Identity Matters. We specialise in identity-centric network and security solutions. Understanding who is on your network, what they want to access, and how, allows us to deliver the best possible solutions to your business challenges. We partner with industry-leading technology vendors to ensure your network is fast, secure and highly-optimised.
By Vanessa Cardwell, Marketing Manager, Netutils
Views expressed in this post are original thoughts posted by Vanessa Cardwell, Marketing Manager, Netutils. These views are her own and in no way do they represent the views of the company.
In short, it was all about the latest networking and security innovations from Juniper Networks topped off with a few thrills! Hosted at Mercedes Benz World the workshop gave our customers the opportunity to hear first-hand from Juniper executives and technical experts about the latest innovations in networking and security from Juniper Networks.
In the morning Juniper experts delivered presentations on BYOD, security and networking innovation. We were delighted to also have the opportunity to experience demos of Juniper Network’s innovative Junos WebApp Secure solution and network management solution Junos Space. Following the workshop sessions our guests had the opportunity to experience the buzz of the Mercedes Benz World Driving experiences both on-track and off-road.
Great day all round – useful to meet and talk to other Juniper users and to hear about the other products that Juniper Networks offer during the various seminars. The afternoon driving experience rounded off a great day … thanks to Netutils!
Steve Collins, IT Manager, A Mclay & Company Ltd
The workshop is a fantastic opportunity for our customers to have some 1-2-1 time with Netutils technical experts and Juniper execs. It’s also great for us to spend some quality time with customers, supporting them and discovering more about their security and networking challenges, but what’s really important to us is the opportunity to get to know our customers better. It was a real pleasure to spend the day with a great bunch of people and we hope our customers valued and enjoyed the event as much as we did.
David Silsby, Sales & Marketing Director, Netutils
Please check out the recent video from a previous event for a taster of what was experienced on the day, or read on for workshop highlights.
Securing BYOD & Beyond
Jonas Gyllenhammar, Sr Consulting Engineer, Pulse Architect, EMEA at Juniper Networks
So we all know that BYOD is a great big fat industry buzz word these days, but what was really engaging about Jonas’ session was his point that the phenomenon of BYOD is not simply about bringing your own device, its more than that; it’s about a robust access management policy solution for your organisation and this requires a dynamic policy driven security enforcement solution. A bit of a mouthful perhaps but Juniper Networks’ end-to-end Pulse solution makes this straightforward. In short, it’s simply about 2 things:
- The User – are they known or unknown?
- The Device – corporately owned? BYOD, staff member with an unknown device? Or Guest with an unknown device?
Junos Pulse allows you to combine different users and devices. An end-to-end solution which covers all use cases delivering network wide policy orchestration.
Jonas spent some time detailing the different attributes of the Pulse solution – profiling, on-boarding, authentication, device / user authentication, role based access and network wide automatic threat mitigation. The Pulse solution keeps BYOD simple. It supports the requirement that users need BYOD in different flavours – light and full access. As well as providing full network access to known users and devices, it’s vital to have a simple identity based guest access solution for Wi-Fi access, keeping you compliant and secure. In short, Pulse allows you to deliver the right policies for the right use cases, making the access and on-boarding experience seamless for the user.
Securing the Datacentre
John Pennington, Security Sales Specialist, UKI at Juniper Networks
John’s session covered Juniper Networks’ security strategy. Combined with Juniper’s leadership in firewalls, remote access and their broad security product portfolio, they are the leaders in data centre security. John emphasised that whilst next generation firewalls and “inside-out” security threats are important, the most critical threat facing enterprises today is the emerging ‘outside-in’ threat, which accounts for 73% of all modern attacks. To counter this menace from sophisticated, persistent and well-funded organised groups trying to steal your customers’ money and intellectual property, Juniper have been aggressively investing in leading-edge technology to help secure the data centre now and in the future.
Juniper Networks’ have a suite of security solutions which augment the firewall to protect your business critical web applications.
Junos DDoS Secure
DDos attacks are becoming more and more prevalent and are a major problem for online businesses. Junos DDoS Secure can nullify these problems by continually monitoring and logging all inbound and outbound Web traffic. Junos DDoS Secure uses its CHARM algorithm, a sophisticated heuristic algorithm, to separate malicious from legitimate traffic, and is able to respond intelligently and in real time by dropping suspect or noncompliant packets as soon as the optimum performance from critical resources begins to degrade. DDoS Secure guarantees availability for legitimate users, even under the most extreme attack conditions with zero false positives.
Junos WebApp Secure
Juniper Networks Junos WebApp Secure is the first Web Intrusion Deception System that detects, tracks, profiles and prevents hackers in real-time.
Traditional web application firewalls are seriously flawed because of their reliance on a library of signatures to detect attacks and makes them susceptible to unknown (zero day) web attacks. Junos WebApp Secure stops attackers in the reconnaissance phase by inserting detection points or tar traps into web application code, these traps detect hackers when they manipulate the detection points during the reconnaissance phase of the attack, before they can establish an attack vector.
Junos WebApp Secure tracks attackers beyond the IP address. Many legitimate users could also be accessing the site from the same IP address—for this reason, Junos WebApp Secure goes beyond the IP address and tracks attackers more granularly, creating a unique digital fingerprint based on more than 200 unique attributes. The tracking techniques allow you to profile the attacker and record the attack. Every attacker is assigned a name and each incident is recorded along with a threat level based on their intent and skill. Junos WebApp Secure also responds to attackers, frustrating them in their efforts to hack your applications by slowing down the connection for example.
John urged customers to take a trial of both solutions and we urge customers to get in touch with us at Netutils if this is something they would like to explore in more detail.
Technical Demos – Junos WebApp Secure, Junos Space – Simplified, Unified Management
Ken O’Kelly, Senior Systems Engineer at Juniper Networks
Exponential growth in network traffic, changes in mobile user behavior, and the onslaught of new cloud services and applications are expanding the avenues available to malicious attackers. Managing enterprise security policy in these complex environments can become prone to error and overly time-consuming, especially if management solutions are slow, unintuitive, or restricted in their level of granularity and control. Poor policy management can also lead to security mis-configuration, making the enterprise vulnerable to sophisticated threats and regulatory noncompliance.
Junos Space is an open, secure, and scalable software platform that allows customers, partners, and developers to build and deploy simple, smart applications that manage and analyse network element data and optimise network infrastructure and operations management. Ken demonstrated the attributes of the Junos Space solution that allows customers to maximise their network value and scale solutions while reducing complexity.
Ken demonstrated the 2 main functionalities of Junos Space – Network Director & Security Director. Security Director provides efficient and cost effective management and allows you to scale management reach across your security and network devices and ease administration and reduce configuration errors through a responsive Web interface. Network Director offers a unified wired and wireless network management application featuring full life cycle management including pre and post deployment life cycle tools with single pane visibility to manage Network infrastructure, users and services.
Junos WebApp Secure
A demo which really captures attention, building on from John’s presentation on the solution earlier in the day in this simple demonstration we were able to show how easy it is to detect, identify, track and stop hackers in their tracks. The simple, clean interface of the solution allows for easy monitoring. Junos Web App Secure looks at two areas – Certainty and Specificity. This ensures that you are blocking the right activity without impacting your business, and identifying malicious behaviour that other solutions can’t even start to think about finding.
The demonstration of Junos WebApp Secure illustrates how the Juniper Networks’ security ecosystem adapts at the speed of risk, where allowing easy access is balanced with stopping attackers from getting what they want.
Please do contact a security specialist at Netutils if you would like further information on any of the solutions covered in our Innovation Workshop, and a big thank you to everyone who participated in this informative and fun event.
If you were unable to join us at this year’s IP EXPO then please do take a few minutes to view our video from the event and find out how Netutils along with Juniper Networks can support your security challenges now and in the future.
Ok, we know it’s not the done thing to talk about yourself and bang on about how much better we are than the competition but with so many different resellers out there how do you differentiate one from the other? We made a short video with our Sales & Marketing Director David Silsby to help you find out a little more about whats sets us apart. Thanks for watching.
Hosted at Mercedes Benz World, Juniper Networks’ and Netutils’ recent workshop on Innovative Transitions in Networking & Security provided an opportunity for our customers to learn about Juniper Network’s latest innovations in networking & security. Watch the video from the day here.
By Malcolm Orekoya, Technical Specialist, Netutils
Views expressed in this post are original thoughts posted by Malcolm Orekoya, Technical Specialist, Netutils. These views are his own and in no way do they represent the views of the company.
How do we enhance security but allow users access to the data and resources they need seamlessly and improve enterprise productivity, while still keeping up with the trends in mobility, consumerisation and cloud? The answer is by following those trends.
Look beyond the technology and look at the people that use the technology. This tells us two things: users do not prioritise security, and your enterprise productivity is directly related to the ability of your users to perform their tasks efficiently. So companies cannot adopt a “lock everything down” mentality. It is effectively a denial of service attack against yourself, because you are essentially denying access to the essential services needed by your users. So security, and enforcement of it, is solely the responsibility of the enterprise. It may sound harsh, but it is the reality; employees are accountable for the procedures, guidelines and policies to which they are required to adhere to.
The only viable way to build a secure network that moves with CoIT is to use existing corporate user identity systems (such as Active Directory, LDAP, SQL) to integrate with evolving ideas to automatically provision context-aware applications and resources.
So how to secure data and the network while still allowing seamless access and speedy resource allocation? Don’t ignore the trends in the IT industry. Cloud and hosted applications are continually increasing in adoption because they guarantee a certain level of security of access, ease of access, flexibility, automated provisioning, ease of upgrades, cross platform compatibility and reduced CAPEX, while maintaining compliance and security standards. The providers of these solutions are themselves heavily regulated and required to adhere to high standards of data and network security.
If you prefer to retain in-house control of applications, then virtual desktop infrastructure (VDI) means you benefit from reduced costs over time of purchasing user endpoint machines by moving to thin clients. But also these VDI platforms allow control of what applications employees have access to, and provide much more granular control on what tasks users can perform. Because a lot of the VDI platforms allow “hot-desking”, as user profiles are maintained on centralised servers, they provide access flexibility and remote access, which fit with CoIT needs.
Zero-Day protection is also another useful trend; the means by which an enterprise can protect its data and resources from threats and vulnerabilities that are currently unknown, so consequently do not have a fix. Zero-Day application exploits, targeted attacks, advanced information stealing malware and Advanced Persistent Threats (APTs) all pose a serious security threat to enterprises, but as these threats evolve, so does the approach to effective and manageable protection. Active defence, which discourages attacks by focusing on raising costs and risks to attackers, is slowly creeping into enterprise strategy. Proactive protection – including advanced Web Application Firewalls (WAF), counterstrike and intrusion deception techniques – are all protection methods that have seen a revival. For example, in 2012 Juniper Networks acquired Mykonos Software’s intrusion deception software (Junos WebApp Secure) to enhance its web application security portfolio. It places deception points along the way. When an attacker trips one of those tripwires, we are alerted to the fact they are there and can watch them.
The reality is that vulnerabilities and threats exist, and come from inside as well as outside the network. The biggest insider threats are the employees, but we can only educate staff on how to handle sensitive corporate data and how to use corporate resources. For outsider threats, innovation brings assistance.
By Malcolm Orekoya, Technical Specialist, Netutils
Views expressed in this post are original thoughts posted by Malcolm Orekoya, Technical Specialist, Netutils. These views are his own and in no way do they represent the views of the company.
Everything delivered by the IT department nowadays is frequently classified as a service function. With Consumerisation of IT (CoIT), the consumption of these services is affected by the trends in mobility, bring-your-own-device (BYOD) and cloud, which in turn puts pressure on the scalable infrastructure you need.
The number one risk management concern for IT managers with CoIT is security, but in what context? As workers become more mobile, adopting BYOD and accessing corporate applications and information remotely, an IT manager needs to be able to guarantee that the access and authentication from these devices is secure – as well as make sure that if these devices are lost or stolen, the information they hold and can access does not end up in the wrong hands.
One way of achieving this is via profiling based on the user, type of device (managed or unmanaged), resources being accessed, location being accessed from and the role of the user. For example, an employee using a corporate device, accessing the network remotely and an employee using a personally owned device, accessing the network via the wireless local area network (WLAN), are two distinct profiles that require different policy enforcement.
To minimise risk, authentication (user and device) needs to work with posture checking of endpoints, secure remote access, mobile device management (MDM) and secure wireless connectivity. An end-to-end security infrastructure is required; one that is easy to deploy and manage, as well as one that can provide the performance, access and integration needed. For example, Juniper Networks provides the single Junos Pulse endpoint client, capable of providing secure mobile remote VPN access and network access control (NAC), with role based access control and 802.1x authentication. In addition, the Junos Pulse Mobile Security Suite MDM is purpose-built for mobile devices and provides anti-virus, anti-spam, anti-malware, endpoint firewall, loss and theft protection and endpoint monitoring.
CoIT is not the same as BYOD; it covers the changing trend in the way technology is used. Therefore, cloud services such as storage (Dropbox, Box, Google Drive) and applications (Office365, Salesforce, GoogleApps) – as well as in house developed proprietary applications – all need to be secured within their virtualised environments.
The underlying infrastructure of the virtualised environment and the networking infrastructure (switches, routers, firewalls) needs to provide an end-to-end approach that is secure, scalable and resilient. For example, the single operating system in the Junos OS from Juniper Networks, runs across many of its security platforms, allowing administrators to consistently apply policies across the board without having to learn and manage a variety of systems. The innovative technology for securing the virtualisation space is Juniper Networks’ virtual gateway (vGW) product, which focuses on security within the hypervisor and between virtual machines as they communicate in the virtualised platform, as well as outbound. This is a further example of how vendors and manufacturers need to understand the elements that form the foundation of front end resources.
Numerous surveys have shown the impact of the proliferation of personally owned mobile devices onto the enterprise network. One of the impacts of this over the last few years has been the malware threat, and general increase in the amount of cyber threats specifically targeting mobile devices – especially Android devices. Risk management needs to focus beyond managing mobile devices via MDM platforms, to actually securing the corporate data in transit. This involves sandboxing technologies, such as Secure Virtual Workspaces (SVW), which were the initial and most popular solutions in the early days of mobility, to new smarter devices that encrypt data on the devices and in transit, or provide dual boot functionality with physically or logically separated segments on the device.
CoIT is here to stay; we have been talking about these trends for a few years now. If you are managing risk, the next step is to understand the solutions currently available, which will help manage it from end to end.
By Malcolm Orekoya, Network & Security Specialist, Netutils
Views expressed in this post are original thoughts posted by Malcolm Orekoya, Network & Security Specialist, Netutils. These views are his own
So everyone has been talking cloud this and cloud that for what seems like forever now and you can be forgiven for being completely confused at times as to what exactly cloud computing is and why all the fuss. The definition of “cloud computing” on Wikipedia probably sums it up best; “Cloud computing is the use of computing resources (hardware and software) that are delivered as a service over a network (typically the Internet)”+.
The reason for all the confusion is that cloud computing nowadays refers to several services such as Infrastructure as a service (IaaS), Platform as a service (PaaS), Software as a service (SaaS), Desktop as a service (DaaS), Storage as a service (STaaS), Security as a service (SECaaS) and many more variables. To make matters even more confusing, once you have got your head around the concept of cloud, you then have to deal with the options of “private cloud”, “public cloud” or “hybrid cloud”. So why are there so many services moving to some form of cloud?
Well, there are several reasons behind the proliferation of cloud services, but amongst them all the following will almost always fall within the top 5:
Security – This is a major issue for all organisations, from small to large and can be a headache for many IT business decision-makers. The amount of data that is being consumed by today’s users, across data centres around the world is outstanding and the requirement to make sure this data is securely accessed and secured from malicious activity is just as great; whether this is for regulatory/compliance requirements or not. Getting the secure infrastructure (hardware, software, data centre etc.) and expertise needed for today’s networks can be prohibitively expensive and time consuming for organisations, therefore offloading this responsibility to cloud providers makes sense. These providers spend their time and money to provide you with the secure and compliant network that you need, without you having to worry about anything other than your internet connections to the cloud.
Access – People want remote access to as much content as they can possibly get their hands on. Whether it is being able to work from home, an internet café or a pub, users expect to be able to access their personal and corporate data via the internet. In conjunction with this, the other big buzz in the industry “BYOD” (bring you own device) and the overabundance of mobile devices that support this trend, makes providing mobile access to your users at the top the agenda for most IT business decision-makers.
A Forrester Research on Mobility, Cloud and Big Data written in October 2012 reports that “In the last 18 months, 47% of businesses have seen increased demand from end users to bring their own devices to work”++. In order to meet these access demands alongside maintaining security, a lot of organisations find it much easier and cost effective to have part of their network accessible in the cloud and relieve them of the hassle of providing and maintaining the necessary platform to feed this ever growing access need.
Costs – Keeping an eye on the IT budget always plays a major part in any organisations decision making process for any project and being able to reduce costs over time is key. The fact is with the two reasons already mentioned above; any organisation that keeps its entire infrastructure hosted internally will continually have to spend on hardware, software, training and staff in order to keep up with the industry. Cloud services have become increasingly more cost effective and in many cases can provide a more efficient Return-on-Investment (ROI) for many services.
So now that we know what all the cloud fuss is about, why should we jump on the band wagon; for all we know this is all a ‘phase’ and things will soon return back to normal (some hope)? Well I’m sorry to be the bearer of bad news but that is not going to happen, cloud is here to stay for good and is a trend that is not likely to change direction any time soon.
In October 2012 Forrester Research also found that “44% of businesses have seen increased use of cloud services – from software and infrastructure to business processes as-a-service offerings”++ and Cisco’s second annual Global Cloud Index (GCI) has predicted that “within four years, two-thirds of all data centre traffic across the world – as well as workloads – will be cloud based”^.
Whether it’s for personal or business use the cloud has already changed the face of your network, in some cases without users having to do anything; I recently found out that by simply combining the free cloud storage space I get from my Hotmail, Gmail, Amazon, iCloud and Dropbox accounts, I’ve got nearly 30GB of free Storage as a service (STaaS) that I wasn’t even aware of.
The facts are internet bandwidth is cheaper than ever before; home users can now easily boast of 50MB internet connections at home. Internet content and ‘apps’ for work and play are richer and more widely available now than at any other time in history and the means of accessing this rich content via the plethora of fancy mobile devices is so accessible now, even six year olds have smartphones (as I recently found out at a birthday party I attended). The new way of working and playing involves the cloud and there’s no going back now.
Join us on stand 691 at Cloud Expo Europe 29th – 20th January 2013, National Hall Olympia. Find out about Cloudutils* – Cloud Solutions without Compromise. Solutions include Secure RADIUS and Managed Guest Access.
*Cloudutils is a wholly-owned subsidiary of Network (Utilities) Systems Ltd.
Thanks to everyone who visited us on stand recently at IPEXPO 2012. Unsurprisingly BYOD was a big topic. In this video blog we answer some of the key BYOD questions we were asked on stand covering areas like Mobile Device Management, user demands for 24/7 connectivity and security. We hope you find it useful.
Tiho Strabc, Wireless Specialist, Juniper Networks
From time to time we thought we could use this blog to post answers to questions submitted via our webinars. For starters please see below a response from Tiho Strabc, Wireless Specialist, Juniper Networks in answer to a question submitted via our latest webinar ‘BYOD & Mobile Threats – Is Your Network Simply Connected?’
What happens when a user with an untrusted device tries to access my network?
There are a few aspects to consider here: security, protection of the network and user experience. In short if a user tries to access a network that is simply connected with an untrusted device their access will be denied. However, what is equally important here is that this unauthorised access attempt is recorded and stored for any potential auditing purposes. It’s important to assess what kind of access this is and also to review if anyone is continually trying to access the network illegally, as this may affect the bandwidth performance for authorised users. There should be counter measures in place to ensure bandwidth is not wasted and that continual unauthorised access attempts don’t affect the network experience for the rest of your wireless users.