[Press] NetUtils strengthen public sector offering with leadership, Crown Commercial Supplier status and managed services investment.

Steve Nicholls joins UK’s most qualified cyber security provider to focus on helping public sector organisations strengthen security and gain better value for money.

Kent, United Kingdom – 6th, July 2021, NetUtils, a leading IT specialist has appointed Steve Nicholls as its new Commercial Director– a move that coincides with its acceptance onto the Crown Commercial Services Technology Services 3 framework and major SoC investment to deliver flexible cyber security services to public sector organisations across the UK.

Over the last 28 years, Nicholls has gained a proven track record working in high pressure, high growth environments at leadership positions within SolarWinds and telent including successful, large scale projects with the MOD, London Ambulance Service, Maritime and Coastguard Agency, Network Rail and DEFRA. 

Steve Nicholls

It is clear that the impact of the recent health crisis has led to a significant increase in our national debt and the public sector is likely to face a period of belt tightening in response.” says Nicholls. “Yet, the ongoing digital transformation across national government, local authorities, health and education shows no signs of slowing down. This makes robust and cost-effective IT and cyber security a major requirement and the perfect focus for a highly-regarded specialist such as NetUtils that is well-known for delivering cost effective services.”

NetUtils has also been accepted across multiple lots of the recently published Crown Commercial Services Technology 3 procurement framework. The seven lots span areas including technology strategy and service design, operational services, major services transformation programmes, integration, and management.

The appointment of Nicholls is part of a multi-million-pound investment by NetUtils to recruit additional staff with enhanced training and expanded data centre capacity to deliver an enhanced IT services portfolio. For public sector, this includes a highly integrated managed cyber security service to help organisations strengthen their security posture and meet growing compliance requirements such as the Cyber Essentials Plus framework that becomes mandatory for all NHS Trusts this year. 

NetUtils has also created special public sector pricing for its 16 cyber security managed services ranging from Endpoint Protection and Email Security all the way up to fully fledged SOC services.  “The public sector has different procurement, operational and contractual requirements than the private sector and our new portfolio reflects these nuances with an offering that is not just technically sound but also commercially compelling,” Nicholls adds.

With a heritage spanning over 27 years, NetUtils is one of the UK’s longest serving specialist integrators of network, security, and data solutions. Today, it serves over 400 public sector, enterprise and service provider clients including many listed within the FTSE 100. NetUtils has built a reputation for technical excellence and is the most certified Juniper Networks partner in Europe and maintains over 420 industry and vendor accreditation within its team including CISSPs and CISMPsFortinet’s NS7, and Juniper JNCIPs. NetUtils is one of only a handful of UK suppliers to maintain  ISO 9001ISO 27001 and Cyber Essential certification. 

Although a new addition on the Crown Commercial supplier framework, NetUtils has worked with over 200 public sector clients during the last 27 years. These include central government agencies, local, district and county councils, numerous NHS trusts and every ‘blue light’ emergency service. 

The extensive list includes the Royal Borough of Kensington & Chelsea, Fife Council, State Hospitals Board for Scotland, London Borough of Hammersmith & Fulham, Police & Crime Commissioner for South Yorkshire and Newcastle Upon Tyne Hospitals NHS Trust.

Ashok Thomas

“Public sector has always been a major area for us and Steve joining the team along with our acceptance within the Crown Commercial Services framework is a new focus that recognises that the public sector needs better value for money from IT – and especially within cyber security,” says Ashok Thomas, CEO for NetUtils. “We are a highly focused and agile supplier that has built our business organically by delivering tangible results for our customers and our ongoing investment will help us to address the needs of a larger public sector client community.”

About NetUtils

NetUtils are a leading UK specialist integrator of network, security and data solutions for enterprise, telco, MSPs and ISPs. With more than 27-years history and over 400 enterprise and service provider clients including household names across finance, education, public sector, manufacturing, and healthcare, NetUtils brings its customers the depth and breadth of people, technologies and services to improve business performance in this ever-changing digital world.

NetUtils Media Enquiries:

Kara Jenkinson
Head of Marketing
t: 020 8783 3800 e: kjenkinson@netutils.com

w: www.netutils.com

NetUtils Named a Supplier on Crown Commercial Service’s Framework

Kent, United Kingdom – June 2021, NetUtils have been named as a supplier on Crown Commercial Service’s (CCS) Technology Services 3 (RM6100).

Crown Commercial Service supports the public sector to achieve maximum commercial value when procuring common goods and services. In 2019/20, CCS helped the public sector to achieve commercial benefits worth over £1bn – supporting world-class public services that offer best value for taxpayers.

NetUtils, a leading cyber security and managed services provider have recently announced they are to feature as a supplier on the Crown Commercial Services Technology Services 3 (RM6100) framework. NetUtils are now able to provide their wide and diverse portfolio of cyber security and networking products and services via the platform.

Technology Services 3 (RM6100) is the next iteration of Technology Services 2 framework, which continues to cover traditional Information and Communication Technology (ICT) services, from strategy through to transition and operational deployment. 

The agreement includes new services which have been requested throughout the customer and supplier engagement. This means whether a customer simply needs to buy support for end user devices or a complete long-term transformation of their technology services, Technology Services 3 is the ideal route to market, with services ranging from more ‘off-the-shelf’ services designed to meet a simple set of needs or more bespoke solutions to meet a complex set of customer requirements.

Lot 1 – Technology Strategy & Service Design

What it’s for?

  • If a customer needs to make a change to their technology estate, but doesn’t know what direction to go in and needs expert help, this is the Lot they’d use

 Why would the Customer use it?

  • When a customer requires market expertise to help set their technology strategy and then create the supporting service design
  • To create an output that would then provide an implementation roadmap via the other lots within TS3

Lot 3b – Operational Management

What it’s for?

  • To provide customers with the operational management of the complex technology estate that supports their organisation from infrastructure to security

 Why would the Customer use it?

  • To access the right tools and processes required to manage a complex technology estate effectively
  • To implement effective and robust cyber security across all their technology from physical devices to networks to access management

Lot 3c – Technical Management

What it’s for?

  • To provide access to the expert support required for the hardware and software that underpins customers technology estates

Why would the Customer use it?

  • When they have a complex network supporting wired, wireless, and mobile connectivity that needs ongoing management and support
  • To ensure they are able to effectively track and maintain all their technology assets from acquisition through to disposal

About NetUtils

NetUtils are a leading UK specialist integrator of network, security and data solutions for enterprise, telco, MSPs and ISPs. With more than 27-years history and over 400 enterprise and service provider clients including household names across finance, education, public sector, manufacturing and healthcare, NetUtils brings its customers the depth and breadth of people, technologies and services to improve business performance in this ever-changing digital world.

NetUtils Media Enquiries

Kara Jenkinson
Head of Marketing

t: 020 8783 3800 e: kjenkinson@netutils.com

NetUtils Named A Supplier on Crown Commercial Service’s Framework

Kent, United Kingdom – November 2020, NetUtils have been named as a supplier on Crown Commercial Service’s (CCS) Technology Products Catalogue framework.

NetUtils, a leading cyber security and managed services provider have recently announced they are to feature as a supplier on the Crown Commercial Services Technology Online Purchasing Content Framework. NetUtils are now able to provide their wide and diverse portfolio of cyber security and networking products and services via the platform.

The Technology Online Purchasing platform gives buyers a flexible, cost effective and efficient route to buy a range of technology products through an online catalogue. It is available to the UK public sector and their associated bodies and agencies.

Ashok Thomas, Chief Executive Officer, NetUtils said: “With continuously shrinking budgets and the growing IT skills gap the need to be on frameworks supports our vision in helping public sector procurement and gives them a trusted commercially aware partner to work with now and in the future.”

About Crown Commercial Service

Crown Commercial Service supports the public sector to achieve maximum commercial value when procuring common goods and services. In 2019/20, CCS helped the public sector to achieve commercial benefits worth over £1bn – supporting world-class public services that offer best value for taxpayers.

About NetUtils

NetUtils are a leading UK specialist integrator of network, security and data solutions for enterprise, telco, MSPs and ISPs. With more than 27-years history and over 400 enterprise and service provider clients including household names across finance, education, public sector, manufacturing and healthcare, NetUtils brings its customers the depth and breadth of people, technologies and services to improve business performance in this ever-changing digital world.

NetUtils Media Enquiries

Kara Jenkinson
Head of Marketing

t: 020 8783 3800 e: kjenkinson@netutils.com

w: www.netutils.com

A Deep Dive on How to Catch Phish

The modern email threat. The simple plain text email appearing to come from the CEO asking the junior finance or accounts payable team member to immediately settle the overdue invoice from an irate supplier, that has just called them personally to complain.

Call it Business Email Compromise (BEC) or CEO Fraud, it’s still a targeted phishing attack, and the number of incidents has been rising steadily. Trend analysis here at CensorNet shows that these emails will soon account for 1% of all emails processed – or 1 in every 100 messages our customers receive.

Defending against this particular threat continues to be a major focus for the team, and an area of significant innovation and investment.

Whilst FBI Operation WireWire resulted in the arrest of 74 individuals in multiple countries last week – that still leaves plenty more Phish in the sea.

The problem with CEO fraud email messages is that they are notoriously difficult to detect.

In a recent attack, the only attribute of a message that was changed was the ‘Header From’ field. The display name in Outlook (other email clients are available) showed the CEO’s name.

(Note: Even the From address in < > next to the display name showed something similar to this email address – donotreply@executiveteeammailbox.com – which should have been enough to alert the user, but security education is not the topic of this blog post).

Nothing about the sender or sending server was suspicious. The IP address was not in any blacklist, the MX record was valid, the sending server matched domain and responded to an smtp probe. There was no SPF record.

We’re still undecided as to whether this makes the attacker super-smart or simple-stupid. The simplicity of the attack meant the message was likely to make it through most email defences, but would rely heavily on the recipient user being half asleep.

What this example does provide, is crystal clear evidence of the need for an ultra-modern and multi-layered approach to email security.

Traditional pattern matching / recurrent pattern matching technology is as much use as a chocolate teapot.

Content analysis – looking for message content that includes ‘urgent wire transfer’ or similar language can be effective but comes at a price. And that price is a risk of false positives – incorrectly identifying legitimate emails as ‘Suspect’.

Although, you could argue that quarantining the occasional message chasing payment of an invoice will help cash flow and is still better than inadvertently transferring $25,000 to an account in China or Hong Kong.

Algorithmic analysis is a powerful weapon in the arsenal for identifying scam emails, but even with over 1,000 algorithms examining over 130 elements of the message (in less than 200ms, about half the time it takes to blink), there was little (read nothing) to fire on in this case.

What was interesting about this particular attack was the domain that was used. It wasn’t a recently registered or new domain – it was almost a month old. It wasn’t a nearby domain (or cousin or typosquatting domain), so Levenshtein distance (one of our favourite algorithms due to its power and simplicity) wasn’t helpful. But. The registrant had a history of criminal activity – registering domains and using them in attacks – and that meant a high threat intelligence risk score.

What the attack also highlights is the need to identify the real names of key individuals in external emails – particularly in ‘Header From’. Building a list of names of the executive team and board members, and anyone else that’s an active spokesperson for the organization, and quarantining messages that contain those names, might not be sophisticated but is still a very valid defence.

As a last resort, some email security solutions rely on the user entering in to a conversation with the attacker – asking for more details about the outstanding invoice, or exactly what detailed (confidential or personal) information the sender needed – building up a risk score with each message exchange until a threshold is reached.

CensorNet invest in combining technologies and techniques that identify and block the initial inbound email. Tracking smtp conversations is still interesting. If a user receives an email from a sender for the first time that also contains potentially suspicious content, then a banner across the top of the email advising caution might just be enough to cause them to stop and think!

Ultimately a combination of content analysis, threat intelligence and executive name checking would have stopped this super-smart, simple-stupid attack. Is it time to think differently about email security.

Ultra-modern, multi-layered defence wins again.

Source: https://www.censornet.com/resources/blog/

Webinar Recording – Vulnerability Assessment Service

During this webinar you will learn how our service:
 Addresses the very real threat of insecure web applications
 Provides a snapshot of your current security posture highlighting issues requiring attention
 Quickly discovers security flaws in your network perimeter
 Scans and re-scans at your convenience and no extra cost
 Gives you reporting that’s simple to understand
 Provides evidence of ‘best practice’ whilst balancing budget expectations

Webinar: Network Utilities Managed Security Services

Here at Network Utilities we offer a range of services and enhanced support from simple pen testing to 24/7/365 telephone support to fully managing your IT security. The aim is to remove the burden of niggling IT issues or staff shortages allowing you to focus on your critical projects and business objectives.

Watch our snappy 30 minute webinar with our Principle Technology Strategist; Malcolm Orekoya and hear about our:

  • Security-as-a-Service
  • Network and Security Health
  • Training and Support services
  • Enhanced Support Services

Do you need any more info? Call us on 020 8783 3800 or fill out the form below.

.

Webinar: Supporting your journey to compliance and beyond

The financial implications of not being compliant are enormous let alone the reputational damage that comes with a data breach! Data moves throughout your organisation at an alarming rate and data privacy will affect all parts of your business.

We can provide you with practical, pragmatic advice on meeting and maintaining regulations such as GDPR and the incoming ePrivacy regulation enabling organisations like yours to meet regulatory obligations and business goals.

Watch our on demand webinar and get some key questions answered:

  • Will there be a grace period?
  • Who owns the risk when it comes to data in your organisation?
  • What is data portability?
  • What is a data protection officer?
  • Is it mandatory to have a data protection officer?
  • How and when do you obtain consent?
  • Will you need a Privacy Impact Assessment?
  • What actions should you take next?

Register here to join our next webinar in the series on the 12th September – Network Utilities Managed Security Services.

Webinar: Prepare for tomorrow’s cyber threats today!

Watch our on demand webinar and take a dive into today’s data and cyber security threat landscape with our Principle Technology Strategist; Malcolm Orekoya and hear about:

  • The evolution of ransomware
  • How to boost cyber security awareness within your organisation
  • Data portability in your organisation
  • The importance of encrypted data visibility
  • How to prepare for the impact these cyber threats will have on your organisation

Network Utilities’ Services puts your business first, reduces your risk and helps you ensure your network is safe, secure, fast and compliant.

Network Utilities and EfficientIP partner to help customers become GDPR compliant

In July 2016 Network Utilities and EfficientIP announced their partnership agreement to provide UK based customers with EfficientIP DDI solutions and draw on Network Utilities’ recognised expertise in the market and expand EfficientIP’s existing partner network in the UK region. Both company’s solutions will help organisations in a variety of public and private industries – particularly telecom – to protect their critical applications from growing threats, as well as integrate advanced network infrastructure.

With new legislation coming into effect in May 2018, this is a critical time for all organisations to focus on the strength, resiliency, and intelligence of their networks to avoid data breaches and ensure GDPR compliance. Now is the time to start building a GDPR-compliant infrastructure and providing sufficient security at the DNS level can save companies huge amounts of money and help avoid unnecessary GDPR proceedings.

David Silsby, Network Utilities Sales Director, believes this continued partnership will be beneficial to prospects and customers: “This new GDPR legislation puts the responsibility on companies to make sure their networks are as secure as possible, which will mean much more than just protecting the companies data it means protecting the whole infrastructure. No one can afford to ignore GDPR and working together with EfficientIP, Network Utilities will be able to offer customers a more enhanced security offering.”

David Williamson, EfficientIP CEO, is also looking forward to a continued partnership: “The addition of Network Utilities to our partner group is key to bringing new adaptive security solutions to their customers. The past two years have seen a dramatic increase in cyber security attacks, and DNS has been confirmed as being a weak point of the network infrastructure. We have the solution for this in our 360° DNS Security, and Network Utilities has the expertise to apply it as part of their offering.”

Network Utilities will be hosting a webinar with Martin Wellsted from EfficientIP on the 3rd May.  Register here and find out more about DNS exfiltration and how to prevent the unauthorised transfer of data from your organization.

EfficientIP webinar Twitter v2

 

Busting The Top Four Myths About Hacking

By Torben Andersen, CCO, SMS PASSCODE

Are you protecting your data with just a password? If your answer is no, and you have strong multi-factor authentication in place, then good job: you are free to go out and enjoy the sunshine. If you answered yes, then stick around for a few more minutes to learn why a password alone is not enough to secure access to your corporate networks and applications.

Still here? Okay then, allow me to start by busting some of the typical myths about hacking today.

1# Myth – Hackers only target the big brands
blog-image-1

When big brands like Target, eBay, Adobe, and Sony are hacked, it’s big news for business and mainstream publications. Don’t be fooled: big companies aren’t the only ones being targeted. In fact, research shows that 31 percent of all hacking attacks were aimed at businesses with fewer than 250 employees.

2# Myth – You have nothing valuable for hackers to steal

blog image 2.jpgFair enough. Not everyone is fortunate enough to be storing breakthrough research with the potential to revolutionize your industrythe world if only you can keep it secret long enough to secure a patent. But what about your business email? Email often contains highly sensitive data, such as competitive bids, investment plans or pipeline information. Imagine the damage if these details were to fall into the wrong hands.

There’s even more low-hanging fruit to steal if hackers breach your network. Customer records, credit card information and even employee user credentials are worth as much as $50 USD per record when sold on the Internet. An entire shadow economy has emerged online with brokers selling stolen user records; according to the FBI, cybercrime has become even more profitable than drug-related crimes. This makes everyone a target.

3# Myth – Your anti-virus and network vulnerability tests will keep you safe

blog-image-3Patch management, updated anti-virus applications and frequent network vulnerability tests are all good weapons in a defense against hackers. However if you are not securely authenticating your users when they access your corporate networks or applications, then you’re leaving the front door open for the hackers. Research shows that weak or stolen passwords are exploited in 76 percent of all network breaches. So, yes, this really is the hackers’ preferred way in.

4# Myth – Hackers are teenagers lurking in a basement somewhere

For most of us, the word “hacker” prompts images of pale teenage boys with long hair, black t-shirts and a serious grudge against Microsoft. While many hackers probably still fit this description, the reality is that the hacker has evolved. Today’s hacker is highly-educated, well-connected, and well-equipped, enjoying a high-income profession as a professional cybercriminal. The hackers have some powerful tools at their disposal, and many poorly-protected victims has made hacking easier than ever before, resulting in cybercrime becoming the fastest growing crime type in the world.

Hackers’ motive is most often financial gain, but “hacktivism” is also becoming a growing threat to nations and organizations that don’t sympathize with the hacker’s cause.

Knowing what’s myth and what’s fact is essential to avoid running unnecessary risks to your business. SMS Passcode have created an infographic and short video that capture the key facts from the latest research about the threat companies face from hacks.

Additional Resources: