KnowBe4, the provider of the world’s largest
security awareness training (SAT) and simulated phishing platform, announces it
has won Network Computing’s Security Training and Consultancy Provider of the
KnowBe4’s CEO Stu Sjouwerman said, “We are very happy to win this award and are committed to the UK market. We’ve seen explosive growth with organisations recognising the need for training to improve their security culture. Additionally, we are working with UK based organisations such as Twist and Shout to continue to provide relevant and Netflix quality content.” Sjouwerman further noted, “We are also very proud of our UK team for their dedication to our customers.”
According to Verizon’s 2019 data breach investigation report, Phishing was the #1 threat action used in successful breaches linked to social engineering and malware attacks.
Network Utilities partner with KnowBe4 to help our customers keep users on their toes with security top of mind. Effective new-school security awareness training helps reduce risk and strengthen an organisation’s human firewall.
The following 14 core technical capabilities were created to help guide and prioritise cybersecurity investments.*
With cyber threats constantly evolving, it’s important to identify the gaps in your security posture and being prepared for cybercriminals to get through your defences in this changing environment is essential. You need to determine where to start and what is most important.
1. Asset Management
Identify assets by leveraging automated tools and discovery solutions (to also discover rogue systems), including:
Installed software (including on endpoints, mobile (leverage Mobile Device Management (MDM or EMM) solutions) and servers)
Deployed hardware (including endpoints, mobile, cloud and “on- premise” systems)
2. Network Segmentation
Ensure networks are properly segmented, particularly separating the business side from the infrastructure networks.
Focus initially on high value assets and critical systems. Move away from solutions that focus only on “on premise” segmentation and deploy network segmentation solutions, such as Software Defined Perimeter that allows for granular role-based segmentation of on-premise and Cloud-based systems, including legacy systems. Additionally, leverage Network Access Control (NAC) when possible.
3. Network Security
Leverage intrusion detection and prevention systems (IDS/IPS) across enterprise and system enclave boundaries (including ingress, egress points), including using cloud-based appliances whenever possible to monitor cloud traffic.
Select solutions that can protect both on-premise and
cloud-based traffic and consolidate alerts/logs on a single dashboard
Consider leveraging Deep Packet Inspection/Packet
Consider deploying cloud access security brokers
(CASBs) at cloud boundaries
Leverage Domain Name Server Security (DNSSEC) to
secure your Domain Name Server (DNS)
Consider specific distributed denial of service (DDoS)
protections to protect servers, applications, and networks
Consider solutions that protect communication systems
against telephony denial of service (TDoS) and DDoS attacks
4. Identity Management
Manage user access and roles by:
Deploying a centralised identity management solution with access control management and identity proofing
Leveraging a Single Sign-On solution across the enterprise and its applications
Deploying multi-factor authentication across the organisation, particularly for critical systems and privilege access
Using identity management best practices to ensure “need to know” and “least privilege”
Properly disabling or deleting accounts according to the organisation’s policy requirement
5. Privilege Access
Privilege access management solutions should be deployed to manage and control critical infrastructure systems’ administrative accounts, including:
Requiring multi-factor authentication for all administrative accounts, including on servers and endpoints
Using solutions, such as Software Defined Perimeter, to enforce multi-factor authentication policies across the enterprise while implementing patching, need to know, and least privilege, among others
6. Patching and Vulnerability Management
Conduct proper monitoring and patch installation, including testing prior to patch deployments
Prioritise patches based on risk and critical impact
Regularly perform automated scanning (daily ideal or weekly), including credentialed, passive, internal, and external scans. Include database configuration and web services configuration scans
Install agents on servers and endpoints to facilitate scans whenever possible
Scan applications both statically and dynamically
Perform source code review when necessary
7. Continuous Monitoring
Continuous monitoring is recommended 24 hours a day, 7 days a week, including:
Employ alerts and Security Information and Event Management (SIEM) solutions with a customised dashboard to monitor critical systems using proper log management
Create/manage a security operation centre (SOC) to continuously monitor critical systems
8. Endpoint Protection
Employ endpoint protection solutions to:
Mitigate against viruses, ransomware, and malware using solutions such as Application Segmentation (Micro Virtual Machine isolation), Advanced Endpoint Protection, and Antivirus/Anti-malware
Deploy these solutions across all endpoints and servers, including mobile devices
Leverage a File Integrity Solution to protect against file tampering/rootkits etc.
9. Public Key Infrastructure (PKI)/Key Management
Deploy both symmetric and asymmetric encryption key management solutions, including:
Managing public and private keys used for application
programming interfaces (APIs), email signing, and encryption using a PKI
Employing key management solutions to store keys,
including Secure Shell (SSH) keys and other encryption keys
10. Log Management
Centralise, correlate and consolidate logs, including:
Ingress and egress logs
Endpoint protection logs
Security logs such as authentication failure, misuse, unauthorised access, insider threat
Ensure proper timestamp by leveraging Time Synchronisation (Network Time Protocol (NTP)) solutions across every system.
11. Phishing Protection
Implement phishing training and plugin solutions, including:
Mandating regular phishing training for all employees,
including senior executives
Deploying email validation system (Domain-based
Message Authentication, Reporting and Conformance (DMARC), Sender Policy
Framework (SPF) and DomainKeys Identified Mail (DKIM)) to detect and prevent
Deploying phishing plugin solutions on email servers
and endpoints to allow phishing email detection, prevention, and reporting
Conducting real-life phishing campaigns to all your
employees to measure openings/clicks, and target training to employees opening
12. Configuration Management
Adopt a configuration management solution to properly enforce configuration requirements on servers and endpoints, including:
Prioritising solutions that can synchronise logs with SIEM and that support multiple operating systems
Leveraging application whitelisting solutions to limit access to necessary applications on endpoints and mobile devices. Whitelisting is recommended instead of blacklisting because new malicious software is too difficult to track
13. Application Security
Application security is the use of software, hardware and procedural methods to prevent vulnerabilities in applications and protect sensitive information from external threats. Applications may include desktop, server, and mobile technology. Software security should be built into applications during their development phase:
Fuzz testing (fuzzing) should be leveraged as a quality assurance technique, using a software tool called a fuzzer to discover coding errors and security loopholes in software, operating systems or networks. The technique involves inputting fuzz (massive amounts of random data) to the test subject to make it crash, find vulnerabilities, and identify potential causes
Dynamic analysis can be used as the testing and evaluation of a program by executing data in real-time to find errors in a program and flaws in the source code while it is running, rather than by repeatedly examining the code offline. Dynamic code analyser software finds security issues caused by the code’s interaction with other system components like SQL databases, application servers or Web services to debug a program in all the scenarios for which it is designed
Static code analysis is also available as one of the security tools the enterprise can use to identify flaws and malicious code in applications before they are bought or deployed. The process provides an understanding of the code structure, and can help to ensure that the code adheres to industry standards
Leverage Web Application Firewalls (WAF) solutions to secure your web applications
14. Data Security
Implement solutions to secure data, including:
Properly protect data, in particular, personally identifiable information (PII), personal health information (PHI), payment card industry (PCI), and sensitive, classified, and/or financial data, by using Data Loss Prevention solutions:
Leveraging solutions to detect and prevent data leaks and massive data exports on servers, databases, and endpoints, when possible
Deploying backup solutions across the organisation endpoints, servers, databases, and critical systems
Establishing off-site backup, whether in a separate datacentre or on the cloud
Mandating encryption for all PII, PHI, PCI, sensitive, and confidential data whenever possible. Examples include:
Requiring full disk encryption solutions for mobile devices, laptops, and removable media
Using encryption on databases and files whenever required
Get a first-hand view on the State of Privileged Account Management (PAM), the benefits of Cyber Essentials and why reducing organisational risk in this ever-changing threat landscape is crucial to your business.
Many industry analysts have started to pay attention to Privileged Account Management over the past few years.
accounts are difficult to secure and one of the reasons for this is because
they are unknown, if they are unknown then they are definitely unmanaged, which
then means they are unprotected.
runs parallel to the security benefits of being able to discover and manage
privileged accounts is auditing and compliance control that comes with that. If
those accounts are unmanaged then they are unprotected, so you have no auditing
information and no access control around who did what and when with any of your
reveals that 80% of breaches involve privileged credentials*.
we are talking about here is the human and non-human privileged accounts that
exist across your network and connected devices. It is critical yet often
difficult for enterprise IT security teams to manage these without the correct
tools in place.
reveals that 85% of cyberattacks enter through compromised endpoints.
difficult to comply with regulations and reduce risk, a least privileged policy
is needed to remove excessive privileges and without adopting this least
privilege policy virtually all windows and mac computers remain vulnerable
despite having the tools in place, things like AV and web protection are of
course important pieces of endpoint application, however if privileged accounts
exist on the device it will always be an attractive attack vector.
ranks privileged account management as the CISOs #1 security priority.
really does drive home the importance of how critical it is to secure
privileged accounts and have the correct tooling in place. On that list of Gartner’s
Top 6 Security Projects Thycotic address 4 of these within the 6:
#1 – Privilege Account Management
#3 – Anti-phishing
#4 – Application Control
#6 – Detection & Response
this means is through a single toolset you can address 4 of the top major
security projects ranked by Gartner CISOs report in 2018 & 2019.
Essentials & Cyber Essentials Plus
Cyber Essentials is essentially designed to help organisations of all sizes meet the basic level of cybersecurity and threat protection within your business.
What’s the difference?
Cyber Essentials Certification involves self-assessment with an online form to get self-certified.
Cyber Essentials Plus Certification involves the same procedure as Cyber Essentials however you will then need a certifying body that will validate all the information to meet the 5 core requirements of the certification.
The DCMS Cyber Security Breaches Survey 2019 reveals that 32% of businesses identified cybersecurity breaches or attacks in the last 12 months. Amongst those, 32% needed new measures to prevent further attacks, 27% took up staff time dealing with breaches or attacks, 19% had staff stopped from carrying out daily work and 48% identified at least 1 attack or breach a month.
This government led scheme outlined by the NCSC helps organisations meet foundational security requirements by addressing 5 technical controls, which will reduce organisational risk if addressed sufficiently.
Privileged Account Management (PAM) can assist with all
of these technical controls. The tools Thycotic offer can drastically improve
all of the processes that fall under the 5 technical controls outlined by the
Cyber Essentials scheme was launched on the 5th June 2014.
There has been a lot of traction over the last 18 to 24 months, however since October 2014 it became a mandate for any organisation looking to secure government contracts that involve handing personal information or delivery of certain ICT products and services. Equally so in January 2016 this certification become mandatory for the Ministry of Defence for all suppliers.
is not mandatory just yet for many industries. The Cyber Essentials
certification is a step in the right direction when it comes to proving that
your organisation is serious about cybersecurity and getting ahead of your
competitors. Let’s not only think of the outward facing benefits, this
certification also gives you piece of mind that you know you have taken the
fundamental steps towards reducing your organisational risk.
Can We Help You?
There are many ways NetUtils can support you to have a good cybersecurity posture. If you would like deeper insight into how Privileged Account Management and Cyber Essentials can reduce your organisational risk, then get in touch today.
The detection method for preventing malware is fundamentally flawed, yet it is still the de facto standard in cybersecurity. Day after day, organizations scramble to protect against a growing number of threats, but all it takes is one piece of malware to go undetected to wreak havoc on IT systems.
Ironically, this was predicted by Alan Turing more than 80 years ago. His work proved no standard algorithm could ever predict an outcome for every possibility without falling into a logical paradox because of the halting problem. The halting problem proves that an algorithm cannot predict from a general description of a program and an input whether the program will finish running or execute forever.
The same logic applies to malware detection. A standard algorithm cannot be relied on to correctly identify every single threat that comes knocking because the volume of threats is large and varied, with previously unseen threats emerging every day.
A detection-based approach deployed by IT teams is akin to casting out a net, where the net will either be so large that it tangles itself, or it won’t be cast wide enough and will invariably allow some things to be missed. IT teams are trying to solve this problem by adding more layers to their detection solutions, but all this is doing is casting more nets plagued by the same problems.
Detection-based solutions can Over-complicate security landscapes
Hackers are resourceful, utilizing new tactics – such as polymorphic malware and zero-day exploits – to bypass detection-based software and break into critical IT systems. For example, in the Locky ransomware campaign, hackers customized the malware to execute after the fake document was closed, making it much harder to spot and bypassing the majority of detection-based AV solutions.
Instead of focusing on detection, organizations that are serious about security are starting to rely on segmentation. By segmenting networks and applications, businesses are seeing that they can prevent malware from causing harm and keep data and networks safe.
Segmentation offers businesses protection, but it relies on PCs or applications only having access to limited areas on the network. Early iterations failed to achieve a great uptake because adding new PCs to this system can be incredibly expensive and time-consuming during deployment.
Segmenting IP and sensitive data could also still leave users at risk if they don’t isolate the applications that are being used to access this data. Without a solution to these problems, network segmentation has largely failed to get off the ground and detection has persisted as the leading cybersecurity approach.
By focusing on isolation, security Is simplified and end users are protected
Everybody wants to be able to use technology to do more with less. In this instance, it means deploying more effective and reliable cybersecurity solutions. However, detection involves the complex process of “preventing, detecting, and responding”, where multiple layers of security are deployed to identify malware before it hits. However, these layers simply aren’t sufficient to protect against the volume and sophistication of the ransomware and targeted phishing attacks that are prevalent today. As you might expect, it also creates a tremendous expense.
While there are a few choices available that provide isolation, solutions that do this using virtualization are effectively bullet-proof. While no one can promise 100% protection, virtualization that starts on the chip, stops Meltdown, dramatically limits Spectre and works online or offline, can protect what’s targeted the most: endpoints.
Real solutions with a virtual defense
Isolation through virtualization works by allowing applications to open and carry out each task in its own self-contained virtual environment. This means that every tab that is opened in a browser, every Office or PDF document attached to an email, or any file that runs an untrusted executable, will be opened in an entirely isolated virtual environment that’s running on the hardware itself. The result is that any threat caused by an action in this environment won’t have access to anywhere else on the system and can be easily removed by simply destroying the virtual environment.
This allows users the freedom to download files and open documents, safely, knowing that they are no longer the last line of defense – giving users the ability to click with confidence. In fact, end users can let the malware run, because it doesn’t do any damage, and it allows IT teams to get detailed threat analysis. Users can get back to work; recruiters and HR teams can open emailed CVs, marketers can carry out research even if they click on a phishing link, and R&D teams can share downloaded resources without the fear of being stung by malicious files or links.
For organizations using this new approach, there is less worry. Virtualization-based security is being adopted by the giants: HP and Microsoft now use virtualization-based security to protect users. This is just the tip of the iceberg and marks the beginning of a virtualization revolution in security, where users no longer fear opening links and attachments and organizations can let their teams focus on innovation without worrying about making a security mistake.
About the Author
By Fraser Kyne, EMEA CTO, Bromium Fraser’s role has encompassed a wide range of both engineering and customer-facing activity. Prior to joining Bromium Fraser was a Technical Specialist and Business Development Manager at Citrix Systems. He has been a speaker at various industry events on topics such as virtualization, security, desktop transformation, and cloud computing.
Are you protecting your data with just a password? If your answer is no, and you have strong multi-factor authentication in place, then good job: you are free to go out and enjoy the sunshine. If you answered yes, then stick around for a few more minutes to learn why a password alone is not enough to secure access to your corporate networks and applications.
Still here? Okay then, allow me to start by busting some of the typical myths about hacking today.
1# Myth – Hackers only target the big brands
When big brands like Target, eBay, Adobe, and Sony are hacked, it’s big news for business and mainstream publications. Don’t be fooled: big companies aren’t the only ones being targeted. In fact, research shows that 31 percent of all hacking attacks were aimed at businesses with fewer than 250 employees.
2# Myth – You have nothing valuable for hackers to steal
Fair enough. Not everyone is fortunate enough to be storing breakthrough research with the potential to revolutionize your industrythe world if only you can keep it secret long enough to secure a patent. But what about your business email? Email often contains highly sensitive data, such as competitive bids, investment plans or pipeline information. Imagine the damage if these details were to fall into the wrong hands.
There’s even more low-hanging fruit to steal if hackers breach your network. Customer records, credit card information and even employee user credentials are worth as much as $50 USD per record when sold on the Internet. An entire shadow economy has emerged online with brokers selling stolen user records; according to the FBI, cybercrime has become even more profitable than drug-related crimes. This makes everyone a target.
3# Myth – Your anti-virus and network vulnerability tests will keep you safe
Patch management, updated anti-virus applications and frequent network vulnerability tests are all good weapons in a defense against hackers. However if you are not securely authenticating your users when they access your corporate networks or applications, then you’re leaving the front door open for the hackers. Research shows that weak or stolen passwords are exploited in 76 percent of all network breaches. So, yes, this really is the hackers’ preferred way in.
4# Myth – Hackers are teenagers lurking in a basement somewhere
For most of us, the word “hacker” prompts images of pale teenage boys with long hair, black t-shirts and a serious grudge against Microsoft. While many hackers probably still fit this description, the reality is that the hacker has evolved. Today’s hacker is highly-educated, well-connected, and well-equipped, enjoying a high-income profession as a professional cybercriminal. The hackers have some powerful tools at their disposal, and many poorly-protected victims has made hacking easier than ever before, resulting in cybercrime becoming the fastest growing crime type in the world.
Hackers’ motive is most often financial gain, but “hacktivism” is also becoming a growing threat to nations and organizations that don’t sympathize with the hacker’s cause.
Knowing what’s myth and what’s fact is essential to avoid running unnecessary risks to your business. SMS Passcode have created an infographic and short video that capture the key facts from the latest research about the threat companies face from hacks.
Here’s a very useful webinar from our partners at Palo Alto Networks on the Harsh Realities of Cyber Protection.
If you have concerns about your risk to attack join our Ultimate Test Drive Event 15th April, London. Register here.
The endpoint is where the security war is now taking place; attackers are getting more advanced, deploying unknown exploits and unique malware that current day security is simply not equipped to prevent or even detect. Palo Alto Networks walk you through the shortcomings of existing endpoint security, and why it’s leaving your enterprise vulnerable to sophisticated and zero-day attacks, waiting for detection and remediation to step in, which is too little too late.