

    For businesses with a shortage of cybersecurity professionals, these steps while simple may still prove to be a challenge. That’s why it is helpful to find tools like machine learning that can react and predict malicious behaviour for you.

    With machine learning and behavior-based detection, you can relieve your IT team of exhaustive manual procedures. SentinelOne automates security for you with EPP. To learn more on how to protect your network in our quickly evolving technological world, download our executive brief Get Your Endpoint Protection Out of the 90’s!

    Item take from SentinelOne blog.

    New SentinelOne Enterprise Risk Index Provides Evidence of Growing Use of In-Memory Attacks; Renders Traditional Antivirus Protection Methods Redundant

    April 28th, 2017

    SentinelOne, the company transforming endpoint protection by delivering unified, multi-layer protection driven by machine learning and intelligent automation, today launched its first Enterprise Risk Index which highlights the growing use of in-memory attacks, further proof that attacks simply cannot be stopped by traditional, static, file inspection security solutions.

    The report includes an analysis of filtered data from more than one million SentinelOne Enterprise Platform agents deployed worldwide during the last half of 2016. Findings are based on behavioural analysis of malware programs that bypassed firewalls and network controls to infect endpoint devices.

    “These days, infecting a target is just a matter of resources; but how long the hackers get to stay inside the network is a matter of good detection,” said Andy Norton, EMEA risk officer for SentinelOne and lead researcher for the Enterprise Risk Index. “In our analysis we focused on the attacks that are successful in making their way past traditional defences to reach endpoint targets because these are the threats that pose the greatest risk to an organisation. That’s what we should be measuring – not what’s stopped at the gateway.”

    The report focuses on attack methods classified into three risk categories:

  • Attacks detected from document-based files, largely associated with Microsoft Word or Adobe PDF.
  • Attacks detected from traditional portable executable-based files.
  • Attacks detected only from the memory of the system with no associated new artefacts on the system.
  • From the report, “we won’t be announcing what the top malware family is – for example, Zeus, Diamond Fox or Updare – however, we do build indicators of compromise to help with identification and response, and when a hash value exists we have submitted the hash to malware repositories to see what other submissions there have been for them.”

    Key findings of the report include:

  • The growing menace of in-memory attacks: in this timeframe, we found that these attacks have doubled in comparison to the infection rates of file based vectors.
  • Even for file-based attacks, only 20 percent of threats had corresponding signatures from existing AV engines.
  • Nation-state actors are trading infection sustainability for stealth, leaving no new artefacts on the file system and relying on memory-based attacks, even if it means needing to re-infect the target.
  • Three-pronged infections are becoming the norm as attackers no longer rely solely on .exe files to deliver malware, but instead use hybrid attacks that multiple attack vectors can utilise in one attack chain.
  • “Our goal with the Enterprise Risk Index is to help organisations get a better view of which threats are successful in reaching the final barrier in enterprise defences,” said Norton. “With this data in mind, customers can better determine not only what the risks are but where they are and can adjust their security planning and investments accordingly.”

    A copy of the full SentinelOne Enterprise Risk Index is available for download here.

    Brocade Study Reveals More than Half of IT Teams Will Struggle with Business Demands in Next 12 Months

    April 27th, 2017

    Germany and U.S. Ahead of the Digital Transformation Skills Game, While UK Lags Behind

    Brocade announced a new GLOBAL DIGITAL TRANSFORMATION SKILLS STUDY, which aims to uncover how well-placed global IT leaders consider themselves and their teams to be in terms of meeting current and future business demands. Of the six markets surveyed, Germany was found to be the best prepared to meet its digital transformation goals, closely followed by the U.S., while the UK lagged well behind its counterparts.

    The research, which surveyed 630 IT leaders in the U.S., UK, France, Germany, Australia, and Singapore, indicates that many organisations are at a tipping point, as new technology demands are set to outstrip the skills supply. Organisations that address this now through additional skills training will be in the strongest position to ensure business growth and competitive advantage.

    Overall, an encouraging 91 percent of global IT leaders acknowledge that IT departments are currently recognised as very important or critical to innovation and business growth. However, more than half (54 percent) predict they will struggle with a lack of IT talent in 12 months. Contributing factors identified from the research include skills shortages, a prevalence of outdated skills, lack of commitment to training at the corporate board level, and the rapidly changing technology environment.

    “Businesses are approaching the peak of IT strategic influence. Now is the moment that IT teams feel they have the strongest opportunity to influence the transformation of their organisations,” said Christine Heckart, chief marketing officer and senior vice president of ecosystems, Brocade. However, with a rapidly changing technology landscape and potential impact on international labour markets, it is critical that IT receives the right training to further develop their skills and business relevance.”

    The research also found that skills planning had to be aligned with other areas of business planning to avoid the risk of a technology skills deficit, where IT teams are expected to deliver the benefits of technologies that they are ill-equipped to implement.

    Staff shortages and outdated skills are preventing ITDMs from delivering on current business demands

    Organisations are attempting to move their IT departments away from their traditional roles, but the lack of skills and the time required to learn those skills have held them back. IT decision makers (ITDM) believe this could be a major contributor to their inability to meet business demands, putting organisations at risk of falling behind their competitors and losing customers.

  • Approximately one in four respondents in Australia, France, Germany, Singapore, and the U.S. claim that they cannot deliver on current business demand due to staff shortages. This number rises to 42 percent in the UK.
  • Respondents claim that the lack of access to talent will prevent them from implementing new technologies efficiently, lead to a decrease in employee satisfaction, and result in the loss of market share.
  • The IT skills gap is only likely to get worse and organisations need to act now

    The political landscape is also a contributing factor in the widening skills gap. As market uncertainty intensifies in the next few years, it is more important than ever for IT departments to remain agile and take advantage of new technologies.

  • Ninety-two percent of those questioned had some level of concern about future hiring of IT staff, while 54 percent were concerned about a lack of skilled talent to choose from.
  • Forty-three percent of global respondents agreed or strongly agreed that the current political climate makes it difficult to hire employees with the right skills. In the U.S. and Australia, the numbers were 52 percent and 54 percent, respectively.
  • Even with the uncertainty surrounding the Brexit situation, EMEA respondents were less concerned, with only 31 percent of UK ITDMs believing it presented a challenge compared to 39 percent in Germany and 35 percent in France.
  • Training time and investment will prove to be business-critical

    Training continues to be an issue as day-to-day IT maintenance tasks take priority. For organizations to address the technical skills deficit, they first need to invest time and money — or face the consequences.

  • There is consistent demand globally to spend more time on increasing skills — from 15 percent of time that is currently spent on this to 22 percent.
  • Respondents reported that insufficient budget (45 percent) and training time (45 percent) are constraining IT departments’ attempts to develop skills more than any other factors. These factors rise to 60 percent and 50 percent respectively in Australia but drop to 37 percent and 30 percent in Germany.
  • Currently, only three hours are allocated per week for learning and skills development. Respondents in Singapore average four hours of skills development per week.
  • Sixty-seven percent of respondents agree that the key to closing the skills gap would be to spend more money on training.
  • IT professionals need to take control of their professional future

    The research also showed that IT professionals at all levels must take increased responsibility for their own professional destiny, embracing the opportunities delivered by new technologies such as artificial intelligence (AI) and all areas of IoT from device management to security.

  • Thirty-five percent of global respondents agreed or strongly agreed that their organisation’s IT team does not have the right skills to protect their jobs in the future.
  • When asked to identify the one skill that they see as critical to their future career progression, cybersecurity was the most frequently cited, by 22 percent of respondents globally.
  • AI and IoT security tied for second as the most critical skill at 18 percent. While AI was the most critical skill in France and Australia, IoT security was the most valued skill in Germany.
  • AI could be a friend or foe

    AI could revolutionise the IT skills that are required and the way that we work. AI is likely to replace a number of IT roles and tasks, but this doesn’t mean the end for the IT department. Employees need to have the right skills to be in a position to work alongside AI and embrace its future impact, so that organizations can unleash its full potential.

  • When asked which current roles were already being replaced by AI, desktop support (23 percent), data analyst (20 percent), software testers (17 percent), system architects (14 percent), and network engineers (11 percent) topped the list.
  • Within the next 10 years, these numbers are expected to increase: desktop support (37 percent), data analyst (34 percent), software testers (33 percent), system architects (31 percent), and network engineers (31 percent).
  • AI will also impact the role of the CIO, with almost half of the global respondents claiming increased focus from the business.
  • Fifty-six percent of respondents believe that developing AI-related skills is key to securing a role in the future.
  • Vital role of the board in ensuring long-term IT skills development

    Organisations’ boards will often dictate whether employees have the time and empowerment to develop their skills, but this is common in organisations that do not have the right support. The boards also have to ensure that skills and training improvements are aligned with other areas of business planning.

  • Forty-four percent of respondents think that new skills acquisition is not seen as being as valuable as it should be by the board. This rises to 59 percent in Australia and 50 percent in the UK. The U.S. (42 percent), Germany (41 percent), Singapore (40 percent), and France (34 percent) had slightly more positive results.
  • Almost a fifth of global respondents think their boards view gaining knowledge and skills as a cost to the business, rather than an asset. This rises to 35 percent in Australia.
  • However, the majority of respondents in France (63 percent) and Germany (62 percent) see knowledge and skills growth as an asset.
  • Despite respondents claiming that they plan approximately two years in advance for most areas of the business, staffing and recruitment is still on average only planned for a maximum of a year.
  • This is creating a disconnect where organisations are attempting to address key IT challenges with teams not as well equipped in terms of skills and experience as they could be.
  • Additional Resources

    Data in the study also revealed four main personas of global IT leaders, all with different levels of effectiveness when it comes to pioneering digital transformation projects and managing the skills of their teams.

    EXECUTIVE SUMMARY
    GLOBAL AND REGIONAL ANALYSIS OF EACH PERSONA IN EACH OF THE COUNTRIES SURVEYED

    The study was conducted by independent research house Vanson Bourne in March 2017. 630 IT decision-makers in organisations with more than 500 employees in the U.S., U.K., France, Germany, Singapore and Australia were surveyed.

    This article has been taken from Brocade.com.

    Dump the Sandbox

    April 20th, 2017

    By Andy Norton at SentinelOne

    Technology becomes obsolete quickly in a variety of industries as “newer” and “more innovative” options crop up on what feels like an almost daily basis. The same is true for the pace of technological innovation in the information security space.

    Traditional antivirus vendors spurred on by waning detection rates and unhappy customers have been acquiring companies that offer potential solutions to the satisfactory prevention of the latest threat of the day, that currently pose enormous risks to its already languishing and disgruntled customers.

    Sandboxes grew in popularity as a stop gap because organisations needed to apply reasonable levels of certainty to security controls in the absence of confidence in endpoint AV to protect the organisation. But, at what cost?

    Apart from being hideously expensive because they knew about “Chinese” attackers, sandboxes identified thousands of Indicators of Compromise (IoCs), that had every security analyst chasing every instance to determine if the attack only detonated in the sandbox, or if it also ran on the endpoint. And, if so, did it successfully communicate with its command-and-control infrastructure? If it did that, then they had to determine what it actually did to the endpoint.

    This Pyrrhic victory in malware defence has been the reality for many organisations for the past few years. The lack of efficiency in the sandbox has forced organisations to consume intel feeds and hope that an IoC somewhere might turn up in the environment at some point, only to find out that the level of false positive reduction in that feed was not satisfactory.

    Here´s the message for the CISO

    If you are about to renew a really expensive purchase order for sandboxes… don´t sign the renewal agreement without first considering alternative approaches.

    It´s time to get rid of high maintenance security technology. It´s time to stop shouldering the burden of proof of what might occur at the endpoint, based on what was detected on the network.

    Even a leading sandbox vendor admits: “the endpoint has always been the most reliable source of truth.” The endpoint is ground-zero for the organisation, and as such it should be the most accurate and least costly source of security escalation.

    Microsoft operates 12 security operation centres, they found IoC led investigations have a negative value to security. Instead, they base their analysis of threats on observed behaviours in their environment, behaviour analysis is responsible for tracking nearly 100% of the active threats at Microsoft.

    Total Cost of Risk Ownership

    Information security controls are placed into an organisation to manage risk. The big questions to ask: does the capital and operational burden of sandboxes actually reduce the risk? What is the delta in risk between running sandbox technology and not running it? Further, what is the savings in expenditure and operational costs?

    The quantitative answer is determined by how many threats are detected in the sandbox that would not have been detected by other security controls. For example, if you have a system that monitors the actual behaviour of the endpoint, then the risk delta value of the sandbox is zero. In addition, the cost savings are enormous because the wild goose chases of analyst time disappears too. Instrumenting the endpoint with behavioural modeling instead of using sandboxes reduces the Total Cost of Ownership massively, as the expenditure drops while the residual risk remains the same.

    Related Posts from SentinelOne:

    Cyber Security Importance Doesn’t Always Translate in Business
    We hear a lot about cyber security these days, both in the business world and…

    Deepening threat intelligence: SentinelOne’s DFI engine now part of VirusTotal
    A short while ago, SentinelOne—in the latest release of EPP– brought to market a powerful…

    SentinelOne Now Supports Windows Legacy Systems
    Not all operating systems are created equal Last month, at South China University of Technology…

    Three Common Misconceptions about Designing Your Cybersecurity Solution

    April 12th, 2017

    Outdated cybersecurity solutions with data backhaul and hardware upgrades cost organisations millions of dollars each year. There are other alternatives to backhauling data that keep your network secure and your costs down. Here are three misconceptions of designing your cybersecurity solution.

    1. Thinking that backhauling data from remote offices and mobile workers to on-prem appliances is the only way to protect a distributed organisation.

    Since the age of the mainframe in the late 60s, centralising your IT infrastructure was logical. Most companies had large headquarters where a majority of their employees worked, and infrastructure was housed centrally to provide compute power and business resources. As technology advanced through the mid-90s, internet and email became common work tools, meaning organisations now had the flexibility to conduct business from multiple office locations. Enter the Blackberry in the early 2000s, and now we’ve reached the distributed age. Businesses are rarely in one location. If you consider every mobile device accessing work applications a “remote office,” you have now gone from securing one site to securing hundreds.

    This exponential increase in business locations puts increasing strain on your network security plan. While the pain of backhauling data as you added individual remote offices was manageable, the concept of backhauling data was never designed to scale to the mobile world we live in. This new paradigm shift in business requires a new approach to network security. Continuing to backhaul data from mobile users and remote offices is like. It might work for today, and maybe for tomorrow, but you either keep paying for more sandbags, or consider a new approach that is designed for the current situation.

    2. Completely rearchitecting your network by moving to an all-cloud solution is the only way to avoid excessive backhaul

    There are cloud-only SWG solutions that provide infrastructure cost benefits, but they come with a pricey compromise – rearchitecting your entire network to direct all traffic to cloud-based SWGs. A cloud-only approach is not for every business. There are compliance issues for many industries, legal ramifications from data privacy laws, and operational security concerns that arise from using a multitenant cloud. If you have requirements that can’t completely be met by a cloud-only SWG, it’s critical that you find a solution that’s built for the cloud, but not built exclusively in the cloud.

    3. Believing that leveraging cloud and on-prem capabilities mean you have to manage two separate interfaces or sacrifice policy consistency.

    If you’re already one step ahead and know that you don’t have to rely on solely cloud or on-prem secure web gateways, perhaps you are exploring a hybrid solution. Traditional “hybrid” solutions have two different systems operating in tandem. While this seems like a good idea, in theory, it creates significant management overhead and headaches to administer the two systems. For example, policies often only sync in one direction, which creates gaps in your security plan as you work to ensure each system is managed correctly. Not to mention that the two systems frequently lack feature parity, making uniform policy enforcement a real challenge.

    Your experiences managing your network security should be seamless and should not require separate management systems just to reap the benefits of both cloud and hybrid deployment. Your secure web gateway should give you the flexibility to define your own network security policies without reconfiguration or sacrificing user experience.

    Beyond backhauling

    Most companies haven’t reevaluated their network security solution because the thought of ripping and replacing appliances or completely reconfiguring their network is enough to scare them away. But SWG solutions designed 10-15 years ago were built to secure a different type of organisation than we see today, so it’s worth considering other options. It is not financially sustainable to backhaul the increasing amount of data created by a mobile workforce. Instead, find a solution that leverages the cloud to avoid expensive VPN and MPLS links, but also doesn’t force you to overhaul your network architecture.

    Believe it or not, there are network security solutions that were built specifically to support the distributed organisation. iboss designed the first Distributed Gateway Platform to address the challenges facing decentralised organisations today by leveraging an elastic, node-based architecture that scales to meet changing bandwidth needs. Learn more about the changing secure web gateway landscape and the needs posed by distributed organisations.

    As you think about your security needs over the next five to ten years, evaluate whether your current vendor can help you scale and grow without network re-architecture, management of multiple, isolated systems, or increased bandwidth costs from backhauling data. Here are 11 things to consider as you evaluate and plan for your cybersecurity needs in the coming years.

    Original article published by Ed Gaudet. https://blog.iboss.com/sled/3-common-misconceptions-about-designing-your-cybersecurity-solution

    Ruckus Wireless Unveils New SmartZone Capabilities in New OS Release

    April 12th, 2017

    Ruckus Wireless, has announced the availability of version 3.5 of its SmartZone™ Operating System (OS). The new release powers the industry’s highest-capacity controller portfolio, including the SmartZone 300 (SZ300) high-scale control and management appliance, which is also being announced today. With more than 30 new features and enhancements, SmartZone OS 3.5 makes it easier than ever for IT to improve the end-user experience and to better align security and policy posture with a diverse user device constituency. New capabilities also enable enterprises and managed service providers to easily and securely implement complex network architectures and multi-tier business models.

    The SmartZone portfolio includes high-capacity appliances designed for service provider and large enterprise deployments—SZ300 and virtual SmartZone High-Scale (vSZ-H)—and enterprise-class appliances—SmartZone 100 (SZ100) and virtual SmartZone Essentials (vSZ-E)—designed for mid-sized enterprise networks. The virtual SmartZone Data Plane (vSZ-D) works in conjunction with virtual control and management appliances, enabling a high-throughput distributed data plane. Since their introduction in 2015, SmartZone controllers have been deployed by more than 2,000 enterprise and service provider organisations that are collectively managing more than 600,000 APs.

    “Cloud-managed wireless services revenue is growing at 26 percent, far faster than the enterprise WLAN equipment market,” said Rohit Mehra, vice president, network infrastructure, IDC. “WLAN vendors that can build products that enable those service providers to grow their own businesses profitably stand to outperform the market. With its SmartZone portfolio and its latest enhancements, Ruckus is clearly vying to be a dominant vendor in this segment. At the same time, the company is investing in universally critical functionality related to end-user experience management, security and analytics.”

    Enhancing End-user Experience Management

    As end-user quality-of-service expectations increase, IT departments are increasingly challenged to meet them. SmartZone OS 3.5 provides IT with tools to better ensure quality experience:

  • Visual Connection Diagnostics (VCD) enables IT to react in real time to end-user problems, visually troubleshooting the client connection process, pinpointing the failure stage and identifying the likely cause of failure.
  • New “super-KPIs,” combined with visual alerts and pivot-table functionality, provide IT with a more effective means of predicting end-user experience degradation, reducing the time IT must spend on identifying systemic failures.
  • Near real-time push-streaming enables IT to effectively respond to rapidly deteriorating network conditions by allowing third-party or custom-built analytics tools to consume key performance indicators (KPIs) with no delay, no fidelity loss and no need for IT to create a firewall pinhole.
  • Creating More Flexible Security and Policy Management

    Ensuring that the network, devices and users are protected without compromising expected service and access levels is critically important. The new release helps IT address these challenges more easily:

  • SmartZone integration with Ruckus Cloudpath™ security and policy management software allows IT to create a practically unlimited number of user and device roles, enabling user-specific VLAN, access control and bandwidth attributes. This capability enables IT to segment the network based on real security and policy needs, rather than on a one-size-fits-all basis.
  • Usability improvements to Ruckus Dynamic Pre-Shared Key™ (DPSK) technology include a group DPSK function and, with Cloudpath integration, automatic key distribution to end users. Group DPSK is designed to make it easier for organisations with “headless” Internet of Things (IoT) devices such as printers and Apple TVs to manually distribute keys to these devices by enabling groups of device types to use a common DPSK key.
  • Enabling More Sophisticated Business and Deployment Models

    The latest SmartZone release further enhances multi-tenant and data plane functionality and flexibility for service providers that host private clouds and for large enterprises and educational institutions:

  • Multi-tenant partner domain segmentation allows service providers that operate private clouds to establish secure, isolated operating domains for their non-hosting managed service provider clients. This new capability, combined with existing domain and zone functionality, enables the private-cloud service provider to support any single-tier or dual-tier managed services business model while meeting stringent operational and security requirements.
  • The zone affinity feature in the vSZ-D provides a common data plane to distributed sites, allowing customers to maintain a centralised data architecture in the event of a WLAN vendor change. Managed service providers can use the same capability to allow their customers to tunnel guest traffic away from their local area network (LAN).
  • Native DHCP/NAT functionality in the vSZ-D simplifies deployment complexity by enabling high-performance DHCP assignment in a centralised or distributed network context without the need for third-party DHCP/NAT servers.
  • The vSZ-D enables Layer 3 roaming without the need for a dedicated mobility controller. Parameters are defined just once in a centrally located vSZ-H/E instance. Distributed vSZ-D instances automatically establish tunnels between themselves. Roaming devices maintain their original IP address, ensuring session persistence for sensitive applications such as voice.
  • “With Ruckus’ latest version of its SmartZone control and management software, browsing across the user interface is straightforward and simple, with the ability to access configuration and monitoring on a single page,” said Yves Premel-Cabic, head of engineering, WiFirst. “Ruckus now goes far beyond its competitors, with call-flow diagnostics for client association issues and crystal clear technical data. By combining it with the Ruckus SmartCell Insight platform, we will now be able to enjoy state-of-the-art analytics. vSZ 3.5 is now the best carrier-grade Wi-Fi management solution, and WiFirst’s engineers and technicians can’t wait to upgrade to this major release.”

    “SmartZone allows service providers and large organisations to easily deploy high-scale, multi-site, multi-region WLANs while practically eliminating the usual costs associated with data plane scaling,” said Greg Beach, vice president of product management at Ruckus Wireless. “With this latest release, we’ve made SmartZone even more compelling for service providers of all kinds, while giving IT in every organisation easy-to-use tools that allow them to more effectively manage the entire end-user experience from service quality to security and policy.”

    To learn more about Ruckus Wireless’s SmartZone portfolio, visit https://www.ruckuswireless.com/products/system-management-control/smartzone.

    Original article: https://www.ruckuswireless.com/ruckus-wireless-unveils-experience-management-capabilities-with-new-smartzone-os-release

    Gemalto Wins 2017 Cybersecurity Excellence Award for Best Encryption Product with SafeNet KeySecure

    March 30th, 2017

    Gemalto, the world leader in digital security, announces that they have been named a winner of the 2017 Cybersecurity Excellence Awards. Gemalto’s SafeNet KeySecure was voted “best encryption product” by over 300,000 members of the global information security community.

    Gemalto’s SafeNet KeySecure provides an organisation’s security team with the ability to centrally manage and store encryption keys easily and securely. To demonstrate compliance with mandates or internal data protection policies, the solution offers IT administrators a single pane of glass to simplify the auditing processes. All key state changes are monitored through a centralised logging system, which immediately alerts a company’s security administrator to any key modifications or attempted breaches. This real-time information allows the security team to quickly address the situation and inform stakeholders saving valuable time.

    SafeNet KeySecure provides flexibility across physical, virtualized and public cloud environments, so customers can choose the deployment model that works best for them. The solution also integrates with a broad ecosystem of cloud service providers in addition to interoperability partners using the OASIS KMIP standard. Depending on what the customer needs, Gemalto’s SafeNet KeySecure and encryption and key management products support multiple encryption use cases in one single platform helping IT administrators reduce operating expenses and workloads.

    “The Cybersecurity Excellence Awards is an annual competition honouring individuals, products and companies that demonstrate excellence, innovation and leadership in information security,” said Holger Schulze, founder of the 300,000-member Information Security Community on LinkedIn. “Every year we receive hundreds of entries and only the very best-in-class cybersecurity products make the cut in our selection and voting process.”

    “The vote of excellence from our peers in the information security community recognises our commitment to providing customers with easy-to-use, business-driven security solutions,” said Todd Moore, Senior Vice President of Encryption Products at Gemalto. “Organisations suffer hefty consequences if their data is lost, stolen or compromised. Integrating Gemalto’s SafeNet KeySecure for encryption and key management helps companies secure their data mitigating the risks associated with data breaches.”

    Related Resources

    Charting your Path to Enterprise Key Management
    Own and Manage your Own Encryption Keys
    SafeNet KeySecure Product Brief

    Gemalto releases findings of 2016 Breach Level Index

    March 30th, 2017

    Almost 1.4 billion data records compromised in 2016 as hackers targeted large-scale databases across industries

    Gemalto, the world leader in digital security, today released the findings of the Breach Level Index revealing that 1,792 data breaches led to almost 1.4 billion data records being compromised worldwide during 2016, an increase of 86% compared to 2015. Identity theft was the leading type of data breach in 2016, accounting for 59% of all data breaches. In addition, 52% of the data breaches in 2016 did not disclose the number of compromised records at the time they were reported.

    The Breach Level Index is a global database that tracks data breaches and measures their severity based on multiple dimensions, including the number of records compromised, the type of data, the source of the breach, how the data was used, and whether or not the data was encrypted. By assigning a severity score to each breach, the Breach Level Index provides a comparative list of breaches, distinguishing data breaches that are a not serious versus those that are truly impactful (scores run 1-10). According to the Breach Level Index, more than 7 billion data records have been exposed since 2013 when the index began benchmarking publicly disclosed data breaches. Breaking it down that is over 3 million records compromised every day or roughly 44 records every second.

    Last year, the account access based attack on AdultFriend Finder exposing 400 million records scored a 10 in terms of severity on the Breach Level Index. Other notable breaches in 2016 included Fling (BLI: 9.8), Philippines’ Commission on Elections (COMELEC) (BLI: 9.8), 17 Media (BLI: 9.7) and Dailymotion (BLI: 9.5). In fact, the top 10 breaches in terms of severity accounted for over half of all compromised records. In 2016, Yahoo! reported two major data breaches involving 1.5 billion user accounts, but are not accounted for in the BLI’s 2016 numbers since they occurred in 2013 and 2014.

    “The Breach Level Index highlights four major cybercriminal trends over the past year. Hackers are casting a wider net and are using easily-attainable account and identity information as a starting point for high-value targets. Clearly, fraudsters are also shifting from attacks targeted at financial organisations to infiltrating large databases such as entertainment and social media sites. Lastly, fraudsters have been using encryption to make breached data unreadable, then hold it for ransom and decrypting once they are paid”, said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto.

    Data Breaches by Type

    In 2016, identity theft was the leading type of data breach, accounting for 59% of all data breaches, up by 5% from 2015. The second most prevalent type of breach in 2016 is account access based breaches. While the incidence of this type of data breach decreased by 3%, it made up 54 % of all breached records, which is an increase of 336% from the previous year. This highlights the cybercriminal trend from financial information attacks to bigger databases with large volumes of personally identifiable information. Another notable data point is the nuisance category with an increase of 101% accounting for 18% of all breached records up 1474% since 2015.

    Data Breaches by Source

    Malicious outsiders were the leading source of data breaches, accounting for 68% of breaches, up from 13% in 2015. The number of records breached in malicious outsider attacks increased by 286% from 2015. Hacktivist data breaches also increased in 2016 by 31%, but only account for 3% of all breaches that occurred last year.

    Data Breaches by Industry

    Across industries, the technology sector had the largest increase in data breaches in 2016. Breaches rose 55%, but only accounted for 11% of all breaches last year. Almost 80% of the breaches in this sector were account access and identity theft related. They also represented 28% of compromised records in 2016, an increase of 278% from 2015.

    The healthcare industry accounted for 28% of data breaches, rising 11% compared to 2015. However, the number of compromised data records in healthcare decreased by 75% since 2015. Education saw a 5% decrease in data breaches between 2015 and 2016 and a drop of 78% in compromised data records. Government accounted for 15% of all data breaches in 2016. However, the number of compromised data records increased 27% from 2015. Financial services companies accounted for 12% of all data breaches, a 23% decline compared to the previous year.

    All industries listed in the ‘Other’ category represented 13% of data breaches and 36% of compromised data records. In this category, the overall number of data breaches decreased by 29%, while the number of compromised records jumped by 300% since 2015. Social media and entertainment industry related data breaches made up the majority.

    Last year 4.2% of the total number of breach incidents involved data that had been encrypted in part or in full, compared to 4% in 2015. In some of these instances, the password was encrypted, but other information was left unencrypted. However, of the almost 1.4 billion records compromised, lost or stolen in 2016, only 6% were encrypted partially or in full (compared to 2% in 2015).

    “Knowing exactly where their data resides and who has access to it will help enterprises outline security strategies based on data categories that make the most sense for their organisations. Encryption and authentication are no longer ‘best practices’ but necessities. This is especially true with new and updated government mandates like the upcoming General Data Protection Regulation (GDPR) in Europe, U.S state-based and APAC country-based breach disclosure laws. But it’s also about protecting your business’ data integrity, so the right decisions can be made based on accurate information, therefore protecting your reputation and your profits.”​

    ​Additional Resources:

  • For a full summary of data breach incidents by industry, source, type and geographic region, download the 2016
    Breach Le​​vel Index Re​port
  • Download the infographic here.
  • Visit the BLI website here.​
  • Net-Ctrl Blog

    WanaCrypt0r aka WannaCry ransomware wreaks havoc worldwide

    May 16th, 2017

    The WanaCrypt0r ransomware hit with a vengeance on Friday, with the outbreak beginning in Europe, striking hospitals and other organisations, then quickly spreading across the globe. As of 1:00pm Pacific Time, it is believed more than 57,000 systems in more than 74 countries had been affected.

    Researchers at SentinelOne have determined that the Endpoint Protection Platform does successfully detect and block this ransomware strain. Customers are advised to make sure that they are running the latest version.

    Additional reports indicate that this ransomware strain was distributed using the EternalBlue exploit that was released by the ShadowBrokers in April. This vulnerability was patched by Microsoft (MS17-010) before ShadowBrokers released the exploit. This shows that in the real world keeping up-to-date with patches and critical updates can be difficult but is a crucial step for all organisations.

    Watch SentinelOne’s advanced machine learning engines at work against WannaCry:

    This article was taken from SentinelOne.

    Palo Alto Networks Protections Against WanaCrypt0r Ransomware Attacks

    May 16th, 2017

    What Happened

    On Friday, May 12, 2017, a series of broad attacks began that spread the latest version of the WanaCrypt0r ransomware. These attacks, also referred to as WannaCrypt or WannaCry, reportedly impacted systems of public and private organisations worldwide. Our Next-Generation Security Platform automatically created, delivered and enforced protections from this attack.

    How the Attack Works

    While the initial infection vector for WanaCrypt0r is unclear, it is certain that once inside the network, it attempts to spread to other hosts using the SMB protocol by exploiting the EternalBlue vulnerability (CVE-2017-0144) on Microsoft Windows systems. This vulnerability was publicly disclosed by the Shadow Brokers group in April 2017, and was addressed by Microsoft in March 2017 with MS17-010.

    Microsoft published a post on protections from the WanaCrypt0r attacks here, and has taken the step of providing patches for versions of Windows software that are no longer supported, including Windows XP. Organisations that have applied the MS17-010 update are not at risk for the spread of WanaCrypt0r across the network, but given it addresses a remotely exploitable vulnerability in a networking component that is now under active attack, we strongly urge making deployment of this security update a priority.

    Preventions

    Palo Alto Networks customers are protected through our Next-Generation Security Platform, which employs a prevention-based approach that automatically stops threats across the attack lifecycle. Palo Alto Networks customers are protected from WanaCrypt0r ransomware through multiple complementary prevention controls across our Next-Generation Security Platform, including:

    • WildFire classifies all known samples as malware, automatically blocking malicious content from being delivered to users.
    • Threat Prevention enforces IPS signatures for the vulnerability exploit (CVE-2017-0144 – MS17-010) used in this attack: SMB vulnerability – ETERNALBLUE.
    • URL Filtering monitors malicious URLs used and will enforce protections if needed.
    • DNS Sinkholing can be used to identify infected hosts on the network. For more, please reference our product documentation for best practices.
    • Traps prevents the execution of the WanaCrypt0r malware on endpoints.
    • AutoFocus tracks the attack for threat analytics and hunting via the WanaCrypt0r tag.
    • GlobalProtect extends WildFire and Threat Prevention protections to remote users and ensures consistent coverage across all locations.

    For best practices on preventing ransomware with the Palo Alto Networks Next-Generation Security Platform, please refer to their Knowledge Base article. We strongly recommend that all Windows users ensure they have the latest patches made available by Microsoft installed, including versions of software that have reached end-of-life support.

    This article was originally published by Palo Alto Networks.View the original article.

    Change Log:

    On May 13, 2017, this post was updated to include:

    • Link to Microsoft blog on protections against WanaCrypt0r attacks
    • Details on additional protections via DNS sinkholing
    • Updated URL Filtering section to reflect new analysis

    On May 15, 2017, this post was updated to clarify the WanaCrypt0r attack delivery method based on additional information.

    May 17, 2017:

  • Added Threat Prevention signature information for anti-malware and command-and-control activity.
  • Added link to Traps blog.
  • Practice These 10 Basic Cyber Hygiene Tips for Risk Mitigation

    May 9th, 2017

    For six years in a row, cybersecurity has been identified as the #1 “problematic shortage” area across all of IT. What’s more concerning is that in 2016 and 2017, there was a dramatic increase in the shortage across organisations.

    With companies scrambling for cybersecurity personnel, they are also distracted by involvement in an innovation race. Today, intense pressure is placed on organisations to stay on top of new technology without slowing daily operations. As rapid implementations of these technologies continue, security measures and risks that tend to cause vulnerabilities in the IT environment are overlooked. With the popularity of Internet of Things and BYOD, we’re also witnessing the creation of weak spots that IT departments do not have the bandwidth or expertise to address.

    In today’s modern cybersecurity, a large emphasis is placed on managing risk, which is dire for companies lacking professionals that can respond to attacks. With ever-evolving threats, it’s nearly impossible to always know what is coming. That’s why it is so imperative to practice basic cyber hygiene as a way to eliminate and mitigate possible threats, especially during a time of digital transformation.

    What is Basic Cyber Hygiene?

    The Center for Internet Security (CIS) and the Council on Cyber Security (CCS) defines cyber hygiene as a means to appropriately protect and maintain IT systems and devices and implement cyber security best practices.

    This risk mitigation technique is a must for all businesses deploying emerging technologies to their networks. Without clear assessments and interventions, hackers will have an easy in through unpatched and outdated solutions, and unforeseen security gaps in newer technologies.Executive Brief Endpoint Protection

    Keeping Good Cyber Hygiene Habits

    While cyber hygiene isn’t an ironclad protection, it’s important for everyone in contact with your network, from the CEO to the lowly intern, to act securely with these ten tips:

    1. Keep an inventory of hardware and software on the company network.
    2. Develop a process for software installation by end users. That could include limiting installation of trusted software or prohibiting and blocking all installation without prior approval from IT.
    3. Educate users on practising good cyber behaviour, including password management, identifying potential phishing efforts, and which devices to connect to the network.
    4. Identify vulnerable applications that aren’t in use and disable them.
    5. Consistently back up data and keep multiple copies. Consider using a secure cloud solution as well as on premise.
    6. Turn to industry-accepted secure configurations/standards like NIST and CIS Benchmark. These can help organisations define items like password length, encryption, port access, and double authentication.
    7. Patch all applications right away–regularly. Unpatched systems are one the biggest risk factors in attacks.
    8. Create complex passwords.
    9. Limit the number of users with administrative privileges.
    10. Upgrade ageing infrastructure and systems.

    Reduce the Human Impact

    Even with the best protection, there are no guarantees that your business won’t become the victim of a ransomware attack, data breach, or other cybersecurity threat. That’s why it is so important to reduce human impact by automating security practices whenever possible.

    Providing double authentication sign-ons that require complex passwords, blocking certain file types, and testing users on their security knowledge are steps that all companies can take to protect today’s diversified networks.

    For businesses with a shortage of cybersecurity professionals, these steps while simple may still prove to be a challenge. That’s why it is helpful to find tools like machine learning that can react and predict malicious behaviour for you.

    With machine learning and behavior-based detection, you can relieve your IT team of exhaustive manual procedures. SentinelOne automates security for you with EPP. To learn more on how to protect your network in our quickly evolving technological world, download our executive brief Get Your Endpoint Protection Out of the 90’s!

    Item take from SentinelOne blog.

    New SentinelOne Enterprise Risk Index Provides Evidence of Growing Use of In-Memory Attacks; Renders Traditional Antivirus Protection Methods Redundant

    April 28th, 2017

    SentinelOne, the company transforming endpoint protection by delivering unified, multi-layer protection driven by machine learning and intelligent automation, today launched its first Enterprise Risk Index which highlights the growing use of in-memory attacks, further proof that attacks simply cannot be stopped by traditional, static, file inspection security solutions.

    The report includes an analysis of filtered data from more than one million SentinelOne Enterprise Platform agents deployed worldwide during the last half of 2016. Findings are based on behavioural analysis of malware programs that bypassed firewalls and network controls to infect endpoint devices.

    “These days, infecting a target is just a matter of resources; but how long the hackers get to stay inside the network is a matter of good detection,” said Andy Norton, EMEA risk officer for SentinelOne and lead researcher for the Enterprise Risk Index. “In our analysis we focused on the attacks that are successful in making their way past traditional defences to reach endpoint targets because these are the threats that pose the greatest risk to an organisation. That’s what we should be measuring – not what’s stopped at the gateway.”

    The report focuses on attack methods classified into three risk categories:

  • Attacks detected from document-based files, largely associated with Microsoft Word or Adobe PDF.
  • Attacks detected from traditional portable executable-based files.
  • Attacks detected only from the memory of the system with no associated new artefacts on the system.
  • From the report, “we won’t be announcing what the top malware family is – for example, Zeus, Diamond Fox or Updare – however, we do build indicators of compromise to help with identification and response, and when a hash value exists we have submitted the hash to malware repositories to see what other submissions there have been for them.”

    Key findings of the report include:

  • The growing menace of in-memory attacks: in this timeframe, we found that these attacks have doubled in comparison to the infection rates of file based vectors.
  • Even for file-based attacks, only 20 percent of threats had corresponding signatures from existing AV engines.
  • Nation-state actors are trading infection sustainability for stealth, leaving no new artefacts on the file system and relying on memory-based attacks, even if it means needing to re-infect the target.
  • Three-pronged infections are becoming the norm as attackers no longer rely solely on .exe files to deliver malware, but instead use hybrid attacks that multiple attack vectors can utilise in one attack chain.
  • “Our goal with the Enterprise Risk Index is to help organisations get a better view of which threats are successful in reaching the final barrier in enterprise defences,” said Norton. “With this data in mind, customers can better determine not only what the risks are but where they are and can adjust their security planning and investments accordingly.”

    A copy of the full SentinelOne Enterprise Risk Index is available for download here.

    Brocade Study Reveals More than Half of IT Teams Will Struggle with Business Demands in Next 12 Months

    April 27th, 2017

    Germany and U.S. Ahead of the Digital Transformation Skills Game, While UK Lags Behind

    Brocade announced a new GLOBAL DIGITAL TRANSFORMATION SKILLS STUDY, which aims to uncover how well-placed global IT leaders consider themselves and their teams to be in terms of meeting current and future business demands. Of the six markets surveyed, Germany was found to be the best prepared to meet its digital transformation goals, closely followed by the U.S., while the UK lagged well behind its counterparts.

    The research, which surveyed 630 IT leaders in the U.S., UK, France, Germany, Australia, and Singapore, indicates that many organisations are at a tipping point, as new technology demands are set to outstrip the skills supply. Organisations that address this now through additional skills training will be in the strongest position to ensure business growth and competitive advantage.

    Overall, an encouraging 91 percent of global IT leaders acknowledge that IT departments are currently recognised as very important or critical to innovation and business growth. However, more than half (54 percent) predict they will struggle with a lack of IT talent in 12 months. Contributing factors identified from the research include skills shortages, a prevalence of outdated skills, lack of commitment to training at the corporate board level, and the rapidly changing technology environment.

    “Businesses are approaching the peak of IT strategic influence. Now is the moment that IT teams feel they have the strongest opportunity to influence the transformation of their organisations,” said Christine Heckart, chief marketing officer and senior vice president of ecosystems, Brocade. However, with a rapidly changing technology landscape and potential impact on international labour markets, it is critical that IT receives the right training to further develop their skills and business relevance.”

    The research also found that skills planning had to be aligned with other areas of business planning to avoid the risk of a technology skills deficit, where IT teams are expected to deliver the benefits of technologies that they are ill-equipped to implement.

    Staff shortages and outdated skills are preventing ITDMs from delivering on current business demands

    Organisations are attempting to move their IT departments away from their traditional roles, but the lack of skills and the time required to learn those skills have held them back. IT decision makers (ITDM) believe this could be a major contributor to their inability to meet business demands, putting organisations at risk of falling behind their competitors and losing customers.

  • Approximately one in four respondents in Australia, France, Germany, Singapore, and the U.S. claim that they cannot deliver on current business demand due to staff shortages. This number rises to 42 percent in the UK.
  • Respondents claim that the lack of access to talent will prevent them from implementing new technologies efficiently, lead to a decrease in employee satisfaction, and result in the loss of market share.
  • The IT skills gap is only likely to get worse and organisations need to act now

    The political landscape is also a contributing factor in the widening skills gap. As market uncertainty intensifies in the next few years, it is more important than ever for IT departments to remain agile and take advantage of new technologies.

  • Ninety-two percent of those questioned had some level of concern about future hiring of IT staff, while 54 percent were concerned about a lack of skilled talent to choose from.
  • Forty-three percent of global respondents agreed or strongly agreed that the current political climate makes it difficult to hire employees with the right skills. In the U.S. and Australia, the numbers were 52 percent and 54 percent, respectively.
  • Even with the uncertainty surrounding the Brexit situation, EMEA respondents were less concerned, with only 31 percent of UK ITDMs believing it presented a challenge compared to 39 percent in Germany and 35 percent in France.
  • Training time and investment will prove to be business-critical

    Training continues to be an issue as day-to-day IT maintenance tasks take priority. For organizations to address the technical skills deficit, they first need to invest time and money — or face the consequences.

  • There is consistent demand globally to spend more time on increasing skills — from 15 percent of time that is currently spent on this to 22 percent.
  • Respondents reported that insufficient budget (45 percent) and training time (45 percent) are constraining IT departments’ attempts to develop skills more than any other factors. These factors rise to 60 percent and 50 percent respectively in Australia but drop to 37 percent and 30 percent in Germany.
  • Currently, only three hours are allocated per week for learning and skills development. Respondents in Singapore average four hours of skills development per week.
  • Sixty-seven percent of respondents agree that the key to closing the skills gap would be to spend more money on training.
  • IT professionals need to take control of their professional future

    The research also showed that IT professionals at all levels must take increased responsibility for their own professional destiny, embracing the opportunities delivered by new technologies such as artificial intelligence (AI) and all areas of IoT from device management to security.

  • Thirty-five percent of global respondents agreed or strongly agreed that their organisation’s IT team does not have the right skills to protect their jobs in the future.
  • When asked to identify the one skill that they see as critical to their future career progression, cybersecurity was the most frequently cited, by 22 percent of respondents globally.
  • AI and IoT security tied for second as the most critical skill at 18 percent. While AI was the most critical skill in France and Australia, IoT security was the most valued skill in Germany.
  • AI could be a friend or foe

    AI could revolutionise the IT skills that are required and the way that we work. AI is likely to replace a number of IT roles and tasks, but this doesn’t mean the end for the IT department. Employees need to have the right skills to be in a position to work alongside AI and embrace its future impact, so that organizations can unleash its full potential.

  • When asked which current roles were already being replaced by AI, desktop support (23 percent), data analyst (20 percent), software testers (17 percent), system architects (14 percent), and network engineers (11 percent) topped the list.
  • Within the next 10 years, these numbers are expected to increase: desktop support (37 percent), data analyst (34 percent), software testers (33 percent), system architects (31 percent), and network engineers (31 percent).
  • AI will also impact the role of the CIO, with almost half of the global respondents claiming increased focus from the business.
  • Fifty-six percent of respondents believe that developing AI-related skills is key to securing a role in the future.
  • Vital role of the board in ensuring long-term IT skills development

    Organisations’ boards will often dictate whether employees have the time and empowerment to develop their skills, but this is common in organisations that do not have the right support. The boards also have to ensure that skills and training improvements are aligned with other areas of business planning.

  • Forty-four percent of respondents think that new skills acquisition is not seen as being as valuable as it should be by the board. This rises to 59 percent in Australia and 50 percent in the UK. The U.S. (42 percent), Germany (41 percent), Singapore (40 percent), and France (34 percent) had slightly more positive results.
  • Almost a fifth of global respondents think their boards view gaining knowledge and skills as a cost to the business, rather than an asset. This rises to 35 percent in Australia.
  • However, the majority of respondents in France (63 percent) and Germany (62 percent) see knowledge and skills growth as an asset.
  • Despite respondents claiming that they plan approximately two years in advance for most areas of the business, staffing and recruitment is still on average only planned for a maximum of a year.
  • This is creating a disconnect where organisations are attempting to address key IT challenges with teams not as well equipped in terms of skills and experience as they could be.
  • Additional Resources

    Data in the study also revealed four main personas of global IT leaders, all with different levels of effectiveness when it comes to pioneering digital transformation projects and managing the skills of their teams.

    EXECUTIVE SUMMARY
    GLOBAL AND REGIONAL ANALYSIS OF EACH PERSONA IN EACH OF THE COUNTRIES SURVEYED

    The study was conducted by independent research house Vanson Bourne in March 2017. 630 IT decision-makers in organisations with more than 500 employees in the U.S., U.K., France, Germany, Singapore and Australia were surveyed.

    This article has been taken from Brocade.com.

    Dump the Sandbox

    April 20th, 2017

    By Andy Norton at SentinelOne

    Technology becomes obsolete quickly in a variety of industries as “newer” and “more innovative” options crop up on what feels like an almost daily basis. The same is true for the pace of technological innovation in the information security space.

    Traditional antivirus vendors spurred on by waning detection rates and unhappy customers have been acquiring companies that offer potential solutions to the satisfactory prevention of the latest threat of the day, that currently pose enormous risks to its already languishing and disgruntled customers.

    Sandboxes grew in popularity as a stop gap because organisations needed to apply reasonable levels of certainty to security controls in the absence of confidence in endpoint AV to protect the organisation. But, at what cost?

    Apart from being hideously expensive because they knew about “Chinese” attackers, sandboxes identified thousands of Indicators of Compromise (IoCs), that had every security analyst chasing every instance to determine if the attack only detonated in the sandbox, or if it also ran on the endpoint. And, if so, did it successfully communicate with its command-and-control infrastructure? If it did that, then they had to determine what it actually did to the endpoint.

    This Pyrrhic victory in malware defence has been the reality for many organisations for the past few years. The lack of efficiency in the sandbox has forced organisations to consume intel feeds and hope that an IoC somewhere might turn up in the environment at some point, only to find out that the level of false positive reduction in that feed was not satisfactory.

    Here´s the message for the CISO

    If you are about to renew a really expensive purchase order for sandboxes… don´t sign the renewal agreement without first considering alternative approaches.

    It´s time to get rid of high maintenance security technology. It´s time to stop shouldering the burden of proof of what might occur at the endpoint, based on what was detected on the network.

    Even a leading sandbox vendor admits: “the endpoint has always been the most reliable source of truth.” The endpoint is ground-zero for the organisation, and as such it should be the most accurate and least costly source of security escalation.

    Microsoft operates 12 security operation centres, they found IoC led investigations have a negative value to security. Instead, they base their analysis of threats on observed behaviours in their environment, behaviour analysis is responsible for tracking nearly 100% of the active threats at Microsoft.

    Total Cost of Risk Ownership

    Information security controls are placed into an organisation to manage risk. The big questions to ask: does the capital and operational burden of sandboxes actually reduce the risk? What is the delta in risk between running sandbox technology and not running it? Further, what is the savings in expenditure and operational costs?

    The quantitative answer is determined by how many threats are detected in the sandbox that would not have been detected by other security controls. For example, if you have a system that monitors the actual behaviour of the endpoint, then the risk delta value of the sandbox is zero. In addition, the cost savings are enormous because the wild goose chases of analyst time disappears too. Instrumenting the endpoint with behavioural modeling instead of using sandboxes reduces the Total Cost of Ownership massively, as the expenditure drops while the residual risk remains the same.

    Related Posts from SentinelOne:

    Cyber Security Importance Doesn’t Always Translate in Business
    We hear a lot about cyber security these days, both in the business world and…

    Deepening threat intelligence: SentinelOne’s DFI engine now part of VirusTotal
    A short while ago, SentinelOne—in the latest release of EPP– brought to market a powerful…

    SentinelOne Now Supports Windows Legacy Systems
    Not all operating systems are created equal Last month, at South China University of Technology…

    Three Common Misconceptions about Designing Your Cybersecurity Solution

    April 12th, 2017

    Outdated cybersecurity solutions with data backhaul and hardware upgrades cost organisations millions of dollars each year. There are other alternatives to backhauling data that keep your network secure and your costs down. Here are three misconceptions of designing your cybersecurity solution.

    1. Thinking that backhauling data from remote offices and mobile workers to on-prem appliances is the only way to protect a distributed organisation.

    Since the age of the mainframe in the late 60s, centralising your IT infrastructure was logical. Most companies had large headquarters where a majority of their employees worked, and infrastructure was housed centrally to provide compute power and business resources. As technology advanced through the mid-90s, internet and email became common work tools, meaning organisations now had the flexibility to conduct business from multiple office locations. Enter the Blackberry in the early 2000s, and now we’ve reached the distributed age. Businesses are rarely in one location. If you consider every mobile device accessing work applications a “remote office,” you have now gone from securing one site to securing hundreds.

    This exponential increase in business locations puts increasing strain on your network security plan. While the pain of backhauling data as you added individual remote offices was manageable, the concept of backhauling data was never designed to scale to the mobile world we live in. This new paradigm shift in business requires a new approach to network security. Continuing to backhaul data from mobile users and remote offices is like. It might work for today, and maybe for tomorrow, but you either keep paying for more sandbags, or consider a new approach that is designed for the current situation.

    2. Completely rearchitecting your network by moving to an all-cloud solution is the only way to avoid excessive backhaul

    There are cloud-only SWG solutions that provide infrastructure cost benefits, but they come with a pricey compromise – rearchitecting your entire network to direct all traffic to cloud-based SWGs. A cloud-only approach is not for every business. There are compliance issues for many industries, legal ramifications from data privacy laws, and operational security concerns that arise from using a multitenant cloud. If you have requirements that can’t completely be met by a cloud-only SWG, it’s critical that you find a solution that’s built for the cloud, but not built exclusively in the cloud.

    3. Believing that leveraging cloud and on-prem capabilities mean you have to manage two separate interfaces or sacrifice policy consistency.

    If you’re already one step ahead and know that you don’t have to rely on solely cloud or on-prem secure web gateways, perhaps you are exploring a hybrid solution. Traditional “hybrid” solutions have two different systems operating in tandem. While this seems like a good idea, in theory, it creates significant management overhead and headaches to administer the two systems. For example, policies often only sync in one direction, which creates gaps in your security plan as you work to ensure each system is managed correctly. Not to mention that the two systems frequently lack feature parity, making uniform policy enforcement a real challenge.

    Your experiences managing your network security should be seamless and should not require separate management systems just to reap the benefits of both cloud and hybrid deployment. Your secure web gateway should give you the flexibility to define your own network security policies without reconfiguration or sacrificing user experience.

    Beyond backhauling

    Most companies haven’t reevaluated their network security solution because the thought of ripping and replacing appliances or completely reconfiguring their network is enough to scare them away. But SWG solutions designed 10-15 years ago were built to secure a different type of organisation than we see today, so it’s worth considering other options. It is not financially sustainable to backhaul the increasing amount of data created by a mobile workforce. Instead, find a solution that leverages the cloud to avoid expensive VPN and MPLS links, but also doesn’t force you to overhaul your network architecture.

    Believe it or not, there are network security solutions that were built specifically to support the distributed organisation. iboss designed the first Distributed Gateway Platform to address the challenges facing decentralised organisations today by leveraging an elastic, node-based architecture that scales to meet changing bandwidth needs. Learn more about the changing secure web gateway landscape and the needs posed by distributed organisations.

    As you think about your security needs over the next five to ten years, evaluate whether your current vendor can help you scale and grow without network re-architecture, management of multiple, isolated systems, or increased bandwidth costs from backhauling data. Here are 11 things to consider as you evaluate and plan for your cybersecurity needs in the coming years.

    Original article published by Ed Gaudet. https://blog.iboss.com/sled/3-common-misconceptions-about-designing-your-cybersecurity-solution

    Ruckus Wireless Unveils New SmartZone Capabilities in New OS Release

    April 12th, 2017

    Ruckus Wireless, has announced the availability of version 3.5 of its SmartZone™ Operating System (OS). The new release powers the industry’s highest-capacity controller portfolio, including the SmartZone 300 (SZ300) high-scale control and management appliance, which is also being announced today. With more than 30 new features and enhancements, SmartZone OS 3.5 makes it easier than ever for IT to improve the end-user experience and to better align security and policy posture with a diverse user device constituency. New capabilities also enable enterprises and managed service providers to easily and securely implement complex network architectures and multi-tier business models.

    The SmartZone portfolio includes high-capacity appliances designed for service provider and large enterprise deployments—SZ300 and virtual SmartZone High-Scale (vSZ-H)—and enterprise-class appliances—SmartZone 100 (SZ100) and virtual SmartZone Essentials (vSZ-E)—designed for mid-sized enterprise networks. The virtual SmartZone Data Plane (vSZ-D) works in conjunction with virtual control and management appliances, enabling a high-throughput distributed data plane. Since their introduction in 2015, SmartZone controllers have been deployed by more than 2,000 enterprise and service provider organisations that are collectively managing more than 600,000 APs.

    “Cloud-managed wireless services revenue is growing at 26 percent, far faster than the enterprise WLAN equipment market,” said Rohit Mehra, vice president, network infrastructure, IDC. “WLAN vendors that can build products that enable those service providers to grow their own businesses profitably stand to outperform the market. With its SmartZone portfolio and its latest enhancements, Ruckus is clearly vying to be a dominant vendor in this segment. At the same time, the company is investing in universally critical functionality related to end-user experience management, security and analytics.”

    Enhancing End-user Experience Management

    As end-user quality-of-service expectations increase, IT departments are increasingly challenged to meet them. SmartZone OS 3.5 provides IT with tools to better ensure quality experience:

  • Visual Connection Diagnostics (VCD) enables IT to react in real time to end-user problems, visually troubleshooting the client connection process, pinpointing the failure stage and identifying the likely cause of failure.
  • New “super-KPIs,” combined with visual alerts and pivot-table functionality, provide IT with a more effective means of predicting end-user experience degradation, reducing the time IT must spend on identifying systemic failures.
  • Near real-time push-streaming enables IT to effectively respond to rapidly deteriorating network conditions by allowing third-party or custom-built analytics tools to consume key performance indicators (KPIs) with no delay, no fidelity loss and no need for IT to create a firewall pinhole.
  • Creating More Flexible Security and Policy Management

    Ensuring that the network, devices and users are protected without compromising expected service and access levels is critically important. The new release helps IT address these challenges more easily:

  • SmartZone integration with Ruckus Cloudpath™ security and policy management software allows IT to create a practically unlimited number of user and device roles, enabling user-specific VLAN, access control and bandwidth attributes. This capability enables IT to segment the network based on real security and policy needs, rather than on a one-size-fits-all basis.
  • Usability improvements to Ruckus Dynamic Pre-Shared Key™ (DPSK) technology include a group DPSK function and, with Cloudpath integration, automatic key distribution to end users. Group DPSK is designed to make it easier for organisations with “headless” Internet of Things (IoT) devices such as printers and Apple TVs to manually distribute keys to these devices by enabling groups of device types to use a common DPSK key.
  • Enabling More Sophisticated Business and Deployment Models

    The latest SmartZone release further enhances multi-tenant and data plane functionality and flexibility for service providers that host private clouds and for large enterprises and educational institutions:

  • Multi-tenant partner domain segmentation allows service providers that operate private clouds to establish secure, isolated operating domains for their non-hosting managed service provider clients. This new capability, combined with existing domain and zone functionality, enables the private-cloud service provider to support any single-tier or dual-tier managed services business model while meeting stringent operational and security requirements.
  • The zone affinity feature in the vSZ-D provides a common data plane to distributed sites, allowing customers to maintain a centralised data architecture in the event of a WLAN vendor change. Managed service providers can use the same capability to allow their customers to tunnel guest traffic away from their local area network (LAN).
  • Native DHCP/NAT functionality in the vSZ-D simplifies deployment complexity by enabling high-performance DHCP assignment in a centralised or distributed network context without the need for third-party DHCP/NAT servers.
  • The vSZ-D enables Layer 3 roaming without the need for a dedicated mobility controller. Parameters are defined just once in a centrally located vSZ-H/E instance. Distributed vSZ-D instances automatically establish tunnels between themselves. Roaming devices maintain their original IP address, ensuring session persistence for sensitive applications such as voice.
  • “With Ruckus’ latest version of its SmartZone control and management software, browsing across the user interface is straightforward and simple, with the ability to access configuration and monitoring on a single page,” said Yves Premel-Cabic, head of engineering, WiFirst. “Ruckus now goes far beyond its competitors, with call-flow diagnostics for client association issues and crystal clear technical data. By combining it with the Ruckus SmartCell Insight platform, we will now be able to enjoy state-of-the-art analytics. vSZ 3.5 is now the best carrier-grade Wi-Fi management solution, and WiFirst’s engineers and technicians can’t wait to upgrade to this major release.”

    “SmartZone allows service providers and large organisations to easily deploy high-scale, multi-site, multi-region WLANs while practically eliminating the usual costs associated with data plane scaling,” said Greg Beach, vice president of product management at Ruckus Wireless. “With this latest release, we’ve made SmartZone even more compelling for service providers of all kinds, while giving IT in every organisation easy-to-use tools that allow them to more effectively manage the entire end-user experience from service quality to security and policy.”

    To learn more about Ruckus Wireless’s SmartZone portfolio, visit https://www.ruckuswireless.com/products/system-management-control/smartzone.

    Original article: https://www.ruckuswireless.com/ruckus-wireless-unveils-experience-management-capabilities-with-new-smartzone-os-release

    Gemalto Wins 2017 Cybersecurity Excellence Award for Best Encryption Product with SafeNet KeySecure

    March 30th, 2017

    Gemalto, the world leader in digital security, announces that they have been named a winner of the 2017 Cybersecurity Excellence Awards. Gemalto’s SafeNet KeySecure was voted “best encryption product” by over 300,000 members of the global information security community.

    Gemalto’s SafeNet KeySecure provides an organisation’s security team with the ability to centrally manage and store encryption keys easily and securely. To demonstrate compliance with mandates or internal data protection policies, the solution offers IT administrators a single pane of glass to simplify the auditing processes. All key state changes are monitored through a centralised logging system, which immediately alerts a company’s security administrator to any key modifications or attempted breaches. This real-time information allows the security team to quickly address the situation and inform stakeholders saving valuable time.

    SafeNet KeySecure provides flexibility across physical, virtualized and public cloud environments, so customers can choose the deployment model that works best for them. The solution also integrates with a broad ecosystem of cloud service providers in addition to interoperability partners using the OASIS KMIP standard. Depending on what the customer needs, Gemalto’s SafeNet KeySecure and encryption and key management products support multiple encryption use cases in one single platform helping IT administrators reduce operating expenses and workloads.

    “The Cybersecurity Excellence Awards is an annual competition honouring individuals, products and companies that demonstrate excellence, innovation and leadership in information security,” said Holger Schulze, founder of the 300,000-member Information Security Community on LinkedIn. “Every year we receive hundreds of entries and only the very best-in-class cybersecurity products make the cut in our selection and voting process.”

    “The vote of excellence from our peers in the information security community recognises our commitment to providing customers with easy-to-use, business-driven security solutions,” said Todd Moore, Senior Vice President of Encryption Products at Gemalto. “Organisations suffer hefty consequences if their data is lost, stolen or compromised. Integrating Gemalto’s SafeNet KeySecure for encryption and key management helps companies secure their data mitigating the risks associated with data breaches.”

    Related Resources

    Charting your Path to Enterprise Key Management
    Own and Manage your Own Encryption Keys
    SafeNet KeySecure Product Brief

    Gemalto releases findings of 2016 Breach Level Index

    March 30th, 2017

    Almost 1.4 billion data records compromised in 2016 as hackers targeted large-scale databases across industries

    Gemalto, the world leader in digital security, today released the findings of the Breach Level Index revealing that 1,792 data breaches led to almost 1.4 billion data records being compromised worldwide during 2016, an increase of 86% compared to 2015. Identity theft was the leading type of data breach in 2016, accounting for 59% of all data breaches. In addition, 52% of the data breaches in 2016 did not disclose the number of compromised records at the time they were reported.

    The Breach Level Index is a global database that tracks data breaches and measures their severity based on multiple dimensions, including the number of records compromised, the type of data, the source of the breach, how the data was used, and whether or not the data was encrypted. By assigning a severity score to each breach, the Breach Level Index provides a comparative list of breaches, distinguishing data breaches that are a not serious versus those that are truly impactful (scores run 1-10). According to the Breach Level Index, more than 7 billion data records have been exposed since 2013 when the index began benchmarking publicly disclosed data breaches. Breaking it down that is over 3 million records compromised every day or roughly 44 records every second.

    Last year, the account access based attack on AdultFriend Finder exposing 400 million records scored a 10 in terms of severity on the Breach Level Index. Other notable breaches in 2016 included Fling (BLI: 9.8), Philippines’ Commission on Elections (COMELEC) (BLI: 9.8), 17 Media (BLI: 9.7) and Dailymotion (BLI: 9.5). In fact, the top 10 breaches in terms of severity accounted for over half of all compromised records. In 2016, Yahoo! reported two major data breaches involving 1.5 billion user accounts, but are not accounted for in the BLI’s 2016 numbers since they occurred in 2013 and 2014.

    “The Breach Level Index highlights four major cybercriminal trends over the past year. Hackers are casting a wider net and are using easily-attainable account and identity information as a starting point for high-value targets. Clearly, fraudsters are also shifting from attacks targeted at financial organisations to infiltrating large databases such as entertainment and social media sites. Lastly, fraudsters have been using encryption to make breached data unreadable, then hold it for ransom and decrypting once they are paid”, said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto.

    Data Breaches by Type

    In 2016, identity theft was the leading type of data breach, accounting for 59% of all data breaches, up by 5% from 2015. The second most prevalent type of breach in 2016 is account access based breaches. While the incidence of this type of data breach decreased by 3%, it made up 54 % of all breached records, which is an increase of 336% from the previous year. This highlights the cybercriminal trend from financial information attacks to bigger databases with large volumes of personally identifiable information. Another notable data point is the nuisance category with an increase of 101% accounting for 18% of all breached records up 1474% since 2015.

    Data Breaches by Source

    Malicious outsiders were the leading source of data breaches, accounting for 68% of breaches, up from 13% in 2015. The number of records breached in malicious outsider attacks increased by 286% from 2015. Hacktivist data breaches also increased in 2016 by 31%, but only account for 3% of all breaches that occurred last year.

    Data Breaches by Industry

    Across industries, the technology sector had the largest increase in data breaches in 2016. Breaches rose 55%, but only accounted for 11% of all breaches last year. Almost 80% of the breaches in this sector were account access and identity theft related. They also represented 28% of compromised records in 2016, an increase of 278% from 2015.

    The healthcare industry accounted for 28% of data breaches, rising 11% compared to 2015. However, the number of compromised data records in healthcare decreased by 75% since 2015. Education saw a 5% decrease in data breaches between 2015 and 2016 and a drop of 78% in compromised data records. Government accounted for 15% of all data breaches in 2016. However, the number of compromised data records increased 27% from 2015. Financial services companies accounted for 12% of all data breaches, a 23% decline compared to the previous year.

    All industries listed in the ‘Other’ category represented 13% of data breaches and 36% of compromised data records. In this category, the overall number of data breaches decreased by 29%, while the number of compromised records jumped by 300% since 2015. Social media and entertainment industry related data breaches made up the majority.

    Last year 4.2% of the total number of breach incidents involved data that had been encrypted in part or in full, compared to 4% in 2015. In some of these instances, the password was encrypted, but other information was left unencrypted. However, of the almost 1.4 billion records compromised, lost or stolen in 2016, only 6% were encrypted partially or in full (compared to 2% in 2015).

    “Knowing exactly where their data resides and who has access to it will help enterprises outline security strategies based on data categories that make the most sense for their organisations. Encryption and authentication are no longer ‘best practices’ but necessities. This is especially true with new and updated government mandates like the upcoming General Data Protection Regulation (GDPR) in Europe, U.S state-based and APAC country-based breach disclosure laws. But it’s also about protecting your business’ data integrity, so the right decisions can be made based on accurate information, therefore protecting your reputation and your profits.”​

    ​Additional Resources:

  • For a full summary of data breach incidents by industry, source, type and geographic region, download the 2016
    Breach Le​​vel Index Re​port
  • Download the infographic here.
  • Visit the BLI website here.​
  • Keep up-to-date with Net-Ctrl

    Simply fill in the fields below to sign up for the Net-Ctrl Newsletter.

    Don't worry we only send it once a month.

    • New Solution Announcements
    • Latest Promotions
    • Links to some great content.