sales@net-ctrl.com
01473 281 211

Net-Ctrl Blog

Nearly Half of Organisations Can’t Tell If Their IoT Devices Were Breached, Finds Study

January 16th, 2019


The Internet of Things (IoT) is on the rise. According to Statista, the number of IoT devices are expected to increase from 23.14 billion to 30.73 billion in 2020. By 2025, that number is expected to more than double to 75.44 billion.

Such projected growth highlights the need for organizations to harden their IoT devices. But are companies adequately prepared to meet the challenges of IoT security?

To answer that question, Gemalto surveyed 950 IT and business decision makers globally for its report, The State of IoT Security.

On the one hand, we found that many organizations consider IoT security to be a priority. Nearly a quarter of survey respondents said they think IoT security constitutes a secure foundation for offering new services, for example. That figure was down from 32% a year earlier. At the same time, nearly two-thirds (57 percent) of survey participants said that their organizations had adopted a security by design approach for creating their own IoT devices, while slightly less than that (46%) said they thought that security is the main consideration for their customers when choosing an IoT product or offering.

On the other hand, the international digital security company discovered that many companies are struggling against several challenges to adequately secure their IoT devices. Thirty-eight percent of companies admitted that they struggled to ensure data privacy when trying to secure their IoT products and services, for instance. Approximately a third (34%) of IT and business decision makers said that their employer struggles under the large amounts of data collected by IoT devices, while slightly less than that (31%) revealed that they struggle to balance security with the user experience.

These challenges have subsequently shaped organizations’ IoT security posture. With less than 14% of IoT budgets currently going towards security, it’s no surprise that less than two-thirds (59%) of respondents said their organization encrypts all of the data they capture or store via IoT. It’s also no wonder that companies have a difficult time detecting a security incident with respect to their IoT assets. Indeed, just forty-eight percent of survey respondents said that their organizations could detect when an IoT device had been breached.

Reflecting on the security gaps identified above, many IT and business decision makers do see a way forward for IoT security. A majority of respondents (59%) specifically said it’s “very important” that there be regulations in place regarding IoT security. The same percentage of survey participants said that those regulations should make clear who is responsible for securing data at each stage of its journey as well as identify what methods should be used for data storage. Sixty-percent of individuals also noted that IoT security providers and cloud service providers should be responsible for abiding by IoT security regulations when implemented, with nearly 80% of respondents vocalizing support for government intervention.

Interested in learning more about the state of IoT security? Download Gemalto’s report today.

View the original post from Gemalto.

Johnson Controls latest CEM Systems AC2000 release goes beyond security to help mitigate H&S risks

January 15th, 2019

Johnson Controls announces the release of CEM Systems AC2000 v10.1, which contains a number of new features that improve functionality and the user experience, and help to mitigate health and safety risks. Support for a range of new third-party products that increase the performance and scope of the CEM Systems AC2000 access control system has also been added.

The Health and Safety (H&S) Induction Check application for CEM Systems emerald intelligent access terminals allows cardholders to self-certify with a card swipe on the emerald terminal once they have completed H & S induction training and before they are provided access to a site. The application automatically records induction completed date on the CEM Systems AC2000 system, helping mitigate the risk of health and safety incidents and report on who has and hasn’t completed training.

Another H&S feature now available with AC2000 v10.1 is the Emergency Responder Remote application which helps improve emergency response times during incidents. This application allows system users to quickly find emergency responders (Fire Marshalls, First Aiders and/or First Responders) via CEM Systems emerald terminals.

Functionality at the edge has been improved with enhancements to the Local Access Remote application on the CEM Systems emerald terminal. This allows ‘Extra Access’ to be added, amended and removed via the app on the CEM Systems emerald terminal and provides potential cost savings for remote sites where a workstation client may not be feasible.

Support has been added for the MorphoWave™ Compact frictionless biometric access reader, SimonsVoss SmartIntego wireless locking solutions and STid Architect® range of RFID readers. This builds on the range of biometric, wireless lock solutions and RFID reader options that available to CEM Systems AC2000 system users.

View the original press release by CEM.

Phishing at the confluence of digital identity and Wi-Fi access

January 11th, 2019

When we think of phishing, most of us imagine a conventional phishing attack that begins with a legitimate-looking email. It might appear to come from an e-commerce site with which you happen to do business. “We’ve lost your credit card number. Please follow the link to re-enter it,” the email says. But the link leads to a malicious site where you enter your credit card number, press submit, and you have just been phished by hoody-clad hackers.

Even more likely in modern phishing attacks, the email may trick you into giving up your digital identity—for example, your Gmail account. Many legitimate sites give you the option to log in using social login. What’s to stop a criminal site from asking for your credentials in the same way? The answer: nothing. (Best to be sure that you only use social login on sites that you’re sure you can trust.)

Not every phishing attack starts with a spam email, though. Wi-Fi phishing is analogous to conventional phishing, and the stakes are just as high—or even higher. To understand how this works, let’s begin at the beginning.

Rogue Access Points and Evil Twins

A rogue access point is an AP that someone has installed on the network without the approval of IT. It could represent something innocently misguided, like a user trying to extend Wi-Fi range. (Users should contact IT teams for that.) Or a rogue AP could be set up with malicious intent.

An “evil twin” access point is a special variety of rogue access point that attackers can use for nefarious purposes. Every evil twin is a rogue, but not every rogue is an evil twin. The evil twin impersonates a legitimate access point and helps attackers compromise your network. As with many cyber-attacks, user behaviour makes this possible.

Attackers can force users off the access point and trick them into associating with the evil twin. This is how a Wi-Fi phishing attack starts. The evil twin can ask them to enter the pre-shared key into a fake login portal. To be clear, the user enters the actual credential into a fake portal. This does not seem unusual to users, because they have probably experienced having to re-enter credentials for network access before. In this scenario, doing so means handing over the Wi-Fi password or user credentials to the attacker, who can then use it to gain access to your network.

Where Wi-Fi Phishing Meets Digital Identity

Attackers can easily use the same technique to compromise digital identity within any IT environment. Suppose that the attacker asks your end users to enter their enterprise single sign-on credentials to regain access to the network. As an IT professional, you probably wouldn’t fall for that, but some of your users might. The more users you have, the more likely someone will fall victim.

Once the user has handed over his or her credentials, a world of opportunities opens for the hackers. Organizations typically leverage cloud-based file sync and share services. Customer relationship management (CRM) systems live in the cloud. Enterprise SSO platforms allow users—or hackers that have compromised their credentials—to access both. So, what began with a Wi-Fi hack can easily end in a massive data breach.

This scenario can play out even with a garden-variety rogue that is not an evil twin. The AP doesn’t have to be impersonating a legitimate access point to get a user to compromise his or her digital identity. Have you ever wondered whether Wi-Fi sources in public locations are legitimate? This vendor video shows how attackers can compromise digital identities when they target unsuspecting users (in this case members of the U.K. Parliament—incidentally using a VPN service when accessing unsecured public Wi-Fi is a good tip). The same thing can happen in an enterprise environment when users connect to a malicious rogue AP, only the identity compromised might imperil your confidential data.

How Can You Combat Wi-Fi Phishing, Evil Twins and Other Rogue APs?

Fortunately, you can take steps to protect your users and data from these scenarios. Your first line of defence against rogue access points is the wireless intrusion detection and prevention capability provided as part of your wireless LAN.

You can also take steps to avoid SSID proliferation, which will make it easier to spot rogues in your environment. Many IT environments become cluttered with SSIDs as IT teams use this as a mechanism to provide differential levels of access to different users and groups of users. Best practice: don’t do this. Employ a system for centrally defining and managing policies for network access.

By taking steps to make sure that users can authenticate reliably and seamlessly to a legitimate source of connectivity, you can also make it less likely that they will seek out a malicious access point, should one be within range. Digital certificates as the basis for network authentication can help here. A certificate on the device can also protect against devices connecting to evil twin APs, should a sophisticated attacker try and spoof a legitimate AP. Ruckus Cloudpath Enrollment System is a great way to roll out digital certificates for your users. It also addresses the security shortcomings of default methods of authentication that you may be using now.

If there is no PSK to divulge, there is also no risk that your users will divulge it. A secure onboarding and authentication approach based upon digital certificates obviates the need for conventional PSKs as a mechanism for network access. You can also use dynamic pre-shared keys, which are unique to each user, for guest access. Guests typically get internet access only, with no access to sensitive internal resources.

Last, but not least, user education is always a key to avoiding any kind of attack on your network, users and data. Take measures to educate stakeholders to be careful about what Wi-Fi sources they connect to and what information they enter when they do.

View the original post by Vernon Shure at Ruckus Networks.

Palo Alto Networks Joins Net-Ctrl on Stand C61

January 10th, 2019

Net-Ctrl will be able to demo a range of Palo Alto Networks solutions on our BETT stand (C61).

Cyberattacks in the Education Sector are increasing year on year. This area is one that cybercriminals feel they can exploit more successfully as they know that IT teams are stretched. They know that due to tight budgets equipment is likely to be ageing and with the introduction of BYOD the attack surface is only increasing which has a knock-on effect adding even more pressure to schools to keep their students and their data secure.

Palo Alto Networks aims to help schools with this by putting in an Automated Security Platform that works without the need for human intervention, with their Threat Intelligence cloud they ensure that the system is constantly updated with the latest threats in the industry and with their TRAPS endpoint protection they can extend this protection out to endpoints and BYOD devices.

Outside of Core Security Palo Alto Networks are also able to assist Schools with Safe-Guarding with the following:

  • URL Filtering
  • Categorisation and Control of Websites
  • Application Control
  • Ensure that only authorised applications are in use on the School Network
  • Search Engine Alerts
  • Real-Time awareness of search queries
  • Visibility Reports
  • Show granular visibility of Network and web-based activity by user

Come and visit Net-Ctrl and Palo Alto Networks on stand C61 at BETT 2019 to learn more about how Palo Alto Networks can fit into your school’s infrastructure. We will have a dedicated team able to answer your questions and provide solution demonstrations.

BETT 2019 is going to be held at the Excel in London from the 23rd – 26th January. Book your free ticket now.

If you would like to book a meeting slot in advance email marketing@net-ctrl.com.

Ruckus join Net-Ctrl at BETT 2019

January 9th, 2019

Ruckus will be joining Net-Ctrl at BETT 2019 on stand C61 with their range of smart wired and wireless technology.

Ruckus – Wireless Technology

Ruckus has never relied on off-the-shelf, reference design radio technology—it doesn’t deliver the capacity, range or interference mitigation necessary to make real the dream of wireless that works everywhere, all the time. Ruckus delivered the industry’s first adaptive antenna technology to overcome RF interference on Wi-Fi networks.

Ruckus Wired Technology

The Ruckus ICX Family of fixed form-factor switches works together to simplify network set-up and management, enhance security, minimise troubleshooting and make upgrades easy. ICX switches work seamlessly with Ruckus Wi-Fi access points and Ruckus SmartZone network controllers to deliver the most performance and cost-effective unified wired & wireless access solutions on the market today.

What makes Ruckus, well, Ruckus..

  • Performance – Ruckus’ deep history of technical innovation means superior, dependable wired and wireless performance. Everywhere, all the time.
  • Simplicity – Ease of install and management for IT? Ease of use for end users? These are just a given.
  • Flexibility – Ruckus provides the utmost flexibility for all the wired and wireless networking scenarios a school or college might have.

Moving Beyond Wi-Fi

Ruckus Wi-Fi itself is now much more than super-fast connections, it’s a platform for a host of capabilities—like location analytics and engagement technology.

Visit Net-Ctrl and Ruckus on stand C61 to find out more about Ruckus’ portfolio of smart wired and wireless solutions.

BETT 2019 is going to be held at the Excel in London from the 23rd – 26th January. Book your free ticket now.

If you would like to book a meeting slot in advance please email marketing@net-ctrl.com.

Join Net-Ctrl and Partners at BETT 2019

January 9th, 2019

Net-Ctrl will be exhibiting at BETT 2019 on stand C61. Each year we bring a small selection of solutions from manufacturers in our portfolio. At BETT 2019 we have our best line-up yet.

Our Approach for BETT 2019

We have noticed a requirement for better access control and lockdown technologies in schools and colleges, to protect staff and students and comply with some of the latest standards.

The trouble with a lot of access control and lockdown technologies is a lack of integration. The end result is schools and colleges managing a number of different solutions individually.

At Net-Ctrl our focus is on integration. We want to make it as easy as possible for you to protect those on your site(s) and that is why this year we are expanding our access control and lockdown integration partners that will be on show. We will be demonstrating integration between access control, intruder alarms, fire detection, wireless door handles and IP speaker solutions, and also IP-CCTV.

In addition, we will be extending our security message to the network and endpoint with Palo Alto Networks. They have a highly advanced and secure portfolio to keep your users, and your site, protected for a more secure everywhere.

We also have Ruckus on our stand. Ruckus is leading the way in wired and wireless technology to keep your users connected even in the most challenging environments. Ruckus Smart Wi-Fi and wired technology redefines what’s possible in network performance with flexibility, reliability and affordability

We invite you all to come and see us at BETT 2019, we will have a number of demonstrations running and product experts on hand. We’re really excited for BETT 2019. Make sure you pay us a visit and stop by the Net-Ctrl stand – C61.

Over the next few weeks, we will be sending some additional emails with more information about each of our stand partners.

Partners at BETT 2019:

  • CEM:  Powerful Access Control and Integrated Security Management Systems with Fire Detection and Intruder Solutions
  • Mobotix:  High-Resolution IP-CCTV Camera and Video Door Entry Systems
  • Netgenium:  IP PoE Intelligent Audio and Lockdown Solutions
  • NEXUS: Rapidly Deployable, Battery Powered and RF-based, School Lockdown Solutions
  • Palo Alto Networks:  Next-Generation Firewalls and Endpoint Protection for Safeguarding
  • Ruckus:  Smart Wired and Wireless Solutions

BETT 2019 is going to be held at the Excel in London from the 23rd – 26th January. Book your free ticket now.

If you would like to book a meeting slot in advance email marketing@net-ctrl.com.

The Future of Cybersecurity – A 2019 Outlook

January 4th, 2019

From the record-breaking number of data breaches to the implementation of the General Data Protection Regulation (GDPR), 2018 will certainly go down as a memorable year for the cybersecurity industry. And there have been plenty of learnings for both the industry and organisations, too.

Despite having two years to prepare for its inception, some companies were still not ready when GDPR hit and have faced the consequences this year. According to the law firm EMW, the Information Commissioner’s Office received over 6,000 complaints in around six weeks between 25th May and 3rd July – a 160% increase over the same period in 2017. When GDPR came into force, there were questions raised about its true power to hold companies to account – with the regulation saying fines could be implemented up to £16.5 million or 4% of worldwide turnover. The latter half of this year has shown those concerns were unfounded, with big companies, including Uber as recently as this week, being fined for losing customer data. What 2018 has shown, is the authorities have the power and they’re prepared to use it.

In fact, the role of GDPR was to give more power back to the end user about who ultimately has their data, but it was also ensuring companies start taking the protection of the data they hold more seriously. Unfortunately, while the issue around protecting data has grown more prominent, the methods to achieving this are still misguided. Put simply, businesses are still not doing the basics when it comes to data protection. This means protecting the data at its core through encryption, key management and controlling access. In our latest Breach Level Index results for the first half of 2018, only 1% of data lost, stolen or compromised was protected through encryption. The use of encryption renders the data useless to any unauthorised person, effectively protecting it from being misused. Another reason to implement this is it is actually part of the regulation and will help businesses avoid fines as well. With such a large percentage still unprotected, businesses are clearly not learning their lessons.

So, moving on from last year, what might the next 12 months bring the security industry? Based on the way the industry is moving, 2019 is set to be an exciting year as AI gains more prominence and, quantum and crypto-agility start to make themselves known.

2019 Predictions

1. Quantum Computing Puts Pressure on Crypto-Agility

Next year will see the emergence of the future of security – crypto-agility. As computing power increases, so does the threat to current security protocols. But one notable example here is encryption, the static algorithms of which could be broken by the increased power. Crypto-agility will enable businesses to employ flexible algorithms that can be changed, without significantly changing the system infrastructure, should the original encryption fail. It means businesses can protect their data from future threats including quantum computing, which is still years away, without having to tear up their systems each year as computing power grows.

2. Hackers will launch the most sophisticated cyber-attack ever using AI in 2019

Up until now, the use of AI has been limited, but as the computing power grows, so too do the capabilities of AI itself. In turn this means that next year will see the first AI-orchestrated attack take down a FTSE100 company. Creating a new breed of AI powered malware, hackers will infect an organisations system using the malware and sit undetected gathering information about users’ behaviours, and organisations systems. Adapting to its surroundings, the malware will unleash a series of bespoke attacks targeted to take down a company from the inside out. The sophistication of this attack will be like none seen before, and organisations must prepare themselves by embracing the technology itself as a method of hitting back and fight fire with fire.

3. Growing importance of digital transformation will see the rise of Cloud Migration Security Specialists in 2019

As organisations embrace digital transformation, the process of migrating to the cloud has never been under more scrutiny; from business leaders looking to minimise any downtime and gain positive impact on the bottom line, to hackers looking to breach systems and wreak havoc. As such, 2019 will see the rise of a new role for the channel – the Cloud Migration Security Specialist. As companies move across, there is an assumption that they’re automatically protected as they transition workloads to the cloud. The channel has a role to play in educating companies that this isn’t necessarily the case and they’ll need help protecting themselves from threats. It’s these new roles that’ll ensure the channel continues to thrive.

A Boardroom Issue That Needs to Yield Results

With 2018 fast disappearing, the next year is going to be another big one no matter what happens, as companies still struggle to get to terms with regulations like GDPR. With growing anticipation around the impact of technologies like quantum and AI, it’s important that companies don’t forget that the basics are just as vital, if not more, to focus on. So, while 2018 has been the year where cybersecurity finally became a boardroom issue, 2019 needs to be the year where its importance filters down throughout the entire company. For an issue like cybersecurity, the company attitude towards it needs to be led from the top down, so everyone buys into it. If that happens, could next year see no breaches take place? Extremely unlikely. But maybe it could be the year the industry starts to turn the tide against the hacking community.

View the original post at gemalto.com.

2018 Annual Digest of Identity and Access Management

December 20th, 2018

Identity and Access Management continues to be a key component in building an enterprise’s cyber security strategy. Today we are presenting our observations of Identity and Access Management in 2018. What happened this year? What can enterprises learn from events in the media in terms of Cyber Security in general, and Identity and Access Management specifically?

Here is a brief timeline of significant regulations, data breaches and world events that were marked by the media, including Gemalto sources and these events signified in the Identity and Access Management arena:


Q1

February 1
PCC DSS 3.2 takes effect

What happened
This payment card regulation affects individuals who access systems which hold credit card data. From February 1, 2018, they are required to authenticate themselves with multi-factor authentication. The Payment Card Industry Data Security Standard was developed to encourage and enhance cardholder data security and facilitate broad adoption of consistent data security measures globally. The ultimate aim is to reduce credit card fraud.

Lessons learned
Companies should already be far along the road to PCI DSS 3.2 compliance by now. They should be prioritizing compliance by working with partners on encryption, key management and authentication.

Q2

May 19
The Royal Wedding

What happened
When Prince Harry married Meghan Markle, thousands of reporters were present, and yet the secrets about Meghan’s dress, manufacturer and designer remained a secret. While the interworking of the dress designer, Givenchy and the Royal Family network will remain privileged, it seems that part of the reason for the success of the secret was that the work was confined to locations which were secured physically.
Lessons learned

Physical seclusion is not always possible for fashion industries and other global enterprises today. They often collaborate on Computer Aided Design (CAD) software alongside cloud-based applications, and some require reports that provide visibility into login attempts into their ecosystem. An identity and access management solution as a service (IDaaS) can help fashion enterprises or governmental institutions ensure that only the right person receives the right information at the right time, without endangering the enterprise or its end customers.

May 25
General Data Protection Regulation (GDPR) begins

What happened

General Data Protection Regulation (GDPR), requires companies to be more accountable to their EU-based users on how their data is controlled and used. It also requires companies to notify their local data protection authority regarding suspected data breaches.

Lessons learned

Although GDPR can fine organizations for data breaches, these fines may be reduced if the organizations can prove that they have deployed security controls to minimize damage. To help your organization handle GDPR, identity and access management provides a first line of defense to the sensitive user data harbored in your companies’ cloud and web apps. With scenario based policies and convenient access management, you can help your enterprise save on GDPR costly fines or sanctions.

Q3

August 1
Reddit’s Company Cloud Attacked

What happened
Reddit, the social media platform, considered to be the 5th top rated website in the U.S., shared that a few of their employees’ administrative accounts were hacked. An attacker gained access to data through Reddit’s company cloud after compromising some accounts.

Lessons learned
While they did in fact have their sensitive resources protected with two-factor authentication (2FA), Reddit encouraged users to move to token-based 2FA. For years corporations and security professionals have been urged to implement multi-factor authentication (MFA) as the solution for cybersecurity concerns. While MFA isn’t a silver bullet that solves all your cybersecurity concerns, it is a key component in elevating the security of an organization and adding a very important layer of protection.

September 25
Facebook Mega Breach

What happened

The September 2018 Facebook breach was not only a ‘mega’ breach in terms of the 50 millions of compromised users affected, but also a severe breach due the popularity of the social media giant. Cyber criminals got ahold of users’ FB login credentials. The breach was compounded by the fact that many users utilize their Facebook credentials to log into other social media sites, which means that the hackers actually were able to access not only a user’s Facebook account, but to all other accounts that use Facebook login credentials.

Lessons learned
The risks that consumers were exposed to as a result of buffet-style sign on in the Facebook case, also apply to the enterprise. Fortunately, there is a solution: To maintain the convenience of single sign on without compromising on security, enterprises can use Smart Single Sign-On.

Q4

November 30
Quora and Marriott Hotels announce massive breaches of user data

What happened
Quora Q&A site suffered a massive breach of user data, including the compromise of 100 million users’ credentials. On the same day, the Marriot International Hotel chain suffered a serious breach, allegedly undetected for 4 years!

Lessons learned
In the Quora case, similar to Facebook, accounts are linked to other social media sites such as games and quizzes, so that access to one account opens the doors to related data. The Marriott Hotel incident shows that it’s not enough to protect your data. It also deals with access issues involved with mergers and acquisitions – in this case merging the Starwood Reservation system with Marriott. You need to see who is accessing your networks and see if there is any unusual activity, right from the start. Monitoring and reporting capabilities in an access management solution can help organizations gain insights into unauthorized access attempts.

Identity and Access Management as a Strategy, 2019-style:
In 2019, it is inevitable that there will be more cyber security violations, including corporate identity theft. And it’s likely that more regulations will be put in place to force enterprises to be proactive, not just reactive.

The question is what organizations will do to brace these breaches. For more information on how your enterprises can prevent breaches, enable the continuous business transformation of their resources securely and simplify compliance, learn more about Gemalto’s SafeNet Identity and Access Management, request a 30 minute demo of SafeNet Trusted Access or watch our video, “How Access Management Enables Cloud Compliance.

View the original post at Gemalto.com.

Simplifying Network Management with Ruckus SmartZone

December 19th, 2018

First introduced in 2015, SmartZone-powered controllers combine scalability, tiered multi-tenancy, architectural flexibility, and extensive APIs into a single centrally-managed element. These capabilities enable managed service providers to implement complex, multi-tier and as-a-service business models using their own management applications. They also allow operators to manage subscriber data traffic on a massive scale while integrating traffic flows and network data into existing network architecture.

Ruckus SmartZone products have been deployed in thousands of enterprises and in more than 200 service provider networks across five continents.

Unifying Network Management

IT departments seeking to manage both wired and wireless networks via a single console have traditionally needed to purchase a stand-alone network management element for on-premises management scenarios. Fortunately, Ruckus SmartZoneOS 5 has transformed the industry’s most scalable WLAN controllers into a comprehensive single network element to control and manage both Ruckus access points (APs) and switches. This simplifies network management by:

  • Eliminating provisioning errors through the use of an automated discovery process for access points (APs) and switches.
  • Reducing configuration and deployment duration when compared to a multi-console approach.
  • Reducing network software and hypervisor license fees, server expense, utility expense, and training costs.
  • Enabling a single network controller cluster to scale to 450,000 clients.
  • Enabling networking-as-a-service.

It should be noted that Ruckus SmartZone also includes open, well-documented RESTful application programming interfaces (APIs) that allow IT departments to easily invoke SmartZone functions and configurations to enable error-free automation. In addition, streaming APIs enable IT to monitor in near real-time the full array of Ruckus network data, statistics, and alarms. This means IT departments can more easily create customized, information-dense dashboards and reports.

Ruckus SmartZone Lineup: SZ300 & SZ100

Let’s take a closer look at Ruckus’ SmartZone lineup below, beginning with the Ruckus SmartZone 300 (SZ300) which is targeted at operators, MSPs, and large enterprises. Key features and benefits include:

A single SZ300 appliance can manage 10K APs and 500 switches, while 3+1 active clustering increases capacity to 30K APs, 1,500 switches, and 450K clients.

  • 6x 1GbE ports, 4x 10GbE ports.
  • The SZ300 protects itself from catastrophic failures with intra-cluster and inter-cluster failover. Geo-redundancy with active/active clusters delivers higher availability versus traditional hot-standby. Hot-swappable power supplies, 3x fan sets, and redundant disk drives further improve uptime.
  • Multi-tenancy, domain segmentation, and containerization enable secure delivery of managed network services in complex, multi-tier business models across multiple geographies, including MVNO models.
  • Visual Connection Diagnostics speeds and simplifies troubleshooting and client problem resolution while unique “super-KPIs” enable IT to more quickly detect and react to potential user experience degradation.
  • Optional Ruckus Cloudpath integration lets IT create rich location-, device- and user-based policy rules, enabling network segmentation based on real security and policy needs rather than on a one-size-fits-all approach.
  • The SmartZone OS advanced feature set includes rogue AP detection and mitigation, adaptive band balancing, load balancing, airtime fairness, hotspot, and guest services, capacity-based admission control, and more.

Meanwhile, the Ruckus SmartZone 100 (SZ100) is a scalable network controller for mid-sized enterprises. Key features and benefits include:

  • A single SZ100 appliance can manage up to 1,000 APs, while 3+1 active clustering increases capacity to 3,000 APs and 30K clients.
  • 4x 1GbE ports, 2x 10GbE ports.
  • Active/active clustering delivers higher availability and resiliency than traditional N+1 standby. 3x fans further improve uptime.
  • Visual Connection Diagnostics speeds and simplifies troubleshooting and client problem resolution while unique “super-KPIs” enable IT to more quickly detect and react to potential user experience degradation.
  • Optional Ruckus Cloudpath integration lets IT create rich location-, device- and user-based policy rules, enabling network segmentation based on real security and policy needs rather than on a one-size-fits-all approach.
  • The SZ100 can store up to 30 days of network configuration and client data on internal storage drives even with reboots.
  • Automated AP and switch provisioning; L3 and L2 auto-discovery of APs and switches reduce manual administration.
  • The SmartZone OS advanced feature set includes rogue AP detection, interference detection and mitigation, band steering, airtime fairness, hotspot, guest networking services, and more.

Ruckus SmartZone Lineup: vSZ-H and vSZ-E

The Ruckus Virtual SmartZone – High-Scale (vSZ-H) enables operators and managed service providers (MSPs) to easily, flexibly, and securely deliver Networking-as-a-Service (NaaS). Key features and benefits include:

  • A single cluster scales to 450K clients, 30K APs, and 1,500 switches.
  • A single low-cost license and a commodity x86 server with any popular hypervisor are all that’s needed for a vSZ-H instance.
  • Active/Active 3+1 clustering eliminates idle controller capacity and data loss during redundant failover while minimizing configuration time when nodes are added.
  • The vSZ-H centralizes LAN and WLAN management and flexibly integrates with the Virtual SmartZone – Data Plane (vSZ-D) or external WLAN gateways to accommodate complex data plane routing topologies.
  • Sophisticated zone and domain segmentation give service providers the flexibility to supply non-hosting partners with their own domains, to run different SmartZone OS versions in different zones, and countless other options.
  • An independent, containerized tenant architecture minimizes the risk of degraded end-user experience and enhances data privacy between tenants.

Meanwhile, Virtual SmartZone – Essentials (vSZ-E) offers mid-sized enterprises flexibility, lower deployment costs, and the ability to scale a network up to 60,000 clients. Key features and benefits include:

  • A single cluster scales to 60K clients, 3,000 APs, and 50 switches.
  • A single low-cost license and a commodity x86 server with any popular hypervisor is all that’s needed for a vSZ-E instance.
  • Active/Active 3+1 clustering eliminates idle controller capacity and data loss during redundant failover while minimizing configuration time when nodes are added.
  • The vSZ-E centralizes LAN and WLAN management and flexibly integrates with the Virtual SmartZone – Data Plane (vSZ-D) or external WLAN gateways to accommodate complex data plane routing topologies.
  • IT can offload WLAN and connectivity services such as DHCP/NAT to the AP or vSZ-D to reduce expenses for separate routers and servers.

SmartZone: Ruckus APs and Switches

Ruckus SmartZone controllers are designed to manage Ruckus’ extensive lineup of indoor and outdoor access points. Our AP family offers a solution for every deployment scenario including small businesses, wireless LANs, and mission-critical high-density carrier grade installations. Ruckus outdoor access points are suitable for a range of environments and offer a choice of mounting and antenna options, with outdoor point-to-point bridges providing connectivity between remote sites.

As a comprehensive single network element, SmartZone also manages the Ruckus ICX switch family, which can be deployed standalone, stacked or installed within a campus fabric. Switch management features offered by SmartZone include discovery and inventory, SNMP monitoring, link discovery, firmware upgrades, as well as backup and restore functions. By using SmartZone, organizations can proactively monitor their network, perform network-wide troubleshooting, generate traffic reports and gain visibility into the network activity from the wireless edge to the core.

Are you interested in learning more about the Ruckus SmartZone platform?

Submit a contact form or email sales@net-ctrl.com and we can set up a demo for you.

View the original publication at The Ruckus Room.

Getting Wired for Wireless: Power

December 13th, 2018

Continuing our Wired for Wireless series where our most recent installment talked about performance, this blog will discuss Power over Ethernet and its importance when deploying access points.

Power over Ethernet (PoE) is typically provided for access points (APs), as well as other devices such as voice over IP (VoIP) phones, IP TVs, and video cameras. Although there are many devices that draw power directly from the switch, PoE is particularly important for APs. As such, a primary concern for customers planning an AP refresh is ensuring that sufficient power will be delivered at the switch.

Previous generations of access points could operate on a PoE budget of 15 watts of power at the switch. However, AP radios have evolved considerably and now demand more power. Today, most APs up to and including Wi-Fi 5 (802.11ac) draw PoE of 30 watts. However, while the latest Wi-Fi 5 APs can theoretically operate on 30 watts of power, they need just a little bit more to achieve top performance, drive all the radios, and provide power to the USB port. Next generation Wi-Fi 6 (802.11ax) APs demand even more power. While they operate on PoE + power, they will require more to drive their 8×8 radios for peak performance.

This is precisely why the IEEE recently defined IEEE 802.3bt. The standard outlines two additional power types to bolster PoE: up to 55 W (Type 3) and up to 90-100 W (Type 4). IEEE 802.3bt also stipulates that each pair of twisted pairs must support a current of up to 600 mA (Type 3) or 960 mA (Type 4). In addition, IEEE 802.3bt includes support for 2.5GBASE-T, 5GBASE-T, and 10GBASE-T.

Several vendors already have switches that support 60 watts, although only Ruckus supports 90 watts of power per port. Although there are relatively few devices that require more than 30 watts, more and more power-hungry devices are hitting the market with an ever-expanding appetite for more power. Such devices include LED lighting, high-end video displays, and pan tilt zoom cameras that can consume up to 75 watts and beyond.

This is precisely why we have designed our switches to deliver the power needed for dense Wi-Fi deployments, as well as for other powered devices. Ruckus switches can support Power over Ethernet (PoE) on all 24 or 48 ports with a single power supply – and PoE+ on all ports. As noted above, with dual power supplies, we are the only vendor that currently supports up to 90 watts power per port. Put simply, Ruckus delivers power to spare.

View the original post by Rick Freedman at the Ruckus Room.

Net-Ctrl Blog - mobile

Nearly Half of Organisations Can’t Tell If Their IoT Devices Were Breached, Finds Study

January 16th, 2019


The Internet of Things (IoT) is on the rise. According to Statista, the number of IoT devices are expected to increase from 23.14 billion to 30.73 billion in 2020. By 2025, that number is expected to more than double to 75.44 billion.

Such projected growth highlights the need for organizations to harden their IoT devices. But are companies adequately prepared to meet the challenges of IoT security?

To answer that question, Gemalto surveyed 950 IT and business decision makers globally for its report, The State of IoT Security.

On the one hand, we found that many organizations consider IoT security to be a priority. Nearly a quarter of survey respondents said they think IoT security constitutes a secure foundation for offering new services, for example. That figure was down from 32% a year earlier. At the same time, nearly two-thirds (57 percent) of survey participants said that their organizations had adopted a security by design approach for creating their own IoT devices, while slightly less than that (46%) said they thought that security is the main consideration for their customers when choosing an IoT product or offering.

On the other hand, the international digital security company discovered that many companies are struggling against several challenges to adequately secure their IoT devices. Thirty-eight percent of companies admitted that they struggled to ensure data privacy when trying to secure their IoT products and services, for instance. Approximately a third (34%) of IT and business decision makers said that their employer struggles under the large amounts of data collected by IoT devices, while slightly less than that (31%) revealed that they struggle to balance security with the user experience.

These challenges have subsequently shaped organizations’ IoT security posture. With less than 14% of IoT budgets currently going towards security, it’s no surprise that less than two-thirds (59%) of respondents said their organization encrypts all of the data they capture or store via IoT. It’s also no wonder that companies have a difficult time detecting a security incident with respect to their IoT assets. Indeed, just forty-eight percent of survey respondents said that their organizations could detect when an IoT device had been breached.

Reflecting on the security gaps identified above, many IT and business decision makers do see a way forward for IoT security. A majority of respondents (59%) specifically said it’s “very important” that there be regulations in place regarding IoT security. The same percentage of survey participants said that those regulations should make clear who is responsible for securing data at each stage of its journey as well as identify what methods should be used for data storage. Sixty-percent of individuals also noted that IoT security providers and cloud service providers should be responsible for abiding by IoT security regulations when implemented, with nearly 80% of respondents vocalizing support for government intervention.

Interested in learning more about the state of IoT security? Download Gemalto’s report today.

View the original post from Gemalto.

Johnson Controls latest CEM Systems AC2000 release goes beyond security to help mitigate H&S risks

January 15th, 2019

Johnson Controls announces the release of CEM Systems AC2000 v10.1, which contains a number of new features that improve functionality and the user experience, and help to mitigate health and safety risks. Support for a range of new third-party products that increase the performance and scope of the CEM Systems AC2000 access control system has also been added.

The Health and Safety (H&S) Induction Check application for CEM Systems emerald intelligent access terminals allows cardholders to self-certify with a card swipe on the emerald terminal once they have completed H & S induction training and before they are provided access to a site. The application automatically records induction completed date on the CEM Systems AC2000 system, helping mitigate the risk of health and safety incidents and report on who has and hasn’t completed training.

Another H&S feature now available with AC2000 v10.1 is the Emergency Responder Remote application which helps improve emergency response times during incidents. This application allows system users to quickly find emergency responders (Fire Marshalls, First Aiders and/or First Responders) via CEM Systems emerald terminals.

Functionality at the edge has been improved with enhancements to the Local Access Remote application on the CEM Systems emerald terminal. This allows ‘Extra Access’ to be added, amended and removed via the app on the CEM Systems emerald terminal and provides potential cost savings for remote sites where a workstation client may not be feasible.

Support has been added for the MorphoWave™ Compact frictionless biometric access reader, SimonsVoss SmartIntego wireless locking solutions and STid Architect® range of RFID readers. This builds on the range of biometric, wireless lock solutions and RFID reader options that available to CEM Systems AC2000 system users.

View the original press release by CEM.

Phishing at the confluence of digital identity and Wi-Fi access

January 11th, 2019

When we think of phishing, most of us imagine a conventional phishing attack that begins with a legitimate-looking email. It might appear to come from an e-commerce site with which you happen to do business. “We’ve lost your credit card number. Please follow the link to re-enter it,” the email says. But the link leads to a malicious site where you enter your credit card number, press submit, and you have just been phished by hoody-clad hackers.

Even more likely in modern phishing attacks, the email may trick you into giving up your digital identity—for example, your Gmail account. Many legitimate sites give you the option to log in using social login. What’s to stop a criminal site from asking for your credentials in the same way? The answer: nothing. (Best to be sure that you only use social login on sites that you’re sure you can trust.)

Not every phishing attack starts with a spam email, though. Wi-Fi phishing is analogous to conventional phishing, and the stakes are just as high—or even higher. To understand how this works, let’s begin at the beginning.

Rogue Access Points and Evil Twins

A rogue access point is an AP that someone has installed on the network without the approval of IT. It could represent something innocently misguided, like a user trying to extend Wi-Fi range. (Users should contact IT teams for that.) Or a rogue AP could be set up with malicious intent.

An “evil twin” access point is a special variety of rogue access point that attackers can use for nefarious purposes. Every evil twin is a rogue, but not every rogue is an evil twin. The evil twin impersonates a legitimate access point and helps attackers compromise your network. As with many cyber-attacks, user behaviour makes this possible.

Attackers can force users off the access point and trick them into associating with the evil twin. This is how a Wi-Fi phishing attack starts. The evil twin can ask them to enter the pre-shared key into a fake login portal. To be clear, the user enters the actual credential into a fake portal. This does not seem unusual to users, because they have probably experienced having to re-enter credentials for network access before. In this scenario, doing so means handing over the Wi-Fi password or user credentials to the attacker, who can then use it to gain access to your network.

Where Wi-Fi Phishing Meets Digital Identity

Attackers can easily use the same technique to compromise digital identity within any IT environment. Suppose that the attacker asks your end users to enter their enterprise single sign-on credentials to regain access to the network. As an IT professional, you probably wouldn’t fall for that, but some of your users might. The more users you have, the more likely someone will fall victim.

Once the user has handed over his or her credentials, a world of opportunities opens for the hackers. Organizations typically leverage cloud-based file sync and share services. Customer relationship management (CRM) systems live in the cloud. Enterprise SSO platforms allow users—or hackers that have compromised their credentials—to access both. So, what began with a Wi-Fi hack can easily end in a massive data breach.

This scenario can play out even with a garden-variety rogue that is not an evil twin. The AP doesn’t have to be impersonating a legitimate access point to get a user to compromise his or her digital identity. Have you ever wondered whether Wi-Fi sources in public locations are legitimate? This vendor video shows how attackers can compromise digital identities when they target unsuspecting users (in this case members of the U.K. Parliament—incidentally using a VPN service when accessing unsecured public Wi-Fi is a good tip). The same thing can happen in an enterprise environment when users connect to a malicious rogue AP, only the identity compromised might imperil your confidential data.

How Can You Combat Wi-Fi Phishing, Evil Twins and Other Rogue APs?

Fortunately, you can take steps to protect your users and data from these scenarios. Your first line of defence against rogue access points is the wireless intrusion detection and prevention capability provided as part of your wireless LAN.

You can also take steps to avoid SSID proliferation, which will make it easier to spot rogues in your environment. Many IT environments become cluttered with SSIDs as IT teams use this as a mechanism to provide differential levels of access to different users and groups of users. Best practice: don’t do this. Employ a system for centrally defining and managing policies for network access.

By taking steps to make sure that users can authenticate reliably and seamlessly to a legitimate source of connectivity, you can also make it less likely that they will seek out a malicious access point, should one be within range. Digital certificates as the basis for network authentication can help here. A certificate on the device can also protect against devices connecting to evil twin APs, should a sophisticated attacker try and spoof a legitimate AP. Ruckus Cloudpath Enrollment System is a great way to roll out digital certificates for your users. It also addresses the security shortcomings of default methods of authentication that you may be using now.

If there is no PSK to divulge, there is also no risk that your users will divulge it. A secure onboarding and authentication approach based upon digital certificates obviates the need for conventional PSKs as a mechanism for network access. You can also use dynamic pre-shared keys, which are unique to each user, for guest access. Guests typically get internet access only, with no access to sensitive internal resources.

Last, but not least, user education is always a key to avoiding any kind of attack on your network, users and data. Take measures to educate stakeholders to be careful about what Wi-Fi sources they connect to and what information they enter when they do.

View the original post by Vernon Shure at Ruckus Networks.

Palo Alto Networks Joins Net-Ctrl on Stand C61

January 10th, 2019

Net-Ctrl will be able to demo a range of Palo Alto Networks solutions on our BETT stand (C61).

Cyberattacks in the Education Sector are increasing year on year. This area is one that cybercriminals feel they can exploit more successfully as they know that IT teams are stretched. They know that due to tight budgets equipment is likely to be ageing and with the introduction of BYOD the attack surface is only increasing which has a knock-on effect adding even more pressure to schools to keep their students and their data secure.

Palo Alto Networks aims to help schools with this by putting in an Automated Security Platform that works without the need for human intervention, with their Threat Intelligence cloud they ensure that the system is constantly updated with the latest threats in the industry and with their TRAPS endpoint protection they can extend this protection out to endpoints and BYOD devices.

Outside of Core Security Palo Alto Networks are also able to assist Schools with Safe-Guarding with the following:

  • URL Filtering
  • Categorisation and Control of Websites
  • Application Control
  • Ensure that only authorised applications are in use on the School Network
  • Search Engine Alerts
  • Real-Time awareness of search queries
  • Visibility Reports
  • Show granular visibility of Network and web-based activity by user

Come and visit Net-Ctrl and Palo Alto Networks on stand C61 at BETT 2019 to learn more about how Palo Alto Networks can fit into your school’s infrastructure. We will have a dedicated team able to answer your questions and provide solution demonstrations.

BETT 2019 is going to be held at the Excel in London from the 23rd – 26th January. Book your free ticket now.

If you would like to book a meeting slot in advance email marketing@net-ctrl.com.

Ruckus join Net-Ctrl at BETT 2019

January 9th, 2019

Ruckus will be joining Net-Ctrl at BETT 2019 on stand C61 with their range of smart wired and wireless technology.

Ruckus – Wireless Technology

Ruckus has never relied on off-the-shelf, reference design radio technology—it doesn’t deliver the capacity, range or interference mitigation necessary to make real the dream of wireless that works everywhere, all the time. Ruckus delivered the industry’s first adaptive antenna technology to overcome RF interference on Wi-Fi networks.

Ruckus Wired Technology

The Ruckus ICX Family of fixed form-factor switches works together to simplify network set-up and management, enhance security, minimise troubleshooting and make upgrades easy. ICX switches work seamlessly with Ruckus Wi-Fi access points and Ruckus SmartZone network controllers to deliver the most performance and cost-effective unified wired & wireless access solutions on the market today.

What makes Ruckus, well, Ruckus..

  • Performance – Ruckus’ deep history of technical innovation means superior, dependable wired and wireless performance. Everywhere, all the time.
  • Simplicity – Ease of install and management for IT? Ease of use for end users? These are just a given.
  • Flexibility – Ruckus provides the utmost flexibility for all the wired and wireless networking scenarios a school or college might have.

Moving Beyond Wi-Fi

Ruckus Wi-Fi itself is now much more than super-fast connections, it’s a platform for a host of capabilities—like location analytics and engagement technology.

Visit Net-Ctrl and Ruckus on stand C61 to find out more about Ruckus’ portfolio of smart wired and wireless solutions.

BETT 2019 is going to be held at the Excel in London from the 23rd – 26th January. Book your free ticket now.

If you would like to book a meeting slot in advance please email marketing@net-ctrl.com.

Join Net-Ctrl and Partners at BETT 2019

January 9th, 2019

Net-Ctrl will be exhibiting at BETT 2019 on stand C61. Each year we bring a small selection of solutions from manufacturers in our portfolio. At BETT 2019 we have our best line-up yet.

Our Approach for BETT 2019

We have noticed a requirement for better access control and lockdown technologies in schools and colleges, to protect staff and students and comply with some of the latest standards.

The trouble with a lot of access control and lockdown technologies is a lack of integration. The end result is schools and colleges managing a number of different solutions individually.

At Net-Ctrl our focus is on integration. We want to make it as easy as possible for you to protect those on your site(s) and that is why this year we are expanding our access control and lockdown integration partners that will be on show. We will be demonstrating integration between access control, intruder alarms, fire detection, wireless door handles and IP speaker solutions, and also IP-CCTV.

In addition, we will be extending our security message to the network and endpoint with Palo Alto Networks. They have a highly advanced and secure portfolio to keep your users, and your site, protected for a more secure everywhere.

We also have Ruckus on our stand. Ruckus is leading the way in wired and wireless technology to keep your users connected even in the most challenging environments. Ruckus Smart Wi-Fi and wired technology redefines what’s possible in network performance with flexibility, reliability and affordability

We invite you all to come and see us at BETT 2019, we will have a number of demonstrations running and product experts on hand. We’re really excited for BETT 2019. Make sure you pay us a visit and stop by the Net-Ctrl stand – C61.

Over the next few weeks, we will be sending some additional emails with more information about each of our stand partners.

Partners at BETT 2019:

  • CEM:  Powerful Access Control and Integrated Security Management Systems with Fire Detection and Intruder Solutions
  • Mobotix:  High-Resolution IP-CCTV Camera and Video Door Entry Systems
  • Netgenium:  IP PoE Intelligent Audio and Lockdown Solutions
  • NEXUS: Rapidly Deployable, Battery Powered and RF-based, School Lockdown Solutions
  • Palo Alto Networks:  Next-Generation Firewalls and Endpoint Protection for Safeguarding
  • Ruckus:  Smart Wired and Wireless Solutions

BETT 2019 is going to be held at the Excel in London from the 23rd – 26th January. Book your free ticket now.

If you would like to book a meeting slot in advance email marketing@net-ctrl.com.

The Future of Cybersecurity – A 2019 Outlook

January 4th, 2019

From the record-breaking number of data breaches to the implementation of the General Data Protection Regulation (GDPR), 2018 will certainly go down as a memorable year for the cybersecurity industry. And there have been plenty of learnings for both the industry and organisations, too.

Despite having two years to prepare for its inception, some companies were still not ready when GDPR hit and have faced the consequences this year. According to the law firm EMW, the Information Commissioner’s Office received over 6,000 complaints in around six weeks between 25th May and 3rd July – a 160% increase over the same period in 2017. When GDPR came into force, there were questions raised about its true power to hold companies to account – with the regulation saying fines could be implemented up to £16.5 million or 4% of worldwide turnover. The latter half of this year has shown those concerns were unfounded, with big companies, including Uber as recently as this week, being fined for losing customer data. What 2018 has shown, is the authorities have the power and they’re prepared to use it.

In fact, the role of GDPR was to give more power back to the end user about who ultimately has their data, but it was also ensuring companies start taking the protection of the data they hold more seriously. Unfortunately, while the issue around protecting data has grown more prominent, the methods to achieving this are still misguided. Put simply, businesses are still not doing the basics when it comes to data protection. This means protecting the data at its core through encryption, key management and controlling access. In our latest Breach Level Index results for the first half of 2018, only 1% of data lost, stolen or compromised was protected through encryption. The use of encryption renders the data useless to any unauthorised person, effectively protecting it from being misused. Another reason to implement this is it is actually part of the regulation and will help businesses avoid fines as well. With such a large percentage still unprotected, businesses are clearly not learning their lessons.

So, moving on from last year, what might the next 12 months bring the security industry? Based on the way the industry is moving, 2019 is set to be an exciting year as AI gains more prominence and, quantum and crypto-agility start to make themselves known.

2019 Predictions

1. Quantum Computing Puts Pressure on Crypto-Agility

Next year will see the emergence of the future of security – crypto-agility. As computing power increases, so does the threat to current security protocols. But one notable example here is encryption, the static algorithms of which could be broken by the increased power. Crypto-agility will enable businesses to employ flexible algorithms that can be changed, without significantly changing the system infrastructure, should the original encryption fail. It means businesses can protect their data from future threats including quantum computing, which is still years away, without having to tear up their systems each year as computing power grows.

2. Hackers will launch the most sophisticated cyber-attack ever using AI in 2019

Up until now, the use of AI has been limited, but as the computing power grows, so too do the capabilities of AI itself. In turn this means that next year will see the first AI-orchestrated attack take down a FTSE100 company. Creating a new breed of AI powered malware, hackers will infect an organisations system using the malware and sit undetected gathering information about users’ behaviours, and organisations systems. Adapting to its surroundings, the malware will unleash a series of bespoke attacks targeted to take down a company from the inside out. The sophistication of this attack will be like none seen before, and organisations must prepare themselves by embracing the technology itself as a method of hitting back and fight fire with fire.

3. Growing importance of digital transformation will see the rise of Cloud Migration Security Specialists in 2019

As organisations embrace digital transformation, the process of migrating to the cloud has never been under more scrutiny; from business leaders looking to minimise any downtime and gain positive impact on the bottom line, to hackers looking to breach systems and wreak havoc. As such, 2019 will see the rise of a new role for the channel – the Cloud Migration Security Specialist. As companies move across, there is an assumption that they’re automatically protected as they transition workloads to the cloud. The channel has a role to play in educating companies that this isn’t necessarily the case and they’ll need help protecting themselves from threats. It’s these new roles that’ll ensure the channel continues to thrive.

A Boardroom Issue That Needs to Yield Results

With 2018 fast disappearing, the next year is going to be another big one no matter what happens, as companies still struggle to get to terms with regulations like GDPR. With growing anticipation around the impact of technologies like quantum and AI, it’s important that companies don’t forget that the basics are just as vital, if not more, to focus on. So, while 2018 has been the year where cybersecurity finally became a boardroom issue, 2019 needs to be the year where its importance filters down throughout the entire company. For an issue like cybersecurity, the company attitude towards it needs to be led from the top down, so everyone buys into it. If that happens, could next year see no breaches take place? Extremely unlikely. But maybe it could be the year the industry starts to turn the tide against the hacking community.

View the original post at gemalto.com.

2018 Annual Digest of Identity and Access Management

December 20th, 2018

Identity and Access Management continues to be a key component in building an enterprise’s cyber security strategy. Today we are presenting our observations of Identity and Access Management in 2018. What happened this year? What can enterprises learn from events in the media in terms of Cyber Security in general, and Identity and Access Management specifically?

Here is a brief timeline of significant regulations, data breaches and world events that were marked by the media, including Gemalto sources and these events signified in the Identity and Access Management arena:


Q1

February 1
PCC DSS 3.2 takes effect

What happened
This payment card regulation affects individuals who access systems which hold credit card data. From February 1, 2018, they are required to authenticate themselves with multi-factor authentication. The Payment Card Industry Data Security Standard was developed to encourage and enhance cardholder data security and facilitate broad adoption of consistent data security measures globally. The ultimate aim is to reduce credit card fraud.

Lessons learned
Companies should already be far along the road to PCI DSS 3.2 compliance by now. They should be prioritizing compliance by working with partners on encryption, key management and authentication.

Q2

May 19
The Royal Wedding

What happened
When Prince Harry married Meghan Markle, thousands of reporters were present, and yet the secrets about Meghan’s dress, manufacturer and designer remained a secret. While the interworking of the dress designer, Givenchy and the Royal Family network will remain privileged, it seems that part of the reason for the success of the secret was that the work was confined to locations which were secured physically.
Lessons learned

Physical seclusion is not always possible for fashion industries and other global enterprises today. They often collaborate on Computer Aided Design (CAD) software alongside cloud-based applications, and some require reports that provide visibility into login attempts into their ecosystem. An identity and access management solution as a service (IDaaS) can help fashion enterprises or governmental institutions ensure that only the right person receives the right information at the right time, without endangering the enterprise or its end customers.

May 25
General Data Protection Regulation (GDPR) begins

What happened

General Data Protection Regulation (GDPR), requires companies to be more accountable to their EU-based users on how their data is controlled and used. It also requires companies to notify their local data protection authority regarding suspected data breaches.

Lessons learned

Although GDPR can fine organizations for data breaches, these fines may be reduced if the organizations can prove that they have deployed security controls to minimize damage. To help your organization handle GDPR, identity and access management provides a first line of defense to the sensitive user data harbored in your companies’ cloud and web apps. With scenario based policies and convenient access management, you can help your enterprise save on GDPR costly fines or sanctions.

Q3

August 1
Reddit’s Company Cloud Attacked

What happened
Reddit, the social media platform, considered to be the 5th top rated website in the U.S., shared that a few of their employees’ administrative accounts were hacked. An attacker gained access to data through Reddit’s company cloud after compromising some accounts.

Lessons learned
While they did in fact have their sensitive resources protected with two-factor authentication (2FA), Reddit encouraged users to move to token-based 2FA. For years corporations and security professionals have been urged to implement multi-factor authentication (MFA) as the solution for cybersecurity concerns. While MFA isn’t a silver bullet that solves all your cybersecurity concerns, it is a key component in elevating the security of an organization and adding a very important layer of protection.

September 25
Facebook Mega Breach

What happened

The September 2018 Facebook breach was not only a ‘mega’ breach in terms of the 50 millions of compromised users affected, but also a severe breach due the popularity of the social media giant. Cyber criminals got ahold of users’ FB login credentials. The breach was compounded by the fact that many users utilize their Facebook credentials to log into other social media sites, which means that the hackers actually were able to access not only a user’s Facebook account, but to all other accounts that use Facebook login credentials.

Lessons learned
The risks that consumers were exposed to as a result of buffet-style sign on in the Facebook case, also apply to the enterprise. Fortunately, there is a solution: To maintain the convenience of single sign on without compromising on security, enterprises can use Smart Single Sign-On.

Q4

November 30
Quora and Marriott Hotels announce massive breaches of user data

What happened
Quora Q&A site suffered a massive breach of user data, including the compromise of 100 million users’ credentials. On the same day, the Marriot International Hotel chain suffered a serious breach, allegedly undetected for 4 years!

Lessons learned
In the Quora case, similar to Facebook, accounts are linked to other social media sites such as games and quizzes, so that access to one account opens the doors to related data. The Marriott Hotel incident shows that it’s not enough to protect your data. It also deals with access issues involved with mergers and acquisitions – in this case merging the Starwood Reservation system with Marriott. You need to see who is accessing your networks and see if there is any unusual activity, right from the start. Monitoring and reporting capabilities in an access management solution can help organizations gain insights into unauthorized access attempts.

Identity and Access Management as a Strategy, 2019-style:
In 2019, it is inevitable that there will be more cyber security violations, including corporate identity theft. And it’s likely that more regulations will be put in place to force enterprises to be proactive, not just reactive.

The question is what organizations will do to brace these breaches. For more information on how your enterprises can prevent breaches, enable the continuous business transformation of their resources securely and simplify compliance, learn more about Gemalto’s SafeNet Identity and Access Management, request a 30 minute demo of SafeNet Trusted Access or watch our video, “How Access Management Enables Cloud Compliance.

View the original post at Gemalto.com.

Simplifying Network Management with Ruckus SmartZone

December 19th, 2018

First introduced in 2015, SmartZone-powered controllers combine scalability, tiered multi-tenancy, architectural flexibility, and extensive APIs into a single centrally-managed element. These capabilities enable managed service providers to implement complex, multi-tier and as-a-service business models using their own management applications. They also allow operators to manage subscriber data traffic on a massive scale while integrating traffic flows and network data into existing network architecture.

Ruckus SmartZone products have been deployed in thousands of enterprises and in more than 200 service provider networks across five continents.

Unifying Network Management

IT departments seeking to manage both wired and wireless networks via a single console have traditionally needed to purchase a stand-alone network management element for on-premises management scenarios. Fortunately, Ruckus SmartZoneOS 5 has transformed the industry’s most scalable WLAN controllers into a comprehensive single network element to control and manage both Ruckus access points (APs) and switches. This simplifies network management by:

  • Eliminating provisioning errors through the use of an automated discovery process for access points (APs) and switches.
  • Reducing configuration and deployment duration when compared to a multi-console approach.
  • Reducing network software and hypervisor license fees, server expense, utility expense, and training costs.
  • Enabling a single network controller cluster to scale to 450,000 clients.
  • Enabling networking-as-a-service.

It should be noted that Ruckus SmartZone also includes open, well-documented RESTful application programming interfaces (APIs) that allow IT departments to easily invoke SmartZone functions and configurations to enable error-free automation. In addition, streaming APIs enable IT to monitor in near real-time the full array of Ruckus network data, statistics, and alarms. This means IT departments can more easily create customized, information-dense dashboards and reports.

Ruckus SmartZone Lineup: SZ300 & SZ100

Let’s take a closer look at Ruckus’ SmartZone lineup below, beginning with the Ruckus SmartZone 300 (SZ300) which is targeted at operators, MSPs, and large enterprises. Key features and benefits include:

A single SZ300 appliance can manage 10K APs and 500 switches, while 3+1 active clustering increases capacity to 30K APs, 1,500 switches, and 450K clients.

  • 6x 1GbE ports, 4x 10GbE ports.
  • The SZ300 protects itself from catastrophic failures with intra-cluster and inter-cluster failover. Geo-redundancy with active/active clusters delivers higher availability versus traditional hot-standby. Hot-swappable power supplies, 3x fan sets, and redundant disk drives further improve uptime.
  • Multi-tenancy, domain segmentation, and containerization enable secure delivery of managed network services in complex, multi-tier business models across multiple geographies, including MVNO models.
  • Visual Connection Diagnostics speeds and simplifies troubleshooting and client problem resolution while unique “super-KPIs” enable IT to more quickly detect and react to potential user experience degradation.
  • Optional Ruckus Cloudpath integration lets IT create rich location-, device- and user-based policy rules, enabling network segmentation based on real security and policy needs rather than on a one-size-fits-all approach.
  • The SmartZone OS advanced feature set includes rogue AP detection and mitigation, adaptive band balancing, load balancing, airtime fairness, hotspot, and guest services, capacity-based admission control, and more.

Meanwhile, the Ruckus SmartZone 100 (SZ100) is a scalable network controller for mid-sized enterprises. Key features and benefits include:

  • A single SZ100 appliance can manage up to 1,000 APs, while 3+1 active clustering increases capacity to 3,000 APs and 30K clients.
  • 4x 1GbE ports, 2x 10GbE ports.
  • Active/active clustering delivers higher availability and resiliency than traditional N+1 standby. 3x fans further improve uptime.
  • Visual Connection Diagnostics speeds and simplifies troubleshooting and client problem resolution while unique “super-KPIs” enable IT to more quickly detect and react to potential user experience degradation.
  • Optional Ruckus Cloudpath integration lets IT create rich location-, device- and user-based policy rules, enabling network segmentation based on real security and policy needs rather than on a one-size-fits-all approach.
  • The SZ100 can store up to 30 days of network configuration and client data on internal storage drives even with reboots.
  • Automated AP and switch provisioning; L3 and L2 auto-discovery of APs and switches reduce manual administration.
  • The SmartZone OS advanced feature set includes rogue AP detection, interference detection and mitigation, band steering, airtime fairness, hotspot, guest networking services, and more.

Ruckus SmartZone Lineup: vSZ-H and vSZ-E

The Ruckus Virtual SmartZone – High-Scale (vSZ-H) enables operators and managed service providers (MSPs) to easily, flexibly, and securely deliver Networking-as-a-Service (NaaS). Key features and benefits include:

  • A single cluster scales to 450K clients, 30K APs, and 1,500 switches.
  • A single low-cost license and a commodity x86 server with any popular hypervisor are all that’s needed for a vSZ-H instance.
  • Active/Active 3+1 clustering eliminates idle controller capacity and data loss during redundant failover while minimizing configuration time when nodes are added.
  • The vSZ-H centralizes LAN and WLAN management and flexibly integrates with the Virtual SmartZone – Data Plane (vSZ-D) or external WLAN gateways to accommodate complex data plane routing topologies.
  • Sophisticated zone and domain segmentation give service providers the flexibility to supply non-hosting partners with their own domains, to run different SmartZone OS versions in different zones, and countless other options.
  • An independent, containerized tenant architecture minimizes the risk of degraded end-user experience and enhances data privacy between tenants.

Meanwhile, Virtual SmartZone – Essentials (vSZ-E) offers mid-sized enterprises flexibility, lower deployment costs, and the ability to scale a network up to 60,000 clients. Key features and benefits include:

  • A single cluster scales to 60K clients, 3,000 APs, and 50 switches.
  • A single low-cost license and a commodity x86 server with any popular hypervisor is all that’s needed for a vSZ-E instance.
  • Active/Active 3+1 clustering eliminates idle controller capacity and data loss during redundant failover while minimizing configuration time when nodes are added.
  • The vSZ-E centralizes LAN and WLAN management and flexibly integrates with the Virtual SmartZone – Data Plane (vSZ-D) or external WLAN gateways to accommodate complex data plane routing topologies.
  • IT can offload WLAN and connectivity services such as DHCP/NAT to the AP or vSZ-D to reduce expenses for separate routers and servers.

SmartZone: Ruckus APs and Switches

Ruckus SmartZone controllers are designed to manage Ruckus’ extensive lineup of indoor and outdoor access points. Our AP family offers a solution for every deployment scenario including small businesses, wireless LANs, and mission-critical high-density carrier grade installations. Ruckus outdoor access points are suitable for a range of environments and offer a choice of mounting and antenna options, with outdoor point-to-point bridges providing connectivity between remote sites.

As a comprehensive single network element, SmartZone also manages the Ruckus ICX switch family, which can be deployed standalone, stacked or installed within a campus fabric. Switch management features offered by SmartZone include discovery and inventory, SNMP monitoring, link discovery, firmware upgrades, as well as backup and restore functions. By using SmartZone, organizations can proactively monitor their network, perform network-wide troubleshooting, generate traffic reports and gain visibility into the network activity from the wireless edge to the core.

Are you interested in learning more about the Ruckus SmartZone platform?

Submit a contact form or email sales@net-ctrl.com and we can set up a demo for you.

View the original publication at The Ruckus Room.

Getting Wired for Wireless: Power

December 13th, 2018

Continuing our Wired for Wireless series where our most recent installment talked about performance, this blog will discuss Power over Ethernet and its importance when deploying access points.

Power over Ethernet (PoE) is typically provided for access points (APs), as well as other devices such as voice over IP (VoIP) phones, IP TVs, and video cameras. Although there are many devices that draw power directly from the switch, PoE is particularly important for APs. As such, a primary concern for customers planning an AP refresh is ensuring that sufficient power will be delivered at the switch.

Previous generations of access points could operate on a PoE budget of 15 watts of power at the switch. However, AP radios have evolved considerably and now demand more power. Today, most APs up to and including Wi-Fi 5 (802.11ac) draw PoE of 30 watts. However, while the latest Wi-Fi 5 APs can theoretically operate on 30 watts of power, they need just a little bit more to achieve top performance, drive all the radios, and provide power to the USB port. Next generation Wi-Fi 6 (802.11ax) APs demand even more power. While they operate on PoE + power, they will require more to drive their 8×8 radios for peak performance.

This is precisely why the IEEE recently defined IEEE 802.3bt. The standard outlines two additional power types to bolster PoE: up to 55 W (Type 3) and up to 90-100 W (Type 4). IEEE 802.3bt also stipulates that each pair of twisted pairs must support a current of up to 600 mA (Type 3) or 960 mA (Type 4). In addition, IEEE 802.3bt includes support for 2.5GBASE-T, 5GBASE-T, and 10GBASE-T.

Several vendors already have switches that support 60 watts, although only Ruckus supports 90 watts of power per port. Although there are relatively few devices that require more than 30 watts, more and more power-hungry devices are hitting the market with an ever-expanding appetite for more power. Such devices include LED lighting, high-end video displays, and pan tilt zoom cameras that can consume up to 75 watts and beyond.

This is precisely why we have designed our switches to deliver the power needed for dense Wi-Fi deployments, as well as for other powered devices. Ruckus switches can support Power over Ethernet (PoE) on all 24 or 48 ports with a single power supply – and PoE+ on all ports. As noted above, with dual power supplies, we are the only vendor that currently supports up to 90 watts power per port. Put simply, Ruckus delivers power to spare.

View the original post by Rick Freedman at the Ruckus Room.

Net-Ctrl Blog

Nearly Half of Organisations Can’t Tell If Their IoT Devices Were Breached, Finds Study

January 16th, 2019


The Internet of Things (IoT) is on the rise. According to Statista, the number of IoT devices are expected to increase from 23.14 billion to 30.73 billion in 2020. By 2025, that number is expected to more than double to 75.44 billion.

Such projected growth highlights the need for organizations to harden their IoT devices. But are companies adequately prepared to meet the challenges of IoT security?

To answer that question, Gemalto surveyed 950 IT and business decision makers globally for its report, The State of IoT Security.

On the one hand, we found that many organizations consider IoT security to be a priority. Nearly a quarter of survey respondents said they think IoT security constitutes a secure foundation for offering new services, for example. That figure was down from 32% a year earlier. At the same time, nearly two-thirds (57 percent) of survey participants said that their organizations had adopted a security by design approach for creating their own IoT devices, while slightly less than that (46%) said they thought that security is the main consideration for their customers when choosing an IoT product or offering.

On the other hand, the international digital security company discovered that many companies are struggling against several challenges to adequately secure their IoT devices. Thirty-eight percent of companies admitted that they struggled to ensure data privacy when trying to secure their IoT products and services, for instance. Approximately a third (34%) of IT and business decision makers said that their employer struggles under the large amounts of data collected by IoT devices, while slightly less than that (31%) revealed that they struggle to balance security with the user experience.

These challenges have subsequently shaped organizations’ IoT security posture. With less than 14% of IoT budgets currently going towards security, it’s no surprise that less than two-thirds (59%) of respondents said their organization encrypts all of the data they capture or store via IoT. It’s also no wonder that companies have a difficult time detecting a security incident with respect to their IoT assets. Indeed, just forty-eight percent of survey respondents said that their organizations could detect when an IoT device had been breached.

Reflecting on the security gaps identified above, many IT and business decision makers do see a way forward for IoT security. A majority of respondents (59%) specifically said it’s “very important” that there be regulations in place regarding IoT security. The same percentage of survey participants said that those regulations should make clear who is responsible for securing data at each stage of its journey as well as identify what methods should be used for data storage. Sixty-percent of individuals also noted that IoT security providers and cloud service providers should be responsible for abiding by IoT security regulations when implemented, with nearly 80% of respondents vocalizing support for government intervention.

Interested in learning more about the state of IoT security? Download Gemalto’s report today.

View the original post from Gemalto.

Johnson Controls latest CEM Systems AC2000 release goes beyond security to help mitigate H&S risks

January 15th, 2019

Johnson Controls announces the release of CEM Systems AC2000 v10.1, which contains a number of new features that improve functionality and the user experience, and help to mitigate health and safety risks. Support for a range of new third-party products that increase the performance and scope of the CEM Systems AC2000 access control system has also been added.

The Health and Safety (H&S) Induction Check application for CEM Systems emerald intelligent access terminals allows cardholders to self-certify with a card swipe on the emerald terminal once they have completed H & S induction training and before they are provided access to a site. The application automatically records induction completed date on the CEM Systems AC2000 system, helping mitigate the risk of health and safety incidents and report on who has and hasn’t completed training.

Another H&S feature now available with AC2000 v10.1 is the Emergency Responder Remote application which helps improve emergency response times during incidents. This application allows system users to quickly find emergency responders (Fire Marshalls, First Aiders and/or First Responders) via CEM Systems emerald terminals.

Functionality at the edge has been improved with enhancements to the Local Access Remote application on the CEM Systems emerald terminal. This allows ‘Extra Access’ to be added, amended and removed via the app on the CEM Systems emerald terminal and provides potential cost savings for remote sites where a workstation client may not be feasible.

Support has been added for the MorphoWave™ Compact frictionless biometric access reader, SimonsVoss SmartIntego wireless locking solutions and STid Architect® range of RFID readers. This builds on the range of biometric, wireless lock solutions and RFID reader options that available to CEM Systems AC2000 system users.

View the original press release by CEM.

Phishing at the confluence of digital identity and Wi-Fi access

January 11th, 2019

When we think of phishing, most of us imagine a conventional phishing attack that begins with a legitimate-looking email. It might appear to come from an e-commerce site with which you happen to do business. “We’ve lost your credit card number. Please follow the link to re-enter it,” the email says. But the link leads to a malicious site where you enter your credit card number, press submit, and you have just been phished by hoody-clad hackers.

Even more likely in modern phishing attacks, the email may trick you into giving up your digital identity—for example, your Gmail account. Many legitimate sites give you the option to log in using social login. What’s to stop a criminal site from asking for your credentials in the same way? The answer: nothing. (Best to be sure that you only use social login on sites that you’re sure you can trust.)

Not every phishing attack starts with a spam email, though. Wi-Fi phishing is analogous to conventional phishing, and the stakes are just as high—or even higher. To understand how this works, let’s begin at the beginning.

Rogue Access Points and Evil Twins

A rogue access point is an AP that someone has installed on the network without the approval of IT. It could represent something innocently misguided, like a user trying to extend Wi-Fi range. (Users should contact IT teams for that.) Or a rogue AP could be set up with malicious intent.

An “evil twin” access point is a special variety of rogue access point that attackers can use for nefarious purposes. Every evil twin is a rogue, but not every rogue is an evil twin. The evil twin impersonates a legitimate access point and helps attackers compromise your network. As with many cyber-attacks, user behaviour makes this possible.

Attackers can force users off the access point and trick them into associating with the evil twin. This is how a Wi-Fi phishing attack starts. The evil twin can ask them to enter the pre-shared key into a fake login portal. To be clear, the user enters the actual credential into a fake portal. This does not seem unusual to users, because they have probably experienced having to re-enter credentials for network access before. In this scenario, doing so means handing over the Wi-Fi password or user credentials to the attacker, who can then use it to gain access to your network.

Where Wi-Fi Phishing Meets Digital Identity

Attackers can easily use the same technique to compromise digital identity within any IT environment. Suppose that the attacker asks your end users to enter their enterprise single sign-on credentials to regain access to the network. As an IT professional, you probably wouldn’t fall for that, but some of your users might. The more users you have, the more likely someone will fall victim.

Once the user has handed over his or her credentials, a world of opportunities opens for the hackers. Organizations typically leverage cloud-based file sync and share services. Customer relationship management (CRM) systems live in the cloud. Enterprise SSO platforms allow users—or hackers that have compromised their credentials—to access both. So, what began with a Wi-Fi hack can easily end in a massive data breach.

This scenario can play out even with a garden-variety rogue that is not an evil twin. The AP doesn’t have to be impersonating a legitimate access point to get a user to compromise his or her digital identity. Have you ever wondered whether Wi-Fi sources in public locations are legitimate? This vendor video shows how attackers can compromise digital identities when they target unsuspecting users (in this case members of the U.K. Parliament—incidentally using a VPN service when accessing unsecured public Wi-Fi is a good tip). The same thing can happen in an enterprise environment when users connect to a malicious rogue AP, only the identity compromised might imperil your confidential data.

How Can You Combat Wi-Fi Phishing, Evil Twins and Other Rogue APs?

Fortunately, you can take steps to protect your users and data from these scenarios. Your first line of defence against rogue access points is the wireless intrusion detection and prevention capability provided as part of your wireless LAN.

You can also take steps to avoid SSID proliferation, which will make it easier to spot rogues in your environment. Many IT environments become cluttered with SSIDs as IT teams use this as a mechanism to provide differential levels of access to different users and groups of users. Best practice: don’t do this. Employ a system for centrally defining and managing policies for network access.

By taking steps to make sure that users can authenticate reliably and seamlessly to a legitimate source of connectivity, you can also make it less likely that they will seek out a malicious access point, should one be within range. Digital certificates as the basis for network authentication can help here. A certificate on the device can also protect against devices connecting to evil twin APs, should a sophisticated attacker try and spoof a legitimate AP. Ruckus Cloudpath Enrollment System is a great way to roll out digital certificates for your users. It also addresses the security shortcomings of default methods of authentication that you may be using now.

If there is no PSK to divulge, there is also no risk that your users will divulge it. A secure onboarding and authentication approach based upon digital certificates obviates the need for conventional PSKs as a mechanism for network access. You can also use dynamic pre-shared keys, which are unique to each user, for guest access. Guests typically get internet access only, with no access to sensitive internal resources.

Last, but not least, user education is always a key to avoiding any kind of attack on your network, users and data. Take measures to educate stakeholders to be careful about what Wi-Fi sources they connect to and what information they enter when they do.

View the original post by Vernon Shure at Ruckus Networks.

Palo Alto Networks Joins Net-Ctrl on Stand C61

January 10th, 2019

Net-Ctrl will be able to demo a range of Palo Alto Networks solutions on our BETT stand (C61).

Cyberattacks in the Education Sector are increasing year on year. This area is one that cybercriminals feel they can exploit more successfully as they know that IT teams are stretched. They know that due to tight budgets equipment is likely to be ageing and with the introduction of BYOD the attack surface is only increasing which has a knock-on effect adding even more pressure to schools to keep their students and their data secure.

Palo Alto Networks aims to help schools with this by putting in an Automated Security Platform that works without the need for human intervention, with their Threat Intelligence cloud they ensure that the system is constantly updated with the latest threats in the industry and with their TRAPS endpoint protection they can extend this protection out to endpoints and BYOD devices.

Outside of Core Security Palo Alto Networks are also able to assist Schools with Safe-Guarding with the following:

  • URL Filtering
  • Categorisation and Control of Websites
  • Application Control
  • Ensure that only authorised applications are in use on the School Network
  • Search Engine Alerts
  • Real-Time awareness of search queries
  • Visibility Reports
  • Show granular visibility of Network and web-based activity by user

Come and visit Net-Ctrl and Palo Alto Networks on stand C61 at BETT 2019 to learn more about how Palo Alto Networks can fit into your school’s infrastructure. We will have a dedicated team able to answer your questions and provide solution demonstrations.

BETT 2019 is going to be held at the Excel in London from the 23rd – 26th January. Book your free ticket now.

If you would like to book a meeting slot in advance email marketing@net-ctrl.com.

Ruckus join Net-Ctrl at BETT 2019

January 9th, 2019

Ruckus will be joining Net-Ctrl at BETT 2019 on stand C61 with their range of smart wired and wireless technology.

Ruckus – Wireless Technology

Ruckus has never relied on off-the-shelf, reference design radio technology—it doesn’t deliver the capacity, range or interference mitigation necessary to make real the dream of wireless that works everywhere, all the time. Ruckus delivered the industry’s first adaptive antenna technology to overcome RF interference on Wi-Fi networks.

Ruckus Wired Technology

The Ruckus ICX Family of fixed form-factor switches works together to simplify network set-up and management, enhance security, minimise troubleshooting and make upgrades easy. ICX switches work seamlessly with Ruckus Wi-Fi access points and Ruckus SmartZone network controllers to deliver the most performance and cost-effective unified wired & wireless access solutions on the market today.

What makes Ruckus, well, Ruckus..

  • Performance – Ruckus’ deep history of technical innovation means superior, dependable wired and wireless performance. Everywhere, all the time.
  • Simplicity – Ease of install and management for IT? Ease of use for end users? These are just a given.
  • Flexibility – Ruckus provides the utmost flexibility for all the wired and wireless networking scenarios a school or college might have.

Moving Beyond Wi-Fi

Ruckus Wi-Fi itself is now much more than super-fast connections, it’s a platform for a host of capabilities—like location analytics and engagement technology.

Visit Net-Ctrl and Ruckus on stand C61 to find out more about Ruckus’ portfolio of smart wired and wireless solutions.

BETT 2019 is going to be held at the Excel in London from the 23rd – 26th January. Book your free ticket now.

If you would like to book a meeting slot in advance please email marketing@net-ctrl.com.

Join Net-Ctrl and Partners at BETT 2019

January 9th, 2019

Net-Ctrl will be exhibiting at BETT 2019 on stand C61. Each year we bring a small selection of solutions from manufacturers in our portfolio. At BETT 2019 we have our best line-up yet.

Our Approach for BETT 2019

We have noticed a requirement for better access control and lockdown technologies in schools and colleges, to protect staff and students and comply with some of the latest standards.

The trouble with a lot of access control and lockdown technologies is a lack of integration. The end result is schools and colleges managing a number of different solutions individually.

At Net-Ctrl our focus is on integration. We want to make it as easy as possible for you to protect those on your site(s) and that is why this year we are expanding our access control and lockdown integration partners that will be on show. We will be demonstrating integration between access control, intruder alarms, fire detection, wireless door handles and IP speaker solutions, and also IP-CCTV.

In addition, we will be extending our security message to the network and endpoint with Palo Alto Networks. They have a highly advanced and secure portfolio to keep your users, and your site, protected for a more secure everywhere.

We also have Ruckus on our stand. Ruckus is leading the way in wired and wireless technology to keep your users connected even in the most challenging environments. Ruckus Smart Wi-Fi and wired technology redefines what’s possible in network performance with flexibility, reliability and affordability

We invite you all to come and see us at BETT 2019, we will have a number of demonstrations running and product experts on hand. We’re really excited for BETT 2019. Make sure you pay us a visit and stop by the Net-Ctrl stand – C61.

Over the next few weeks, we will be sending some additional emails with more information about each of our stand partners.

Partners at BETT 2019:

  • CEM:  Powerful Access Control and Integrated Security Management Systems with Fire Detection and Intruder Solutions
  • Mobotix:  High-Resolution IP-CCTV Camera and Video Door Entry Systems
  • Netgenium:  IP PoE Intelligent Audio and Lockdown Solutions
  • NEXUS: Rapidly Deployable, Battery Powered and RF-based, School Lockdown Solutions
  • Palo Alto Networks:  Next-Generation Firewalls and Endpoint Protection for Safeguarding
  • Ruckus:  Smart Wired and Wireless Solutions

BETT 2019 is going to be held at the Excel in London from the 23rd – 26th January. Book your free ticket now.

If you would like to book a meeting slot in advance email marketing@net-ctrl.com.

The Future of Cybersecurity – A 2019 Outlook

January 4th, 2019

From the record-breaking number of data breaches to the implementation of the General Data Protection Regulation (GDPR), 2018 will certainly go down as a memorable year for the cybersecurity industry. And there have been plenty of learnings for both the industry and organisations, too.

Despite having two years to prepare for its inception, some companies were still not ready when GDPR hit and have faced the consequences this year. According to the law firm EMW, the Information Commissioner’s Office received over 6,000 complaints in around six weeks between 25th May and 3rd July – a 160% increase over the same period in 2017. When GDPR came into force, there were questions raised about its true power to hold companies to account – with the regulation saying fines could be implemented up to £16.5 million or 4% of worldwide turnover. The latter half of this year has shown those concerns were unfounded, with big companies, including Uber as recently as this week, being fined for losing customer data. What 2018 has shown, is the authorities have the power and they’re prepared to use it.

In fact, the role of GDPR was to give more power back to the end user about who ultimately has their data, but it was also ensuring companies start taking the protection of the data they hold more seriously. Unfortunately, while the issue around protecting data has grown more prominent, the methods to achieving this are still misguided. Put simply, businesses are still not doing the basics when it comes to data protection. This means protecting the data at its core through encryption, key management and controlling access. In our latest Breach Level Index results for the first half of 2018, only 1% of data lost, stolen or compromised was protected through encryption. The use of encryption renders the data useless to any unauthorised person, effectively protecting it from being misused. Another reason to implement this is it is actually part of the regulation and will help businesses avoid fines as well. With such a large percentage still unprotected, businesses are clearly not learning their lessons.

So, moving on from last year, what might the next 12 months bring the security industry? Based on the way the industry is moving, 2019 is set to be an exciting year as AI gains more prominence and, quantum and crypto-agility start to make themselves known.

2019 Predictions

1. Quantum Computing Puts Pressure on Crypto-Agility

Next year will see the emergence of the future of security – crypto-agility. As computing power increases, so does the threat to current security protocols. But one notable example here is encryption, the static algorithms of which could be broken by the increased power. Crypto-agility will enable businesses to employ flexible algorithms that can be changed, without significantly changing the system infrastructure, should the original encryption fail. It means businesses can protect their data from future threats including quantum computing, which is still years away, without having to tear up their systems each year as computing power grows.

2. Hackers will launch the most sophisticated cyber-attack ever using AI in 2019

Up until now, the use of AI has been limited, but as the computing power grows, so too do the capabilities of AI itself. In turn this means that next year will see the first AI-orchestrated attack take down a FTSE100 company. Creating a new breed of AI powered malware, hackers will infect an organisations system using the malware and sit undetected gathering information about users’ behaviours, and organisations systems. Adapting to its surroundings, the malware will unleash a series of bespoke attacks targeted to take down a company from the inside out. The sophistication of this attack will be like none seen before, and organisations must prepare themselves by embracing the technology itself as a method of hitting back and fight fire with fire.

3. Growing importance of digital transformation will see the rise of Cloud Migration Security Specialists in 2019

As organisations embrace digital transformation, the process of migrating to the cloud has never been under more scrutiny; from business leaders looking to minimise any downtime and gain positive impact on the bottom line, to hackers looking to breach systems and wreak havoc. As such, 2019 will see the rise of a new role for the channel – the Cloud Migration Security Specialist. As companies move across, there is an assumption that they’re automatically protected as they transition workloads to the cloud. The channel has a role to play in educating companies that this isn’t necessarily the case and they’ll need help protecting themselves from threats. It’s these new roles that’ll ensure the channel continues to thrive.

A Boardroom Issue That Needs to Yield Results

With 2018 fast disappearing, the next year is going to be another big one no matter what happens, as companies still struggle to get to terms with regulations like GDPR. With growing anticipation around the impact of technologies like quantum and AI, it’s important that companies don’t forget that the basics are just as vital, if not more, to focus on. So, while 2018 has been the year where cybersecurity finally became a boardroom issue, 2019 needs to be the year where its importance filters down throughout the entire company. For an issue like cybersecurity, the company attitude towards it needs to be led from the top down, so everyone buys into it. If that happens, could next year see no breaches take place? Extremely unlikely. But maybe it could be the year the industry starts to turn the tide against the hacking community.

View the original post at gemalto.com.

2018 Annual Digest of Identity and Access Management

December 20th, 2018

Identity and Access Management continues to be a key component in building an enterprise’s cyber security strategy. Today we are presenting our observations of Identity and Access Management in 2018. What happened this year? What can enterprises learn from events in the media in terms of Cyber Security in general, and Identity and Access Management specifically?

Here is a brief timeline of significant regulations, data breaches and world events that were marked by the media, including Gemalto sources and these events signified in the Identity and Access Management arena:


Q1

February 1
PCC DSS 3.2 takes effect

What happened
This payment card regulation affects individuals who access systems which hold credit card data. From February 1, 2018, they are required to authenticate themselves with multi-factor authentication. The Payment Card Industry Data Security Standard was developed to encourage and enhance cardholder data security and facilitate broad adoption of consistent data security measures globally. The ultimate aim is to reduce credit card fraud.

Lessons learned
Companies should already be far along the road to PCI DSS 3.2 compliance by now. They should be prioritizing compliance by working with partners on encryption, key management and authentication.

Q2

May 19
The Royal Wedding

What happened
When Prince Harry married Meghan Markle, thousands of reporters were present, and yet the secrets about Meghan’s dress, manufacturer and designer remained a secret. While the interworking of the dress designer, Givenchy and the Royal Family network will remain privileged, it seems that part of the reason for the success of the secret was that the work was confined to locations which were secured physically.
Lessons learned

Physical seclusion is not always possible for fashion industries and other global enterprises today. They often collaborate on Computer Aided Design (CAD) software alongside cloud-based applications, and some require reports that provide visibility into login attempts into their ecosystem. An identity and access management solution as a service (IDaaS) can help fashion enterprises or governmental institutions ensure that only the right person receives the right information at the right time, without endangering the enterprise or its end customers.

May 25
General Data Protection Regulation (GDPR) begins

What happened

General Data Protection Regulation (GDPR), requires companies to be more accountable to their EU-based users on how their data is controlled and used. It also requires companies to notify their local data protection authority regarding suspected data breaches.

Lessons learned

Although GDPR can fine organizations for data breaches, these fines may be reduced if the organizations can prove that they have deployed security controls to minimize damage. To help your organization handle GDPR, identity and access management provides a first line of defense to the sensitive user data harbored in your companies’ cloud and web apps. With scenario based policies and convenient access management, you can help your enterprise save on GDPR costly fines or sanctions.

Q3

August 1
Reddit’s Company Cloud Attacked

What happened
Reddit, the social media platform, considered to be the 5th top rated website in the U.S., shared that a few of their employees’ administrative accounts were hacked. An attacker gained access to data through Reddit’s company cloud after compromising some accounts.

Lessons learned
While they did in fact have their sensitive resources protected with two-factor authentication (2FA), Reddit encouraged users to move to token-based 2FA. For years corporations and security professionals have been urged to implement multi-factor authentication (MFA) as the solution for cybersecurity concerns. While MFA isn’t a silver bullet that solves all your cybersecurity concerns, it is a key component in elevating the security of an organization and adding a very important layer of protection.

September 25
Facebook Mega Breach

What happened

The September 2018 Facebook breach was not only a ‘mega’ breach in terms of the 50 millions of compromised users affected, but also a severe breach due the popularity of the social media giant. Cyber criminals got ahold of users’ FB login credentials. The breach was compounded by the fact that many users utilize their Facebook credentials to log into other social media sites, which means that the hackers actually were able to access not only a user’s Facebook account, but to all other accounts that use Facebook login credentials.

Lessons learned
The risks that consumers were exposed to as a result of buffet-style sign on in the Facebook case, also apply to the enterprise. Fortunately, there is a solution: To maintain the convenience of single sign on without compromising on security, enterprises can use Smart Single Sign-On.

Q4

November 30
Quora and Marriott Hotels announce massive breaches of user data

What happened
Quora Q&A site suffered a massive breach of user data, including the compromise of 100 million users’ credentials. On the same day, the Marriot International Hotel chain suffered a serious breach, allegedly undetected for 4 years!

Lessons learned
In the Quora case, similar to Facebook, accounts are linked to other social media sites such as games and quizzes, so that access to one account opens the doors to related data. The Marriott Hotel incident shows that it’s not enough to protect your data. It also deals with access issues involved with mergers and acquisitions – in this case merging the Starwood Reservation system with Marriott. You need to see who is accessing your networks and see if there is any unusual activity, right from the start. Monitoring and reporting capabilities in an access management solution can help organizations gain insights into unauthorized access attempts.

Identity and Access Management as a Strategy, 2019-style:
In 2019, it is inevitable that there will be more cyber security violations, including corporate identity theft. And it’s likely that more regulations will be put in place to force enterprises to be proactive, not just reactive.

The question is what organizations will do to brace these breaches. For more information on how your enterprises can prevent breaches, enable the continuous business transformation of their resources securely and simplify compliance, learn more about Gemalto’s SafeNet Identity and Access Management, request a 30 minute demo of SafeNet Trusted Access or watch our video, “How Access Management Enables Cloud Compliance.

View the original post at Gemalto.com.

Simplifying Network Management with Ruckus SmartZone

December 19th, 2018

First introduced in 2015, SmartZone-powered controllers combine scalability, tiered multi-tenancy, architectural flexibility, and extensive APIs into a single centrally-managed element. These capabilities enable managed service providers to implement complex, multi-tier and as-a-service business models using their own management applications. They also allow operators to manage subscriber data traffic on a massive scale while integrating traffic flows and network data into existing network architecture.

Ruckus SmartZone products have been deployed in thousands of enterprises and in more than 200 service provider networks across five continents.

Unifying Network Management

IT departments seeking to manage both wired and wireless networks via a single console have traditionally needed to purchase a stand-alone network management element for on-premises management scenarios. Fortunately, Ruckus SmartZoneOS 5 has transformed the industry’s most scalable WLAN controllers into a comprehensive single network element to control and manage both Ruckus access points (APs) and switches. This simplifies network management by:

  • Eliminating provisioning errors through the use of an automated discovery process for access points (APs) and switches.
  • Reducing configuration and deployment duration when compared to a multi-console approach.
  • Reducing network software and hypervisor license fees, server expense, utility expense, and training costs.
  • Enabling a single network controller cluster to scale to 450,000 clients.
  • Enabling networking-as-a-service.

It should be noted that Ruckus SmartZone also includes open, well-documented RESTful application programming interfaces (APIs) that allow IT departments to easily invoke SmartZone functions and configurations to enable error-free automation. In addition, streaming APIs enable IT to monitor in near real-time the full array of Ruckus network data, statistics, and alarms. This means IT departments can more easily create customized, information-dense dashboards and reports.

Ruckus SmartZone Lineup: SZ300 & SZ100

Let’s take a closer look at Ruckus’ SmartZone lineup below, beginning with the Ruckus SmartZone 300 (SZ300) which is targeted at operators, MSPs, and large enterprises. Key features and benefits include:

A single SZ300 appliance can manage 10K APs and 500 switches, while 3+1 active clustering increases capacity to 30K APs, 1,500 switches, and 450K clients.

  • 6x 1GbE ports, 4x 10GbE ports.
  • The SZ300 protects itself from catastrophic failures with intra-cluster and inter-cluster failover. Geo-redundancy with active/active clusters delivers higher availability versus traditional hot-standby. Hot-swappable power supplies, 3x fan sets, and redundant disk drives further improve uptime.
  • Multi-tenancy, domain segmentation, and containerization enable secure delivery of managed network services in complex, multi-tier business models across multiple geographies, including MVNO models.
  • Visual Connection Diagnostics speeds and simplifies troubleshooting and client problem resolution while unique “super-KPIs” enable IT to more quickly detect and react to potential user experience degradation.
  • Optional Ruckus Cloudpath integration lets IT create rich location-, device- and user-based policy rules, enabling network segmentation based on real security and policy needs rather than on a one-size-fits-all approach.
  • The SmartZone OS advanced feature set includes rogue AP detection and mitigation, adaptive band balancing, load balancing, airtime fairness, hotspot, and guest services, capacity-based admission control, and more.

Meanwhile, the Ruckus SmartZone 100 (SZ100) is a scalable network controller for mid-sized enterprises. Key features and benefits include:

  • A single SZ100 appliance can manage up to 1,000 APs, while 3+1 active clustering increases capacity to 3,000 APs and 30K clients.
  • 4x 1GbE ports, 2x 10GbE ports.
  • Active/active clustering delivers higher availability and resiliency than traditional N+1 standby. 3x fans further improve uptime.
  • Visual Connection Diagnostics speeds and simplifies troubleshooting and client problem resolution while unique “super-KPIs” enable IT to more quickly detect and react to potential user experience degradation.
  • Optional Ruckus Cloudpath integration lets IT create rich location-, device- and user-based policy rules, enabling network segmentation based on real security and policy needs rather than on a one-size-fits-all approach.
  • The SZ100 can store up to 30 days of network configuration and client data on internal storage drives even with reboots.
  • Automated AP and switch provisioning; L3 and L2 auto-discovery of APs and switches reduce manual administration.
  • The SmartZone OS advanced feature set includes rogue AP detection, interference detection and mitigation, band steering, airtime fairness, hotspot, guest networking services, and more.

Ruckus SmartZone Lineup: vSZ-H and vSZ-E

The Ruckus Virtual SmartZone – High-Scale (vSZ-H) enables operators and managed service providers (MSPs) to easily, flexibly, and securely deliver Networking-as-a-Service (NaaS). Key features and benefits include:

  • A single cluster scales to 450K clients, 30K APs, and 1,500 switches.
  • A single low-cost license and a commodity x86 server with any popular hypervisor are all that’s needed for a vSZ-H instance.
  • Active/Active 3+1 clustering eliminates idle controller capacity and data loss during redundant failover while minimizing configuration time when nodes are added.
  • The vSZ-H centralizes LAN and WLAN management and flexibly integrates with the Virtual SmartZone – Data Plane (vSZ-D) or external WLAN gateways to accommodate complex data plane routing topologies.
  • Sophisticated zone and domain segmentation give service providers the flexibility to supply non-hosting partners with their own domains, to run different SmartZone OS versions in different zones, and countless other options.
  • An independent, containerized tenant architecture minimizes the risk of degraded end-user experience and enhances data privacy between tenants.

Meanwhile, Virtual SmartZone – Essentials (vSZ-E) offers mid-sized enterprises flexibility, lower deployment costs, and the ability to scale a network up to 60,000 clients. Key features and benefits include:

  • A single cluster scales to 60K clients, 3,000 APs, and 50 switches.
  • A single low-cost license and a commodity x86 server with any popular hypervisor is all that’s needed for a vSZ-E instance.
  • Active/Active 3+1 clustering eliminates idle controller capacity and data loss during redundant failover while minimizing configuration time when nodes are added.
  • The vSZ-E centralizes LAN and WLAN management and flexibly integrates with the Virtual SmartZone – Data Plane (vSZ-D) or external WLAN gateways to accommodate complex data plane routing topologies.
  • IT can offload WLAN and connectivity services such as DHCP/NAT to the AP or vSZ-D to reduce expenses for separate routers and servers.

SmartZone: Ruckus APs and Switches

Ruckus SmartZone controllers are designed to manage Ruckus’ extensive lineup of indoor and outdoor access points. Our AP family offers a solution for every deployment scenario including small businesses, wireless LANs, and mission-critical high-density carrier grade installations. Ruckus outdoor access points are suitable for a range of environments and offer a choice of mounting and antenna options, with outdoor point-to-point bridges providing connectivity between remote sites.

As a comprehensive single network element, SmartZone also manages the Ruckus ICX switch family, which can be deployed standalone, stacked or installed within a campus fabric. Switch management features offered by SmartZone include discovery and inventory, SNMP monitoring, link discovery, firmware upgrades, as well as backup and restore functions. By using SmartZone, organizations can proactively monitor their network, perform network-wide troubleshooting, generate traffic reports and gain visibility into the network activity from the wireless edge to the core.

Are you interested in learning more about the Ruckus SmartZone platform?

Submit a contact form or email sales@net-ctrl.com and we can set up a demo for you.

View the original publication at The Ruckus Room.

Getting Wired for Wireless: Power

December 13th, 2018

Continuing our Wired for Wireless series where our most recent installment talked about performance, this blog will discuss Power over Ethernet and its importance when deploying access points.

Power over Ethernet (PoE) is typically provided for access points (APs), as well as other devices such as voice over IP (VoIP) phones, IP TVs, and video cameras. Although there are many devices that draw power directly from the switch, PoE is particularly important for APs. As such, a primary concern for customers planning an AP refresh is ensuring that sufficient power will be delivered at the switch.

Previous generations of access points could operate on a PoE budget of 15 watts of power at the switch. However, AP radios have evolved considerably and now demand more power. Today, most APs up to and including Wi-Fi 5 (802.11ac) draw PoE of 30 watts. However, while the latest Wi-Fi 5 APs can theoretically operate on 30 watts of power, they need just a little bit more to achieve top performance, drive all the radios, and provide power to the USB port. Next generation Wi-Fi 6 (802.11ax) APs demand even more power. While they operate on PoE + power, they will require more to drive their 8×8 radios for peak performance.

This is precisely why the IEEE recently defined IEEE 802.3bt. The standard outlines two additional power types to bolster PoE: up to 55 W (Type 3) and up to 90-100 W (Type 4). IEEE 802.3bt also stipulates that each pair of twisted pairs must support a current of up to 600 mA (Type 3) or 960 mA (Type 4). In addition, IEEE 802.3bt includes support for 2.5GBASE-T, 5GBASE-T, and 10GBASE-T.

Several vendors already have switches that support 60 watts, although only Ruckus supports 90 watts of power per port. Although there are relatively few devices that require more than 30 watts, more and more power-hungry devices are hitting the market with an ever-expanding appetite for more power. Such devices include LED lighting, high-end video displays, and pan tilt zoom cameras that can consume up to 75 watts and beyond.

This is precisely why we have designed our switches to deliver the power needed for dense Wi-Fi deployments, as well as for other powered devices. Ruckus switches can support Power over Ethernet (PoE) on all 24 or 48 ports with a single power supply – and PoE+ on all ports. As noted above, with dual power supplies, we are the only vendor that currently supports up to 90 watts power per port. Put simply, Ruckus delivers power to spare.

View the original post by Rick Freedman at the Ruckus Room.