sales@net-ctrl.com
01473 281 211

Net-Ctrl Blog

How Brexit Impacts the Future of Europe’s Cybersecurity Posture

August 6th, 2019

The British parliament has been unable to agree the exit package from the European Union. With the possibility of a “no deal” departure looming, EU leaders have granted a six-month extension to Brexit day. But the uncertainty that still lingers with regards to Britain’s future, creates various opportunities which cyber criminals could try to exploit.

Given the situation, careful examination of Brexit’s direct and indirect implications must be made, if we are to better understand the potential ramifications of a “no deal” exit. Let’s begin by looking at relevant regulations.

A brief look at current and future legal frameworks

The EU recently adopted two key pieces of legislation designed to govern cybersecurity and privacy issues. The first piece of legislation, the General Data Protection Regulation (GDPR)1, regulates data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). The second regulation, the EU Network and Information Security Directive (NIS)2, provides legal measures to boost the overall level of cybersecurity in the EU.

For its part, the United Kingdom incorporated GDPR into its Data Protection Act 20183 and the NIS Directive into its NIS Regulations 20184, a political choice showing that the UK strategically desires to be aligned and, to a certain extent, compliant with the new EU regulations.

Governing the transfer of data

On February 6, the UK government published “Using personal data after Brexit”9. The guideline reveals that post-Brexit UK businesses will still be able to send personal data from the UK to the EU and that the UK will continue to allow the free flow of personal data from the UK to the EU (and the EEA area).

Data originating from the EU that comes into the UK will be a different story. It is illegal for an EU Member State business or organisation to export data to a non-EEA entity without specific legal safeguards in place. Since post-Brexit UK could, depending on the method of exit, be considered a “third country,” UK businesses will be subject to these safeguards.

Current & Post-Brexit Threat Landscape

In the UK, the number of data breaches reported to the Data Protection Commission11 rose by almost 70 percent last year, totaling 4,740 breaches during 2018. At the same time, UK organisations such as universities, businesses, online stores and social media (like Facebook) have been subject to breaches that affected millions of people.

Incident Handling

Today all European businesses, organisations and citizens can utilise a data breach reporting mechanism to notify only the Lead Supervisory Authority (LSA) in their country, to carry out investigations and to inform/coordinate with LSAs in other EU Member States in case of a cross-border cybersecurity incident.

In a post-Brexit future, UK-based businesses and organizations will need to legally notify not only the UK Lead Supervisory Authority, the Information Commissioner’s Office (ICO), but also each relevant Member State’s LSA.

Effects on the Workforce

What concerns me most is the cybersecurity skills shortage14. By limiting the right of free movement and enforcing stricter working visa requirements, Brexit could have a significant impact on the capability of Britain to fight against cyber criminals and nation state threats.

Additionally, UK based universities will potentially lose access to huge amounts of EU research funding because of Brexit.

What we can do to prepare?

On the cybersecurity front, UK companies will have to deal with a disappearing network perimeter, a rapidly expanding attack surface, the widening cybersecurity skills gap and the growing sophistication of cyber-attacks.

These issues are extremely difficult to be dealt with. In response, companies should focus on securing all of sensitive data by encrypting all data at rest and in transit, securely storing and managing all encryption keys and controlling user access and authentication. Doing so will help them staff safe in an increasingly uncertain world. With the rise in threats and the increasing value of data to cyber criminals, it’s important for businesses to know how they can adopt a Secure the Breach approach to protecting their most sensitive data and intellectual property.

View the original post at Gemalto.com.

Multiple Paths to Multigigabit Connectivity

August 6th, 2019

We recently announced the expansion of our multigigabit portfolio with the addition of the new R750 Wi-Fi 6 (802.11ax) access point (AP) and ICX 7150-C10ZP multigigabit switch. More specifically, the R750 is a dual-band, 4×4:4 (5GHz) + 4×4:4 (2.4GHz) AP with embedded IoT radios (BLE, Zigbee) and 2.5GbE support. In addition, the R750 is optimized for high client-density environments and supports the latest WPA3 Wi-Fi security standard.

As we’ve previously discussed on The Ruckus Room, the migration to Wi-Fi 6 is driving companies to upgrade their network infrastructure to support multigigabit infrastructure. As with all new technology, the initial multigigabit switches to hit the market were high-priced entries targeting early adopters. The technology has matured and sales shipments of Wi-Fi 6 APs have begun to ramp, though multigigabit switch options have been slower to expand.

Ruckus Networks (now part of CommScope) is pleased to be leading the charge by offering a range of multigigabit switch options that offer customers a choice of how they want to “dip their toes” into multigigabit and choose their level of investment. With our most recent announcement, Ruckus now offers:

High-performance Multigigabit
The ICX 7650-48ZP features 2.5/5/10 GbE access ports paired with 100 GbE uplinks to deliver top-of-line performance for high-density Wi-Fi 6 deployments where performance is essential. The switch provides customers the performance and capacity that they’ll need for the next 7-10 years.

Affordable Multigigabit
The ICX 7150-48ZP offers 1/2.5 GbE access ports for most Wi-Fi 5 and Wi-Fi 6 deployments. Based on our entry-level switch series, it delivers more than double the performance of gigabit switches at a surprisingly affordable price.

Mini-Multigigabit
The ICX 7150-C10ZP features multigigabit access ports (both 2.5/5/10 GbE and 1/2.5 GbE) in a small form factor that’s fanless for silent operation. Four ports are PoE-enabled with up to an industry-best 90W. Like all Ruckus ICX switches, the ICX 7150-C10ZP can be stacked with other ICX 7150-family switches within a single wiring closet or across closets or classrooms. This switch is ideal for deployments where only a few multigigabit ports are needed. See my companion blog about uses for this compact multigigabit switch.

What’s the right switch for you? Contact Net-Ctrl on 01473 281 211, or email sales@net-ctrl.com.

MOBOTIX obtains the CNPP trust passport, integrating the cyber-security dimension in all of its digital video surveillance camera systems (IoT).

July 11th, 2019

PMOBOTIX is pleased to announce that it has obtained the certification “CNPP certified,” which integrates the cyber-security dimension.

MOBOTIX is the first manufacturer in Europe to obtain “CNPP certified” product certification for its video surveillance cameras, offering a guarantee of IT and electronic “resistance” to cyber-attacks. 

“This recognition is proof of quality, performance, and also of the trust of our customers at a time when digital security is becoming a key issue for all stakeholders,” says Patrice Ferrant, Regional Sales Manager, MOBOTIX.

MOBOTIX announced its intention to focus more on cyber-security over one and a half years ago, in particular by launching the “MOBOTIX Cactus Concept.” “The objective of this initiative is to promote cyber-security in the area of video protection and video-telephony. An integral part of our strategy is to develop a series of product-integrated tools and features that allow IT security administrators to protect their systems. Now that we have passed a series of tests validated by CNPP, it is truly rewarding to announce our certification today,” added Ferrant.

CNPP is a key player in risk prevention and control in the areas of fire/explosion security, security/malicious acts, cyber-security, environmental issues, and occupational risks.

“After several years of R&D and confronted with rising threats of cyber-attacks, CNPP developed a method for assessing the robustness of security/safety products against cyber-attacks. This approach allows us to add resistance to cyber-attacks to the functional security/safety characteristics that are already certified. This new acknowledgment, represented by the @ symbol combined with our certification marks, allows for the addition of a third-party assessment of the products’ ‘security by design.’ The cyber-security work was led by CNPP in association with the National Cyber-security Agency of France (ANSSI) with the aim of providing suitable validation for security/safety products that is completely compatible and complementary to specific ANSSI acknowledgments (FLSC*, common criteria, etc.). Today, these new CNPP Certified trust passports delivered for video surveillance cameras add a cyber-security dimension to the list of electronic security equipment already certified @ (NF & A2P @, A2P @, CNPP Certified), which allows the overall inclusion of the cyber-security dimension by CNPP, with the integration of best practices for installation and IP-connected security/safety maintenance and with the frame of reference APSAD D32 through APSAD service certifications,” says Nathalie Labeys, Head of Pôle Electronique de Sécurité CNPP Cert.

FLSC: First level security certification

View the original post at Mobotix.com.

Is there such a thing as too much Wi-Fi?

July 10th, 2019

Ever gone into a store and looked up? You’d be surprised what you can find hanging off the ceilings.

Like where I’m hanging out now—one of those tiny mobile phone stores. It’s not a large space but there are three Wi-Fi APs hanging off the ceiling in a retail space of about 400 sq. ft. (37 m2). That’s roughly equal to one AP for every 133 sq. ft. (12 m2).  Does such a small place really need three APs?

Is Three a Crowd?

People who study crowd density have rules of thumb to estimate the number of people that can occupy a given space. A loose crowd, where everyone is about an arm’s length from their neighbor, requires roughly 10 square feet (1 square meter) per person.

At that density, you could pack forty people in this store. It would be uncomfortable and leave no room for shelves, tables, or check-out counters. Anyone who has shopped around a major holiday knows what it’s like to look inside a jam-packed retail store and say “Hard pass”.

Back to those APs blinking above me. Let’s assume everyone here has a Wi-Fi-enabled smartphone. At our maximum crowd capacity, that’s 40 devices, plus a few more if the store uses Wi-Fi for point-of-sale (POS) devices. Let’s round up to 60.

You might think to yourself, “60 devices divided by three APs is only 20 devices per AP. That’s great!” Except most APs have dual radios. The actual number will be 10 devices per radio.

I can hear you now. You’re probably the person behind me in the check-out line wondering why this woman is muttering to herself about APs. “Isn’t fewer devices per radio better?” you’d say.

Maaaybe.

First, is everyone really going to be using all of those devices at the same time? The answer is almost certainly no. Let’s assume 50% of these devices are actively used at any given time for email, web surfing,  cat videos, writing blogs, and so on. Everyone else is shopping, paying at the register or wondering if they have time for a Starbucks run later.

That leaves us with 30 active Wi-Fi devices: 5 per AP radio, or 10 per AP.

If that’s the case, why, you might ask, would someone put not one, or two, but three APs on their ceiling? This is not a physics or math problem. The answer, I suspect, lies in an intuitive understanding everyone shares: If a little bit of something is good, more is better.

But like ketchup on French fries or water in a bathtub, there is a limit after which more  makes things worse instead of better. Wi-Fi is like that. Flooding a space with more and more RF reaches a point where you’re gonna spend more time with a mop than enjoying a relaxing bath.

Here at Ruckus, we spend a lot of our hard-earned research dollars figuring out how to make Wi-Fi work even better and support more devices per AP. Not only does it give you more Wi-Fi for the dollars you spend, but it also reduces the potential for too much RF interference and the terrible troubles it would unleash on an unsuspecting IT network engineer. If you’re interested in learning more about RF interference and its impact on Wi-Fi capacity, check out this blog on the 3 myths of Wi-Fi – interference, capacity, and roaming. While you’re there, check out some other blogs written by really smart people who probably don’t stand in check-out lines staring at the ceiling and muttering to themselves.

In the meantime, keep an eye out and don’t be afraid to ask, “Is more really better?”


Continue reading:
3 Ways IT can be an OT Hero
Breaking up with old network paradigms

View the original post at The Ruckus Room.

A More Secure Everywhere. From Containers to Serverless and Beyond!

July 10th, 2019

By Sai Balabhadrapatruni

Today is an exciting day for Palo Alto Networks and its customers as we complete our acquisition of Twistlock. The addition of Twistlock further strengthens our capabilities in cloud security and will help customers accelerate their journey to the cloud with consistent and comprehensive security across public, private and hybrid cloud deployments. This is hot off the heels of our acquisition of PureSec, a leader in protecting serverless applications.

Most modern applications utilize a mix of platform as a service (PaaS), VMs, serverless and other resources offered by cloud service providers. The acquisitions of Twistlock and PureSec further advance Prisma leadership in cloud security by providing customers with a comprehensive set of security protections across the entire continuum of cloud workloads. 

With Twistlock and PureSec part of the Prisma cloud security suite, customers will benefit from these capabilities: 

  • Twistlock, the leader in container security, brings vulnerability management, compliance and runtime defense for cloud-native applications and workloads. 
  • PureSec empowers enterprises to embrace serverless technologies, such as AWS Lambda, Google Cloud Functions, Azure Functions and IBM Cloud Functions, without compromising on security, visibility and governance. 

Current Twistlock Customers Continue to Reap the Security Benefits 

If you’re a customer of Twistlock’s stand-alone offering, you’ll continue to receive the industry’s leading container security capabilities for your company with the same focus on simplicity, innovation and effectiveness. We’ll continue to invest in this offering, and the team will remain under the direction of Twistlock co-founder and CEO, Ben Bernstein. Over time, you’ll see more payoff to your investment as we integrate Twistlock into Prisma and provide you the broadest and most consistent security capabilities across public and private clouds.

Prisma: Cloud Security for Today and Tomorrow

Prisma™ by Palo Alto Networks – including best-in-class capabilities from Twistlock and PureSec – is the industry’s most complete cloud security offering for today and tomorrow. It provides unprecedented visibility into data, assets and risks in the cloud; consistently secures access, data and applications without compromises; enables speed and agility as organizations embrace the cloud; and reduces operational complexity and cost with a radically simple architecture.

Regardless of how your business is taking advantage of the cloud, Prisma secures your end-to-end cloud journey:

  • Secure Access: Take advantage of secure access to the cloud from branch offices and for mobile users in any part of the world without compromising the user experience.
  • Secure SaaS: Bring together data protection, governance and compliance to safely enable SaaS application adoption.
  • Secure Public Cloud: Get continuous security monitoring, compliance validation and cloud storage security capabilities across multi-cloud environments. Plus, simplify security operations through effective threat protections enhanced with comprehensive cloud context.
  • VM-Series Virtualized Next-Generation Firewall: Embedding the VM-Series in your application development life cycle to complement native security services can prevent data loss and business disruption, allowing your public cloud migration to accelerate.

A More Secure Everywhere 

We’re excited to add Twistlock’s and PureSec’s technologies to our cloud security suite and welcome two exceptional teams that bring additional cloud expertise to Palo Alto Networks. 

View the original post at Palo Alto Networks.

Are your wiring closets multi-gigabit capable?

July 10th, 2019

Since the inception of ethernet switching back in the 1990s, the industry had normally introduced speed increments in variables of 10x. Over time we moved from 10 Megabits per Second (Mbps) to 100, 100 Mbps to 1 Gigabits per Second (Gbps), etc. So, when the new multi-gigabit standard was introduced in 2016 (802.3bz), many wondered why the industry would deviate from a tried and true system of growth to introduce 2.5 and 5 Gigabit Ethernet (GbE) copper derivatives.

Truth is that the deviation from 10x increments actually started when the IEEE ratified the 100GbE standard back in 2010 (802.3ba). The addition of 40GbE as an option in that standard allowed the server virtualization and cloud phenomena boom to continue to grow, as many servers were capable of pushing much higher network data rates once they had multiple applications utilizing a much higher percentage of their capacity. The cost of a multiport 100GbE switch at the time would have been cost prohibitive to a majority of companies, so the move to 40GbE allowed manufacturers to produce a product that could meet the demands of the data center market at an affordable cost.

Fast forward five years to the current 2.5/5GbE addition and once again the industry is trying to assist customers in making the most out of what they have while keeping up with technological advances. With the eruption of Internet of Things (IoT) devices and the wireless industries continued advancement in WiFi speeds, there’s a need to be able to provide more than the current 1Gbps bandwidth that older WiFi access points required. As an example, the WiFi 6 standard (802.11ax) is capable of providing 1Gbps per spatial stream to wireless end-user devices. Most high-end access points have four spatial streams, so the theoretical ethernet requirement from a WiFi 6 access point upstream to the switch would be more than 4Gbps. Ruckus even sells an eight spatial stream access point that doubles that requirement to 8Gbps. These are theoretical maximums, and you should engineer your network to expect fifty to seventy-five percent of actual throughput from these devices in real-world situations, so the 2.5 and 5GbE standards are required to utilize the newest access points, without making them a bottleneck in your environment.

Another issue is that if we stayed with the 10x progression of the past, you’d be required to provide 10GbE to these access points, moving from 1GbE to 10GbE over copper. But 10GbE over copper requires you to have Category 6A copper installed in your infrastructure. The majority of older wiring closets and data jack cable runs are still Category 5e, which would not be able to handle the 10GbE speeds…but they could handle the 2.5GbE speeds at the same 100-meter limits that applied to the 1GbE devices. If you’re blessed and have Category 6 installed (the predecessor to 6A), you can actually run 5GbE 100 meters as well, maximizing the cabling that you already have, to provide a better networking experience to your WiFi and power users.

I’m not advocating that you go out and replace every switch in every closet with multi-gigabit switches today, although there are plenty of vendors, Ruckus included who would love to help you with that. I am advocating that you find out what your options are for adding multi-gigabit capabilities to your existing closet today, before you have to do it at the same time as your next wireless upgrade, or when the computer industry starts shipping 2.5GbE ports in the back of every CPU and your power users are demanding the additional bandwidth.

Given that the typical lifecycle of a wireless network is three to five years, and the typical lifecycle of a wired network is five to seven years (ten years in the education verticals), there’s a high probability that you’ll be implementing WiFi 6 in your network long before you have the opportunity to upgrade the switching infrastructure that it needs to run on. Is your wiring closet ready for a device that requires more bandwidth, and more Power over Ethernet (PoE) than any port on your current switch or stack of switches can provide? Does the switching vendor you currently use provide flexibility to mix and match your current 1GbE switches with some newer multi-gigabit (2.5/5GbE) switches in the same stack, or do you have to upgrade the entire stack to a new, higher-end model line? There are switch vendors who offer multi-gigabit capabilities in their lowest end stackable switches. Does your current switch vendor allow you to grow your wiring closet stack size above eight switches, allowing you to insert additional multi-gigabit switches in those higher-density closets where you may be maxed out at eight already? There are vendors out there that will let you grow your wiring closet stack well past eight, some as high as twelve switches.

The bottom line is that the requirement for higher speed wired networking at the edge is already here, and it’s only going to grow as the computer industry adds multi-gigabit as the default network interface on desktop computers, and WiFi 6 as the default wireless specification on laptops. If you’ve got a project planned to upgrade your wiring closets, heed my warning, since the switches you buy now have to get you through the next one or two generations of WiFi that are coming, and your wired power users as they start to get workstations with these higher speed capabilities built-in. As always, the entire Ruckus Technical Family is here to help you with any questions or requirements you may have concerning your next wired or wireless project.


Continue reading:
Using outdated Wi-Fi security procedures is like buying a blast door and leaving the key in the lock
Are you ready for a Network-as-a-Service model?

View the original post at The Ruckus Room.

A Quarter of People in EMEA Prefer their Cybersecurity Managed by Artificial Intelligence

July 10th, 2019

Palo Alto Networks finds over half of respondents take responsibility for their data online

An online study of more than 10,000 respondents in EMEA conducted by Palo Alto Networks and YouGov alongside Dr Jessica Barker, an expert in the human nature of cybersecurity, explores attitudes towards new cybersecurity technologies, such as artificial intelligence (AI), and how these technologies protect their digital way of life.

Just over a quarter (26%) of EMEA respondents would prefer their cybersecurity to be managed by AI rather than a human. Italy has the most confidence in relying on AI (38%), while in the UK only 21 percent of people prefer AI over humans to protect their digital way of life. [each market to add local insight].

The research suggests that those who are more open to AI technologies have a positive outlook on the role cybersecurity plays in their day-to-day lives. Almost a third (29%) of respondents online who preferred their cybersecurity managed by AI feel having cybersecurity checks in place has a very positive impact on their overall online experience, compared to the combined average of 20 percent.

Greg Day, VP and CSO EMEA at Palo Alto Networks, comments on the findings: “AI is already playing a vital role in cybersecurity, helping to detect and prevent breaches with new capabilities that the human brain simply could not achieve. It is encouraging, therefore, to see the gap closing between AI- and human-managed cybersecurity technologies, and the positive attitude towards cybersecurity checks that comes with a preference for AI technologies is one we hope to see embraced by more people in the future. Humans are risk averse, yet innovation requires taking new steps, and many still see change as risk. Taking responsibility for data loss and keeping personal data secure is the first step in ensuring we are using best practice within a business, and education is key in helping respondents feel safer online.”

The study also uncovered mixed views on the perceived security of internet of things (IoT) technologies, such as smart home devices and wearables: 38 percent of EMEA respondents believe them to be secure, with a similar number (43%) thinking the opposite. However, this did vary across the region, with those in the UAE most trusting of IoT’s security (71% believe it to be secure), whereas a higher proportion in Germany (53%), France (48%), and the UK (46%) believe them to be insecure.

Topics like data privacy and ethics are becoming more mainstream, and Dr Jessica Barker says it’s not surprising to see hesitation in adopting new technologies like AI and IoT, commenting: “When any new technology emerges, there is often a reticence among many to embrace the change, even when it offers an improvement to our way of life. Telephones, trains and televisions were all a source of fear for the general public when they were first introduced. Many people are unaware of the way in which AI and machine learning are already enabling our use of technology, protecting our data and preventing cyberattacks, largely because it is often non-invasive to the end-user. This can mean people feel hesitant about the concept of embracing AI, without realising that it is already a positive presence in their lives. It is interesting to note that IoT is considered insecure by the majority of participants, whereas most people feel that technology, in general, is helping them to be more secure online. This suggests that the technology industry needs to address security and privacy concerns surrounding IoT in a meaningful and transparent manner.”

Other key findings from the online research include:

  • While there is a generational divide when it comes to preferring cybersecurity managed by AI, it isn’t as polarising as expected, with Millennials showing a marginal preference (31%) compared to Baby Boomers (23%).iv
  • Cybersecurity self-reliance is a global trend with 54 percent of respondents taking responsibility for their personal data when online:
    • The divide between the younger (18-24) and older (55+) generations is more prominent here, with only 43 percent of the younger demographic taking responsibility for their own personal data compared to 58 percent of those aged 55 and above.
  • A quarter (25%) of respondents feel cybersecurity should be the responsibility of law enforcement, and 28 percent feel it is down to the government.
  • The cybersecurity message is getting through to people; a majority of respondents (44%) agree that cybersecurity technologies give them the ability to spend less time worrying about personal data loss, versus the 14 percent who disagree.
  • 67 percent of respondents feel they are doing all they can to prevent the loss of their personal data:
    • This rises to 75 percent of respondents ages 55 and over and falls to 59 percent for 25- to 34-year-olds.
    • 77 percent of respondents in the UAE and France agree with this statement, while only 60 percent of those in Italy and Sweden agree.

Dr Barker adds: “Trust is so important in cybersecurity. People want to be actively engaged in better protecting themselves online, and they embrace technology that supports them in this. The knowledge acquired can then be transferred to other areas of their lives, most importantly, the workplace. It is interesting to see that older participants feel a greater sense of responsibility over their data than younger participants. There are a number of factors which could help explain this, one being that the older generation are more likely to have been exposed to cybersecurity training and practices in the work environment, and this could have influenced their mindset to be more security conscious. It could also be that the younger generation is more likely to regard security as a collective responsibility, as part of a culture that is more centred on sharing.”

Greg Day concludes: “The results of this study provide some key takeaways for businesses. It’s important that they take into account perceptions of technologies like AI and IoT when developing new products and services, as well as getting ahead of new threats targeting the next-generation networks they will rely on. Building and maintaining trusted capabilities will only be achieved through prioritising cybersecurity and data privacy, and communicating openly and honestly. Through applying these new technologies responsibly and adopting them into our day to day lives, we can create a world where each day is safer and more secure than the one before.”

About the Research

All figures, unless otherwise stated, are from YouGov Plc. Total sample size was 10,317 adults, of which 1,016 were from Netherlands; 1,021 were from Italy; 1,005 were from UAE; 1,041 were from France; 1,953 were from Sweden; 2,181 were from Germany; and 2,100 were from the UK. Fieldwork was undertaken between 29 April and 16 May 2019. The survey was carried out online. The figures have been weighted and are representative of all adults (aged 18+) in each country:

  • Countries surveyed were Netherlands, Italy, UAE, France, Sweden, Germany, and the UK.
  • Thinking about cybersecurity when you are online (e.g., shopping online, using social media, online banking, etc.) on any device … ;Which ONE, if either, of the following would you prefer?

  • Respondents online were given the following description to read before answering to what extent cybersecurity checks (i.e., checks that you need to pass to be able to pay for a product/service online; e.g., proving you are ‘not a robot’ [CAPTCHA], re-entering passwords/details) positively or negatively impact their overall digital experience on a 0 to 10 positivity scale with 0 being very negatively, 10 being very positively.
“Digital experience is how well or not a consumer experiences using an online service like shopping or banking.  A good digital experience includes when you searched for an item to buy online, you found it quickly, it was available to buy and you were able to checkout with little problems etc. A bad digital experience includes when the website or app runs very slowly, there were broken links, it required you to add in lots of information manually etc.” ‘Very negatively’ was defined as respondents selecting a score of 0, 1, or 2 on this scale. ‘Very positively’ was defined as respondents selecting a score of 8, 9, or 10 on this scale.
  • Millennials are defined as 18- to 34-year-olds and Baby Boomers are aged 45 and over.
  • Still thinking about cybersecurity when you are online (e.g., shopping online, using social media, online banking, etc.) on any device …  In general, which, if any, of the following do you feel should be responsible for the security of your personal data? (Please select all that apply.)

About Palo Alto Networks

Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world’s greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before. For more information, visit www.paloaltonetworks.com.

Palo Alto Networks, PAN-OS, and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and jurisdictions throughout the world. All other trademarks, trade names, or service marks used or mentioned herein belong to their respective owners.

SOURCE Palo Alto Networks, Inc.

Using outdated Wi-Fi security procedures is like buying a blast door and leaving the key in the lock

July 10th, 2019

Simple, everyday connectivity mistakes can be more damaging than expected. More shockingly, they often go unidentified.

When meeting a prospect in the cafeteria I overheard an employee asking a colleague how to connect his new phone to the Wi-Fi and was shocked to hear the mention of inputting AD (active directory) credentials. In a company, like this, which invests significantly in security, surely these outdated mistakes should have been put to rest long ago.

When I asked this employee if he knew who he was providing his credential to it became clear that the question had never even crossed his mind. He explained to me that he was accustomed to the dialog box on his screen, having encountered it using his previous phone which had required him to update Wi-Fi client settings each time his company’s passwords were changed every three months.

There are several security risks to be aware of in this case. Let me explain why.

Protocols such as PEAP (Protected Extensible Authentication Protocol) and TTLS (Tunnelled Transport Layer Security) were developed to provide enhanced security in Wi-Fi environments with minimal impact on the client (user) provisioning side, introducing username and password authentication. The principle is the following:

The client communicates with the authentication server by sending EAPoL (Extensible Authentication Protocol over Local Area Network) traffic to the AP that forwards it to the AAA (authentication, authorization, and accounting) server by encapsulating it into RADIUS (Remote Authentication Dial-In User Service) packets.

There are various EAP methods that specify the ‘language’ used to connect the client to the AAA server; PEAP and TTLS are just two examples of these languages. The principle is to facilitate the client to authenticate the server by verifying a digital certificate, establishing a secure tunnel with the AAA server. Once this tunnel has been established, user credentials can be sent securely.

This method has the advantage of offering secure authentication without having to deploy a certificate on each individual client, an expensive and time-consuming exercise. PEAP or TTLS were defined when mobile device management or device onboarding solutions were still in their infancy in the early 2000’s.

The issue with mechanisms of this kind is that they rely on the client side to decide which server certificate to accept. Most operating systems will allow users to select or configure preferred certificates, and some might also accept untrusted certificates providing appropriate user warnings. The user may not necessarily be familiar with the implications or the consequent risks of making the wrong decision, more often concerned with getting connected as soon as possible. If the AP (authentication protocol) and the AAA server were rogue devices, making the wrong choice could allow a malicious a person to obtain the user credentials needed to access network connectivity or any other IT system used by that company.

Today many solutions are available to centrally automate this process and prevent human error from causing potential security risks. While some are OS specific such as Apple Mobile Configurator or Microsoft Group Policy Manager there are others available which support a wide variety of operating systems such as Cloudpath Enrollment System or other Mobile Device Management solutions. Additionally, some of those solutions can create a device certificate on the fly and install them on the user equipment immediately. This allows certificate authentication to be achieved on the mobile device as well as previously connected equipment without the need for user credentials, allowing the network to identify the device and not just its user.

A centrally automated process could allow IT departments to implement different network access policies based on the device being used (accommodating both personal mobile devices and company-owned laptops). Not only does this type of differentiation achieve more convenient data access controls for the user, it significantly reduces the risk of data breaches in Wi-Fi security.

View the original press release The Ruckus Room.

What the UK’s most recent IoT legislation means for the industry

July 10th, 2019

The IoT represents a new chapter for the technology we use on a regular basis by bringing connective capabilities to billions of devices worldwide. However, with this development comes the question of security. For the large-scale deployment of these devices it’s crucial that consumers are assured the personal data they share with online devices will not be compromised. Indeed, the cybersecurity of these products is now as important as the physical security of our homes.

In 2018, the UK government conducted a review on the issue of securing IoT devices, seeking input from industry leaders, academic figures, and other stakeholders. It then gathered the responses to help identify what the rights and responsibilities of consumers and businesses regarding IoT security should be. The result of the review led to the government publishing the Code of Practice for Consumer IoT Security to set out some guidelines to all parties involved in the development, manufacturing and retail of consumer connected devices.

Although this code helped to instill a sense of confidence among businesses and consumers, it was not compulsory to adopt the suggestions, meaning irresponsible manufacturers were not obligated to change their ways. As a result, the UK government recently published a new statement in which it said that “despite providing industry with these tools to help address security in IoT, we continue to see significant shortcomings in many products on the market.”

To combat this problem the government now intends to make three security requirements mandatory. These include:

  • Providing unique passwords at sale that are not resettable to any universal factory setting
  • Ensuring there’s a public point of contact for cybersecurity issues relating to the device
  • Stating clearly via labels how secure the device is and for how long security updates would be made available

The attraction of these initial requirements lies in that they are easy to implement and enforce and would protect consumers and businesses from the security risks associated with these devices. Currently, for example, as many as one third of IoT attacks abuse weak passwords, so even creating legislation to combat this basic issue will be highly beneficial. The UK government is also looking at creating a compulsory labeling system to tell the consumer exactly how secure the device is. As it stands, however, the onus of this would be on the manufacturer providing the relevant label and it is currently not clear how many of the Code of Practice guidelines a device would have to conform to in order to be sold.

IoT Security is key to gain and retain consumer trust on privacy and to fulfill the full potential of the IoT promise. We are committed to provide leading edge IoT security solutions and services that protect connected devices – from the design and manufacturing stages, through to their entire lifecycle, guarding devices and data against cyberattacks.

We load unique, diversified IDs and security certificates in the cellular modules that will allow future devices to connect to the network. This means that security is built into the roots of connected devices, at the manufacturing stage, to avoid device cloning or ID theft. An advanced security lifecycle management tool is made available, to remotely manage devices, activate or revoke credentials, and ensure that the data sent by the devices goes to the right entities, without manipulation.  Our cybersecurity solution is in line  with what the UK IoT legislation is proposing.

Often overlooked, managing the lifecycle of security components across the device and cloud spectrum is a critical element for a robust and long-term digital security strategy. Security is not a one-off activity, but an evolving part of the IoT ecosystem, helping to cope with both new regulations and new kind of cyberthreats that will necessarily occur in the next years.

One of the key tenets of IoT security is that it must be a consideration at the very beginning of the design process, with the right expert knowledge brought in as early as possible. The latter the process of assessing, testing and hardening of IoT solutions is left, the more difficult and costly it is to get right.

It’s great to see that with this legislation the UK government is encouraging manufacturers to consider security from the start of the design and build processes. Hopefully, this would also encourage other governments to consider similar legislation as IoT security to help install a sense of confidence among businesses and consumers.

View the original post at Gemalto.com.

More Than 10M Australians Affected by a Single Data Breach, Reveals OAIC

June 21st, 2019

The Office of the Australian Information Commissioner (OAIC) found that a single data breach affected more than 10 million Australians.

In its latest Notifiable Data Breaches Quarterly Statistics Report, the OAIC reveals that it received 215 notifications of data breaches under the Notifiable Data Breach Scheme between 1 January and 31 March 2019. Nearly all of those security incidents (189) affected between one and 1,000 Australians. But there were a few events that claimed even more victims. Twelve of these data breaches affected 5,000 individuals, for instance, while two incidents compromised 25,000 people’s data. One data breach even affected more than 10 million Australians.

A closer look at report reveals that the majority of these data breaches (186 incidents, or approximately 88 percent) compromised Australians’ contact information. Slightly half of those security events (98) exposed victims’ financial details. Meanwhile, 55 data breaches compromised individuals’ identity information.

Malicious actors and criminals were responsible for most of the breaches disclosed to the OAIC within this reporting period. Indeed, malicious or criminal attacks accounted for 61 percent of data breach notifications in Q1 2019. Human error came at 75 data breaches, or 35 percent of the total, while system faults were responsible for just nine breaches or four percent of the total.

Those human error incidents warrant additional analysis, as a vast array of faults were behind those events. Personal information sent to the wrong recipient via email came in on top at 23 of the 75 human error data breaches. Close behind it was unauthorised disclosure (unintended release or publication) at 21 cases, which was followed by 12 instances of loss of paperwork/data storage device and nine occurrences where someone sent personal information to the wrong recipient via mail. Unauthorised disclosure (verbal or failure to redact), other occasions where someone sent personal data to the wrong recipient and a failure to use BCC when sending email were all responsible for three or fewer security instances each.

The first quarter of 2019 represents the first time that the number of data breaches reported to the OAIC decreased. Between Q2 2018 and Q3 2018, for instance, the total number of security incidents increased slightly from 242 to 245. The rate of growth was even more significant between Q3 2018 and Q4 2018 from 245 to 262.

But that doesn’t mean that organisations are any less safe now than they were in 2018. In acknowledgment of the NDB’s scheme, Australian Information Commissioner and Privacy Commissioner Angelene Falk explained that organisations need to take steps to protect themselves against digital threats. She said that one of the best ways they can do this is by investing in their users:

By understanding the causes of notifiable data breaches, business and other regulated entities can take reasonable steps to prevent them. Our report shows a clear trend towards the human factor in data breaches — so training and supporting your people and improving processes and technology are critical to keeping customers’ personal information safe.

To be sure, should balance these investments in their people with appropriate investments in technology. Specifically, they should encrypt all sensitive data at rest and in transit, securely store and manage all encryption keys and control user access and authentication. By implementing each of these measures, companies can protect themselves against data breaches.

View the original post at Gemalto.com.

Net-Ctrl Blog - mobile

How Brexit Impacts the Future of Europe’s Cybersecurity Posture

August 6th, 2019

The British parliament has been unable to agree the exit package from the European Union. With the possibility of a “no deal” departure looming, EU leaders have granted a six-month extension to Brexit day. But the uncertainty that still lingers with regards to Britain’s future, creates various opportunities which cyber criminals could try to exploit.

Given the situation, careful examination of Brexit’s direct and indirect implications must be made, if we are to better understand the potential ramifications of a “no deal” exit. Let’s begin by looking at relevant regulations.

A brief look at current and future legal frameworks

The EU recently adopted two key pieces of legislation designed to govern cybersecurity and privacy issues. The first piece of legislation, the General Data Protection Regulation (GDPR)1, regulates data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). The second regulation, the EU Network and Information Security Directive (NIS)2, provides legal measures to boost the overall level of cybersecurity in the EU.

For its part, the United Kingdom incorporated GDPR into its Data Protection Act 20183 and the NIS Directive into its NIS Regulations 20184, a political choice showing that the UK strategically desires to be aligned and, to a certain extent, compliant with the new EU regulations.

Governing the transfer of data

On February 6, the UK government published “Using personal data after Brexit”9. The guideline reveals that post-Brexit UK businesses will still be able to send personal data from the UK to the EU and that the UK will continue to allow the free flow of personal data from the UK to the EU (and the EEA area).

Data originating from the EU that comes into the UK will be a different story. It is illegal for an EU Member State business or organisation to export data to a non-EEA entity without specific legal safeguards in place. Since post-Brexit UK could, depending on the method of exit, be considered a “third country,” UK businesses will be subject to these safeguards.

Current & Post-Brexit Threat Landscape

In the UK, the number of data breaches reported to the Data Protection Commission11 rose by almost 70 percent last year, totaling 4,740 breaches during 2018. At the same time, UK organisations such as universities, businesses, online stores and social media (like Facebook) have been subject to breaches that affected millions of people.

Incident Handling

Today all European businesses, organisations and citizens can utilise a data breach reporting mechanism to notify only the Lead Supervisory Authority (LSA) in their country, to carry out investigations and to inform/coordinate with LSAs in other EU Member States in case of a cross-border cybersecurity incident.

In a post-Brexit future, UK-based businesses and organizations will need to legally notify not only the UK Lead Supervisory Authority, the Information Commissioner’s Office (ICO), but also each relevant Member State’s LSA.

Effects on the Workforce

What concerns me most is the cybersecurity skills shortage14. By limiting the right of free movement and enforcing stricter working visa requirements, Brexit could have a significant impact on the capability of Britain to fight against cyber criminals and nation state threats.

Additionally, UK based universities will potentially lose access to huge amounts of EU research funding because of Brexit.

What we can do to prepare?

On the cybersecurity front, UK companies will have to deal with a disappearing network perimeter, a rapidly expanding attack surface, the widening cybersecurity skills gap and the growing sophistication of cyber-attacks.

These issues are extremely difficult to be dealt with. In response, companies should focus on securing all of sensitive data by encrypting all data at rest and in transit, securely storing and managing all encryption keys and controlling user access and authentication. Doing so will help them staff safe in an increasingly uncertain world. With the rise in threats and the increasing value of data to cyber criminals, it’s important for businesses to know how they can adopt a Secure the Breach approach to protecting their most sensitive data and intellectual property.

View the original post at Gemalto.com.

Multiple Paths to Multigigabit Connectivity

August 6th, 2019

We recently announced the expansion of our multigigabit portfolio with the addition of the new R750 Wi-Fi 6 (802.11ax) access point (AP) and ICX 7150-C10ZP multigigabit switch. More specifically, the R750 is a dual-band, 4×4:4 (5GHz) + 4×4:4 (2.4GHz) AP with embedded IoT radios (BLE, Zigbee) and 2.5GbE support. In addition, the R750 is optimized for high client-density environments and supports the latest WPA3 Wi-Fi security standard.

As we’ve previously discussed on The Ruckus Room, the migration to Wi-Fi 6 is driving companies to upgrade their network infrastructure to support multigigabit infrastructure. As with all new technology, the initial multigigabit switches to hit the market were high-priced entries targeting early adopters. The technology has matured and sales shipments of Wi-Fi 6 APs have begun to ramp, though multigigabit switch options have been slower to expand.

Ruckus Networks (now part of CommScope) is pleased to be leading the charge by offering a range of multigigabit switch options that offer customers a choice of how they want to “dip their toes” into multigigabit and choose their level of investment. With our most recent announcement, Ruckus now offers:

High-performance Multigigabit
The ICX 7650-48ZP features 2.5/5/10 GbE access ports paired with 100 GbE uplinks to deliver top-of-line performance for high-density Wi-Fi 6 deployments where performance is essential. The switch provides customers the performance and capacity that they’ll need for the next 7-10 years.

Affordable Multigigabit
The ICX 7150-48ZP offers 1/2.5 GbE access ports for most Wi-Fi 5 and Wi-Fi 6 deployments. Based on our entry-level switch series, it delivers more than double the performance of gigabit switches at a surprisingly affordable price.

Mini-Multigigabit
The ICX 7150-C10ZP features multigigabit access ports (both 2.5/5/10 GbE and 1/2.5 GbE) in a small form factor that’s fanless for silent operation. Four ports are PoE-enabled with up to an industry-best 90W. Like all Ruckus ICX switches, the ICX 7150-C10ZP can be stacked with other ICX 7150-family switches within a single wiring closet or across closets or classrooms. This switch is ideal for deployments where only a few multigigabit ports are needed. See my companion blog about uses for this compact multigigabit switch.

What’s the right switch for you? Contact Net-Ctrl on 01473 281 211, or email sales@net-ctrl.com.

MOBOTIX obtains the CNPP trust passport, integrating the cyber-security dimension in all of its digital video surveillance camera systems (IoT).

July 11th, 2019

PMOBOTIX is pleased to announce that it has obtained the certification “CNPP certified,” which integrates the cyber-security dimension.

MOBOTIX is the first manufacturer in Europe to obtain “CNPP certified” product certification for its video surveillance cameras, offering a guarantee of IT and electronic “resistance” to cyber-attacks. 

“This recognition is proof of quality, performance, and also of the trust of our customers at a time when digital security is becoming a key issue for all stakeholders,” says Patrice Ferrant, Regional Sales Manager, MOBOTIX.

MOBOTIX announced its intention to focus more on cyber-security over one and a half years ago, in particular by launching the “MOBOTIX Cactus Concept.” “The objective of this initiative is to promote cyber-security in the area of video protection and video-telephony. An integral part of our strategy is to develop a series of product-integrated tools and features that allow IT security administrators to protect their systems. Now that we have passed a series of tests validated by CNPP, it is truly rewarding to announce our certification today,” added Ferrant.

CNPP is a key player in risk prevention and control in the areas of fire/explosion security, security/malicious acts, cyber-security, environmental issues, and occupational risks.

“After several years of R&D and confronted with rising threats of cyber-attacks, CNPP developed a method for assessing the robustness of security/safety products against cyber-attacks. This approach allows us to add resistance to cyber-attacks to the functional security/safety characteristics that are already certified. This new acknowledgment, represented by the @ symbol combined with our certification marks, allows for the addition of a third-party assessment of the products’ ‘security by design.’ The cyber-security work was led by CNPP in association with the National Cyber-security Agency of France (ANSSI) with the aim of providing suitable validation for security/safety products that is completely compatible and complementary to specific ANSSI acknowledgments (FLSC*, common criteria, etc.). Today, these new CNPP Certified trust passports delivered for video surveillance cameras add a cyber-security dimension to the list of electronic security equipment already certified @ (NF & A2P @, A2P @, CNPP Certified), which allows the overall inclusion of the cyber-security dimension by CNPP, with the integration of best practices for installation and IP-connected security/safety maintenance and with the frame of reference APSAD D32 through APSAD service certifications,” says Nathalie Labeys, Head of Pôle Electronique de Sécurité CNPP Cert.

FLSC: First level security certification

View the original post at Mobotix.com.

Is there such a thing as too much Wi-Fi?

July 10th, 2019

Ever gone into a store and looked up? You’d be surprised what you can find hanging off the ceilings.

Like where I’m hanging out now—one of those tiny mobile phone stores. It’s not a large space but there are three Wi-Fi APs hanging off the ceiling in a retail space of about 400 sq. ft. (37 m2). That’s roughly equal to one AP for every 133 sq. ft. (12 m2).  Does such a small place really need three APs?

Is Three a Crowd?

People who study crowd density have rules of thumb to estimate the number of people that can occupy a given space. A loose crowd, where everyone is about an arm’s length from their neighbor, requires roughly 10 square feet (1 square meter) per person.

At that density, you could pack forty people in this store. It would be uncomfortable and leave no room for shelves, tables, or check-out counters. Anyone who has shopped around a major holiday knows what it’s like to look inside a jam-packed retail store and say “Hard pass”.

Back to those APs blinking above me. Let’s assume everyone here has a Wi-Fi-enabled smartphone. At our maximum crowd capacity, that’s 40 devices, plus a few more if the store uses Wi-Fi for point-of-sale (POS) devices. Let’s round up to 60.

You might think to yourself, “60 devices divided by three APs is only 20 devices per AP. That’s great!” Except most APs have dual radios. The actual number will be 10 devices per radio.

I can hear you now. You’re probably the person behind me in the check-out line wondering why this woman is muttering to herself about APs. “Isn’t fewer devices per radio better?” you’d say.

Maaaybe.

First, is everyone really going to be using all of those devices at the same time? The answer is almost certainly no. Let’s assume 50% of these devices are actively used at any given time for email, web surfing,  cat videos, writing blogs, and so on. Everyone else is shopping, paying at the register or wondering if they have time for a Starbucks run later.

That leaves us with 30 active Wi-Fi devices: 5 per AP radio, or 10 per AP.

If that’s the case, why, you might ask, would someone put not one, or two, but three APs on their ceiling? This is not a physics or math problem. The answer, I suspect, lies in an intuitive understanding everyone shares: If a little bit of something is good, more is better.

But like ketchup on French fries or water in a bathtub, there is a limit after which more  makes things worse instead of better. Wi-Fi is like that. Flooding a space with more and more RF reaches a point where you’re gonna spend more time with a mop than enjoying a relaxing bath.

Here at Ruckus, we spend a lot of our hard-earned research dollars figuring out how to make Wi-Fi work even better and support more devices per AP. Not only does it give you more Wi-Fi for the dollars you spend, but it also reduces the potential for too much RF interference and the terrible troubles it would unleash on an unsuspecting IT network engineer. If you’re interested in learning more about RF interference and its impact on Wi-Fi capacity, check out this blog on the 3 myths of Wi-Fi – interference, capacity, and roaming. While you’re there, check out some other blogs written by really smart people who probably don’t stand in check-out lines staring at the ceiling and muttering to themselves.

In the meantime, keep an eye out and don’t be afraid to ask, “Is more really better?”


Continue reading:
3 Ways IT can be an OT Hero
Breaking up with old network paradigms

View the original post at The Ruckus Room.

A More Secure Everywhere. From Containers to Serverless and Beyond!

July 10th, 2019

By Sai Balabhadrapatruni

Today is an exciting day for Palo Alto Networks and its customers as we complete our acquisition of Twistlock. The addition of Twistlock further strengthens our capabilities in cloud security and will help customers accelerate their journey to the cloud with consistent and comprehensive security across public, private and hybrid cloud deployments. This is hot off the heels of our acquisition of PureSec, a leader in protecting serverless applications.

Most modern applications utilize a mix of platform as a service (PaaS), VMs, serverless and other resources offered by cloud service providers. The acquisitions of Twistlock and PureSec further advance Prisma leadership in cloud security by providing customers with a comprehensive set of security protections across the entire continuum of cloud workloads. 

With Twistlock and PureSec part of the Prisma cloud security suite, customers will benefit from these capabilities: 

  • Twistlock, the leader in container security, brings vulnerability management, compliance and runtime defense for cloud-native applications and workloads. 
  • PureSec empowers enterprises to embrace serverless technologies, such as AWS Lambda, Google Cloud Functions, Azure Functions and IBM Cloud Functions, without compromising on security, visibility and governance. 

Current Twistlock Customers Continue to Reap the Security Benefits 

If you’re a customer of Twistlock’s stand-alone offering, you’ll continue to receive the industry’s leading container security capabilities for your company with the same focus on simplicity, innovation and effectiveness. We’ll continue to invest in this offering, and the team will remain under the direction of Twistlock co-founder and CEO, Ben Bernstein. Over time, you’ll see more payoff to your investment as we integrate Twistlock into Prisma and provide you the broadest and most consistent security capabilities across public and private clouds.

Prisma: Cloud Security for Today and Tomorrow

Prisma™ by Palo Alto Networks – including best-in-class capabilities from Twistlock and PureSec – is the industry’s most complete cloud security offering for today and tomorrow. It provides unprecedented visibility into data, assets and risks in the cloud; consistently secures access, data and applications without compromises; enables speed and agility as organizations embrace the cloud; and reduces operational complexity and cost with a radically simple architecture.

Regardless of how your business is taking advantage of the cloud, Prisma secures your end-to-end cloud journey:

  • Secure Access: Take advantage of secure access to the cloud from branch offices and for mobile users in any part of the world without compromising the user experience.
  • Secure SaaS: Bring together data protection, governance and compliance to safely enable SaaS application adoption.
  • Secure Public Cloud: Get continuous security monitoring, compliance validation and cloud storage security capabilities across multi-cloud environments. Plus, simplify security operations through effective threat protections enhanced with comprehensive cloud context.
  • VM-Series Virtualized Next-Generation Firewall: Embedding the VM-Series in your application development life cycle to complement native security services can prevent data loss and business disruption, allowing your public cloud migration to accelerate.

A More Secure Everywhere 

We’re excited to add Twistlock’s and PureSec’s technologies to our cloud security suite and welcome two exceptional teams that bring additional cloud expertise to Palo Alto Networks. 

View the original post at Palo Alto Networks.

Are your wiring closets multi-gigabit capable?

July 10th, 2019

Since the inception of ethernet switching back in the 1990s, the industry had normally introduced speed increments in variables of 10x. Over time we moved from 10 Megabits per Second (Mbps) to 100, 100 Mbps to 1 Gigabits per Second (Gbps), etc. So, when the new multi-gigabit standard was introduced in 2016 (802.3bz), many wondered why the industry would deviate from a tried and true system of growth to introduce 2.5 and 5 Gigabit Ethernet (GbE) copper derivatives.

Truth is that the deviation from 10x increments actually started when the IEEE ratified the 100GbE standard back in 2010 (802.3ba). The addition of 40GbE as an option in that standard allowed the server virtualization and cloud phenomena boom to continue to grow, as many servers were capable of pushing much higher network data rates once they had multiple applications utilizing a much higher percentage of their capacity. The cost of a multiport 100GbE switch at the time would have been cost prohibitive to a majority of companies, so the move to 40GbE allowed manufacturers to produce a product that could meet the demands of the data center market at an affordable cost.

Fast forward five years to the current 2.5/5GbE addition and once again the industry is trying to assist customers in making the most out of what they have while keeping up with technological advances. With the eruption of Internet of Things (IoT) devices and the wireless industries continued advancement in WiFi speeds, there’s a need to be able to provide more than the current 1Gbps bandwidth that older WiFi access points required. As an example, the WiFi 6 standard (802.11ax) is capable of providing 1Gbps per spatial stream to wireless end-user devices. Most high-end access points have four spatial streams, so the theoretical ethernet requirement from a WiFi 6 access point upstream to the switch would be more than 4Gbps. Ruckus even sells an eight spatial stream access point that doubles that requirement to 8Gbps. These are theoretical maximums, and you should engineer your network to expect fifty to seventy-five percent of actual throughput from these devices in real-world situations, so the 2.5 and 5GbE standards are required to utilize the newest access points, without making them a bottleneck in your environment.

Another issue is that if we stayed with the 10x progression of the past, you’d be required to provide 10GbE to these access points, moving from 1GbE to 10GbE over copper. But 10GbE over copper requires you to have Category 6A copper installed in your infrastructure. The majority of older wiring closets and data jack cable runs are still Category 5e, which would not be able to handle the 10GbE speeds…but they could handle the 2.5GbE speeds at the same 100-meter limits that applied to the 1GbE devices. If you’re blessed and have Category 6 installed (the predecessor to 6A), you can actually run 5GbE 100 meters as well, maximizing the cabling that you already have, to provide a better networking experience to your WiFi and power users.

I’m not advocating that you go out and replace every switch in every closet with multi-gigabit switches today, although there are plenty of vendors, Ruckus included who would love to help you with that. I am advocating that you find out what your options are for adding multi-gigabit capabilities to your existing closet today, before you have to do it at the same time as your next wireless upgrade, or when the computer industry starts shipping 2.5GbE ports in the back of every CPU and your power users are demanding the additional bandwidth.

Given that the typical lifecycle of a wireless network is three to five years, and the typical lifecycle of a wired network is five to seven years (ten years in the education verticals), there’s a high probability that you’ll be implementing WiFi 6 in your network long before you have the opportunity to upgrade the switching infrastructure that it needs to run on. Is your wiring closet ready for a device that requires more bandwidth, and more Power over Ethernet (PoE) than any port on your current switch or stack of switches can provide? Does the switching vendor you currently use provide flexibility to mix and match your current 1GbE switches with some newer multi-gigabit (2.5/5GbE) switches in the same stack, or do you have to upgrade the entire stack to a new, higher-end model line? There are switch vendors who offer multi-gigabit capabilities in their lowest end stackable switches. Does your current switch vendor allow you to grow your wiring closet stack size above eight switches, allowing you to insert additional multi-gigabit switches in those higher-density closets where you may be maxed out at eight already? There are vendors out there that will let you grow your wiring closet stack well past eight, some as high as twelve switches.

The bottom line is that the requirement for higher speed wired networking at the edge is already here, and it’s only going to grow as the computer industry adds multi-gigabit as the default network interface on desktop computers, and WiFi 6 as the default wireless specification on laptops. If you’ve got a project planned to upgrade your wiring closets, heed my warning, since the switches you buy now have to get you through the next one or two generations of WiFi that are coming, and your wired power users as they start to get workstations with these higher speed capabilities built-in. As always, the entire Ruckus Technical Family is here to help you with any questions or requirements you may have concerning your next wired or wireless project.


Continue reading:
Using outdated Wi-Fi security procedures is like buying a blast door and leaving the key in the lock
Are you ready for a Network-as-a-Service model?

View the original post at The Ruckus Room.

A Quarter of People in EMEA Prefer their Cybersecurity Managed by Artificial Intelligence

July 10th, 2019

Palo Alto Networks finds over half of respondents take responsibility for their data online

An online study of more than 10,000 respondents in EMEA conducted by Palo Alto Networks and YouGov alongside Dr Jessica Barker, an expert in the human nature of cybersecurity, explores attitudes towards new cybersecurity technologies, such as artificial intelligence (AI), and how these technologies protect their digital way of life.

Just over a quarter (26%) of EMEA respondents would prefer their cybersecurity to be managed by AI rather than a human. Italy has the most confidence in relying on AI (38%), while in the UK only 21 percent of people prefer AI over humans to protect their digital way of life. [each market to add local insight].

The research suggests that those who are more open to AI technologies have a positive outlook on the role cybersecurity plays in their day-to-day lives. Almost a third (29%) of respondents online who preferred their cybersecurity managed by AI feel having cybersecurity checks in place has a very positive impact on their overall online experience, compared to the combined average of 20 percent.

Greg Day, VP and CSO EMEA at Palo Alto Networks, comments on the findings: “AI is already playing a vital role in cybersecurity, helping to detect and prevent breaches with new capabilities that the human brain simply could not achieve. It is encouraging, therefore, to see the gap closing between AI- and human-managed cybersecurity technologies, and the positive attitude towards cybersecurity checks that comes with a preference for AI technologies is one we hope to see embraced by more people in the future. Humans are risk averse, yet innovation requires taking new steps, and many still see change as risk. Taking responsibility for data loss and keeping personal data secure is the first step in ensuring we are using best practice within a business, and education is key in helping respondents feel safer online.”

The study also uncovered mixed views on the perceived security of internet of things (IoT) technologies, such as smart home devices and wearables: 38 percent of EMEA respondents believe them to be secure, with a similar number (43%) thinking the opposite. However, this did vary across the region, with those in the UAE most trusting of IoT’s security (71% believe it to be secure), whereas a higher proportion in Germany (53%), France (48%), and the UK (46%) believe them to be insecure.

Topics like data privacy and ethics are becoming more mainstream, and Dr Jessica Barker says it’s not surprising to see hesitation in adopting new technologies like AI and IoT, commenting: “When any new technology emerges, there is often a reticence among many to embrace the change, even when it offers an improvement to our way of life. Telephones, trains and televisions were all a source of fear for the general public when they were first introduced. Many people are unaware of the way in which AI and machine learning are already enabling our use of technology, protecting our data and preventing cyberattacks, largely because it is often non-invasive to the end-user. This can mean people feel hesitant about the concept of embracing AI, without realising that it is already a positive presence in their lives. It is interesting to note that IoT is considered insecure by the majority of participants, whereas most people feel that technology, in general, is helping them to be more secure online. This suggests that the technology industry needs to address security and privacy concerns surrounding IoT in a meaningful and transparent manner.”

Other key findings from the online research include:

  • While there is a generational divide when it comes to preferring cybersecurity managed by AI, it isn’t as polarising as expected, with Millennials showing a marginal preference (31%) compared to Baby Boomers (23%).iv
  • Cybersecurity self-reliance is a global trend with 54 percent of respondents taking responsibility for their personal data when online:
    • The divide between the younger (18-24) and older (55+) generations is more prominent here, with only 43 percent of the younger demographic taking responsibility for their own personal data compared to 58 percent of those aged 55 and above.
  • A quarter (25%) of respondents feel cybersecurity should be the responsibility of law enforcement, and 28 percent feel it is down to the government.
  • The cybersecurity message is getting through to people; a majority of respondents (44%) agree that cybersecurity technologies give them the ability to spend less time worrying about personal data loss, versus the 14 percent who disagree.
  • 67 percent of respondents feel they are doing all they can to prevent the loss of their personal data:
    • This rises to 75 percent of respondents ages 55 and over and falls to 59 percent for 25- to 34-year-olds.
    • 77 percent of respondents in the UAE and France agree with this statement, while only 60 percent of those in Italy and Sweden agree.

Dr Barker adds: “Trust is so important in cybersecurity. People want to be actively engaged in better protecting themselves online, and they embrace technology that supports them in this. The knowledge acquired can then be transferred to other areas of their lives, most importantly, the workplace. It is interesting to see that older participants feel a greater sense of responsibility over their data than younger participants. There are a number of factors which could help explain this, one being that the older generation are more likely to have been exposed to cybersecurity training and practices in the work environment, and this could have influenced their mindset to be more security conscious. It could also be that the younger generation is more likely to regard security as a collective responsibility, as part of a culture that is more centred on sharing.”

Greg Day concludes: “The results of this study provide some key takeaways for businesses. It’s important that they take into account perceptions of technologies like AI and IoT when developing new products and services, as well as getting ahead of new threats targeting the next-generation networks they will rely on. Building and maintaining trusted capabilities will only be achieved through prioritising cybersecurity and data privacy, and communicating openly and honestly. Through applying these new technologies responsibly and adopting them into our day to day lives, we can create a world where each day is safer and more secure than the one before.”

About the Research

All figures, unless otherwise stated, are from YouGov Plc. Total sample size was 10,317 adults, of which 1,016 were from Netherlands; 1,021 were from Italy; 1,005 were from UAE; 1,041 were from France; 1,953 were from Sweden; 2,181 were from Germany; and 2,100 were from the UK. Fieldwork was undertaken between 29 April and 16 May 2019. The survey was carried out online. The figures have been weighted and are representative of all adults (aged 18+) in each country:

  • Countries surveyed were Netherlands, Italy, UAE, France, Sweden, Germany, and the UK.
  • Thinking about cybersecurity when you are online (e.g., shopping online, using social media, online banking, etc.) on any device … ;Which ONE, if either, of the following would you prefer?

  • Respondents online were given the following description to read before answering to what extent cybersecurity checks (i.e., checks that you need to pass to be able to pay for a product/service online; e.g., proving you are ‘not a robot’ [CAPTCHA], re-entering passwords/details) positively or negatively impact their overall digital experience on a 0 to 10 positivity scale with 0 being very negatively, 10 being very positively.
“Digital experience is how well or not a consumer experiences using an online service like shopping or banking.  A good digital experience includes when you searched for an item to buy online, you found it quickly, it was available to buy and you were able to checkout with little problems etc. A bad digital experience includes when the website or app runs very slowly, there were broken links, it required you to add in lots of information manually etc.” ‘Very negatively’ was defined as respondents selecting a score of 0, 1, or 2 on this scale. ‘Very positively’ was defined as respondents selecting a score of 8, 9, or 10 on this scale.
  • Millennials are defined as 18- to 34-year-olds and Baby Boomers are aged 45 and over.
  • Still thinking about cybersecurity when you are online (e.g., shopping online, using social media, online banking, etc.) on any device …  In general, which, if any, of the following do you feel should be responsible for the security of your personal data? (Please select all that apply.)

About Palo Alto Networks

Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world’s greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before. For more information, visit www.paloaltonetworks.com.

Palo Alto Networks, PAN-OS, and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and jurisdictions throughout the world. All other trademarks, trade names, or service marks used or mentioned herein belong to their respective owners.

SOURCE Palo Alto Networks, Inc.

Using outdated Wi-Fi security procedures is like buying a blast door and leaving the key in the lock

July 10th, 2019

Simple, everyday connectivity mistakes can be more damaging than expected. More shockingly, they often go unidentified.

When meeting a prospect in the cafeteria I overheard an employee asking a colleague how to connect his new phone to the Wi-Fi and was shocked to hear the mention of inputting AD (active directory) credentials. In a company, like this, which invests significantly in security, surely these outdated mistakes should have been put to rest long ago.

When I asked this employee if he knew who he was providing his credential to it became clear that the question had never even crossed his mind. He explained to me that he was accustomed to the dialog box on his screen, having encountered it using his previous phone which had required him to update Wi-Fi client settings each time his company’s passwords were changed every three months.

There are several security risks to be aware of in this case. Let me explain why.

Protocols such as PEAP (Protected Extensible Authentication Protocol) and TTLS (Tunnelled Transport Layer Security) were developed to provide enhanced security in Wi-Fi environments with minimal impact on the client (user) provisioning side, introducing username and password authentication. The principle is the following:

The client communicates with the authentication server by sending EAPoL (Extensible Authentication Protocol over Local Area Network) traffic to the AP that forwards it to the AAA (authentication, authorization, and accounting) server by encapsulating it into RADIUS (Remote Authentication Dial-In User Service) packets.

There are various EAP methods that specify the ‘language’ used to connect the client to the AAA server; PEAP and TTLS are just two examples of these languages. The principle is to facilitate the client to authenticate the server by verifying a digital certificate, establishing a secure tunnel with the AAA server. Once this tunnel has been established, user credentials can be sent securely.

This method has the advantage of offering secure authentication without having to deploy a certificate on each individual client, an expensive and time-consuming exercise. PEAP or TTLS were defined when mobile device management or device onboarding solutions were still in their infancy in the early 2000’s.

The issue with mechanisms of this kind is that they rely on the client side to decide which server certificate to accept. Most operating systems will allow users to select or configure preferred certificates, and some might also accept untrusted certificates providing appropriate user warnings. The user may not necessarily be familiar with the implications or the consequent risks of making the wrong decision, more often concerned with getting connected as soon as possible. If the AP (authentication protocol) and the AAA server were rogue devices, making the wrong choice could allow a malicious a person to obtain the user credentials needed to access network connectivity or any other IT system used by that company.

Today many solutions are available to centrally automate this process and prevent human error from causing potential security risks. While some are OS specific such as Apple Mobile Configurator or Microsoft Group Policy Manager there are others available which support a wide variety of operating systems such as Cloudpath Enrollment System or other Mobile Device Management solutions. Additionally, some of those solutions can create a device certificate on the fly and install them on the user equipment immediately. This allows certificate authentication to be achieved on the mobile device as well as previously connected equipment without the need for user credentials, allowing the network to identify the device and not just its user.

A centrally automated process could allow IT departments to implement different network access policies based on the device being used (accommodating both personal mobile devices and company-owned laptops). Not only does this type of differentiation achieve more convenient data access controls for the user, it significantly reduces the risk of data breaches in Wi-Fi security.

View the original press release The Ruckus Room.

What the UK’s most recent IoT legislation means for the industry

July 10th, 2019

The IoT represents a new chapter for the technology we use on a regular basis by bringing connective capabilities to billions of devices worldwide. However, with this development comes the question of security. For the large-scale deployment of these devices it’s crucial that consumers are assured the personal data they share with online devices will not be compromised. Indeed, the cybersecurity of these products is now as important as the physical security of our homes.

In 2018, the UK government conducted a review on the issue of securing IoT devices, seeking input from industry leaders, academic figures, and other stakeholders. It then gathered the responses to help identify what the rights and responsibilities of consumers and businesses regarding IoT security should be. The result of the review led to the government publishing the Code of Practice for Consumer IoT Security to set out some guidelines to all parties involved in the development, manufacturing and retail of consumer connected devices.

Although this code helped to instill a sense of confidence among businesses and consumers, it was not compulsory to adopt the suggestions, meaning irresponsible manufacturers were not obligated to change their ways. As a result, the UK government recently published a new statement in which it said that “despite providing industry with these tools to help address security in IoT, we continue to see significant shortcomings in many products on the market.”

To combat this problem the government now intends to make three security requirements mandatory. These include:

  • Providing unique passwords at sale that are not resettable to any universal factory setting
  • Ensuring there’s a public point of contact for cybersecurity issues relating to the device
  • Stating clearly via labels how secure the device is and for how long security updates would be made available

The attraction of these initial requirements lies in that they are easy to implement and enforce and would protect consumers and businesses from the security risks associated with these devices. Currently, for example, as many as one third of IoT attacks abuse weak passwords, so even creating legislation to combat this basic issue will be highly beneficial. The UK government is also looking at creating a compulsory labeling system to tell the consumer exactly how secure the device is. As it stands, however, the onus of this would be on the manufacturer providing the relevant label and it is currently not clear how many of the Code of Practice guidelines a device would have to conform to in order to be sold.

IoT Security is key to gain and retain consumer trust on privacy and to fulfill the full potential of the IoT promise. We are committed to provide leading edge IoT security solutions and services that protect connected devices – from the design and manufacturing stages, through to their entire lifecycle, guarding devices and data against cyberattacks.

We load unique, diversified IDs and security certificates in the cellular modules that will allow future devices to connect to the network. This means that security is built into the roots of connected devices, at the manufacturing stage, to avoid device cloning or ID theft. An advanced security lifecycle management tool is made available, to remotely manage devices, activate or revoke credentials, and ensure that the data sent by the devices goes to the right entities, without manipulation.  Our cybersecurity solution is in line  with what the UK IoT legislation is proposing.

Often overlooked, managing the lifecycle of security components across the device and cloud spectrum is a critical element for a robust and long-term digital security strategy. Security is not a one-off activity, but an evolving part of the IoT ecosystem, helping to cope with both new regulations and new kind of cyberthreats that will necessarily occur in the next years.

One of the key tenets of IoT security is that it must be a consideration at the very beginning of the design process, with the right expert knowledge brought in as early as possible. The latter the process of assessing, testing and hardening of IoT solutions is left, the more difficult and costly it is to get right.

It’s great to see that with this legislation the UK government is encouraging manufacturers to consider security from the start of the design and build processes. Hopefully, this would also encourage other governments to consider similar legislation as IoT security to help install a sense of confidence among businesses and consumers.

View the original post at Gemalto.com.

More Than 10M Australians Affected by a Single Data Breach, Reveals OAIC

June 21st, 2019

The Office of the Australian Information Commissioner (OAIC) found that a single data breach affected more than 10 million Australians.

In its latest Notifiable Data Breaches Quarterly Statistics Report, the OAIC reveals that it received 215 notifications of data breaches under the Notifiable Data Breach Scheme between 1 January and 31 March 2019. Nearly all of those security incidents (189) affected between one and 1,000 Australians. But there were a few events that claimed even more victims. Twelve of these data breaches affected 5,000 individuals, for instance, while two incidents compromised 25,000 people’s data. One data breach even affected more than 10 million Australians.

A closer look at report reveals that the majority of these data breaches (186 incidents, or approximately 88 percent) compromised Australians’ contact information. Slightly half of those security events (98) exposed victims’ financial details. Meanwhile, 55 data breaches compromised individuals’ identity information.

Malicious actors and criminals were responsible for most of the breaches disclosed to the OAIC within this reporting period. Indeed, malicious or criminal attacks accounted for 61 percent of data breach notifications in Q1 2019. Human error came at 75 data breaches, or 35 percent of the total, while system faults were responsible for just nine breaches or four percent of the total.

Those human error incidents warrant additional analysis, as a vast array of faults were behind those events. Personal information sent to the wrong recipient via email came in on top at 23 of the 75 human error data breaches. Close behind it was unauthorised disclosure (unintended release or publication) at 21 cases, which was followed by 12 instances of loss of paperwork/data storage device and nine occurrences where someone sent personal information to the wrong recipient via mail. Unauthorised disclosure (verbal or failure to redact), other occasions where someone sent personal data to the wrong recipient and a failure to use BCC when sending email were all responsible for three or fewer security instances each.

The first quarter of 2019 represents the first time that the number of data breaches reported to the OAIC decreased. Between Q2 2018 and Q3 2018, for instance, the total number of security incidents increased slightly from 242 to 245. The rate of growth was even more significant between Q3 2018 and Q4 2018 from 245 to 262.

But that doesn’t mean that organisations are any less safe now than they were in 2018. In acknowledgment of the NDB’s scheme, Australian Information Commissioner and Privacy Commissioner Angelene Falk explained that organisations need to take steps to protect themselves against digital threats. She said that one of the best ways they can do this is by investing in their users:

By understanding the causes of notifiable data breaches, business and other regulated entities can take reasonable steps to prevent them. Our report shows a clear trend towards the human factor in data breaches — so training and supporting your people and improving processes and technology are critical to keeping customers’ personal information safe.

To be sure, should balance these investments in their people with appropriate investments in technology. Specifically, they should encrypt all sensitive data at rest and in transit, securely store and manage all encryption keys and control user access and authentication. By implementing each of these measures, companies can protect themselves against data breaches.

View the original post at Gemalto.com.

Net-Ctrl Blog

How Brexit Impacts the Future of Europe’s Cybersecurity Posture

August 6th, 2019

The British parliament has been unable to agree the exit package from the European Union. With the possibility of a “no deal” departure looming, EU leaders have granted a six-month extension to Brexit day. But the uncertainty that still lingers with regards to Britain’s future, creates various opportunities which cyber criminals could try to exploit.

Given the situation, careful examination of Brexit’s direct and indirect implications must be made, if we are to better understand the potential ramifications of a “no deal” exit. Let’s begin by looking at relevant regulations.

A brief look at current and future legal frameworks

The EU recently adopted two key pieces of legislation designed to govern cybersecurity and privacy issues. The first piece of legislation, the General Data Protection Regulation (GDPR)1, regulates data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). The second regulation, the EU Network and Information Security Directive (NIS)2, provides legal measures to boost the overall level of cybersecurity in the EU.

For its part, the United Kingdom incorporated GDPR into its Data Protection Act 20183 and the NIS Directive into its NIS Regulations 20184, a political choice showing that the UK strategically desires to be aligned and, to a certain extent, compliant with the new EU regulations.

Governing the transfer of data

On February 6, the UK government published “Using personal data after Brexit”9. The guideline reveals that post-Brexit UK businesses will still be able to send personal data from the UK to the EU and that the UK will continue to allow the free flow of personal data from the UK to the EU (and the EEA area).

Data originating from the EU that comes into the UK will be a different story. It is illegal for an EU Member State business or organisation to export data to a non-EEA entity without specific legal safeguards in place. Since post-Brexit UK could, depending on the method of exit, be considered a “third country,” UK businesses will be subject to these safeguards.

Current & Post-Brexit Threat Landscape

In the UK, the number of data breaches reported to the Data Protection Commission11 rose by almost 70 percent last year, totaling 4,740 breaches during 2018. At the same time, UK organisations such as universities, businesses, online stores and social media (like Facebook) have been subject to breaches that affected millions of people.

Incident Handling

Today all European businesses, organisations and citizens can utilise a data breach reporting mechanism to notify only the Lead Supervisory Authority (LSA) in their country, to carry out investigations and to inform/coordinate with LSAs in other EU Member States in case of a cross-border cybersecurity incident.

In a post-Brexit future, UK-based businesses and organizations will need to legally notify not only the UK Lead Supervisory Authority, the Information Commissioner’s Office (ICO), but also each relevant Member State’s LSA.

Effects on the Workforce

What concerns me most is the cybersecurity skills shortage14. By limiting the right of free movement and enforcing stricter working visa requirements, Brexit could have a significant impact on the capability of Britain to fight against cyber criminals and nation state threats.

Additionally, UK based universities will potentially lose access to huge amounts of EU research funding because of Brexit.

What we can do to prepare?

On the cybersecurity front, UK companies will have to deal with a disappearing network perimeter, a rapidly expanding attack surface, the widening cybersecurity skills gap and the growing sophistication of cyber-attacks.

These issues are extremely difficult to be dealt with. In response, companies should focus on securing all of sensitive data by encrypting all data at rest and in transit, securely storing and managing all encryption keys and controlling user access and authentication. Doing so will help them staff safe in an increasingly uncertain world. With the rise in threats and the increasing value of data to cyber criminals, it’s important for businesses to know how they can adopt a Secure the Breach approach to protecting their most sensitive data and intellectual property.

View the original post at Gemalto.com.

Multiple Paths to Multigigabit Connectivity

August 6th, 2019

We recently announced the expansion of our multigigabit portfolio with the addition of the new R750 Wi-Fi 6 (802.11ax) access point (AP) and ICX 7150-C10ZP multigigabit switch. More specifically, the R750 is a dual-band, 4×4:4 (5GHz) + 4×4:4 (2.4GHz) AP with embedded IoT radios (BLE, Zigbee) and 2.5GbE support. In addition, the R750 is optimized for high client-density environments and supports the latest WPA3 Wi-Fi security standard.

As we’ve previously discussed on The Ruckus Room, the migration to Wi-Fi 6 is driving companies to upgrade their network infrastructure to support multigigabit infrastructure. As with all new technology, the initial multigigabit switches to hit the market were high-priced entries targeting early adopters. The technology has matured and sales shipments of Wi-Fi 6 APs have begun to ramp, though multigigabit switch options have been slower to expand.

Ruckus Networks (now part of CommScope) is pleased to be leading the charge by offering a range of multigigabit switch options that offer customers a choice of how they want to “dip their toes” into multigigabit and choose their level of investment. With our most recent announcement, Ruckus now offers:

High-performance Multigigabit
The ICX 7650-48ZP features 2.5/5/10 GbE access ports paired with 100 GbE uplinks to deliver top-of-line performance for high-density Wi-Fi 6 deployments where performance is essential. The switch provides customers the performance and capacity that they’ll need for the next 7-10 years.

Affordable Multigigabit
The ICX 7150-48ZP offers 1/2.5 GbE access ports for most Wi-Fi 5 and Wi-Fi 6 deployments. Based on our entry-level switch series, it delivers more than double the performance of gigabit switches at a surprisingly affordable price.

Mini-Multigigabit
The ICX 7150-C10ZP features multigigabit access ports (both 2.5/5/10 GbE and 1/2.5 GbE) in a small form factor that’s fanless for silent operation. Four ports are PoE-enabled with up to an industry-best 90W. Like all Ruckus ICX switches, the ICX 7150-C10ZP can be stacked with other ICX 7150-family switches within a single wiring closet or across closets or classrooms. This switch is ideal for deployments where only a few multigigabit ports are needed. See my companion blog about uses for this compact multigigabit switch.

What’s the right switch for you? Contact Net-Ctrl on 01473 281 211, or email sales@net-ctrl.com.

MOBOTIX obtains the CNPP trust passport, integrating the cyber-security dimension in all of its digital video surveillance camera systems (IoT).

July 11th, 2019

PMOBOTIX is pleased to announce that it has obtained the certification “CNPP certified,” which integrates the cyber-security dimension.

MOBOTIX is the first manufacturer in Europe to obtain “CNPP certified” product certification for its video surveillance cameras, offering a guarantee of IT and electronic “resistance” to cyber-attacks. 

“This recognition is proof of quality, performance, and also of the trust of our customers at a time when digital security is becoming a key issue for all stakeholders,” says Patrice Ferrant, Regional Sales Manager, MOBOTIX.

MOBOTIX announced its intention to focus more on cyber-security over one and a half years ago, in particular by launching the “MOBOTIX Cactus Concept.” “The objective of this initiative is to promote cyber-security in the area of video protection and video-telephony. An integral part of our strategy is to develop a series of product-integrated tools and features that allow IT security administrators to protect their systems. Now that we have passed a series of tests validated by CNPP, it is truly rewarding to announce our certification today,” added Ferrant.

CNPP is a key player in risk prevention and control in the areas of fire/explosion security, security/malicious acts, cyber-security, environmental issues, and occupational risks.

“After several years of R&D and confronted with rising threats of cyber-attacks, CNPP developed a method for assessing the robustness of security/safety products against cyber-attacks. This approach allows us to add resistance to cyber-attacks to the functional security/safety characteristics that are already certified. This new acknowledgment, represented by the @ symbol combined with our certification marks, allows for the addition of a third-party assessment of the products’ ‘security by design.’ The cyber-security work was led by CNPP in association with the National Cyber-security Agency of France (ANSSI) with the aim of providing suitable validation for security/safety products that is completely compatible and complementary to specific ANSSI acknowledgments (FLSC*, common criteria, etc.). Today, these new CNPP Certified trust passports delivered for video surveillance cameras add a cyber-security dimension to the list of electronic security equipment already certified @ (NF & A2P @, A2P @, CNPP Certified), which allows the overall inclusion of the cyber-security dimension by CNPP, with the integration of best practices for installation and IP-connected security/safety maintenance and with the frame of reference APSAD D32 through APSAD service certifications,” says Nathalie Labeys, Head of Pôle Electronique de Sécurité CNPP Cert.

FLSC: First level security certification

View the original post at Mobotix.com.

Is there such a thing as too much Wi-Fi?

July 10th, 2019

Ever gone into a store and looked up? You’d be surprised what you can find hanging off the ceilings.

Like where I’m hanging out now—one of those tiny mobile phone stores. It’s not a large space but there are three Wi-Fi APs hanging off the ceiling in a retail space of about 400 sq. ft. (37 m2). That’s roughly equal to one AP for every 133 sq. ft. (12 m2).  Does such a small place really need three APs?

Is Three a Crowd?

People who study crowd density have rules of thumb to estimate the number of people that can occupy a given space. A loose crowd, where everyone is about an arm’s length from their neighbor, requires roughly 10 square feet (1 square meter) per person.

At that density, you could pack forty people in this store. It would be uncomfortable and leave no room for shelves, tables, or check-out counters. Anyone who has shopped around a major holiday knows what it’s like to look inside a jam-packed retail store and say “Hard pass”.

Back to those APs blinking above me. Let’s assume everyone here has a Wi-Fi-enabled smartphone. At our maximum crowd capacity, that’s 40 devices, plus a few more if the store uses Wi-Fi for point-of-sale (POS) devices. Let’s round up to 60.

You might think to yourself, “60 devices divided by three APs is only 20 devices per AP. That’s great!” Except most APs have dual radios. The actual number will be 10 devices per radio.

I can hear you now. You’re probably the person behind me in the check-out line wondering why this woman is muttering to herself about APs. “Isn’t fewer devices per radio better?” you’d say.

Maaaybe.

First, is everyone really going to be using all of those devices at the same time? The answer is almost certainly no. Let’s assume 50% of these devices are actively used at any given time for email, web surfing,  cat videos, writing blogs, and so on. Everyone else is shopping, paying at the register or wondering if they have time for a Starbucks run later.

That leaves us with 30 active Wi-Fi devices: 5 per AP radio, or 10 per AP.

If that’s the case, why, you might ask, would someone put not one, or two, but three APs on their ceiling? This is not a physics or math problem. The answer, I suspect, lies in an intuitive understanding everyone shares: If a little bit of something is good, more is better.

But like ketchup on French fries or water in a bathtub, there is a limit after which more  makes things worse instead of better. Wi-Fi is like that. Flooding a space with more and more RF reaches a point where you’re gonna spend more time with a mop than enjoying a relaxing bath.

Here at Ruckus, we spend a lot of our hard-earned research dollars figuring out how to make Wi-Fi work even better and support more devices per AP. Not only does it give you more Wi-Fi for the dollars you spend, but it also reduces the potential for too much RF interference and the terrible troubles it would unleash on an unsuspecting IT network engineer. If you’re interested in learning more about RF interference and its impact on Wi-Fi capacity, check out this blog on the 3 myths of Wi-Fi – interference, capacity, and roaming. While you’re there, check out some other blogs written by really smart people who probably don’t stand in check-out lines staring at the ceiling and muttering to themselves.

In the meantime, keep an eye out and don’t be afraid to ask, “Is more really better?”


Continue reading:
3 Ways IT can be an OT Hero
Breaking up with old network paradigms

View the original post at The Ruckus Room.

A More Secure Everywhere. From Containers to Serverless and Beyond!

July 10th, 2019

By Sai Balabhadrapatruni

Today is an exciting day for Palo Alto Networks and its customers as we complete our acquisition of Twistlock. The addition of Twistlock further strengthens our capabilities in cloud security and will help customers accelerate their journey to the cloud with consistent and comprehensive security across public, private and hybrid cloud deployments. This is hot off the heels of our acquisition of PureSec, a leader in protecting serverless applications.

Most modern applications utilize a mix of platform as a service (PaaS), VMs, serverless and other resources offered by cloud service providers. The acquisitions of Twistlock and PureSec further advance Prisma leadership in cloud security by providing customers with a comprehensive set of security protections across the entire continuum of cloud workloads. 

With Twistlock and PureSec part of the Prisma cloud security suite, customers will benefit from these capabilities: 

  • Twistlock, the leader in container security, brings vulnerability management, compliance and runtime defense for cloud-native applications and workloads. 
  • PureSec empowers enterprises to embrace serverless technologies, such as AWS Lambda, Google Cloud Functions, Azure Functions and IBM Cloud Functions, without compromising on security, visibility and governance. 

Current Twistlock Customers Continue to Reap the Security Benefits 

If you’re a customer of Twistlock’s stand-alone offering, you’ll continue to receive the industry’s leading container security capabilities for your company with the same focus on simplicity, innovation and effectiveness. We’ll continue to invest in this offering, and the team will remain under the direction of Twistlock co-founder and CEO, Ben Bernstein. Over time, you’ll see more payoff to your investment as we integrate Twistlock into Prisma and provide you the broadest and most consistent security capabilities across public and private clouds.

Prisma: Cloud Security for Today and Tomorrow

Prisma™ by Palo Alto Networks – including best-in-class capabilities from Twistlock and PureSec – is the industry’s most complete cloud security offering for today and tomorrow. It provides unprecedented visibility into data, assets and risks in the cloud; consistently secures access, data and applications without compromises; enables speed and agility as organizations embrace the cloud; and reduces operational complexity and cost with a radically simple architecture.

Regardless of how your business is taking advantage of the cloud, Prisma secures your end-to-end cloud journey:

  • Secure Access: Take advantage of secure access to the cloud from branch offices and for mobile users in any part of the world without compromising the user experience.
  • Secure SaaS: Bring together data protection, governance and compliance to safely enable SaaS application adoption.
  • Secure Public Cloud: Get continuous security monitoring, compliance validation and cloud storage security capabilities across multi-cloud environments. Plus, simplify security operations through effective threat protections enhanced with comprehensive cloud context.
  • VM-Series Virtualized Next-Generation Firewall: Embedding the VM-Series in your application development life cycle to complement native security services can prevent data loss and business disruption, allowing your public cloud migration to accelerate.

A More Secure Everywhere 

We’re excited to add Twistlock’s and PureSec’s technologies to our cloud security suite and welcome two exceptional teams that bring additional cloud expertise to Palo Alto Networks. 

View the original post at Palo Alto Networks.

Are your wiring closets multi-gigabit capable?

July 10th, 2019

Since the inception of ethernet switching back in the 1990s, the industry had normally introduced speed increments in variables of 10x. Over time we moved from 10 Megabits per Second (Mbps) to 100, 100 Mbps to 1 Gigabits per Second (Gbps), etc. So, when the new multi-gigabit standard was introduced in 2016 (802.3bz), many wondered why the industry would deviate from a tried and true system of growth to introduce 2.5 and 5 Gigabit Ethernet (GbE) copper derivatives.

Truth is that the deviation from 10x increments actually started when the IEEE ratified the 100GbE standard back in 2010 (802.3ba). The addition of 40GbE as an option in that standard allowed the server virtualization and cloud phenomena boom to continue to grow, as many servers were capable of pushing much higher network data rates once they had multiple applications utilizing a much higher percentage of their capacity. The cost of a multiport 100GbE switch at the time would have been cost prohibitive to a majority of companies, so the move to 40GbE allowed manufacturers to produce a product that could meet the demands of the data center market at an affordable cost.

Fast forward five years to the current 2.5/5GbE addition and once again the industry is trying to assist customers in making the most out of what they have while keeping up with technological advances. With the eruption of Internet of Things (IoT) devices and the wireless industries continued advancement in WiFi speeds, there’s a need to be able to provide more than the current 1Gbps bandwidth that older WiFi access points required. As an example, the WiFi 6 standard (802.11ax) is capable of providing 1Gbps per spatial stream to wireless end-user devices. Most high-end access points have four spatial streams, so the theoretical ethernet requirement from a WiFi 6 access point upstream to the switch would be more than 4Gbps. Ruckus even sells an eight spatial stream access point that doubles that requirement to 8Gbps. These are theoretical maximums, and you should engineer your network to expect fifty to seventy-five percent of actual throughput from these devices in real-world situations, so the 2.5 and 5GbE standards are required to utilize the newest access points, without making them a bottleneck in your environment.

Another issue is that if we stayed with the 10x progression of the past, you’d be required to provide 10GbE to these access points, moving from 1GbE to 10GbE over copper. But 10GbE over copper requires you to have Category 6A copper installed in your infrastructure. The majority of older wiring closets and data jack cable runs are still Category 5e, which would not be able to handle the 10GbE speeds…but they could handle the 2.5GbE speeds at the same 100-meter limits that applied to the 1GbE devices. If you’re blessed and have Category 6 installed (the predecessor to 6A), you can actually run 5GbE 100 meters as well, maximizing the cabling that you already have, to provide a better networking experience to your WiFi and power users.

I’m not advocating that you go out and replace every switch in every closet with multi-gigabit switches today, although there are plenty of vendors, Ruckus included who would love to help you with that. I am advocating that you find out what your options are for adding multi-gigabit capabilities to your existing closet today, before you have to do it at the same time as your next wireless upgrade, or when the computer industry starts shipping 2.5GbE ports in the back of every CPU and your power users are demanding the additional bandwidth.

Given that the typical lifecycle of a wireless network is three to five years, and the typical lifecycle of a wired network is five to seven years (ten years in the education verticals), there’s a high probability that you’ll be implementing WiFi 6 in your network long before you have the opportunity to upgrade the switching infrastructure that it needs to run on. Is your wiring closet ready for a device that requires more bandwidth, and more Power over Ethernet (PoE) than any port on your current switch or stack of switches can provide? Does the switching vendor you currently use provide flexibility to mix and match your current 1GbE switches with some newer multi-gigabit (2.5/5GbE) switches in the same stack, or do you have to upgrade the entire stack to a new, higher-end model line? There are switch vendors who offer multi-gigabit capabilities in their lowest end stackable switches. Does your current switch vendor allow you to grow your wiring closet stack size above eight switches, allowing you to insert additional multi-gigabit switches in those higher-density closets where you may be maxed out at eight already? There are vendors out there that will let you grow your wiring closet stack well past eight, some as high as twelve switches.

The bottom line is that the requirement for higher speed wired networking at the edge is already here, and it’s only going to grow as the computer industry adds multi-gigabit as the default network interface on desktop computers, and WiFi 6 as the default wireless specification on laptops. If you’ve got a project planned to upgrade your wiring closets, heed my warning, since the switches you buy now have to get you through the next one or two generations of WiFi that are coming, and your wired power users as they start to get workstations with these higher speed capabilities built-in. As always, the entire Ruckus Technical Family is here to help you with any questions or requirements you may have concerning your next wired or wireless project.


Continue reading:
Using outdated Wi-Fi security procedures is like buying a blast door and leaving the key in the lock
Are you ready for a Network-as-a-Service model?

View the original post at The Ruckus Room.

A Quarter of People in EMEA Prefer their Cybersecurity Managed by Artificial Intelligence

July 10th, 2019

Palo Alto Networks finds over half of respondents take responsibility for their data online

An online study of more than 10,000 respondents in EMEA conducted by Palo Alto Networks and YouGov alongside Dr Jessica Barker, an expert in the human nature of cybersecurity, explores attitudes towards new cybersecurity technologies, such as artificial intelligence (AI), and how these technologies protect their digital way of life.

Just over a quarter (26%) of EMEA respondents would prefer their cybersecurity to be managed by AI rather than a human. Italy has the most confidence in relying on AI (38%), while in the UK only 21 percent of people prefer AI over humans to protect their digital way of life. [each market to add local insight].

The research suggests that those who are more open to AI technologies have a positive outlook on the role cybersecurity plays in their day-to-day lives. Almost a third (29%) of respondents online who preferred their cybersecurity managed by AI feel having cybersecurity checks in place has a very positive impact on their overall online experience, compared to the combined average of 20 percent.

Greg Day, VP and CSO EMEA at Palo Alto Networks, comments on the findings: “AI is already playing a vital role in cybersecurity, helping to detect and prevent breaches with new capabilities that the human brain simply could not achieve. It is encouraging, therefore, to see the gap closing between AI- and human-managed cybersecurity technologies, and the positive attitude towards cybersecurity checks that comes with a preference for AI technologies is one we hope to see embraced by more people in the future. Humans are risk averse, yet innovation requires taking new steps, and many still see change as risk. Taking responsibility for data loss and keeping personal data secure is the first step in ensuring we are using best practice within a business, and education is key in helping respondents feel safer online.”

The study also uncovered mixed views on the perceived security of internet of things (IoT) technologies, such as smart home devices and wearables: 38 percent of EMEA respondents believe them to be secure, with a similar number (43%) thinking the opposite. However, this did vary across the region, with those in the UAE most trusting of IoT’s security (71% believe it to be secure), whereas a higher proportion in Germany (53%), France (48%), and the UK (46%) believe them to be insecure.

Topics like data privacy and ethics are becoming more mainstream, and Dr Jessica Barker says it’s not surprising to see hesitation in adopting new technologies like AI and IoT, commenting: “When any new technology emerges, there is often a reticence among many to embrace the change, even when it offers an improvement to our way of life. Telephones, trains and televisions were all a source of fear for the general public when they were first introduced. Many people are unaware of the way in which AI and machine learning are already enabling our use of technology, protecting our data and preventing cyberattacks, largely because it is often non-invasive to the end-user. This can mean people feel hesitant about the concept of embracing AI, without realising that it is already a positive presence in their lives. It is interesting to note that IoT is considered insecure by the majority of participants, whereas most people feel that technology, in general, is helping them to be more secure online. This suggests that the technology industry needs to address security and privacy concerns surrounding IoT in a meaningful and transparent manner.”

Other key findings from the online research include:

  • While there is a generational divide when it comes to preferring cybersecurity managed by AI, it isn’t as polarising as expected, with Millennials showing a marginal preference (31%) compared to Baby Boomers (23%).iv
  • Cybersecurity self-reliance is a global trend with 54 percent of respondents taking responsibility for their personal data when online:
    • The divide between the younger (18-24) and older (55+) generations is more prominent here, with only 43 percent of the younger demographic taking responsibility for their own personal data compared to 58 percent of those aged 55 and above.
  • A quarter (25%) of respondents feel cybersecurity should be the responsibility of law enforcement, and 28 percent feel it is down to the government.
  • The cybersecurity message is getting through to people; a majority of respondents (44%) agree that cybersecurity technologies give them the ability to spend less time worrying about personal data loss, versus the 14 percent who disagree.
  • 67 percent of respondents feel they are doing all they can to prevent the loss of their personal data:
    • This rises to 75 percent of respondents ages 55 and over and falls to 59 percent for 25- to 34-year-olds.
    • 77 percent of respondents in the UAE and France agree with this statement, while only 60 percent of those in Italy and Sweden agree.

Dr Barker adds: “Trust is so important in cybersecurity. People want to be actively engaged in better protecting themselves online, and they embrace technology that supports them in this. The knowledge acquired can then be transferred to other areas of their lives, most importantly, the workplace. It is interesting to see that older participants feel a greater sense of responsibility over their data than younger participants. There are a number of factors which could help explain this, one being that the older generation are more likely to have been exposed to cybersecurity training and practices in the work environment, and this could have influenced their mindset to be more security conscious. It could also be that the younger generation is more likely to regard security as a collective responsibility, as part of a culture that is more centred on sharing.”

Greg Day concludes: “The results of this study provide some key takeaways for businesses. It’s important that they take into account perceptions of technologies like AI and IoT when developing new products and services, as well as getting ahead of new threats targeting the next-generation networks they will rely on. Building and maintaining trusted capabilities will only be achieved through prioritising cybersecurity and data privacy, and communicating openly and honestly. Through applying these new technologies responsibly and adopting them into our day to day lives, we can create a world where each day is safer and more secure than the one before.”

About the Research

All figures, unless otherwise stated, are from YouGov Plc. Total sample size was 10,317 adults, of which 1,016 were from Netherlands; 1,021 were from Italy; 1,005 were from UAE; 1,041 were from France; 1,953 were from Sweden; 2,181 were from Germany; and 2,100 were from the UK. Fieldwork was undertaken between 29 April and 16 May 2019. The survey was carried out online. The figures have been weighted and are representative of all adults (aged 18+) in each country:

  • Countries surveyed were Netherlands, Italy, UAE, France, Sweden, Germany, and the UK.
  • Thinking about cybersecurity when you are online (e.g., shopping online, using social media, online banking, etc.) on any device … ;Which ONE, if either, of the following would you prefer?

  • Respondents online were given the following description to read before answering to what extent cybersecurity checks (i.e., checks that you need to pass to be able to pay for a product/service online; e.g., proving you are ‘not a robot’ [CAPTCHA], re-entering passwords/details) positively or negatively impact their overall digital experience on a 0 to 10 positivity scale with 0 being very negatively, 10 being very positively.
“Digital experience is how well or not a consumer experiences using an online service like shopping or banking.  A good digital experience includes when you searched for an item to buy online, you found it quickly, it was available to buy and you were able to checkout with little problems etc. A bad digital experience includes when the website or app runs very slowly, there were broken links, it required you to add in lots of information manually etc.” ‘Very negatively’ was defined as respondents selecting a score of 0, 1, or 2 on this scale. ‘Very positively’ was defined as respondents selecting a score of 8, 9, or 10 on this scale.
  • Millennials are defined as 18- to 34-year-olds and Baby Boomers are aged 45 and over.
  • Still thinking about cybersecurity when you are online (e.g., shopping online, using social media, online banking, etc.) on any device …  In general, which, if any, of the following do you feel should be responsible for the security of your personal data? (Please select all that apply.)

About Palo Alto Networks

Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world’s greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before. For more information, visit www.paloaltonetworks.com.

Palo Alto Networks, PAN-OS, and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and jurisdictions throughout the world. All other trademarks, trade names, or service marks used or mentioned herein belong to their respective owners.

SOURCE Palo Alto Networks, Inc.

Using outdated Wi-Fi security procedures is like buying a blast door and leaving the key in the lock

July 10th, 2019

Simple, everyday connectivity mistakes can be more damaging than expected. More shockingly, they often go unidentified.

When meeting a prospect in the cafeteria I overheard an employee asking a colleague how to connect his new phone to the Wi-Fi and was shocked to hear the mention of inputting AD (active directory) credentials. In a company, like this, which invests significantly in security, surely these outdated mistakes should have been put to rest long ago.

When I asked this employee if he knew who he was providing his credential to it became clear that the question had never even crossed his mind. He explained to me that he was accustomed to the dialog box on his screen, having encountered it using his previous phone which had required him to update Wi-Fi client settings each time his company’s passwords were changed every three months.

There are several security risks to be aware of in this case. Let me explain why.

Protocols such as PEAP (Protected Extensible Authentication Protocol) and TTLS (Tunnelled Transport Layer Security) were developed to provide enhanced security in Wi-Fi environments with minimal impact on the client (user) provisioning side, introducing username and password authentication. The principle is the following:

The client communicates with the authentication server by sending EAPoL (Extensible Authentication Protocol over Local Area Network) traffic to the AP that forwards it to the AAA (authentication, authorization, and accounting) server by encapsulating it into RADIUS (Remote Authentication Dial-In User Service) packets.

There are various EAP methods that specify the ‘language’ used to connect the client to the AAA server; PEAP and TTLS are just two examples of these languages. The principle is to facilitate the client to authenticate the server by verifying a digital certificate, establishing a secure tunnel with the AAA server. Once this tunnel has been established, user credentials can be sent securely.

This method has the advantage of offering secure authentication without having to deploy a certificate on each individual client, an expensive and time-consuming exercise. PEAP or TTLS were defined when mobile device management or device onboarding solutions were still in their infancy in the early 2000’s.

The issue with mechanisms of this kind is that they rely on the client side to decide which server certificate to accept. Most operating systems will allow users to select or configure preferred certificates, and some might also accept untrusted certificates providing appropriate user warnings. The user may not necessarily be familiar with the implications or the consequent risks of making the wrong decision, more often concerned with getting connected as soon as possible. If the AP (authentication protocol) and the AAA server were rogue devices, making the wrong choice could allow a malicious a person to obtain the user credentials needed to access network connectivity or any other IT system used by that company.

Today many solutions are available to centrally automate this process and prevent human error from causing potential security risks. While some are OS specific such as Apple Mobile Configurator or Microsoft Group Policy Manager there are others available which support a wide variety of operating systems such as Cloudpath Enrollment System or other Mobile Device Management solutions. Additionally, some of those solutions can create a device certificate on the fly and install them on the user equipment immediately. This allows certificate authentication to be achieved on the mobile device as well as previously connected equipment without the need for user credentials, allowing the network to identify the device and not just its user.

A centrally automated process could allow IT departments to implement different network access policies based on the device being used (accommodating both personal mobile devices and company-owned laptops). Not only does this type of differentiation achieve more convenient data access controls for the user, it significantly reduces the risk of data breaches in Wi-Fi security.

View the original press release The Ruckus Room.

What the UK’s most recent IoT legislation means for the industry

July 10th, 2019

The IoT represents a new chapter for the technology we use on a regular basis by bringing connective capabilities to billions of devices worldwide. However, with this development comes the question of security. For the large-scale deployment of these devices it’s crucial that consumers are assured the personal data they share with online devices will not be compromised. Indeed, the cybersecurity of these products is now as important as the physical security of our homes.

In 2018, the UK government conducted a review on the issue of securing IoT devices, seeking input from industry leaders, academic figures, and other stakeholders. It then gathered the responses to help identify what the rights and responsibilities of consumers and businesses regarding IoT security should be. The result of the review led to the government publishing the Code of Practice for Consumer IoT Security to set out some guidelines to all parties involved in the development, manufacturing and retail of consumer connected devices.

Although this code helped to instill a sense of confidence among businesses and consumers, it was not compulsory to adopt the suggestions, meaning irresponsible manufacturers were not obligated to change their ways. As a result, the UK government recently published a new statement in which it said that “despite providing industry with these tools to help address security in IoT, we continue to see significant shortcomings in many products on the market.”

To combat this problem the government now intends to make three security requirements mandatory. These include:

  • Providing unique passwords at sale that are not resettable to any universal factory setting
  • Ensuring there’s a public point of contact for cybersecurity issues relating to the device
  • Stating clearly via labels how secure the device is and for how long security updates would be made available

The attraction of these initial requirements lies in that they are easy to implement and enforce and would protect consumers and businesses from the security risks associated with these devices. Currently, for example, as many as one third of IoT attacks abuse weak passwords, so even creating legislation to combat this basic issue will be highly beneficial. The UK government is also looking at creating a compulsory labeling system to tell the consumer exactly how secure the device is. As it stands, however, the onus of this would be on the manufacturer providing the relevant label and it is currently not clear how many of the Code of Practice guidelines a device would have to conform to in order to be sold.

IoT Security is key to gain and retain consumer trust on privacy and to fulfill the full potential of the IoT promise. We are committed to provide leading edge IoT security solutions and services that protect connected devices – from the design and manufacturing stages, through to their entire lifecycle, guarding devices and data against cyberattacks.

We load unique, diversified IDs and security certificates in the cellular modules that will allow future devices to connect to the network. This means that security is built into the roots of connected devices, at the manufacturing stage, to avoid device cloning or ID theft. An advanced security lifecycle management tool is made available, to remotely manage devices, activate or revoke credentials, and ensure that the data sent by the devices goes to the right entities, without manipulation.  Our cybersecurity solution is in line  with what the UK IoT legislation is proposing.

Often overlooked, managing the lifecycle of security components across the device and cloud spectrum is a critical element for a robust and long-term digital security strategy. Security is not a one-off activity, but an evolving part of the IoT ecosystem, helping to cope with both new regulations and new kind of cyberthreats that will necessarily occur in the next years.

One of the key tenets of IoT security is that it must be a consideration at the very beginning of the design process, with the right expert knowledge brought in as early as possible. The latter the process of assessing, testing and hardening of IoT solutions is left, the more difficult and costly it is to get right.

It’s great to see that with this legislation the UK government is encouraging manufacturers to consider security from the start of the design and build processes. Hopefully, this would also encourage other governments to consider similar legislation as IoT security to help install a sense of confidence among businesses and consumers.

View the original post at Gemalto.com.

More Than 10M Australians Affected by a Single Data Breach, Reveals OAIC

June 21st, 2019

The Office of the Australian Information Commissioner (OAIC) found that a single data breach affected more than 10 million Australians.

In its latest Notifiable Data Breaches Quarterly Statistics Report, the OAIC reveals that it received 215 notifications of data breaches under the Notifiable Data Breach Scheme between 1 January and 31 March 2019. Nearly all of those security incidents (189) affected between one and 1,000 Australians. But there were a few events that claimed even more victims. Twelve of these data breaches affected 5,000 individuals, for instance, while two incidents compromised 25,000 people’s data. One data breach even affected more than 10 million Australians.

A closer look at report reveals that the majority of these data breaches (186 incidents, or approximately 88 percent) compromised Australians’ contact information. Slightly half of those security events (98) exposed victims’ financial details. Meanwhile, 55 data breaches compromised individuals’ identity information.

Malicious actors and criminals were responsible for most of the breaches disclosed to the OAIC within this reporting period. Indeed, malicious or criminal attacks accounted for 61 percent of data breach notifications in Q1 2019. Human error came at 75 data breaches, or 35 percent of the total, while system faults were responsible for just nine breaches or four percent of the total.

Those human error incidents warrant additional analysis, as a vast array of faults were behind those events. Personal information sent to the wrong recipient via email came in on top at 23 of the 75 human error data breaches. Close behind it was unauthorised disclosure (unintended release or publication) at 21 cases, which was followed by 12 instances of loss of paperwork/data storage device and nine occurrences where someone sent personal information to the wrong recipient via mail. Unauthorised disclosure (verbal or failure to redact), other occasions where someone sent personal data to the wrong recipient and a failure to use BCC when sending email were all responsible for three or fewer security instances each.

The first quarter of 2019 represents the first time that the number of data breaches reported to the OAIC decreased. Between Q2 2018 and Q3 2018, for instance, the total number of security incidents increased slightly from 242 to 245. The rate of growth was even more significant between Q3 2018 and Q4 2018 from 245 to 262.

But that doesn’t mean that organisations are any less safe now than they were in 2018. In acknowledgment of the NDB’s scheme, Australian Information Commissioner and Privacy Commissioner Angelene Falk explained that organisations need to take steps to protect themselves against digital threats. She said that one of the best ways they can do this is by investing in their users:

By understanding the causes of notifiable data breaches, business and other regulated entities can take reasonable steps to prevent them. Our report shows a clear trend towards the human factor in data breaches — so training and supporting your people and improving processes and technology are critical to keeping customers’ personal information safe.

To be sure, should balance these investments in their people with appropriate investments in technology. Specifically, they should encrypt all sensitive data at rest and in transit, securely store and manage all encryption keys and control user access and authentication. By implementing each of these measures, companies can protect themselves against data breaches.

View the original post at Gemalto.com.