Survey Says… Zero-Day Attacks and Evasive Malware are Biggest Risks

We thought you’d be interested in some initial findings from the recent Palo Alto survey of Ignite attendees. The survey uncovered the cybersecurity pain points these event attendees face, what keeps them up at night, and what specific concerns they have for their organisations.

The majority of respondents reported zero-day attacks and evasive malware represent the biggest risks. Social engineering attacks and insider threats are close behind.

Palo_Alto_Bog_ImagePalo Alto emphasised that with so many attacks detection in itself is not enough – prevention is key – stopping these attacks before they damage your brand or steal your valuable customer and corporate data.

Palo Alto deliver…

 ‘…a tightly integrated enterprise security platform that delivers automated prevention against known and unknown threats at every point in the kill chain.’

Download a copy of Cyber Security for Dummies here for hints and tips on the cybersecurity landscape, why traditional security solutions fail and best practices on how to control APTs.

Looking Behind The Attacks: The Top 3 Attack Vectors to Understand in 2015

We saw an unprecedented number of high profile cyber-attacks and malware infections reported in 2014 – Target, Snapchat, eBay and Adobe (to name a few). This has brought cyber security much more into focus, not only for c-level executives and cyber security analysts, but also for world leaders. The complexity of these attacks and the frequency that we saw in 2014, begs the question what does 2015 hold?

In this whitepaper our security experts look behind the attacks and highlight the key elements that malware, advanced persistent threats (APT) and other cyber-attacks typically use to infiltrate networks and how businesses like yours, can protect their valuable assets and data.

Download it hereWhitePaperImage

The Harsh Reality of Cyber Protection

Harsh Reality – We Are More At Risk Than Ever

Palo_Alto_BlogHere’s a very useful webinar from our partners at Palo Alto Networks on the Harsh Realities of Cyber Protection.

If you have concerns about your risk to attack join our Ultimate Test Drive Event 15th April, London. Register here.

The endpoint is where the security war is now taking place; attackers are getting more advanced, deploying unknown exploits and unique malware that current day security is simply not equipped to prevent or even detect. Palo Alto Networks walk you through the shortcomings of existing endpoint security, and why it’s leaving your enterprise vulnerable to sophisticated and zero-day attacks, waiting for detection and remediation to step in, which is too little too late.

View the webinar on the Palo Alto website here.

The best data protection advice you’re not taking – Part 3.

Why your corporate data protection should start in the DMZ.

dave_h_colourBy David Hone, Security Specialist, Netutils

Views expressed in this post are original thoughts posted by David Hone. These views are his own and in no way do they represent the views of the company.

With reference to part one of my three part blogging series, there’s a lot of data out there being created and shared and in amongst all that data are huge volumes of valuable personal and corporate information. By valuable I mean hackers want to nick it, sell it and exploit it.

Also, the potential cost to your company of a data breach should not be underestimated. 2014’s Ponemon institute report shows that the risk and cost of data breaches continues to grow. The average cost of a corporate data breach is estimated at $3.5 million – 15% more than in 2013.

Part 3 of this blogging series looks at ways to protect company data in transit & at rest and attempts to answer why your corporate data protection should start in the DMZ.

Most companies when asked how they currently share data with contractors and suppliers most often describe using email or if files are too large for email they describe placing files on a SFTP server, most often located in their DMZ. This diagram illustrates the process where Company A employee shares a document with Company B employee:


Whilst a number of different security elements can be applied to this method of data transfer such as secure SFTP and locking down access based on the source IP, the fact still remains that documents can potentially lay at rest in two DMZ zones, and more often than not there are no policies and procedures around how long the documents reside there and if they ever get deleted or encrypted whilst being held in the DMZ. Having files lingering around the DMZ poses a security risk. Often the DMZ is the first place hackers look in order to collect the additional information necessary to launch the next phase of an attack. The DMZ is often open to incoming service data, and any open service port is potentially a route in for a hacker.

How to limit data leakage from the DMZ

Removing the risk of data leakage from the DMZ requires a new focus and approach around how your organisation shares data with trusted suppliers and customers. There are however issues around this:

  1. Individuals or organisations outside of your company or domain cannot normally share data because they are not trusted by your network
  2. There are many data sources within an organisation and various ways in which that data is moved and accessed by trusted suppliers and customers
  3. Managing the availability of data with customers and suppliers. All too often data is placed in a SFTP server located in a DMZ which has no managed policies around it, meaning that there is no stipulation around how it is accessed, how it is secured, who has access rights to it and how long it remains available, and, when that data is delivered to the endpoint, there is no control around the document and how it is distributed, copied and managed.

One approach to this dilemma would be to remove the DMZ completely; this sounds somewhat radical as it means that for all its faults you have somewhat removed your first line of defence against attacks against your internal network. If however you could remove the need to have the SFTP located in the DMZ then this would be a step forward as it would reduce the risk of having data lingering around the DMZ. This would work reasonably well when used in connection with Cloud based file sharing systems, however the main draw back here is that the data has already left your organisation and in many cases is not protected whilst in transit or at rest in the cloud.

An alternative solution to the problem can be illustrated below using ‘Secure Managed File Transfer’ from Safe-T. Safe-T is a secure email and data exchange solution. Illustrated below is a typical set-up of secure data that needs to be shared with a third party in this case an insurance broker. The data starts by being held in the IBM document management system inside the corporate LAN, the challenge is how to securely share information with the agent outside the trusted environment and not release any information until the endpoint has been properly identified and verified.


The process starts by the IBM system signalling that there is a new document available that needs to be securely delivered by the Safe-T server also located in the secure LAN environment (shown in blue with a safe dial), the document is then collected and secured using encryption into the Safe-T server, policies are put into place around the document that define how long the document should be stored, types of availability and access required and to whom it must be delivered. Safe-T then optionally signs the document, looks up the customer credentials and then sends out a verification notice and link by way of using two factor authentication to the target. Once the target correctly identifies themselves the document is securely delivered to the target by way of an SSL secure link, once the document is delivered optional security features control how the long the document can be viewed, distributed or even printed.

One of the key elements of this type of solution is that the document doesn’t leave the sender’s organisation until the target has correctly identified themselves. Additionally the document is not held in the DMZ, and attackers cannot launch an attack from the DMZ to the LAN environment. Why? Because there are no incoming holes into the LAN from the DMZ. All incoming HTTPS requests are held in a queue in the “Subscriber” until the “Publisher” pulls the requests back by making a call from the LAN to the DMZ. One word of caution though, this type of solution is however susceptible to layer 7 attacks and therefore it’s important that all data held on the server is encrypted and that the encryption keys are not held on the same server.

So to recap; here’s why your corporate data protection should start in the DMZ:

  • Imagine what one wrong send could do to your organisation?
  • The DMZ is a potential route in for a hacker
  • Safe-T Secure Managed File Transfer allows you to easily exchange secure emails and attachments

Want to know more? Please get in touch by emailing us on

Missed parts 1 & 2? – visit them here:

About David.
As one of our Security Consultants at Netutils, David consults and advises on specialist IT Networking & Security requirements.


“Pan” (Palo Alto Networks Parody of “Her”) – Too Good Not to Share!

We love this video from our partners at Palo Alto Networks. A lot of love here for Palo Alto’s enterprise security :)

Our 2014 in review

The stats helper monkeys prepared a 2014 annual report for this blog.

Here’s an excerpt:

A New York City subway train holds 1,200 people. This blog was viewed about 4,400 times in 2014. If it were a NYC subway train, it would take about 4 trips to carry that many people.

Click here to see the complete report.