NetUtils New Managed Services Offers Enterprise Grade Cyber Security For Smaller Businesses Budgets

UK’s most qualified cyber security provider launches four new managed service bundles to help businesses gain enterprise class technologies at SME per user pricing

Kent, United Kingdom – 9th, December 2020, NetUtils, a leading IT specialist has launched a new, highly integrated managed cyber security services portfolio to help businesses gain enterprise class protection at competitive price points to suit small and medium sized organisations.

The new four tier bundles combine between 4 and 16 cyber security services ranging from Endpoint Protection and Email Security all the way up to fully fledged SOC services with prices starting at just £8 per user per month.

With a heritage spanning over 27 years, NetUtils is one of the UK’s longest serving specialist integrators of network, security and data solutions for enterprise, telco, MSPs and ISPs. Today, it serves over 400 enterprise and service provider clients including many listed within the FTSE 100. NetUtils has built a reputation for technical excellence and is the most certified Juniper Networks partner in Europe and maintains over 420 industry and vendor accreditation within its team including CISSPs and CISMPs, Fortinet’s NS7, and Juniper JNCIPs. Netutils is also ISO 9001 and ISO 27001 registered and a Crown Commercial Service supplier.

“Managed security services provide a huge array of benefits for our enterprise customers yet have tended to be outside of the price range of smaller business that are just as likely to be attacked by cyber criminals,” says Ashok Thomas, CEO for NetUtils. “By building a set of integrated managed security services, using multiple vendors along with our own 24/7 teams, we are typically able to deliver our bundles at an overall cost that is between 40% to 70% less than a small business trying to buy and implement all of the separate solutions – and that’s even before staffing costs.”

The new managed security services also aim to address the significant skills shortage that UK   businesses face in recruiting and retaining skilled cyber security professionals. A problem highlighted by the 2020 ISACA’s Global State of Cybersecurity that found 62% of respondents indicated that their organisation’s cybersecurity team is either somewhat or significantly understaffed.

One of the first organisations to sign up for the new managed service is London based Polar Capital, a specialist investment fund manager. As Mike Catlin, CTO explains, “In the past, we have run some of the elements within the NetUtils managed service in-house but the cost of the hardware, licensing fees and difficulty in finding staff with strong cyber security skills has been a real challenge.  NetUtils helped us setup our existing IT systems and the new managed services provide us with better cyber security protection backed by a skilled team and for a lower cost.”

NetUtils has invested over £1.2 million adding more staff, enhanced training, and additional data centre capacity to deliver the new cyber security services. As David Bundock, COO for NetUtils explains, “Our aim is to offer the same level of professionalism and technical expertise that our current clients receive to a wider range of organisations that are keen to focus on their core business – while letting a trusted partner take care of the security burden.”

As part of the launch, NetUtils are offering a free Dark Web scan to any organisation to evaluate areas of risk around security credentials and the potential benefits of moving to its managed services model. For more information, please visit https://netutils.com/dark-web-id-lp/

About NetUtils

NetUtils are a leading UK specialist integrator of network, security and data solutions for enterprise, telco, MSPs and ISPs. With more than 27-years history and over 400 enterprise and service provider clients including household names across finance, education, public sector, manufacturing, and healthcare, NetUtils brings its customers the depth and breadth of people, technologies and services to improve business performance in this ever-changing digital world.

NetUtils Media Enquiries:

Kara Jenkinson

Head of Marketing

t: 020 8783 3800 e: kjenkinson@netutils.com

w: http://www.netutils.com

NetUtils Named A Supplier on Crown Commercial Service’s Framework

Kent, United Kingdom – November 2020, NetUtils have been named as a supplier on Crown Commercial Service’s (CCS) Technology Products Catalogue framework.

NetUtils, a leading cyber security and managed services provider have recently announced they are to feature as a supplier on the Crown Commercial Services Technology Online Purchasing Content Framework. NetUtils are now able to provide their wide and diverse portfolio of cyber security and networking products and services via the platform.

The Technology Online Purchasing platform gives buyers a flexible, cost effective and efficient route to buy a range of technology products through an online catalogue. It is available to the UK public sector and their associated bodies and agencies.

Ashok Thomas, Chief Executive Officer, NetUtils said: “With continuously shrinking budgets and the growing IT skills gap the need to be on frameworks supports our vision in helping public sector procurement and gives them a trusted commercially aware partner to work with now and in the future.”

About Crown Commercial Service

Crown Commercial Service supports the public sector to achieve maximum commercial value when procuring common goods and services. In 2019/20, CCS helped the public sector to achieve commercial benefits worth over £1bn – supporting world-class public services that offer best value for taxpayers.

About NetUtils

NetUtils are a leading UK specialist integrator of network, security and data solutions for enterprise, telco, MSPs and ISPs. With more than 27-years history and over 400 enterprise and service provider clients including household names across finance, education, public sector, manufacturing and healthcare, NetUtils brings its customers the depth and breadth of people, technologies and services to improve business performance in this ever-changing digital world.

NetUtils Media Enquiries

Kara Jenkinson
Head of Marketing

t: 020 8783 3800 e: kjenkinson@netutils.com

w: www.netutils.com

Network Utilities joins Nokia Global Partner Program

Kent, United Kingdom – October 2020, Network Utilities today announced it has signed a channel partner agreement with Nokia.

As a result of this relationship, Network Utilities will market, distribute and service Nokia’s product line of AAA services and cyber security products.

Ashok Thomas, Chief Executive Officer, Network Utilities said: “Network Utilities is delighted to be partnering with Nokia to bring its AAA and cyber security solutions to our customers. We feel Nokia is the perfect partner to bring the breadth of experience and end-to-end solutions needed to help customers secure themselves against today’s ever evolving threats.”

Phil Siveter, Head of Enterprise UK&I, Nokia said: “The Global Partner Program is important to Nokia as it gives us a route into new and exciting enterprise customers. We are pleased to welcome Network Utilities to the Nokia Global Partner Program to drive growth and establish new customer relationships together.”

About Network Utilities

Network Utilities are a leading UK specialist integrator of network, security and data solutions for enterprise, telco, MSPs and ISPs. With more than 25-years history and over 400 enterprise and service provider clients. Network Utilities represents a great vehicle to share Nokia’s formidable capability traditionally housed in the telco arena with its enterprise customers.

Network Utilities Media Enquiries

Kara Jenkinson
Head of Marketing

t: 020 8783 3800 e: kjenkinson@netutils.com

Why Are So Many Organisations Turning to Managed Security Service Providers?

The technology industry is one that never stands still, but the cyber and security space specifically are even more fast paced than most other sectors of the industry. This in many cases can be attributed to the fact that the activities of cyber criminals are squarely focused on breaching enterprise security defences, because this is how they generate their income. Put simply your business is their primary target.

The pressures on IT operations, compliance and security posture are immense. Organisations constantly have to navigate the complexities of industry jargon and trends to keep abreast of the latest offerings and figure out the best fit for their business. This can be a full-time job in itself. But if IT is not your core business, then why should you burden yourself with managing it yourself?

The very nature of a Managed Security Service Provider (MSSP) is to alleviate the pressure by allowing you as a company to spend your time focusing on your core business, customers and innovation, in the knowledge that the necessary tasks that are required to keep your company safe and operational are in hand with the experts.

The Experts

An MSSP is a specialist, who’s core business is IT. As a result, you’re leveraging the expertise of a bigger team, who are up to date in all areas, that is, not just on general industry knowledge or the threat landscape, but also on the specific solutions and applications deployed within your business. It’s our responsibility to make sure the tools we use and the services we provide are always best of breed.

We spend the time and investment to train our teams, to get certified and fully compliant. We spend the time working closely with our vendor partners to understand the best ways of installing and using their products. We spend the time evaluating new and innovative solutions to the market.

We put in all the hard work, so you don’t have to.

Proactive Operational Efficiency

Managing the daily IT related tasks of most organisations can take most of the working day. Focusing on continuous improvements to revenue generating business critical tasks as well as customer service improvements, is what in many businesses determines their bottom line. It should not be surprising to learn therefore that most IT related operational improvements and security tasks can often be relegated to the back of the line. As long as things are working, then in many cases businesses are content and happy to focus their attentions elsewhere. Until of course something goes wrong.

By outsourcing the important IT operational management tasks to a trusted MSSP, you are ensuring that your IT environment remains operational at all times, because it is the responsibility of your provider to take care of security advisory notices, security patching, configuration management, access management, performance management, availability management, audit management and many other mundane but absolutely essential tasks to maintain a highly available and secure infrastructure. It’s our responsibility to be proactive on your behalf rather than reactive.

Speed of Implementation

It is no secret that there is a growing trend for many companies to outsource certain services, be that networking, telecommunications, cloud or security services. Besides the obvious cost savings and controls it affords, it certainly also helps free up internal resources and time. But there is one other major reason why MSSP services are being consumed at quite a staggering rate and that is speed.

Speed of implementation, widely known as how fast one can act on an idea, strategically or tactically, is often times what can set you apart from your competition. With the massive growth of cloud adoption and the improvements in its capabilities, we see a huge increase in the abilities of an MSSP to provision and deliver services to customers that would have previously taken weeks or months in only days and even hours in some cases. The reason for this is often that the provider has already provisioned its service capabilities ahead of time, so the service is simply ready to onboard new customers as and when they are ready. This of course takes a lot of planning and forethought on the part of the MSSP in order to be able to offer these ready to go services, so it can be said that the customers speed of implementing a new or replacement service is directly related to that provider taking earlier action.

We’ve launched 4 new managed service bundles to help small and medium sized businesses gain enterprise class technologies and services wrapped up in a per user per month price.

Priced from as little as £8 per user per month it’s never been easier or more cost effective to have the big tech normally out of reach to smaller businesses. These bundles combine between 4 and 16 cyber security services ranging from Endpoint Protection and Email Security Gateway all the way up to a fully-fledged SOC.

[Webinar On-Demand] Security Awareness During Times of Disruption

A recent report reveals a massive 667% increase in spear-phishing attacks due to the current pandemic, with over 9000 phishing attack campaigns, related to COVID-19, being detected in March versus just over 1100 in February and only 137 in January. These attacks are taking on all forms including; brand impersonation, business email compromise, scams and even blackmail. *

Organisations like yours have asked traditional office-based employees to work from home. The potential for cyber criminals to get your users to react to these types of spear-phishing attacks is high due to the coronavirus theme being exploited and all organisations need to ensure their users remain vigilant.

Is your newly formed remote workforce armed with the knowledge to keep themselves and your network safe? Watch our webinar below and learn:

  • About the tactics the bad guys are using now to exploit COVID-19
  • Why remote workers are an easy target for cyber criminals
  • How to enable your last line of defence with tools and training
  • Why security awareness training is critical within your security strategy

Now more than ever Security Awareness Training is vital for your remote employees and your network.

* Source: Barracuda Sentinel [https://blog.barracuda.com/2020/03/26/threat-spotlight-coronavirus-related-phishing/]

2020 Phishing by Industry Benchmarking Report from KnowBe4

As cybercrime continues to surge, security leaders must understand that there is no such thing as a perfect, fool-proof, impenetrable secure environment. Many organisations fall into the trap of trying to use technology as the only means of defending their networks and forgetting that the power of human awareness and intervention is paramount in arriving to a highly secured state.

Every security leader faces the same conundrum: even as they increase their investment in sophisticated security orchestration, cybercrime continues to rise. Security is often presented as a race between effective technologies and clever attack methodologies. Yet there’s an overlooked layer that can radically reduce an organisation’s vulnerability: security awareness training and frequent simulated social engineering testing.

Verizon’s 2019 data breach investigation report shows that phishing remains the #1 threat action used in successful breaches linked to social engineering and malware attacks.

These criminals successfully evade an organisation’s security controls by using clever phishing and social engineering tactics that often rely on employee naivety. Emails, phone calls and other outreach methods are designed to persuade staff to take steps that provide criminals with access to company data and funds.

Each organisation’s employee susceptibility to these phishing attacks is known as their Phish-Prone™ percentage (PPP). By translating phishing risk into measurable terms, leaders can quantify their breach likelihood and adopt training that reduces their human attack surface.

Do you know how your organisation compares to your peers of similar size? Download the KnowBe4 benchmarking report to find out! 

You will learn more about:

  • New phishing benchmark data for 19 industries
  • Understanding who’s at risk and what you can do about it
  • Actionable tips to create your “human firewall”
  • The value of new-school security awareness training

Exponential growth of COVID-19 themed phishing attacks. Are your users prepared?

A new report reveals a massive 667% increase in spear-phishing attacks due to the current pandemic, with over 9000 phishing attack campaigns, related to COVID-19, being detected in March versus just over 1100 in February and only 137 in January. These attacks are taking on all forms including; brand impersonation, business email compromise, scams and even blackmail. *

Many organisations like yours have asked traditional office-based employees to work from home and while technology allows that to happen, is your newly formed remote workforce armed with the knowledge to keep themselves and your network safe?

The potential for cyber criminals to get access to your users and to elicit a response to these types of spear-phishing attacks is high due to the coronavirus theme being exploited and all organisations need to ensure their users remain vigilant.

Now more than ever Security Awareness Training is critical for your remote employees.

  • Cyber-attacks focus on employees as targets – Phishing attacks remain the single-most used attack vector to allow the bad guys direct access to your organisation’s endpoints, credentials, applications, and data. If a phishing email is presented to one of your employees, it means your security solutions haven’t detected it as malicious, leaving the employee to be your last line of defence.
  • Employee’s aren’t thinking about organizational security – Think about it; your average remote worker is sitting at a make-shift desk, trying to balance helping their kids with distance learning assignments and attending online meetings. They’re learning new digital workplace platforms, applications, and processes before they even shower for the day. Security is the last thing on an employee’s mind.
  • Attacks and scams are increasingly aligning with remote working – Cybercriminals conjure up scams that seem familiar to users. The use of shipping, billing, and banking stories, as well as the use of impersonated domains, business, and people, all have traditionally worked in favour of the bad guy. But, new scams are being moulded around the current work circumstances. For example, we’ve recently seen the massive growth in Zoom-related attacks simply because of Zoom’s increase in popularity for business use. Organisations should expect this to trend.

*Source: Barracuda Sentinel https://blog.barracuda.com/2020/03/26/threat-spotlight-coronavirus-related-phishing/

Secure Remote Access Emergency Readiness – Top Tips

How to ensure business resiliency, user productivity and security

Many circumstances and compliance obligations require organisations to activate or rapidly extend remote access capabilities as part of a business continuity strategy.  Beyond impacting user productivity, this emergency workplace shift can stress IT infrastructure and operations. With advanced planning, crises that require immediate, increased and varied remote access capacity should not increase threat exposure, cyberattack and data leakage risks.

Top Tips

Here are some important Secure Access Emergency Readiness tips to ensure business continuity, operational efficacy and protected accessibility.

Understand your remote access needs in terms of users, applications and resources in order to assess respective physical, virtual or user-based connection capacity and throughput. 

Identify key applications and resources, whether on-premises or cloud, that will require increased capacity and apply to an emergency capacity plan. 

Explore application and security tool license and capacity shifting options set in advance with your vendors to handle burst utilisation. 

Review and maintain application, data and role mapping to ensure users only access the resources they need, and have processes in place to quickly respond to user or role escalation and ad hoc privileged access and revocation. 

Consider virtual and cloud environment deployment and clientless mode to allow for more rapid on-demand deployment and scalability. 

Establish Disaster Recovery (DR) sites to provide secure access services in case of a primary site outage or failure and explore Secure Access solutions’ DR options for active/active or active/ passive modes. 

Build, publish and review emergency remote work guidelines, resources and communications. 

Activate advanced secure access usability features for streamlined access, such as: always-on, per-application and simultaneous tunneling, configuration lock down, clientless operation and online portals. 

Ensure emergency means to simulate on-premise access, including Layer-3 access to a specific subnet, HTML5 access to local machines, or Virtual Desktop Infrastructure by privileged users and technicians. 

Enforce endpoint compliance policy and activate self-remediation capabilities to reduce phishing and ransomware threats introduced by increased remote users and potential vulnerable devices. 

Invoke mobile device security options, such as mobile VPN, device security, segregating corporate apps and information, and data encryption to allow for broader for corporate and personal device use. 

Utilise Adaptive Authentication and User Entity Behaviour Analytics (UEBA) to better understand and react to new user/device usage, as well as unwanted and anomalous activity. 

Leverage usage analytics, bandwidth “throttling” and optimised gateway selection capabilities to better distribute workloads and to deliver “essential” applications to users without performance degradation. 

In a world where natural and man-made disasters occur, we want to help keep your business running effectively and securely so you can focus on what’s really important – and keeping your employees, friends, and family safe. If and when these unplanned events and disasters intensifies, organisations must adjust for increased stay, connect and work from home mandates. Beyond impacting user productivity, this emergency workplace shift can stress IT infrastructure and operations.

Download the Pulse Secure Solution Brief

Download the Secure Remote Access Emergency Readiness Solution Brief here to get these important tips to ensure business resiliency, user productivity, and continued secure access.

[Webinar On-Demand] Social Engineering. Is the Worst Yet to Come?

Did you know that 77% of successful social engineering attacks start with a phishing email?

Social engineering attacks include phishing, spear phishing, CEO fraud, ransomware and more. Learn about different attack methods and how you can manage this ongoing problem in your organisation.

Watch our webinar on-demand to discover:

  • Common techniques used by hackers
  • Real world examples
  • Social engineering red flags
  • How to prevent attacks

There’s no substitute for preparation when it comes to dealing with cybercriminals, take the steps needed to future proof your organisation against these types of attacks.

Social engineering tip sheet

The below infographic will show your users what to watch out for in emails. We highly recommend you print it out, it’s a great at a glance reminder.

Download the Security Awareness Training datasheet to discover more!

What Is CEO Fraud?

CEO Fraud is a scam in which cybercriminals spoof company email accounts and impersonate executives to try and fool an employee in accounting or HR into executing unauthorised online transfers or sending out confidential tax information.

Also known as “Business Email Compromise” and BEC is defined as “a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorised transfers of funds.”

The Four Attack Methods

Understanding the different attack vectors for this type of crime is key when it comes to prevention. This is how the bad guys do it: 

1. Phishing

Phishing emails are sent to large numbers of users simultaneously in an attempt to “fish” sensitive information by posing as reputable sources—often with legitimate-looking logos attached. Banks, credit card providers, delivery firms, law enforcement, and the IRS are a few of the common ones. A phishing campaign typically shoots out emails to huge numbers of users. Most of them are to people who don’t use that bank, for example, but by sheer weight of numbers, these emails arrive at a certain percentage of likely candidates.

2. Spear Phishing

This is a much more focused form of phishing. The cybercriminal has either studied up on the group or has gleaned data from social media sites to con users. A spear phishing email generally goes to one person or a small group of people who use that bank or service. Some form of personalisation is included – perhaps the person’s name, or the name of a client.

3. Executive Whaling

Here, the bad guys target top executives and administrators, typically to siphon off money from accounts or steal confidential data. Personalisation and detailed knowledge of the executive and the business are the hallmarks of this type of fraud.

4. Social Engineering

Within a security context, social engineering means the use of psychological manipulation to trick people into divulging confidential information or providing access to funds. The art of social engineering might include mining information from social media sites. LinkedIn, Facebook and other venues provide a wealth of information about organisational personnel. This can include their contact information, connections, friends, ongoing business deals and more.

Who Are The Main Targets?

The CEO isn’t always the one in a criminal’s crosshairs. There are four other groups of employees considered valuable targets given their roles and access to funds/information:

Finance

The finance department is especially vulnerable in companies that regularly engage in large wire transfers. All too often, sloppy internal policies only demand an email from the CEO or other senior person to initiate the transfer. Cybercriminals usually gain entry via phishing, spend a few months doing recon and formulate a plan. They mirror the usual wire transfer authorization protocols, hijack a relevant email account and send the request to the appropriate person in finance to transmit the funds. As well as the CFO, this might be anyone in accounts that is authorized to transfer funds.

HR

Human Resources represents a wonderfully open highway into the modern enterprise. After all, it has access to every person in the organisation, manages the employee database and is in charge of recruitment. As such, a major function is to open résumés from thousands of potential applicants. All the cybercriminals need to do is include spyware inside a résumé and they can surreptitiously begin their early data gathering activities. In addition, W2 and PII scams have become more commonplace. HR receives requests from spoofed emails and ends up sending employee information such as social security numbers and employee email addresses to criminal organisations.

Executive Team

Every member of the executive team can be considered a high-value target. Many possess some kind of financial authority. If their email accounts are hacked, it generally provides cybercriminals access to all kinds of confidential information, not to mention intelligence on the type of deals that may be ongoing. Thus, executive accounts must receive particular attention from a security perspective.

IT

The IT manager and IT personnel with authority over access controls, password management and email accounts are further high-value targets. If their credentials can be hacked, they gain entry to every part of the organisation.

Here Are Eight Prevention Steps

Many steps must dovetail closely together as part of an effective prevention program:

  1. Identify Your High-Risk Users
  2. Institute Technical Controls
  3. Set A Security Policy
  4. Develop Standard Procedures
  5. Cyber-Risk Planning
  6. Training For All Users
  7. Continuous Simulated Phishing
  8. Stay Aware of Red Flags