NetUtils Talks Security

NUTS Episode 1 (15 minutes)

Tune in to hear from Malcolm Orekoya, our CTO and host of the series and guest JP Kehoe from SKOUT Cyber Security as they introduce NetUtils Talks Security (NUTS) in our very first episode. Created with small to medium sized organisations in mind we’re here to help you make sense of the ever-changing cyber security landscape with real life information and actionable advice on how you can get protected. 

Discover more about:

  • The growing skills gap, the pace of change when it comes to cloud adoption and not to mention COVID
  • The increase in tempo and the complexity of cyber attacks with cyber security becoming more of a priority 
  • The need for partnerships and collaboration within organisations to harness unique skill sets

We’re NUTS About Security

Don’t forget you can register to attend here https://netutils.com/netutils-talks-security/

Robert Harris Joins NetUtils As Director of Global Service Providers

Cyber security and managed service provider announces its plans for their growing service provider team.

Robert Harris, NetUtils, Director of Global Service Providers

Kent, United Kingdom, Monday, 15th March 2021, NetUtils welcomes Robert Harris to the family to provide superior support to their existing customers and with a vision to broaden its global footprint within Tier 1 managed service providers.

“I am delighted to announce the signing of Robert Harris as Director of Global Service Providers to the team.” said Ashok Thomas, CEO for NetUtils. “Robert brings an outstanding wealth of global and partnership experience and the skills required to serve our broad range of Global Tier1 managed service providers.” 

“Joining NetUtils is an exciting prospect and challenge. I look forward to not only exploring and deepening their existing Tier1 managed service customers but also to support in progressing the growing number of prospects and opportunities we have seen develop over the coming months.” said Robert Harris, Director of Global Service Providers for NetUtils.

About NetUtils

NetUtils are a leading UK specialist integrator of network, security and data solutions for enterprise, telco, MSPs and ISPs. With more than 27-years history and over 400 enterprise and service provider clients including household names across finance, education, public sector, manufacturing, and healthcare, NetUtils brings its customers the depth and breadth of people, technologies and services to improve business performance in this ever-changing digital world.

NetUtils Media Enquiries:

Kara Jenkinson
Head of Marketing
t: 020 8783 3800 e: kjenkinson@netutils.com

w: www.netutils.com

NetUtils launches ‘Platinum’ managed cyber security services to help large enterprises rationalise the new normal

Cyber security pioneer launches UK’s most comprehensive managed service offering 16 core features with 24/7 SoC to help larger enterprises strengthen their end-to-end cyber security posture

Kent, United Kingdom – February 2021, NetUtils, a leading IT specialist has launched the UK’s most advanced and highly integrated managed cyber security service aimed at helping larger enterprises to improve cyber security defences while reducing operational cost and complexity. 

The new “Platinum Tier” includes a fully staffed, 24/7 Security Operations Centre (SOC) and is backed by NetUtils continued certification around the ISO 9001 and ISO 27001  standards and as a registered  Crown Commercial Service supplier.

The new top tier service offers every element a large enterprise should deploy based on best practice methodology and includes Advanced Endpoint Protection, Vulnerability & Patch Management,

Managed Firewalls, Email Security Gateway, Privileged Access Management and Cloud Access Security Broker capabilities. The built-in SOC services provides full-time security monitoring across devices and applications including Office 365 along with structured Security Awareness Training sessions and ongoing helpdesk service. The Platinum tier is available at under £45 per user per month with significant discounts for larger organisations.

“Larger enterprises are faced with the dual challenges of managing more remote staff while still trying to deliver the core IT projects that are critical to the business. Our Platinum Tier Managed Cyber Security services are based on feedback from several enterprise customers around what they need – and is effectively a formalisation of a number of disparate services that we have been delivering successfully for many years.,” says Ashok Thomas, CEO for NetUtils. “When you look at the overall cost and especially when you factor in our 24/7 SOC capability, our Platinum service will typically save enterprises with a 1000 staff or more, hundreds of thousands of pounds each year in operational cyber security costs – with the assurance of transparent SLA’s and round the clock expertise.”

The new Platinum tier managed security services also aim to address several challenges that have accelerated due to the ongoing pandemic including critical digitisation projects, reduction in IT budgets and ongoing cyber security skills shortage. According to recent research by PWC, a consultancy, that questions over 3000 senior executives at larger organisations; 96% of executives have shifted their cybersecurity strategy due to COVID-19 while 55% of respondents lack confidence when their cyber spending is allocated towards the most significant risks.

NetUtils has built a reputation for technical excellence and is the most certified Juniper Networks partner in Europe and maintains over 420 industry and vendor accreditations within its team including CISSPs and CISMPsFortinet’s NS7, and Juniper JNCIPs. As part of the managed cyber security services launch, NetUtils has invested over £1.2 million adding more staff, enhanced training, and additional data centre capacity to meet growing demand. 

As David Bundock, COO for NetUtils explains, “Our top tier managed security service helps to address the operational challenges and skills retention issues that larger organisations are facing at a time when external factors such as COVID and Brexit are impacting core business processes. Our technical expertise and ISO compliant processes can help large enterprises improve cyber security though a trusted partnership that allows them to focus on their core business without compromising on active cyber security controls and monitoring.”

More information on the new managed cyber security services including the new Platinum tier is available via https://netutils.com/managed-service-bundles/

https://netutils.com/managed-service-bundles/

About NetUtils

NetUtils are a leading UK specialist integrator of network, security and data solutions for enterprise, telco, MSPs and ISPs. With more than 27-years history and over 400 enterprise and service provider clients including household names across finance, education, public sector, manufacturing, and healthcare, NetUtils brings its customers the depth and breadth of people, technologies and services to improve business performance in this ever-changing digital world.

NetUtils Media Enquiries:

Kara Jenkinson
Head of Marketing
t: 020 8783 3800 e: kjenkinson@netutils.com

w: www.netutils.com

3 Facts About Cyber Security to Factor into Your Strategy Now

Last week I read this blog titled 3 Big Facts About Cybersecurity In 2020 To Remember For 2021 which talks about phishing, ransomware and The Dark Web. Whilst I agree with these 3 threats, it’s important to remember that a layered security approach for any organisation is key to the sustainability of growth and development. Yes, last year saw a rise of the distributed workforce, the fast adoption to the cloud and a massive increase in COVID related scams, which are still being executed by cyber criminals, thus making your company and all your employees more susceptible and an easy target especially when security most certainly was not and is not top of mind. 

For many the need for business continuity and getting up and running as soon as possible those few days before lockdown announcement number 1 massively outweighed concerns over networking and security. And why wouldn’t it! However now we face being in lockdown number 3, with no real idea of when we will be normal again or what normal might look like and still you’ve not addressed those ‘pesky’ security concerns.

So, following on from the blog mentioned above here are 3 key takeaways so you can start to take your cyber security back into your own hands. Remember cyber security is companywide and not just and IT issue.

1. Phishing Rules the Roost

Most of today’s nastiest threats have a common denominator: phishing. More than 80% of all cyber attacks are phishing based. That means that an essential part of keeping your business safe from cyber crime is keeping your business safe from phishing. Phishing attacks skyrocketed by over 600% in 2020, and that’s not going to go away. 

How to mitigate the risk?

People are a critical layer within your cyber security posture and with greater reliance on email communication, the dangers of phishing are even more apparent for businesses, especially in the form of ransomware. 

By committing your company to Security Awareness Training in this ever changing world will help protect against the growing and varying threats organisations face today. Don’t let those criminals leap to the golden opportunity that increased email usage creates for them to launch phishing attacks – and they’re branching out with more attempts through voice, text, messaging, and SMS.

2. Ransomware is Here to Stay

Ransomware was the most devastating and disruptive single threat type in 2020, and that looks set to keep going through 2021. More than 50% of businesses were impacted by ransomware in 2020. It’s become a favoured tool of hackers from sophisticated nation-state groups to cyber criminal gangs on The Dark Web. Experts estimate that a ransomware attack will take place every 11 seconds in 2021.

Cyber criminals aren’t just using ransomware to steal data anymore. In 2020 there’s been a trend towards ransomware being used to disrupt operations at businesses, manufacturers, essential services, infrastructure targets, and hospitals plus many organisations in other sectors worldwide. Just before the COVID-19 vaccine news started rolling in, cyber criminals were deploying ransomware against hospitals, pharmaceutical developers, laboratories, even cold storage trucking companies. They weren’t trying to steal data, they were trying to disrupt operations at critically needed organisations in order to score a big, quick payday, and they were successful in many cases.

How to mitigate the risk?

  • Don’t click links in emails
  • Scan emails for malware
  • Firewall and endpoint protection
  • Keep data backups, regular
  • Protect your information

3. Dark Web Danger is Real and Growing

The Dark Web is a complicated place, and just like everything else in the world, the chaotic nature of events in 2020 impacted the way it operates too. It hasn’t stopped growing – Dark Web activity has increased by more than 300% in the last 3 years. While it hasn’t been as much of a newsmaker as flashier things like nation-state hacking, make no mistake – it’s still an enormous threat to all businesses, and that threat is only growing larger with time.

The proliferation of information gathered in data breaches, especially in last year’s record-breaking year, provides ample fuel for cyber crime like credential stuffing and spear phishing. An article published on the 3rd February 2021 states more than 3 billion unique pairs of cleartext emails and passwords were leaked online from previous data leaks.

The growth of the cybercrime-as-a-service sector of the Dark Web economy also puts companies squarely in the crosshairs of bad actors. Plus, in a challenging economy, even cyber criminals are feeling the pinch and looking for new ways to rake in cash.

How to mitigate the risk?

Dark Web monitoring solutions are a security essential because it provides your company with something incredibly precious: time. By having your business credentials monitored 24/7/365 with our expert human and machine-powered analysis, you’re making it possible for you to find out if you’ve been a victim of credential compromise fast. Which gives your IT team time to address vulnerabilities before the bad guys even find them.  

No Company Can Afford A Cyber Security Nightmare.

Let NetUtils help you add strong cyber security protection at a price that won’t keep you up at night. To get you started we’d like to offer you a complimentary Dark Web scan and we’ll show you how our solutions can help you secure yours and your clients’ systems and data against today’s (and tomorrow’s) biggest threats fast.

Sources:

SonicWall NetExtender VPN Client and SMA 100 Zero-Day

Cyber Security Threat Advisory
25th January 2021

*Update 1/25: From SonicWall, “While we previously communicated NetExtender 10.X as potentially having a zero-day, that has now been ruled out. It may be used with all SonicWall products. No action is required from customers or partners. Current SMA 100 Series customers may continue to use NetExtender for remote access with the SMA 100 series. We have determined that this use case is not susceptible to exploitation.”

Threat Update

SonicWall has released a statement regarding their investigation into a “coordinated” attack against their internal network that they believe made use of zero-day vulnerabilities in their remote access point products.

Technical Detail & Additional Information

What Is The Threat?

The statement released by SonicWall does not offer a detailed account of the breach or the vulnerability, however they do state that they believe the attackers utilized zero-day vulnerabilities for their NetExtender VPN Client and Secure Mobile Access platforms. These platforms are used by enterprise environments to secure access to their internal networks, so any unreported and unpremeditated vulnerabilities represent a significant security risk for any enterprise that utilizes their products. They also do not reveal any information about the nature of the breach and how their network was affected.

In their coverage of the incident, ZDnet reports that, “Multiple sources in the threat intel community told ZDNet after the publication of this article that SonicWall might have fallen victim to a ransomware attack”. This has not been substantiated by SonicWall at this time.

What Is The Exposure Or Risk?

Affected Devices:

  • NetExtender VPN client version 10.x (released in 2020) utilized to connect to SMA 100 series appliances and SonicWall firewalls.
  • Secure Mobile Access (SMA) version 10.x running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances, and the SMA 500v virtual appliance.

According to SonicWall, the SMA 1000 series is NOT susceptible to this vulnerability.

What Are The Recomendations?

At the time of writing this advisory, SonicWall has not released any patch fix for the suspected zero-day vulnerability, however, they do recommend enabling MFA across all their devices. They have also provided the following remediations for each affected platform version:
SMA 100 Series: This product remains under investigation for a vulnerability, however we can issue the following guidance on deployment use cases: 

  • Current SMA 100 Series customers may continue to use NetExtender for remote access with the SMA 100 series. We have determined that this use case is not susceptible to exploitation.
  • We advise SMA 100 series administrators to create specific access rules or disable Virtual Office and HTTPS administrative access from the Internet while we continue to investigate the vulnerability.

References:

For more in-depth information about the recommendations, please visit the following links:

Advisory Source: https://getskout.com/cybersecurity-threat-advisory-0003-21-sonicwall-netextender-vpn-client-and-sma-100-zero-day/

NetUtils Named A Supplier on Crown Commercial Service’s Framework

Kent, United Kingdom – November 2020, NetUtils have been named as a supplier on Crown Commercial Service’s (CCS) Technology Products Catalogue framework.

NetUtils, a leading cyber security and managed services provider have recently announced they are to feature as a supplier on the Crown Commercial Services Technology Online Purchasing Content Framework. NetUtils are now able to provide their wide and diverse portfolio of cyber security and networking products and services via the platform.

The Technology Online Purchasing platform gives buyers a flexible, cost effective and efficient route to buy a range of technology products through an online catalogue. It is available to the UK public sector and their associated bodies and agencies.

Ashok Thomas, Chief Executive Officer, NetUtils said: “With continuously shrinking budgets and the growing IT skills gap the need to be on frameworks supports our vision in helping public sector procurement and gives them a trusted commercially aware partner to work with now and in the future.”

About Crown Commercial Service

Crown Commercial Service supports the public sector to achieve maximum commercial value when procuring common goods and services. In 2019/20, CCS helped the public sector to achieve commercial benefits worth over £1bn – supporting world-class public services that offer best value for taxpayers.

About NetUtils

NetUtils are a leading UK specialist integrator of network, security and data solutions for enterprise, telco, MSPs and ISPs. With more than 27-years history and over 400 enterprise and service provider clients including household names across finance, education, public sector, manufacturing and healthcare, NetUtils brings its customers the depth and breadth of people, technologies and services to improve business performance in this ever-changing digital world.

NetUtils Media Enquiries

Kara Jenkinson
Head of Marketing

t: 020 8783 3800 e: kjenkinson@netutils.com

w: www.netutils.com

Network Utilities joins Nokia Global Partner Program

Kent, United Kingdom – October 2020, Network Utilities today announced it has signed a channel partner agreement with Nokia.

As a result of this relationship, Network Utilities will market, distribute and service Nokia’s product line of AAA services and cyber security products.

Ashok Thomas, Chief Executive Officer, Network Utilities said: “Network Utilities is delighted to be partnering with Nokia to bring its AAA and cyber security solutions to our customers. We feel Nokia is the perfect partner to bring the breadth of experience and end-to-end solutions needed to help customers secure themselves against today’s ever evolving threats.”

Phil Siveter, Head of Enterprise UK&I, Nokia said: “The Global Partner Program is important to Nokia as it gives us a route into new and exciting enterprise customers. We are pleased to welcome Network Utilities to the Nokia Global Partner Program to drive growth and establish new customer relationships together.”

About Network Utilities

Network Utilities are a leading UK specialist integrator of network, security and data solutions for enterprise, telco, MSPs and ISPs. With more than 25-years history and over 400 enterprise and service provider clients. Network Utilities represents a great vehicle to share Nokia’s formidable capability traditionally housed in the telco arena with its enterprise customers.

Network Utilities Media Enquiries

Kara Jenkinson
Head of Marketing

t: 020 8783 3800 e: kjenkinson@netutils.com

Why Are So Many Organisations Turning to Managed Security Service Providers?

The technology industry is one that never stands still, but the cyber and security space specifically are even more fast paced than most other sectors of the industry. This in many cases can be attributed to the fact that the activities of cyber criminals are squarely focused on breaching enterprise security defences, because this is how they generate their income. Put simply your business is their primary target.

The pressures on IT operations, compliance and security posture are immense. Organisations constantly have to navigate the complexities of industry jargon and trends to keep abreast of the latest offerings and figure out the best fit for their business. This can be a full-time job in itself. But if IT is not your core business, then why should you burden yourself with managing it yourself?

The very nature of a Managed Security Service Provider (MSSP) is to alleviate the pressure by allowing you as a company to spend your time focusing on your core business, customers and innovation, in the knowledge that the necessary tasks that are required to keep your company safe and operational are in hand with the experts.

The Experts

An MSSP is a specialist, who’s core business is IT. As a result, you’re leveraging the expertise of a bigger team, who are up to date in all areas, that is, not just on general industry knowledge or the threat landscape, but also on the specific solutions and applications deployed within your business. It’s our responsibility to make sure the tools we use and the services we provide are always best of breed.

We spend the time and investment to train our teams, to get certified and fully compliant. We spend the time working closely with our vendor partners to understand the best ways of installing and using their products. We spend the time evaluating new and innovative solutions to the market.

We put in all the hard work, so you don’t have to.

Proactive Operational Efficiency

Managing the daily IT related tasks of most organisations can take most of the working day. Focusing on continuous improvements to revenue generating business critical tasks as well as customer service improvements, is what in many businesses determines their bottom line. It should not be surprising to learn therefore that most IT related operational improvements and security tasks can often be relegated to the back of the line. As long as things are working, then in many cases businesses are content and happy to focus their attentions elsewhere. Until of course something goes wrong.

By outsourcing the important IT operational management tasks to a trusted MSSP, you are ensuring that your IT environment remains operational at all times, because it is the responsibility of your provider to take care of security advisory notices, security patching, configuration management, access management, performance management, availability management, audit management and many other mundane but absolutely essential tasks to maintain a highly available and secure infrastructure. It’s our responsibility to be proactive on your behalf rather than reactive.

Speed of Implementation

It is no secret that there is a growing trend for many companies to outsource certain services, be that networking, telecommunications, cloud or security services. Besides the obvious cost savings and controls it affords, it certainly also helps free up internal resources and time. But there is one other major reason why MSSP services are being consumed at quite a staggering rate and that is speed.

Speed of implementation, widely known as how fast one can act on an idea, strategically or tactically, is often times what can set you apart from your competition. With the massive growth of cloud adoption and the improvements in its capabilities, we see a huge increase in the abilities of an MSSP to provision and deliver services to customers that would have previously taken weeks or months in only days and even hours in some cases. The reason for this is often that the provider has already provisioned its service capabilities ahead of time, so the service is simply ready to onboard new customers as and when they are ready. This of course takes a lot of planning and forethought on the part of the MSSP in order to be able to offer these ready to go services, so it can be said that the customers speed of implementing a new or replacement service is directly related to that provider taking earlier action.

We’ve launched 4 new managed service bundles to help small and medium sized businesses gain enterprise class technologies and services wrapped up in a per user per month price.

Priced from as little as £8 per user per month it’s never been easier or more cost effective to have the big tech normally out of reach to smaller businesses. These bundles combine between 4 and 16 cyber security services ranging from Endpoint Protection and Email Security Gateway all the way up to a fully-fledged SOC.

Secure Remote Access Emergency Readiness – Top Tips

How to ensure business resiliency, user productivity and security

Many circumstances and compliance obligations require organisations to activate or rapidly extend remote access capabilities as part of a business continuity strategy.  Beyond impacting user productivity, this emergency workplace shift can stress IT infrastructure and operations. With advanced planning, crises that require immediate, increased and varied remote access capacity should not increase threat exposure, cyberattack and data leakage risks.

Top Tips

Here are some important Secure Access Emergency Readiness tips to ensure business continuity, operational efficacy and protected accessibility.

Understand your remote access needs in terms of users, applications and resources in order to assess respective physical, virtual or user-based connection capacity and throughput. 

Identify key applications and resources, whether on-premises or cloud, that will require increased capacity and apply to an emergency capacity plan. 

Explore application and security tool license and capacity shifting options set in advance with your vendors to handle burst utilisation. 

Review and maintain application, data and role mapping to ensure users only access the resources they need, and have processes in place to quickly respond to user or role escalation and ad hoc privileged access and revocation. 

Consider virtual and cloud environment deployment and clientless mode to allow for more rapid on-demand deployment and scalability. 

Establish Disaster Recovery (DR) sites to provide secure access services in case of a primary site outage or failure and explore Secure Access solutions’ DR options for active/active or active/ passive modes. 

Build, publish and review emergency remote work guidelines, resources and communications. 

Activate advanced secure access usability features for streamlined access, such as: always-on, per-application and simultaneous tunneling, configuration lock down, clientless operation and online portals. 

Ensure emergency means to simulate on-premise access, including Layer-3 access to a specific subnet, HTML5 access to local machines, or Virtual Desktop Infrastructure by privileged users and technicians. 

Enforce endpoint compliance policy and activate self-remediation capabilities to reduce phishing and ransomware threats introduced by increased remote users and potential vulnerable devices. 

Invoke mobile device security options, such as mobile VPN, device security, segregating corporate apps and information, and data encryption to allow for broader for corporate and personal device use. 

Utilise Adaptive Authentication and User Entity Behaviour Analytics (UEBA) to better understand and react to new user/device usage, as well as unwanted and anomalous activity. 

Leverage usage analytics, bandwidth “throttling” and optimised gateway selection capabilities to better distribute workloads and to deliver “essential” applications to users without performance degradation. 

In a world where natural and man-made disasters occur, we want to help keep your business running effectively and securely so you can focus on what’s really important – and keeping your employees, friends, and family safe. If and when these unplanned events and disasters intensifies, organisations must adjust for increased stay, connect and work from home mandates. Beyond impacting user productivity, this emergency workplace shift can stress IT infrastructure and operations.

Download the Pulse Secure Solution Brief

Download the Secure Remote Access Emergency Readiness Solution Brief here to get these important tips to ensure business resiliency, user productivity, and continued secure access.