tag:blogger.com,1999:blog-37703489511628460272024-03-14T07:54:14.178+00:00blog.andytang.comA Cyber Security professional, who currently holds EU GDPR Practitioner, CISSP, MCSE:Security and MCTS certifications.andytangukhttp://www.blogger.com/profile/04703509194371482031noreply@blogger.comBlogger235125tag:blogger.com,1999:blog-3770348951162846027.post-45570145120553084692018-08-15T16:56:00.000+01:002018-08-15T16:56:19.944+01:00When you read "Putting Stickers On Your Laptop Is Probably a Bad Security Idea"...<a href="https://motherboard.vice.com/en_us/article/pawvnk/stickers-on-laptop-operational-security-bad-idea">https://motherboard.vice.com/en_us/article/pawvnk/stickers-on-laptop-operational-security-bad-idea</a><br />
<br />
There is a quote from the article that says: “Conferences, border crossing[s], airports, public places—stickers will/can get you targeted for opposition research, industrial espionage, legal or investigative scrutiny,”<br />
<br />
It looks like I may need a travel laptop!<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-frvOgs8Utu4/W3RMz4nRTnI/AAAAAAABJR8/U6_h0xb9y1EUrvvnLYqTPL91ksPG3-FNwCLcBGAs/s1600/IMG_20180815_165011.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1200" data-original-width="1600" height="480" src="https://3.bp.blogspot.com/-frvOgs8Utu4/W3RMz4nRTnI/AAAAAAABJR8/U6_h0xb9y1EUrvvnLYqTPL91ksPG3-FNwCLcBGAs/s640/IMG_20180815_165011.jpg" width="640" /></a></div>
<br />andytangukhttp://www.blogger.com/profile/04703509194371482031noreply@blogger.com0tag:blogger.com,1999:blog-3770348951162846027.post-5792324869826612982018-08-08T23:52:00.001+01:002018-08-08T23:55:29.242+01:00Blogging overhaulI bought this domain over 18 years ago on a whim. Since then little has been done with it, except host this blog, and use the web page to redirect here.<br />
<br />
After all the changes to Chrome and the recommendation for HTTPS sites, that needed fixing for both my website and this blog. It would be strange to got to a secure blog that was hosted on HTTP!<br />
<br />
After digging out old passwords, I've transferred my host name from China (I have no idea how it ended up there) and brought it LCN. I've opted to create a simple website to mimic the sort of information I have on LinkedIn, and enabled HTTPS on Blogger.<br />
<br />
I realise I've left this blog alone for around a year, around the same time I took on a new role at work. As I've got into the swing of things, I'll get this blog back on track with a focus on cyber security.<br />
<br />
I may back fill the last year's worth of blogs about major breaches and incidents, but we'll see as the focus will be new articles and comments going forward. As a sign of things to come, and giving it a name and logo makes it "a thing", I've created a simple logo to use with this blog.<br />
<br />
Enjoy the new content going forward!<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blog.andytang.com/"><img alt=" blog.andytang.com" border="0" data-original-height="271" data-original-width="500" height="173" src="https://1.bp.blogspot.com/-396goHmZyWw/W2t0T6IIk_I/AAAAAAABJJY/X-Dc2fA74WEIsAqDq_P5kGhCn_FxvsWVQCLcBGAs/s320/logo-web-transparent.png" width="320" /></a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />andytangukhttp://www.blogger.com/profile/04703509194371482031noreply@blogger.com0tag:blogger.com,1999:blog-3770348951162846027.post-91701962115529145262017-09-15T20:18:00.000+01:002017-09-15T20:18:25.350+01:00VMworld Europe 2017 - General Session Keynote<div style="text-align: justify;">
I attended my second VMworld this year, which you may find odd as I rarely blog about virtualisation or VMware. VMware is changing and security is now more apparent in the solutions and roadmap. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
On Tuesday 12th September, we had a General Session Keynote from Pat Gelsinger - VMware CEO.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The VMware vision was similar to the previous year, but there are new partnerships with telcos, moving the telco networks closer to cloud, as well as the growth of IoT.</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-Z6kTjKo8bEQ/WbwYerZbOTI/AAAAAAABAD8/VInwVgf8_vYJ15w4iH6ISDr-DQciLNMPQCLcBGAs/s1600/Vision.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="541" data-original-width="966" height="358" src="https://4.bp.blogspot.com/-Z6kTjKo8bEQ/WbwYerZbOTI/AAAAAAABAD8/VInwVgf8_vYJ15w4iH6ISDr-DQciLNMPQCLcBGAs/s640/Vision.JPG" width="640" /></a></div>
<br />
<div style="text-align: justify;">
Gelsinger talked about the mix of devices, applications, and platforms causing the core challenge. There needs to be anywhere access for people to the applications, but it's complicated. There is a mass of devices, applications, services and security.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
He is only reiterating the challenges securities have been facing for a number of years, with the increase in Shadow IT, less complimentary but highly connected applications, and uncertainty of any associated security.</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-PvN18RFXRjY/WbwZL9dn2bI/AAAAAAABAEI/AoxeJ_4zrvs8NtYDqc0OXLgvvG_WLBJLACLcBGAs/s1600/Muddle.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="539" data-original-width="967" height="356" src="https://1.bp.blogspot.com/-PvN18RFXRjY/WbwZL9dn2bI/AAAAAAABAEI/AoxeJ_4zrvs8NtYDqc0OXLgvvG_WLBJLACLcBGAs/s640/Muddle.JPG" width="640" /></a></div>
<br />
<div style="text-align: justify;">
Workspace One is the solution, grown from AirWatch to supporting iOS, to work with many more operating systems, including Google Chrome. </div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-4r3W-mlvB0o/WbwaJOpuKgI/AAAAAAABAEU/3TiEW7vmSh0QfLtvx4PaoBMX0-k_PN-1ACLcBGAs/s1600/ws1.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="409" data-original-width="959" height="272" src="https://1.bp.blogspot.com/-4r3W-mlvB0o/WbwaJOpuKgI/AAAAAAABAEU/3TiEW7vmSh0QfLtvx4PaoBMX0-k_PN-1ACLcBGAs/s640/ws1.JPG" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div style="text-align: justify;">
MDM (Mobile Device Management) solutions have had to grow into EMM (Enterprise Mobility Management) solutions, w here it's no longer just the management of the device, but also the applications, the content, the availability and in my world, the identity and security.</div>
<div style="text-align: justify;">
<br /></div>
<span style="text-align: justify;">Gelsinger moved to security, highlighting the target has moved form just applications and data, to user infrastructure, including users and devices, but also cloud infrastructure of the network and compute, as these are seemingly under the control of the security team.</span><br />
<span style="text-align: justify;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-imiSCcFjs9g/WbwgPIh2bSI/AAAAAAABAEk/BObxYQZ88L4_DMHTIheTDHZ9IwgNAKuTQCLcBGAs/s1600/security.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="533" data-original-width="962" height="354" src="https://4.bp.blogspot.com/-imiSCcFjs9g/WbwgPIh2bSI/AAAAAAABAEk/BObxYQZ88L4_DMHTIheTDHZ9IwgNAKuTQCLcBGAs/s640/security.JPG" width="640" /></a></div>
<span style="text-align: justify;"><br /></span>
<br />
<div style="text-align: justify;">
The gasps when some of the audience was shocked with this slide, where the security guys have been working with and understanding a number of different areas. Security people know that security spend is increasing, but the cost of breaches are increasing even quicker. As <span style="text-align: justify;">Gelsinger</span><span style="text-align: justify;"> says, "your spending more and falling further behind", "something is broken" and "we the tech industry have failed you the customers". "We need a new approach"</span></div>
<span style="text-align: justify;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-5aipjJmh3LQ/WbwgU2cGKbI/AAAAAAABAEo/uMW-raDXIXwcCgUT5gFwd4TUv497zdXCgCLcBGAs/s1600/sec1.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="394" data-original-width="879" height="286" src="https://1.bp.blogspot.com/-5aipjJmh3LQ/WbwgU2cGKbI/AAAAAAABAEo/uMW-raDXIXwcCgUT5gFwd4TUv497zdXCgCLcBGAs/s640/sec1.JPG" width="640" /></a></div>
<br />
<div style="text-align: justify;">
There needs to be move from infrastructure to secure infrastructure. Security needs to be built in, not an after thought, as I have been saying for a number of years. There needs to be an integrated ecosystem, leveraging quality solutions and products, where you do not excel. All of this with cyber hygiene regime. </div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-rK6eUM8Hxfc/WbwiUoiowJI/AAAAAAABAE0/SjIlvKJ2awMY6TMr-x67CmlNf7j58r-vACLcBGAs/s1600/sec2.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="495" data-original-width="957" height="330" src="https://4.bp.blogspot.com/-rK6eUM8Hxfc/WbwiUoiowJI/AAAAAAABAE0/SjIlvKJ2awMY6TMr-x67CmlNf7j58r-vACLcBGAs/s640/sec2.JPG" width="640" /></a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
I'm glad that a tech giant like VMware is embracing cyber security and embracing the areas, I believe are the most important. The pillars of cyber hygiene are important for every environment. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Least Privilege, Micro-segmentation, Encryption, Multi-Factor Authentication and Patching, have been evangelised by security experts for a number of years. So great to these elements are now considered mainstream.</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-r1NX9lciXR0/Wbwi2wt8kRI/AAAAAAABAE8/wJFuKiAfZtwFG_3SYdVgMuKc4blGe05gQCLcBGAs/s1600/sec3.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="439" data-original-width="952" height="294" src="https://2.bp.blogspot.com/-r1NX9lciXR0/Wbwi2wt8kRI/AAAAAAABAE8/wJFuKiAfZtwFG_3SYdVgMuKc4blGe05gQCLcBGAs/s640/sec3.JPG" width="640" /></a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
As expected the EU General Data Protection Regulation (EU GDPR) came up in the keynote, and of course VMware are able to support the regulation by securing the data, automating governance and secure operations.</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-e9_94WvVKoE/WbwkO1_5-xI/AAAAAAABAFI/taJ0Cm_ic8wF_fWmovUowa4QiweUCKQ6ACLcBGAs/s1600/gdpr.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="526" data-original-width="953" height="352" src="https://3.bp.blogspot.com/-e9_94WvVKoE/WbwkO1_5-xI/AAAAAAABAFI/taJ0Cm_ic8wF_fWmovUowa4QiweUCKQ6ACLcBGAs/s640/gdpr.JPG" width="640" /></a></div>
<br />
<div style="text-align: justify;">
Gelsinger introduced VMware AppDefense and how it helps the security challenge able to capture, detect and respond.</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-f6wME6qJkFI/Wbwlk7dZJKI/AAAAAAABAFY/F4oLX0pJRDkR0J-70mOKQz9iDoCQtYTcQCLcBGAs/s1600/appdefense.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="497" data-original-width="957" height="332" src="https://2.bp.blogspot.com/-f6wME6qJkFI/Wbwlk7dZJKI/AAAAAAABAFY/F4oLX0pJRDkR0J-70mOKQz9iDoCQtYTcQCLcBGAs/s640/appdefense.JPG" width="640" /></a></div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div style="text-align: justify;">
VMware approach is looking at the security challenges of a business, without the business itself becoming a security expert.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
I think it's a very exciting time for a security person to be looking at VMware, and I'm glad I was at VMworld Europe 2017 to see this for myself.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
For those unable to attend, the General Session is available to watch here: <a href="https://www.vmworld.com/en/europe/video/general-sessions.html" target="_blank">https://www.vmworld.com/en/europe/video/general-sessions.html</a> (where I also got the screen grabs, as the photos didn't come out so well)</div>
andytangukhttp://www.blogger.com/profile/04703509194371482031noreply@blogger.com0tag:blogger.com,1999:blog-3770348951162846027.post-77595719758794518912017-08-30T11:23:00.001+01:002017-08-30T11:24:10.634+01:00Phishing and passwords - 3 years on<div style="text-align: justify;">
Nearly three years ago, I wrote a blog piece about the <a href="http://blog.andytang.com/2014/09/icloud-compromise.html" target="_blank">compromise of iCloud accounts</a> aka "The Fappening". In the last 3 years there have been little improvement to the users interacting with phishing attacks, and it's disappointing to hear of the <a href="https://thehackernews.com/2017/08/frappening-celebrity-photos.html" target="_blank">Fappening 2017</a>.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Phishing</b></div>
<div style="text-align: justify;">
I've been guilty in the past to blame users for not checking the constructs of an email, and detecting incorrect domain names, etc, but with the technology available today, this shouldn't be the job of an email users. Using a mainstream web-based email solution, these checks are done for you:</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-WY2wafcxsxE/WaaEY01-_5I/AAAAAAAA_HY/kgAG_HnJixAEGma-H0YrpLiCNlLyWXi9wCLcBGAs/s1600/spam.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="924" data-original-width="999" height="588" src="https://2.bp.blogspot.com/-WY2wafcxsxE/WaaEY01-_5I/AAAAAAAA_HY/kgAG_HnJixAEGma-H0YrpLiCNlLyWXi9wCLcBGAs/s640/spam.JPG" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: justify;">
In a commercial environment, there are email filtering solutions to prevent the user from ever seeing these in the first place.</div>
<div class="separator" style="clear: both; text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: justify;">
<b>Passwords</b></div>
<div class="separator" style="clear: both; text-align: justify;">
The previous advice around <a href="http://www.bbc.co.uk/news/technology-40875534" target="_blank">regularly changing passwords</a> may not have been the best, as people will just increment numbers, and typically the password will become weaker. The advice now is to use stronger passwords and use a password manager to secure these passwords.</div>
<div class="separator" style="clear: both; text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: justify;">
<b>2-Step Verification</b></div>
<div class="separator" style="clear: both; text-align: justify;">
Many websites, including Facebook, LinkedIn, Twitter, WhatsApp and many more, support the use of 2-step verification. This is a process where you log into one of these websites with your username/email address and your password. Before you can gain access to the site or application, it will text your nominated mobile number with a code, which will need to be entered into the website before you can gain access.</div>
<div class="separator" style="clear: both; text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: justify;">
Even if your login details were compromised, a hacker would be unable to gain access to the site or application without access to your mobile phone.</div>
<div class="separator" style="clear: both; text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: justify;">
These solutions are provided free of charge, so it would make sense to enable this wherever possible.</div>
<div class="separator" style="clear: both; text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: justify;">
<b>So what?</b></div>
<div class="separator" style="clear: both; text-align: justify;">
So some people's iCloud accounts were compromised due to falling for a phishing attack... so what?</div>
<div class="separator" style="clear: both; text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: justify;">
Well looking at security and the principles in play, this also makes corporate networks susceptible to these sorts of hacks. Phishing attacks happen to gain access to corporate credentials, in fact worse so, as there are also spearphishing attacks. Phishing attacks are typically broad brush attacks, spreading the net (excuse the pun) wide. Spearphishing is targeting an individual, such as a member of the senior management team, or someone with administrative credentials, enabling access to personal information.</div>
<div class="separator" style="clear: both; text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: justify;">
<b>Privileged Access Management</b></div>
<div style="text-align: justify;">
The priority for any organisation, is the protection of administrative passwords, typically known as Privileged Access. Depending on the analyst's reports you read, 80-100% of data exfilration compromises have required administrative credentials.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Privileged Access Management is a technology to grant administrative access to a user, without them knowing the password. The technology will securely store the password, and is also able to change the password once the user is done with that session. What could be more secure than a user unaware of the administrator password? </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Some other benefits include the ability to record the screen of the user session, as well as in depth analytics.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Securing passwords</b></div>
<div style="text-align: justify;">
Whether you are a home user, or a corporate user, passwords have always been important, but password security is more important than ever. Whatever the situation, there are ways to secure the password and minimise the damage a hacker can do.</div>
andytangukhttp://www.blogger.com/profile/04703509194371482031noreply@blogger.com0tag:blogger.com,1999:blog-3770348951162846027.post-80819159052664987622017-05-26T21:03:00.000+01:002017-06-12T21:06:40.490+01:00Pull the budget and suffer the consequences: the NHS ransomware attack [Link: Information Age]I was asked to help source an article about WannaCry on the NHS. Here is the article that was published on the Information Age website: <a href="http://www.information-age.com/pull-budget-suffer-consequences-nhs-ransomware-attack-123466474/" target="_blank">http://www.information-age.com/pull-budget-suffer-consequences-nhs-ransomware-attack-123466474/</a><br />
<br />
=========================================<br />
<h4>
Why wasn’t more done to protect NHS organisations from the WannaCry ransomware attack?</h4>
<br />
Ransomware infects computers around the world every day. In the last 18 months, instances of it have surged so prolifically that today it is the most common type of malware. However, the WannaCry strain hit the headlines because it brought large parts of the NHS to a crunching halt.<br />
<br />
This is the problem with malware, it can have devastating effects. We don’t know what the real-world physical implications of WannaCry have been, for instance, patient treatments. Perhaps we will never know.<br />
<br />
At a first glance, it appears almost criminal to be running operating systems that are no longer supported, in the case of the NHS, Windows XP. This was in no way helped by the government pulling the plug on an XP support contract to save money.<br />
<br />
The ransomware infection was so serious that the government chaired a Cobra meeting, code for official panic. While patching an operating system is a fundamental security step, there can be a number of issues that complicate the process.<br />
<br />
For instance, an organisation with a desktop fleet consisting of thousands of PCs might simply have not set up its configurations correctly, leaving holes in its patching process through which malware can insinuate itself.<br />
<h4>
<br />Risk register</h4>
<br />
Some organisations might be reluctant to automatically apply operating system patches because they could cause conflicts with business critical applications. In short, they might be unable to patch for fear of slowing down, or even halting other parts of the business.<br />
<br />
In both these cases there should be at least an awareness of the potential risks. It could be that an IT team is stretched thinly and is juggling other issues such as networking or storage, and consequently security slides down the list of priorities. This isn’t uncommon.<br />
<br />
In these cases IT should be creating a Risk Register which is essentially a list of system vulnerabilities of why they exist, how they can be remediated and why they haven’t been addressed. This could be because of budget limitations or some other reasons.<br />
<br />
The C-level executive team should sign off on the ‘risk register’ to show that they are aware of the issues and have accepted responsibility. This protects IT from any fallout should a serious breach occur, and also illustrates that they are doing their job.<br />
<br />
<h4>
Finger pointing</h4>
<br />
The WannaCry breach led to a lot of finger pointing and within hours had also become a political hot potato. Many people in the industry were quoted saying that defences are only as strong as the weakest link.<br />
<br />
This is a self-evident truth, but in this case a very large condemning finger was pointed at end users. The implication was that a naïve employee or cluster of employees had clicked on an email link which unwittingly unleashed the worm-like WannaCry ransomware.<br />
<br />
Phishing emails are increasingly sophisticated and even the most alert and astute end user can be fooled if the mail is targeted and well-crafted. The only problem with blaming end users is that it smacks of scapegoating and is essentially an abnegation of responsibility. However, there has been no evidence to suggest that WannaCry was initiated by an email or spread by user interaction.<br />
<h4>
<br />First lines of defence</h4>
<br />
End user education and training is important and should certainly be more than an annual box ticking exercise. As well as patching operating systems, it should be a last line of defence and certainly not the first line.<br />
<br />
Any organisation that is serious about IT security will have a range of defences in place to safeguard against these types of attacks. For instance, an email security gateway with sandboxing will filter out ransomware even if a user clicks on a malicious link. A web security filter with sandboxing will protect against drive by downloads, in which someone has to just visit a website to inadvertently download malware.<br />
<br />
Web filtering tools in conjunction with a good firewall can detect dubious websites, as well as flag traffic that is leaving an organisation for a questionable destination. Of course there is also heuristic and signature detection, so if malware does penetrate the network it is immediately detected and stopped.<br />
<br />
Added to this are a raft of endpoint tools that can protect devices, and we’re not just talking about patching operating systems but also patching browsers, plug-ins and third party software for vulnerabilities. On top of this, admin rights should be removed from endpoints so software doesn’t automatically run by default.<br />
<h4>
<br />Lack of willingness</h4>
<br />
In short, the tools are available to protect organisations from ransomware and other types of malware, and they don’t have to be the latest and the greatest either. The real question is whether the willingness to take security seriously is there? Given the large number of attacks that happen regularly you’d have to say it’s not. For instance, if there’s commitment then budget is always made available to help over stretched IT teams.<br />
<br />
Clearly in the case of the NHS the funding was missing, and if the government doesn’t yet fully understand the importance of comprehensive cyber security then who will? Will it take loss of life before someone sits up and takes security seriously?andytangukhttp://www.blogger.com/profile/04703509194371482031noreply@blogger.com0tag:blogger.com,1999:blog-3770348951162846027.post-9856363195299137682017-05-26T18:18:00.000+01:002017-06-12T21:19:39.794+01:00Exclusive Networks Takes GDPR Message on The Road [Link: CommsBusiness]I was asked by our Distributor, <a href="http://www.exclusive-networks.com/uk/" target="_blank">Exclusive Networks</a> and Vendor, <a href="http://www.gemalto.com/" target="_blank">Gemalto</a> for a quote regarding a bus they were using to promote GDPR (General Data Protection Regulation). This was published on the CommsBusiness website: <a href="http://commsbusiness.co.uk/news/exclusive-networks-takes-gdpr-message-on-the-road/" target="_blank">http://commsbusiness.co.uk/news/exclusive-networks-takes-gdpr-message-on-the-road/</a><br />
<br />
===========================================<br />
<br />
Exclusive Networks and digital security company Gemalto are taking the GDPR message on the road. A refitted double-decker bus began its UK tour in York on 23rd May, finishing at Infosec in London on 6th June. The bus will be making stops at key regional centres where channel partners and customers can meet security experts from Exclusive Networks and Gemalto and hear how a six-step process can aid GDPR readiness and compliance.<br />
<br />
According to Exclusive Networks’ vendor alliances director, <a href="https://www.linkedin.com/in/stuart-nairne-clark-7145013/" target="_blank">Stuart Nairne-Clark</a> “many partners are still confused and lack clear understanding on the whole GDPR topic and what it means for them and their customers. Because there is no silver bullet – it’s as much about people and process as it is technology – by coming aboard they’ll get first-hand guidance on what’s needed to become compliant. They will hear directly from Data Protection Officers, understand the essential legal requirement and see how the latest multi-factor authentication, encryption and key management tools aid GDPR compliance. Already large and small organisations from right across the commercial, public and charity sectors are booked on and given it’s such a comprehensive regulation we encourage all partners and their customers to sign-up. It’s the ideal setting to engage with compliance, data protection and encryption experts.”<br />
<br />
<a href="https://www.linkedin.com/in/andrewtang/" target="_blank">Andrew Tang</a>, service director – security, at reseller <a href="http://www.mti.com/" target="_blank">MTI</a> noted that “being a GDPR Practitioner I appreciate there is no precedent for what is coming. Understanding both the regulation and its context is essential if partners are to work with their customers to build an effective GDPR strategy and plan. My customer meetings are now all GDPR related so having the bus clinic pass by the door of many customers, especially the 50% or so who are just beginning to get to grips with the subject, is invaluable. It is doubly invaluable when you consider the only technology set mentioned within the regulation is encryption, and that is something Gemalto does best.”<br />
<br />
The Exclusive Networks and Gemalto GDPR Bus clinic will be stopping in York, Leeds (25/5), Chesterfield (26/5), Birmingham (30/5), Milton Keynes (31/5), Oxford (1/6), Reading (2/6), Alton (5/6) and London (6-8/6). Seats aboard the bus are pre-booked and partners can sign-up here. In addition, a survey is being conducted to gauge how far those affected by the regulation have progressed along the road to compliance.<br />
<br />
<a href="https://www.linkedin.com/in/hartjason/" target="_blank">Jason Hart</a>, identity and protection CTO at Gemalto added: “With a year or so left until the regulation is enforced it is essential partners and customers cut through all the noise and understand what they need to do on their road to compliance. Plenty of reports show a general state of un-readiness and lack of understanding. By taking the issue on the road we can reach more partners and customers and get to explain how Gemalto’s data protection, encryption and identity authentication technologies are essential in securing compliance and avoiding crippling penalties.”andytangukhttp://www.blogger.com/profile/04703509194371482031noreply@blogger.com0tag:blogger.com,1999:blog-3770348951162846027.post-86782126561987050132017-05-23T13:45:00.000+01:002017-05-23T13:45:33.250+01:00So you have WannaCry 2.0, what next?<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-5_7dGdmkIVk/WSQTM-cIyRI/AAAAAAAA7hM/oRZKZgfjLvQ5V41Le1TO-lA7CE2qKl0SwCEw/s1600/wannacry_05_1024x774.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="482" src="https://4.bp.blogspot.com/-5_7dGdmkIVk/WSQTM-cIyRI/AAAAAAAA7hM/oRZKZgfjLvQ5V41Le1TO-lA7CE2qKl0SwCEw/s640/wannacry_05_1024x774.png" width="640" /></a></div>
<br />
So you machine is infected, what can you do?<br />
<br />
<h4>
Immediate Action</h4>
<br />
<ol>
<li>Find all the machines vulnerable to MS17-010. This can be done using scanning tools or wholesale apply the patch to all machines.</li>
<li>On the infected machines, don't pay the ransom - Research suggests that payment will get your files back two thirds of the time.</li>
<li>Try the WannaCry <a href="http://thehackernews.com/2017/05/wannacry-ransomware-decryption-tool.html" target="_blank">decryption tool</a> and skip to step 5 on.</li>
<li>If the decryption tool fails, re-install your operating system - remembering to patch it.</li>
<li>Install a good malware protection solution, switch on real-time updates and update it.</li>
<li>Scan your machine with your newly installed and updated malware protection software.</li>
<li>Re-install essential applications, remembering to check for patches, and switch on auto updates.</li>
<li>Copy back data from backups, remembering to scan it as you do. One of your backup files could be infected.</li>
</ol>
<h4>
Next Steps</h4>
<br />
<div>
<ol>
<li>Create a standard user account for general use, and keep the administrator account for configuration changes only. Although WannaCry did not need administrator credentials, other ransomware does.</li>
<li>Consider Application Whitelisting to ensure only known applications are able to execute on your machine.</li>
<li>If you existing firewall allows it, switch on web filtering to prevent traffic to known malicious sites.</li>
<li>Consider using an IPS (Intrusion Prevention System) to protect your network. </li>
<li>A Web Security Gateway to monitor and prevent traffic to malicious websites, and sandboxing to scan unknown packages.</li>
<li>An Email Security Gateway can monitor and scan emails, working in combination of a sandbox to scan unknown attachments, and a Web Security Gateway to validate URLs within emails. Although email was not the delivery mechanism for WannaCry, it is for pretty much 90+% of ransomware.</li>
<li>Check existing backups and/or start doing backups.</li>
</ol>
<h4>
Planning for the future</h4>
</div>
<br />
<div>
<ol>
<li>User training is important, but it must be remembered that WannaCry 2.0 wasn't propagated by email and didn't require user interaction to install or spread.</li>
<li>Ensure an open policy for users to report to IT Teams or Information Security Teams with any suspicious behaviour on their machines.</li>
<li>Test the environment with simulated attacks to ensure the People, Process and Technology work hand in hand together.</li>
</ol>
</div>
andytangukhttp://www.blogger.com/profile/04703509194371482031noreply@blogger.com0tag:blogger.com,1999:blog-3770348951162846027.post-18430114464997917462017-05-23T13:17:00.002+01:002017-05-23T13:17:48.756+01:00WannaCry/WCRY 2.0 - What do we know?<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-5_7dGdmkIVk/WSQTM-cIyRI/AAAAAAAA7hI/DUjnZ2WifkMjbWxgx3Pr2-hUGTfC1Q61gCLcB/s1600/wannacry_05_1024x774.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="483" src="https://3.bp.blogspot.com/-5_7dGdmkIVk/WSQTM-cIyRI/AAAAAAAA7hI/DUjnZ2WifkMjbWxgx3Pr2-hUGTfC1Q61gCLcB/s640/wannacry_05_1024x774.png" width="640" /></a></div>
<br />
On Friday 12th May, we were all made aware of a <a href="http://www.bbc.co.uk/news/technology-39901382" target="_blank">global ransomware attack</a>, which hit nearly 200 countries, infecting over 300,000 Windows machines. Named WannaCry/WCRY 2.0, it encrypts your data and demanded a ransom of US$300 payable in Bitcoins (electronic currency).<br />
<br />
<h4>
Timeline</h4>
<br />
Looking back to earlier in 2017, shows how WannaCry evolved.<br />
<br />
<i>14th March 2017 </i>- Microsoft leased a patch it classified as Critical as part of its month patch cycle. The patch was called <a href="https://technet.microsoft.com/en-us/library/security/ms17-010.aspx" target="_blank">MS17-010</a> which resolved a vulnerability in the SMBv1 server on machines running Windows workstation and server operating systems.<br />
<br />
<i>14th April 2017 </i>- <a href="https://arstechnica.com/security/2017/04/nsa-leaking-shadow-brokers-just-dumped-its-most-damaging-release-yet/" target="_blank">Shadow Brokers leak the NSA hacking tools</a> which exploited the MS17-010 vulnerability.<br />
<br />
<i>14th April 2017 </i>- WannaCry/WCRY 1.0 was released<br />
<br />
<i>12th May 2017</i> - WannaCry/WCRY 2.0 was released<br />
<br />
<h4>
History</h4>
<br />
WannaCry/WCRY 1.0 was a spam campaign, which delivered its payload via compromised or malicious Dropbox accounts. To all intents and purposes, it felt like a typical ransomware attack, delivering an email with a link, the user clicking on the link to download the ransomware, the ransomware would exploit a vulnerability (in this case MS17-010) and then encrypt the data.<br />
<br />
<h4>
Why is WannaCry/WCRY 2.0 different?</h4>
<br />
It is believed that WannaCry/WCRY 2.0 was not distributed via email, nor was it caused by clicking on a link.<br />
<br />
WannaCry/WCRY 2.0 scans for Windows machines that are running SMBv1, and will try to infect them. I say try to infect them, because if the machine had the MS17-010 patch installed, it could not be infected. The ransomware will exploit the vulnerability, install and encrypt the data. WannaCry/WCRY 2.0 also has a worm like characteristic, where it will scan the local network and random external IP address to see if they are running SMBv1 and try to infect them as well.<br />
<br />
The clever part of this ransomware, is that it requires no user interaction to initiate it or to spread it.<br />
<br />
<h4>
What as the criminal gain?</h4>
<br />
Some organisations have been monitoring the Bitcoin wallet and they estimate that the financial gains from this attack is in the region of US$65-70,0000, which doesn't sound like a great deal.<br />
<br />
<h4>
Whose vulnerable now?</h4>
<br />
Using <a href="https://www.shodan.io/" target="_blank">Shodan</a> it's possible to search for Windows machines on the internet using the SMBv1 protocol. Of course, it doesn't show if these machines have been patched to prevent MS17-010 from being exploited.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-YTdsiNXIiH8/WSQoRQRpXDI/AAAAAAAA7hY/XTDMHbdY-ZoxzSthDXknOHg6cFlsSH48ACLcB/s1600/shodan.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="https://3.bp.blogspot.com/-YTdsiNXIiH8/WSQoRQRpXDI/AAAAAAAA7hY/XTDMHbdY-ZoxzSthDXknOHg6cFlsSH48ACLcB/s640/shodan.JPG" width="314" /></a></div>
<br />andytangukhttp://www.blogger.com/profile/04703509194371482031noreply@blogger.com0tag:blogger.com,1999:blog-3770348951162846027.post-78868314501964163012017-05-14T00:25:00.000+01:002017-05-14T00:25:37.099+01:00So you have Ransomware, what do you do?I've put a <a href="http://blog.andytang.com/2017/05/the-anatomy-of-ransomware-and-how-to.html" target="_blank">lengthy blog post about ransomware</a>, but you just want a quick and simple answer?<br />
<br />
Your machine is infected and your have this screen:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-mb3mnrdi948/WReSQHLaIwI/AAAAAAAA7GQ/TsgwnuL_qc8tanBjjm4Dt1bA-RIGfjDLwCLcB/s1600/rw.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="231" src="https://3.bp.blogspot.com/-mb3mnrdi948/WReSQHLaIwI/AAAAAAAA7GQ/TsgwnuL_qc8tanBjjm4Dt1bA-RIGfjDLwCLcB/s400/rw.jpg" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: justify;">
</div>
<ol>
<li>Don't pay - Research suggests that payment will get your files back two thirds of the time</li>
<li>Re-install your operating system - remembering to patch it!</li>
<li>Create a standard user account for general use, and keep the administrator account for configuration changes only.</li>
<li>Install a good malware protection solution, and update it</li>
<li>Scan your machine with your newly installed and updated malware protection software.</li>
<li>Re-install essential applications, remembering to check for patches, and switch on auto updates.</li>
<li>Copy back data from backups, remembering to scan it as you do. One of your backup files could be infected.</li>
</ol>
<div>
Going forward:</div>
<div>
<ul>
<li>Be mindful of any email attachments or links within emails</li>
<li>Continue to update malware protection, operating system and applications</li>
<li>Ensure backups are happening to prevent data loss, and even consider multiple backup destinations</li>
<li>Only use the admin account for configuration changes</li>
</ul>
<div>
This advice is more based for home users, but your can see the relevance to organisations as well. For a more detailed look at ransomware, and what approach a organisation can take, have a look <a href="http://blog.andytang.com/2017/05/the-anatomy-of-ransomware-and-how-to.html" rel="nofollow" target="_blank">here.</a></div>
</div>
andytangukhttp://www.blogger.com/profile/04703509194371482031noreply@blogger.com0tag:blogger.com,1999:blog-3770348951162846027.post-21761476714808730762017-05-13T23:46:00.001+01:002017-05-13T23:46:54.878+01:00The Anatomy of Ransomware - and How to Prevent from Impacting YouAfter the <a href="http://www.bbc.co.uk/news/world-europe-39907965" rel="nofollow" target="_blank">global cyber attack with ransomware</a>, there is much advice out there suggesting the problem would have been prevented with point products, training or procedures. I'm going to outline a generic ransomware attack below, so that the defences can be understood. I'm going to outline what you can do as a home user, corporate user, or corporate IT team.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://media.licdn.com/mpr/mpr/AAEAAQAAAAAAAArQAAAAJDMyZjRhZWIwLWY2OWItNDVhOS04MWVhLWE1MWFkNTYyZTBkNQ.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="334" src="https://media.licdn.com/mpr/mpr/AAEAAQAAAAAAAArQAAAAJDMyZjRhZWIwLWY2OWItNDVhOS04MWVhLWE1MWFkNTYyZTBkNQ.jpg" width="640" /></a></div>
<br />
<h4>
Delivery of Ransomware</h4>
<br />
Depending on the research you read, you can see that 93-98% of ransomware is delivered by email. The remaining delivery methods can be via websites, whether a drive by download, malvertising or malicious website; or via removable media.<br />
<br />
As a home user, a good quality endpoint protection solution would be recommended. Try not to click on email attachments, dubious weblinks or using removable media you are unsure about. Look to only have standard user profiles and not administrator rights on your everyday profile, and enter the admin credentials when needed.<br />
<br />
As a corporate user, the advice is similar to a home user, try not to click on email attachments, dubious weblinks or using removable media you are unsure about.<br />
<br />
As a corporate IT team, email and web gateway solutions should be protecting the email and web traffic. The endpoint should have good quality multi layered protection. Ensure that users do not have local administrator rights. Sandboxing solutions on the network would analysis the unknown traffic coming into the network and ensure the email, web and endpoint vectors are covered. Consider device control solutions if removable media is a big entry point into the network. User education can help, but it needs to short and regular, and not many hours once a year.<br />
<br />
<h4>
Exploit the Endpoint</h4>
<br />
The ransomware's next task is to find a vulnerability on the endpoint, in order to exploit it and install the ransomware. This is when the advice is to patch your operating system, or check and install the updates to your machine. It's lesser known that the other software on your machine also has vulnerabilities, such as the third party software, like Java, Adobe Reader, etc, as well as the internet browsers and add-ons.<br />
<br />
As a home user, change the settings on the operating system and software to automatically check and install the updates. Consider removing applications that are rarely used, as some may not check for updates until they are used.<br />
<br />
As a corporate user there is typically little you can do, as this should be controlled by the administrators. If you are able to run the updates, check regularly. If you are able to install applications, consider what you are installing and switching on auto updating.<br />
<br />
As a corporate IT team, ensure there is a robust patching regime. Ensure patches are deployed to Microsoft operating systems as close to "Patch Tuesday" as possible, to prevent there being a "Hack Wednesday". Ensure the patching regime goes beyond operating systems, covering off the third party applications, browsers and add-ons. Consider Application Control solutions to limit the applications on the endpoints. With the server environment, consider using IDS/IPS or "Virtual Patching" solutions in order to protect the servers until patch remediation can be carried out in a scheduled maintenance windows, allowing for testing of patches prior to deployment.<br />
<h4>
<br />Installation of Ransomware</h4>
<br />
The installation of the ransomware will typically be disguised as a system process, so can go undetected by traditional or single layers of defence.<br />
<br />
As a home user with the administrator rights removed as mentioned before, the software may not be able to install. Again a good quality anti-malware solution may help prevent the ransomware from being installed.<br />
<br />
As a corporate user there is typically little you can do, as this should be controlled by the administrators.<br />
<br />
As a corporate IT team, look to Application Whitelisting, so unknown applications can't be installed. Also giving the known good software will check fingerprints of applications, so even if the ransomware is masquerading as a system process, it will not be allowed to execute. Again good multi layered anti-malware protection and limited local admin rights will help. Sandboxing solutions should detect this traffic, and consider tools that can monitor file integrity, analyses the memory or offers memory injection protection.<br />
<br />
<h4>
Command and Control</h4>
<br />
Once installed, the ransomware will typically talk back to the "Command and Control" servers, communicate with the ransomware and customise what the machine will do, such as detect language settings of the computer and then get the correct interface installed in the matching language. A Chinese demand for a ransom would not be very effective to a machine using Russian language. There can be communication of the unique encryption key as well.<br />
<br />
As a home user, beside the reliance on the endpoint protection having a good malware detection and possibly a host based firewall, there is very little that can be done at this point.<br />
<br />
As a corporate user, the situation is much the same as the home user, as there is little that can be done.<br />
<br />
As a corporate IT team, the use of Next Generation Firewalls and/or web gateway solutions should be able to see this traffic travelling to and from the network, and prevent the communication. Logging or SIEM solutions should be able to take the feeds from various point throughout the network to detect this activity.<br />
<h4>
<br />Data Encryption</h4>
<br />
The ransomware will now start to encrypt a portion of each of the files, allowing it to work quickly through all the files. It will check for connected devices, so it will be able to encrypt network file shares and removable media connected to the machine. It also knows to leave the operating system files, so the machine is still able to run and demand the ransom.<br />
<br />
As a home user, beside the reliance on the endpoint protection having a good malware detection and possibly a host based firewall, there is very little that can be done at this point, aside from ensuring that there are system backups.<br />
<br />
As a corporate user, the situation is much the same as the home user, as there is little that can be done.<br />
<br />
As a corporate IT Team, the anti-malware solution may be able to detect this and stop it from running, or the use of application control could have prevent the application from executing as mentioned before. Beyond that the the dependence will be on having system backups.<br />
<br />
<h4>
<br />Ransom Demand</h4>
<br />
At this point, whoever you are, all is lost with out system/data backups.<br />
<br />
The advice is not to pay as research currently shows that the payment of the ransom will to the decryption of the data around two thirds of the time, and increases your possibility of being targets again.<br />
<h4>
<br />The Advice</h4>
As a home user, don't click on links without validating if they are legitimate, get a good quality endpoint protection solution and patch your computer regularly. Remember to backup your data, whether to the cloud, portable hard drives or USB devices, and try not to physical devices connected when not in use. Make your account a standard user, so the administrator password is required for tasks that are altering the configuration of your computer.<br />
<br />
As a corporate user, don't click on links without validating if they are legitimate, but work with IT, if you think you have.<br />
<br />
As a corporate IT Team, ensure the endpoints have good quality malware protection that can be centrally managed and centrally logs information. Ensure there web and email gateways installed and configured. If you don't have a NGFW, consider getting one and using the features available. Patch the operating systems, applications and browsers on endpoints and servers. Consider investing in Device and Application Control solutions, if you don't already have them. Sandboxing solutions will help deal with the unknown and new threats, so are well worth the investment. Review the rights the users have on their devices, as they typically don't need to be local administrations. SIEM solutions with security features will help detect this early on. End user training is important, but keep it short and regular for it to be effective.<br />
<h4>
<br />Conclusion</h4>
<br />
Ransomware attacks will continue to happen, but stopping the chain of events as soon and as quickly as possible will minimise the damage.<br />
<br />
I hope this guide has been useful in helping understand how ransomware works, and the measures that can be taken to prevent if from impacting you. If you have any questions, please feel free to email me: <a href="mailto:blog@andytang.com" target="_blank">blog@andytang.com</a>andytangukhttp://www.blogger.com/profile/04703509194371482031noreply@blogger.com0tag:blogger.com,1999:blog-3770348951162846027.post-11423866907396746532017-05-10T21:00:00.000+01:002017-05-14T01:35:46.625+01:00Wargames on a Warship - Arbor Networks/NuviasToday I attended an event on the HMS Belfast hosted by Nuvias, with Arbor Networks running a technical session. The location itself is cool and I've been a few times for other security vendor events, but this was something a little different.<br />
<br />
Arbor Networks are a leader in DDoS mitigation solutions, and our distributor partner is Nuvias who carry a number of networking and security solutions.<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-Ijan0zInZvw/WRej1DyutGI/AAAAAAAA7Gk/wnz0ixg6_hkzpQ6UIHpR_Z_2KJEoRxf-wCLcB/s1600/war5.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="480" src="https://1.bp.blogspot.com/-Ijan0zInZvw/WRej1DyutGI/AAAAAAAA7Gk/wnz0ixg6_hkzpQ6UIHpR_Z_2KJEoRxf-wCLcB/s640/war5.jpg" width="640" /></a></div>
<br />
Today, we got to see the DDoS solution up and running, but not just a product demonstration. We got to attack websites with commonly available toolsets and defend using the Arbor APS solution.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-Six7OXL4taA/WRek4kUiToI/AAAAAAAA7Gw/ZsVKH9NuwwUUk1jVwsf8XZsvzmys0VUQwCLcB/s1600/IMG_3196.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="480" src="https://2.bp.blogspot.com/-Six7OXL4taA/WRek4kUiToI/AAAAAAAA7Gw/ZsVKH9NuwwUUk1jVwsf8XZsvzmys0VUQwCLcB/s640/IMG_3196.jpg" width="640" /></a></div>
<br />
It was an informal event, where the name badges only had your first name, and no organisations or job titles were displayed. It allowed us all to chat and share without an agenda. I met some great technical people today, and we got to play with some cool toys. After a few hours, we got into the swing of being in a team, depending our website and attacking another teams website. <br />
<br />
My conclusions from the day were the vendor and distributor know their stuff, the solution was easy to get your head around, technical people in the channel are friendly, and for some reason I was better at attacking websites than defending them. Maybe I ahve hte wrong coloured hat!!andytangukhttp://www.blogger.com/profile/04703509194371482031noreply@blogger.com0tag:blogger.com,1999:blog-3770348951162846027.post-3947998244252918832017-02-15T21:26:00.000+00:002017-05-13T21:28:25.165+01:00Can AV stop Ransomware?<div class="separator" style="clear: both; text-align: center;">
<a href="https://media.licdn.com/mpr/mpr/AAEAAQAAAAAAAArQAAAAJDMyZjRhZWIwLWY2OWItNDVhOS04MWVhLWE1MWFkNTYyZTBkNQ.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="334" src="https://media.licdn.com/mpr/mpr/AAEAAQAAAAAAAArQAAAAJDMyZjRhZWIwLWY2OWItNDVhOS04MWVhLWE1MWFkNTYyZTBkNQ.jpg" width="640" /></a></div>
<br />
I've read a few articles recently questioning whether "traditional" anti-virus solutions can stop Ransomware. There have also been articles comparing "traditional" and "next generation" solutions, all with their own agenda, both questioning the others ability to prevent Ransomware.<br />
<br />
I feel that it's a simplistic approach to ask whether solution "X" or "Y" will prevent Ransomware, especially without understanding how Ransomware works.<br />
<br />
If a majority (93-98%, depending on which survey your read) of Ransomware comes into an environment via email, then the first point of preventing Ransomware, is using an email security solution. Other entry points can be via drive by downloads or malvertising, so a web security solution can also help prevent the delivery of Ransomware.<br />
<br />
Once on the computer, the malware will look for a vulnerability whether it's the operating system, browser or third party applications. Patching the computer will protect your computer from known vulnerabilities, whether it's carried out manually or using a patch remediation solution.<br />
<br />
Once your computer is exploited, the Ransomware can be installed. This is assuming that the user had local administrative rights onto the computer. Application Control solutions could also prevent the installation of the Ransomware. This is the point where an anti-virus/anti-malware solution would be expected to stop the installation of the Ransomware.<br />
<br />
Once the Ransomware is installed, it will typically communicate back to the Command and Control server. This traffic will need to cross a perimeter solution, so could be seen by a NGFW solution, web security solution or via SIEM or logging solutions.<br />
<br />
After this, the Ransomware will encrypt the computer's hard drive and demand a ransom. At this point, it's recovering from backups or paying a ransom in the hope a decryption key will be provided.<br />
<br />
Can (traditional or next generation) anti-virus or anti-malware solutions stop Ransomware? Potentially, but that's assuming there is no email security solution, no web filtering solution, no patch remediation, no application control, users have local admin rights, no NGFW, no SIEM solution, no next generation firewall, and no back ups are in place.<br />
<br />
Let's not get stuck in trying to find a silver bullet, but understand the attack and therefore apply appropriate measures to prevent this from happening to you.andytangukhttp://www.blogger.com/profile/04703509194371482031noreply@blogger.com0tag:blogger.com,1999:blog-3770348951162846027.post-70453540056254707492016-12-06T10:43:00.000+00:002016-12-12T10:44:36.662+00:00Cyber security in 2016 – why is it still not happening? [Link - ITProPortal]<div style="text-align: justify;">
I was asked to write an article reviewing the cyber security challenges for 2016, Here is the article that was published on the ITProPortal website: </div>
<div style="text-align: justify;">
<a href="http://www.itproportal.com/features/cyber-security-in-2016-why-is-it-still-not-happening/" target="_blank">http://www.itproportal.com/features/cyber-security-in-2016-why-is-it-still-not-happening/</a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
===================================</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
It's 2016, and businesses are generally still not taking security seriously.</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://cdn.mos.cms.futurecdn.net/bX2cGnZftBbfPzJTsFnzak.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://cdn.mos.cms.futurecdn.net/bX2cGnZftBbfPzJTsFnzak.jpg" height="360" width="640" /></a></div>
<div style="text-align: center;">
<span style="font-size: x-small;">Image source: Shutterstock/jijomathaidesigners</span></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Perhaps the surprising, and damning, thing about 2016 in terms of security is that businesses are generally still not taking security seriously. Nobody wants to admit to being slack when it comes to cyber security, but the indisputable fact is that during 2016, many organisations simply didn’t show up, whatever they claimed. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The basics are still not being done. Updates aren’t being applied, patching strategies are not in place, admin credentials are easy to find. Let’s be blunt, people are still trying to do security on the cheap, using, for example, free antivirus software. This was most evident in the amount of ransomware that infected companies. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
A Trend Micro report claimed that 45 per cent of UK businesses were hit by ransomware this year. We believe the figure is much higher, closer to 60 or 70 per cent. </div>
<h4 style="text-align: justify;">
<br />Ransomware scourge</h4>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
In the US, hospitals have paid massive amounts of money when their databases have been encrypted by ransomware. The Hollywood Presbyterian Medical Center paid a $17,000 bitcoin ransom for the decryption key for patient data. It was infected by the delivery of an email attachment disguised as a Microsoft Word invoice. In the UK some hospitals had to cancel operations. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Hundreds of planned operations, outpatient appointments, and diagnostic procedures were put on hold at multiple hospitals across Lincolnshire. The damage done by ransomware in 2016 is largely attributable to the infamous Locky and its many variants. It was first identified in February and made it to the top of the ransomware charts only two weeks later. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
It initially used malicious macros in Office documents to infect its victim’s computer, and these documents were distributed attached to spam emails. Locky has been through several versions since then. A new version was released on October 24, and less than 24 hours later yet another version was launched. It’s carried through phishing campaigns and the email subjects are centred on pay cheques, receipts, invoices, orders, or wrong credit card charges all of which are themes designed to fool recipients into opening attached files. </div>
<div style="text-align: justify;">
<br /></div>
<h4 style="text-align: justify;">
Heads in the sand</h4>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
In a sense it’s staggering that people are still falling for these tricks, given the exposure about ransomware dangers. There still seems to be a general mindset that ‘it will never happen to me’, when it clearly is happening to lots of businesses and individuals. It’s frustrating because basic security measures offer protection. Being on the front line we tend to get a good sense of what is happening on the ground and it can be best summed up with the phrase ‘blind panic’ when a company is hit. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
But this lack of awareness, or ‘head in the sand’ scenario, is also playing out across other areas. Security in 2016 can also be defined by the large number of replay attacks that have taken place. Ransomware is included in this but it’s not exclusive. Yahoo is perhaps one of the biggest culprits. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
In 2012, a security breach exposed 450,000 usernames and passwords from a site on the huge web portal with the company failing to take even basic precautions to protect the data. Two years later it happened again with 500 million account details stolen.</div>
<div style="text-align: justify;">
<br /></div>
<h4 style="text-align: justify;">
Enormous DDoS attacks</h4>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Yahoo cried ‘state-sponsored actor’ in its defence but clearly it’s still not adequately protecting its customer data. This defence is usually code for ‘don’t blame us, it was a really sophisticated attack’. And Yahoo only came clean in 2016. These serious errors are clearly an illustration of some fundamental flaws at the online giant. Is it any wonder that it’s gone from an operation worth close to $100 million at its peak to today’s evaluation of $4.8 million? </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Another large 2016 security event, which ironically few noticed at the time, was the largest DDoS attack recorded, a whopping 540Gbps directed at public facing websites belonging to organisations affiliated with the 2016 Rio Olympics. These attacks were sustained, sophisticated, and actually started months before the Olympics began. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
These attacks were clearly aimed at the global stage and foreshadowed the equally massive IoT botnet based DDoS attacks which, in contrast, caught the attention of the mainstream media because they were launched from compromised everyday household devices such as internet connected video recorders and cameras. </div>
<div style="text-align: justify;">
<br /></div>
<h4 style="text-align: justify;">
Plundering millions</h4>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The industry, at large has been warning about the parlous state of IoT security for some time, but it seems no one really wants to listen until an attack hits home and hurts bank balances. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The Swift’s global payments network hack that resulted in $81 million being siphoned from Bangladesh central bank was also noteworthy due to the huge amounts of money involved. Hackers also exploited the Swift system to steal a reported $10 million from an unnamed bank in Ukraine, while back in Bangladesh an eye watering $1 billion cyber theft was only stopped when an eagle-eyed employee spotted a typo. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
In an ironic way it’s almost fitting that a hack to see out 2016 was the attack on Tesco Bank. The company was forced to repay £2.5 million of losses to 9,000 customers in a heist described as ‘unprecedented’ by regulators. It may seem small when compared to the Swift system hacks but there’s worrying significance that the company apparently ignored warnings that its vulnerable software was being targeted by cyber criminals for months before the attack. What is just as shocking is that the bank didn’t even encourage two-factor authentication for its customers. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
How many more financial organisations are going to be nailed by cyber thieves before the message gets through? If the EU General Data Protection Regulation had been in force, which is due to come into effect in 2018, Tesco would have been hit by a <a href="http://www.computing.co.uk/ctg/news/2476645/tesco-would-face-fines-of-up-to-gbp19bn-under-gdpr-for-tesco-bank-breach" target="_blank">fine up to £1.9bn</a>. And who could say that Tesco and other organisations with terrifyingly lax cyber security wouldn’t deserve it?</div>
andytangukhttp://www.blogger.com/profile/04703509194371482031noreply@blogger.com0tag:blogger.com,1999:blog-3770348951162846027.post-37276980824397367352016-12-05T10:32:00.000+00:002016-12-12T10:44:48.996+00:00Cyber-security in 2017 – brace yourself [Link - ITProPortal]<div style="text-align: justify;">
I was asked to gaze into my crystal ball and write a piece around the Cyber Security challenges for 2017. Here is the article as it appeared on the ITProPortal website: </div>
<div style="text-align: justify;">
<a href="http://www.itproportal.com/features/cyber-security-in-2017-brace-yourself/" target="_blank">http://www.itproportal.com/features/cyber-security-in-2017-brace-yourself/</a></div>
<br />
=================================<br />
<br />
<div style="text-align: justify;">
If there’s one thing you can say with certainty about cyber-security in 2017, it’s that many companies are going to fail because they are simply not doing the right thing. Fundamental flaws still exist.</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://cdn.mos.cms.futurecdn.net/9k6ktia6xRBvjuNQq9P3GU.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://cdn.mos.cms.futurecdn.net/9k6ktia6xRBvjuNQq9P3GU.jpg" height="360" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="font-size: x-small;">Image source: Shutterstock/jijomathaidesigners</span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="font-size: x-small;"><br /></span></div>
<h4 style="text-align: justify;">
It's about the business</h4>
<div>
<br /></div>
<div style="text-align: justify;">
Until the technical people lift their heads up and see that security and business are different sides of the same coin, we will inevitably see more damaging attacks. When security people learn to speak in the language of business they will begin to understand just where in the organisation they need to apply their expertise. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
This might be smart configuration options, cautious security policies, vigilance and a willingness to read server logs like some people read the newspaper in the morning to identify targeted attacks. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Of course, this won’t stem the malware tsunami but it will help defend against it. Leading the malware charge in 2017 will be ransomware. Like 2016 it will be more of the same, with an important and fundamental exception; ransomware will be more sophisticated.</div>
<div style="text-align: justify;">
<br /></div>
<h4 style="text-align: justify;">
Advanced attack vectors</h4>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Encryption keys are becoming more complex while ransomware attack vectors are becoming alarmingly advanced. Ransomware can mount previously mapped drives, encrypt them, and then unmount them, reaching deeper into the network. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
However, the efficiency of ransomware as a tool for fraud will also be slowly undermined. One misconception about ransomware is that once the ransom is paid, the victim receives the keys to unlock their files. Increasingly we are seeing instances of this not happening. The fraudsters are simply taking the money and running.</div>
<div style="text-align: justify;">
<br /></div>
<h4 style="text-align: justify;">
Criminals dumbing down</h4>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
As ransomware is now available as-a-service, it is reaching down into the lower levels of the criminal underworld and organised crime networks. The type of villain who uses the ‘service’ might have previously been involved with keeping crooked books for instance.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
As such they can’t be bothered to send decryption keys which of course will erode the value of ransomware as victims increasingly refuse to pay the ransom.</div>
<div style="text-align: justify;">
<br /></div>
<h4 style="text-align: justify;">
IoT security</h4>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Another major area of concern is the security of IoT devices. It’s fair to say that the existing state of device security isn’t great. Some devices are managed by web consoles that don’t even have encryption. Some devices have passwords hard coded into them that you can’t change. It would be good to see manufacturers take some responsibility but this is unlikely as they operate with tight margins and are unlikely to take on tasks that eat into thin profits. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
If we’re lucky, we will see the emergence of pressure groups consisting of industry vendors and third parties who are no longer willing to sit back and watch major hacks unfold. </div>
<div style="text-align: justify;">
<br /></div>
<h4 style="text-align: justify;">
Questioning machine learning</h4>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Another area to keep an eye on is machine learning. As with any new technology it’s usually proclaimed with a loud fanfare and over exaggerated claims that often fall just short of guaranteeing freedom for all and world peace. In terms of security, machine learning does promise a lot of potential but when you drill down some serious questions need to be asked. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
In 2017 we’re likely to see these questions put forward with some force, as it becomes apparent that machine learning in the security realm has flaws. For instance, how are the machines learning, are millions of good and bad results being fed into the machine to ensure accurate analytics and what kind of input is coming from security labs and research teams? </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
These are important questions and with the advent of next-generation endpoints, such as mobile devices and laptops designed to respond to machine learning security in depth is vital to ensure success. If machine learning vendors can’t answer these questions with confidence, then you can expect to see machine learning and security take a dive.</div>
<div style="text-align: justify;">
<br /></div>
<h4 style="text-align: justify;">
Shock of GDPR</h4>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
An area where you can expect to see panic break out is the European Union’s General Data Protection Regulations or GDPR as it’s more commonly known. At the moment UK organisations are displaying naivety towards GDPR which comes into effect in May 2018. Many are hiding behind Brexit and taking the view that the UK won’t be in the EU come May 2018 so GDPR won’t affect them. However, if a business operates in Europe, it will. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
To meet GDPR requirements, measures need to be put in place in 2017. Many companies have already finalised budget for 2017 but haven’t made any provision for GDPR. With no budget provision, there’s going to be an awful lot of flapping when companies realise that it’s nowhere near compliance ready. </div>
<div style="text-align: justify;">
<br /></div>
<h4 style="text-align: justify;">
Big fines, big panic</h4>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
GDPR also reaches up to the board and any data breaches can result in enormous fines of up to 4 per cent of revenue. This can and will translate in some cases, to fines that run into millions of pounds. Are executive directors aware that if they show negligence in protecting customer data they’re going to be hit really hard? </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
In summary, it would be uplifting to say that we’re not going to see any more major breaches, that fundamental flaws will be addressed, that new technologies are going to change the security landscape for the better and everyone is set for GDPR. In reality, while we will see some positives we also need to prepare our businesses for more breaches and more hacks. </div>
andytangukhttp://www.blogger.com/profile/04703509194371482031noreply@blogger.com0tag:blogger.com,1999:blog-3770348951162846027.post-78408189750362506592016-11-08T11:51:00.001+00:002016-11-08T11:51:20.171+00:00Trump or Clinton? DDoS or Protection? Who will be the winner?In a recent blog post by <a href="https://www.arbornetworks.com/blog/asert/rio-olympics-take-gold-540gbsec-sustained-ddos-attacks/" target="_blank">Arbor Networks</a>, it was shown that DDoS attacks increase significantly during global events. <br />
<br />
With the Presidential election in the United States happening in a matter of hours, will we see another significant, sustained attack on major websites, such as US media sites, political parties websites, etc?<br />
<br />
I suspect we will, but much like the US election, we won't know who wins for a couple of days.<br />
<br />
We can only hope that these sites have adequate protection from such an attack. As for the election, we'll see...<br />
andytangukhttp://www.blogger.com/profile/04703509194371482031noreply@blogger.com0tag:blogger.com,1999:blog-3770348951162846027.post-52811607964905926082016-11-03T15:30:00.000+00:002016-12-12T10:46:49.031+00:00How businesses can protect Office 365 from ransomware attacks [Link - MTI Bytes]After a recent webinar from Chris Taylor, Director of Product Marketing from Trend Micro around Ransomware, I created a blog post around this: <a href="https://www.mti.com/mtibytes/how-businesses-can-protect-office-365-ransomware-attacks/" target="_blank">https://www.mti.com/mtibytes/how-businesses-can-protect-office-365-ransomware-attacks/</a><br />
<br />
=============================<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://www.mti.com/themes/mtitheme//images/mtibytes.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://www.mti.com/themes/mtitheme//images/mtibytes.png" /></a></div>
In the last year, businesses have seen a large increase in ransomware threats. <a href="https://www.theguardian.com/technology/2016/aug/03/ransomware-threat-on-the-rise-as-40-of-businesses-attacked" target="_blank">The Guardian</a> recently reported that 54 per cent of businesses have been threatened with ransomware in the last 12 months alone. When we consider the money that can be made from a career in cyber crime, this is hardly surprising.<br />
<br />
Ransomware refers to malicious software (malware) which is designed to block access to a computer system until a sum of money is paid.<br />
<br />
But how can you protect your cloud environments from it? In a recent <a href="https://attendee.gotowebinar.com/register/4111576829953725699" target="_blank">webinar</a>, Chris Taylor, Director of Product Marketing, Trend Micro, looked at exactly that:<br />
<br />
<h4>
How does malware work?</h4>
<br />
Email is a common method that attackers will use to infect their victims, most often businesses. The malware is embedded in an email either in the form of a web link in the body of the text, which vulnerable users click on or a link within the attachment.<br />
<br />
It is becoming <a href="https://www.sophos.com/en-us/security-news-trends/security-trends/the-rise-of-document-based-malware.aspx" target="_blank">increasingly more common</a> for malware to be laced within documents in email attachments. Embedded JavaScript within the text encourages users to unknowingly click, starting the download of malicious software. It can be more difficult to detect the malware via the email attachment as it could be compressed within a common office file, such as a CV from a job-hunter, or an invoice, which seem convincing.<br />
<br />
<h4>
Prevention is better than cure</h4>
<br />
There are a number of recommendations that can be made, such as always back up your system, make sure it’s fully patched and train users not to open suspicious attachments. However, there are opportunities to stop many ransomware attacks before it even gets to that point. The best way is to block ransomware before it has a chance to reach users. There are certainly fix measures that can come in and save the day should the worst happen, but this can take up a lot of the IT team’s time.<br />
<br />
<h4>
What can businesses do to protect their Office 365 environment?</h4>
<br />
Office 365 includes anti-spam and anti-malware protection, which block every known malware. But the majority of malware is unknown, as criminals are increasingly using automated tools to change their malware, to beat the system.<br />
<br />
In order to remain one step ahead from threats, businesses can implement advanced threat protection, which looks for malware in different ways, malicious URLs in attachments as well as the body of emails, and full data loss protection.<br />
<br />
To set up a free evaluation of your Office 365 protection, email <a href="mailto:ukmarketing@mti.com">ukmarketing@mti.com</a>andytangukhttp://www.blogger.com/profile/04703509194371482031noreply@blogger.com0tag:blogger.com,1999:blog-3770348951162846027.post-82807129966977327812016-10-22T17:10:00.000+01:002016-11-01T17:13:27.880+00:00VMworld 2016 Europe - Barcelona<div class="separator" style="clear: both; text-align: justify;">
After a number of years of meaning to go, I have finally attended my first VMworld. As the recent strategy is the incorporate security into VMware solutions, it makes sense that my years in the security field would finally coincide with the virtual world.</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-dD57d0pThpc/WBjJWQlo0MI/AAAAAAAAzNc/fvY0Z1_nftIPTYc6xmLg6-m17wRh6nQSQCLcB/s1600/IMG_20161016_184241790.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="225" src="https://3.bp.blogspot.com/-dD57d0pThpc/WBjJWQlo0MI/AAAAAAAAzNc/fvY0Z1_nftIPTYc6xmLg6-m17wRh6nQSQCLcB/s400/IMG_20161016_184241790.jpg" width="400" /></a></div>
<br />
<div style="text-align: justify;">
I attended with my friend and work collegue, <a href="https://www.linkedin.com/in/anthonypoh" target="_blank">Anthony Poh</a>, who runs this blog dedicated to all things virtual: <a href="https://thevirtualunknown.co.uk/" target="_blank">https://thevirtualunknown.co.uk/</a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-p4pF9MbaRKU/WBjKiJTI9nI/AAAAAAAAzNg/Ru13HuNURzIFurRJchYGmTAq1ZEbU8VagCLcB/s1600/IMG_20161016_184544944.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://2.bp.blogspot.com/-p4pF9MbaRKU/WBjKiJTI9nI/AAAAAAAAzNg/Ru13HuNURzIFurRJchYGmTAq1ZEbU8VagCLcB/s320/IMG_20161016_184544944.jpg" width="180" /></a></div>
<br />
<div style="text-align: justify;">
The experience was incredibly valuable from a work front. VMworld allowed me to meet and engage with some very high level executives, allowing me to honestly share our thoughts, challenges and ideas. I got the opportunity to attend a number of roundtables with my peers from across the world and understand where they are at.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
It also led me to be asked participate in a Q&A session around MTI's strategy and approach to VMware NSX. It meant going on stage in front of 400-500 people and be quizzed about what we do, which led me to write a LinkedIn post about it: <a href="https://www.linkedin.com/pulse/stage-fright-presence-andrew-tang" target="_blank">https://www.linkedin.com/pulse/stage-fright-presence-andrew-tang</a></div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-ZzCQK8df0Rg/WBjNHvXNiaI/AAAAAAAAzNs/KjypwrnbCjYGGocV8KPZJf1WIE1OrYd_wCLcB/s1600/IMG_20161018_094818.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="https://3.bp.blogspot.com/-ZzCQK8df0Rg/WBjNHvXNiaI/AAAAAAAAzNs/KjypwrnbCjYGGocV8KPZJf1WIE1OrYd_wCLcB/s400/IMG_20161018_094818.jpg" width="400" /></a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
My only criticisms about VMworld is the amount of walking between the breakout sessions, Solution Exchange and lunch. While I'm talking about lunch, it would have been good if there was enough to feed everyone who attended.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Despite these issues, the value from attending outweigh the minor niggles, and I hope to enjoy VMworld Europe again in 2017.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Below is a transcript of my <a href="https://www.linkedin.com/pulse/stage-fright-presence-andrew-tang" target="_blank">LinkedIn</a> post:</div>
<br />
=================================================<br />
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
I've just got back from my first VMworld in Barcelona. I had no idea of the scale, content and knowledge available in one massive conference centre, predominantly around one vendor.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
My world has been IT Security for over a decade, with little appreciation that virtualisation is on a completely different scale in IT minds. I would have been very lost were it not for my colleague and friend, Anthony Poh, who is much more experienced in all things VMware and VMworld!</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
I was asked to attend a Q&A session at one of the Partner Exchange, which turned out to be Accelerate Network Virtualization presented by Rajiv Ramaswami, EVP and GM, Networking and Security at VMware; Dom Delfino, VP of Worldwide Sales and Systems Engineering, Networking & Security at VMware; and Louise Ostrom, VP Network & Security, EMEA at VMware.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
I felt like a little known support act to some of greatest artists in the world, worried that what I had to say in front of other partners and vendors wouldn't be of interest and value, but when you get a chance to get your thoughts straight, I realised that MTI had a lot to offer and I was comfortable talking about it on a big stage to an audience of a few hundred people.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The confidence of being on stage came from a familiarity of the topic, rather than memorising a script. I was able to show that MTI is a solutions and service provider in Europe; having offices in the UK, Germany and France, providing Datacentre, Security and Managed Services. We discussed MTI's adoption of VMware NSX and how NSX is the foundation to some of our offerings with integration to our key security partners in Trend Micro and Palo Alto.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Like life, the presentation wasn't scripted and, equipped with my new found confidence, I hope I get the opportunity to do some more in the future!</div>
andytangukhttp://www.blogger.com/profile/04703509194371482031noreply@blogger.com0tag:blogger.com,1999:blog-3770348951162846027.post-39346425505922453572016-09-27T15:58:00.000+01:002016-09-28T15:59:21.271+01:00CLOUDSEC takeaway – Cyber security is not just an IT issue [Link - Trend Micro Blog]After attending CLOUDSEC 2016, I was asked to create a guest blog on the Trend Micro blog site, including standout statistics and take-away lessons: <a href="http://blog.trendmicro.co.uk/cloudsec-takeaway-cyber-security-is-not-just-an-it-issue/" target="_blank">http://blog.trendmicro.co.uk/cloudsec-takeaway-cyber-security-is-not-just-an-it-issue/</a><br />
<br />
===========================<br />
<br />
With a fantastic turnout at <a href="https://www.cloudsec.com/event/clouds-london-2016/" target="_blank">CLOUDSEC 2016</a>, attendees comprised of security and IT practitioners from numerous industries. Despite these varying sectors, one thing became abundantly clear: the same issues are keeping IT security professionals awake at night – securing cloud environments, securing privileged access accounts and user education.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://blog.trendmicro.co.uk/wp-content/uploads/2016/09/Enterprise-security-3.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://blog.trendmicro.co.uk/wp-content/uploads/2016/09/Enterprise-security-3.jpg" /></a></div>
<br />
Many enlightening statistics were shared. <a href="http://www.trendmicro.co.uk/newsroom/pr/uk-businesses-bullish-about-ransomware-but-majority-pay-up-when-attacked/?_ga=1.238995520.1100590340.1431526931" target="_blank">Trend Micro’s research</a> found that in the last two years, 44% of UK businesses were hit by ransomware attacks, and a third (33%) of their employees were affected by the infection. We also heard that over $2.3 billion was lost to phishing attacks over the past three years (FBI), though the real figure is likely to be higher.<br />
<br />
While this makes the somewhat abstract world of cyber threats very real indeed, if there’s one point to take away from CLOUDSEC, it’s that cyber security isn’t just an IT issue. When the entire workforce is educated around safe IT usage, the chance of a business network being hacked is significantly reduced.<br />
<br />
<h3>
Everyone needs best practice training </h3>
Organisations can defend against cyber-attacks; they don’t have to be victims. While in any organisation the CIO ultimately takes responsibility for cyber security, the rest of the organisation needs to accept responsibility too and not just shrug their collective shoulders. Regardless of seniority, companies should invest in best practice training when using a corporate network.<br />
<br />
Best practice knowledge should percolate through the entire organisation from board directors, to employees and IT people involved in daily operations. It should explain why businesses have approved channels for storing data, the risks of using personal cloud storage platforms for data storage, and the need to question email content if it arouses suspicion – even if it’s from the CEO’s office.<br />
<br />
Employees must understand the importance of cyber defences within the context of the business and how to safeguard against internal and external intrusions. Are they aware of the importance of setting difficult to crack passwords, as well as understanding that password variations of existing passwords are a source of vulnerability when used in other parts of the network? Do they know that in the last six months or so, ransomware attacks have spiralled as ransomware-as-a-service kits became commonplace on the dark web?<br />
<br />
<h3>
Serious business implications</h3>
The whole organisation must realise the possible business implications of a major hack – spiralling revenues, lost customers and plummeting share price, and this could all happen well after the event. Furthermore, jobs could be on the line if declining income hits the business badly.<br />
<br />
Despite the growing evidence suggesting otherwise, many organisations still believe they won’t be hacked. With that said, however, if cyber security education is a part of the organisational culture, the chances of a serious breach are dramatically reduced.andytangukhttp://www.blogger.com/profile/04703509194371482031noreply@blogger.com0tag:blogger.com,1999:blog-3770348951162846027.post-63082746841640506522016-09-21T15:41:00.000+01:002016-09-28T15:53:35.929+01:00The Right Train of Thought [Link - Computing Security]I was asked to contribute to an article for Computing Security, focusing on IT security practices on how an effective cybersecurity strategy must include employee training: <a href="http://www.btc.co.uk/Articles/index.php?mag=Security&page=compDetails&link=7074" target="_blank">http://www.btc.co.uk/Articles/index.php?mag=Security&page=compDetails&link=7074</a><br />
<br />
===========================<br />
<br />
INSIDER THREATS<br />
<br />
Any effective cybersecurity strategy should include information about how employees can safeguard against, not only external threats, but insider threats too, cautions Andrew Tang, service director, security, MTI Technology. "It also needs to include perimeter protection, but, as companies are increasingly working with cloud-based solutions, remotely and from various devices, it also needs to be sophisticated and fool-proof. Companies should invest in training all employees, regardless of seniority, on best practice when using a corporate network.<br />
<br />
"Staff should understand how to protect against internal and external intrusions, as well as how to stay safe when accessing and sharing sensitive corporate data, opening emails from non-trusted sources and why businesses have approved corporate channels for storing data. It shouldn't just be a case of setting procedures and guidelines; staff should understand the consequences and risks of misuse or misjudgement when accessing corporate networks," he says.<br />
<br />
"Employees should also be educated on the importance of password setting, as those that use a variation of the same password across different platforms leave the network vulnerable to attack. IT can also implement two-way authentication to add an extra layer of protection," adds Tang. "While the CIO should ultimately be responsible for implementing and monitoring employee guidelines and policies around cyber security, they should work closely with the HR team and heads of departments to ensure that safe computer usage becomes company culture. When a workforce is educated around safe IT usage, the chance of a business network being hacked is significantly reduced."andytangukhttp://www.blogger.com/profile/04703509194371482031noreply@blogger.com0tag:blogger.com,1999:blog-3770348951162846027.post-3492411342133585152016-09-15T19:40:00.000+01:002016-09-16T19:42:44.269+01:00Managing the keys to the kingdom [Link - Professional Security Magazine Online]<div style="text-align: justify;">
After the recent breach at Sage, I was asked to write a piece about insider threat for Professional Security Magazine Online: <a href="http://www.professionalsecurity.co.uk/products/cyber/managing-the-keys-to-the-kingdom/" target="_blank">http://www.professionalsecurity.co.uk/products/cyber/managing-the-keys-to-the-kingdom/</a></div>
<br />
==================================<br />
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The recent data breach at Sage, in which sensitive customer data was accessed internally, raises a wider question on whether UK companies are doing enough to defend against hacks, writes Andrew Tang, Service Security Director, <a href="https://www.mti.com/" target="_blank">MTI Technology</a>, pictured.</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.professionalsecurity.co.uk/wp-content/uploads/2016/09/MTIandrewtang.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://www.professionalsecurity.co.uk/wp-content/uploads/2016/09/MTIandrewtang.jpg" /></a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
After all, data breaches have become so commonplace that the widely accepted maxim of ‘Not if, but when’ stands true for most companies. The implication is that every major company is going to be hacked at some point. Of course, some keep it quiet and do their best to roll down the blinds so it stays in-house, while others have no choice but to come clean, usually when the breach is made public. The irony is that it doesn’t have to be like this. Attacks can be defended against. Internal breaches can be stopped. Data can be protected. It’s just a question of refocusing and committing to security as a business priority, rather than an IT need. The problem with internal attacks is that they undermine trust; a finger of doubt is pointed at all employees. People who were once held in high regard are now viewed with narrow-eyed suspicion. Paranoia rules.</div>
<br />
<b>In with the new</b><br />
<br />
<div style="text-align: justify;">
Traditional security has focused on building the castle, digging a moat and raising a drawbridge. Or in other words, putting in place rigorous and robust network defences that keep hackers out. But today we need a zero-trust model, one in which the enterprise is viewed as a hotel. Access to rooms, for example, are restricted to certain people. You can’t just walk through the front door and roam around unchallenged. You can only gain access to certain rooms according to the authorisations you have been given.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
At the technology level it’s about introducing internal controls such as micro segmentation of the network, access controls and reducing administrators’ rights. Admin rights are often available to a wide number of people in any given organisation, but it’s a fact that between 80 and 100 per cent of system compromises have been carried out using admin credentials. For someone who knows what they are doing, and it doesn’t require a lot of technical knowledge, admin rights can be used to erase firewall logs, scrub back-ups, disable antivirus software and even erase CCTV footage if cameras are digitally connected to the network.</div>
<br />
<b>Only the few</b><br />
<br />
<div style="text-align: justify;">
Securing an organisation internally is about introducing privileged access, so only a small number of people who have the need can move through a company’s systems. It’s about recording these sessions so there is an audit trail and it’s easy to see who has gone where and when. It’s about introducing two factor authentications for internal access so people can’t just roam through the network at will.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
In small organisations it’s relatively easy to introduce these controls precisely because the operations are small. As you step up in size, however, analytics engines need to be introduced so you can see what is going on internally and also set rules. Is someone, for example, trying to access Dropbox and have they just visited a corporate database that holds customer payment details? Of course, if this is the case the klaxons should be blaring loudly. While this is an obvious example, it illustrates how with the right technology you can see and stop potentially deviant behaviour and in fact can block it before it happens. For instance, you might want to stop all access to cloud-based storage for some employees while allowing it for others, depending on role-based needs. Data loss prevention (DLP) technologies have been around a while and are a powerful tool for identifying sensitive data and raising alerts if sensitive data suddenly starts moving across the network when it shouldn’t.</div>
<b><br /></b>
<b>Transformation</b><br />
<br />
<div style="text-align: justify;">
This approach to security is transformative for the business because it introduces fundamental changes to the way people work, limiting their ability to roam around networks at will, pick up information from databases, or probe internal servers. But internal security is not just about getting the right technologies in place; it’s about a different mindset. It’s about looking at IT spend through the eyes of a realised IT soul. Do you really need an all singing and all dancing firewall or would a next generation firewall suit you better? Do you want to keep spending on the same technology or should you be looking at two factor authentication? Do you want to put 80 per cent of your budget into traditional security or would an investment in proactive analytics and DLP serve you better?</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Ironically, this zero-trust approach engenders greater trust. You know who is doing what, and if someone does try to walk off with a rake of customer credit cards numbers, they will be stopped in their tracks.</div>
<div>
<br /></div>
andytangukhttp://www.blogger.com/profile/04703509194371482031noreply@blogger.com0tag:blogger.com,1999:blog-3770348951162846027.post-55175867928880622862016-09-14T17:46:00.000+01:002016-11-01T17:47:14.339+00:00CyberArk Expands Global Channel Partner Program [Link: CyberArk Press Release]<a href="http://www.cyberark.com/press/cyberark-expands-global-channel-partner-program/" target="_blank">http://www.cyberark.com/press/cyberark-expands-global-channel-partner-program/</a><br />
<div>
===========================<br />
<br />
CyberArk Expands Global Channel Partner Program<br />
<br />
CyberArk Expands Access to New Training and Technical Sales Tools Enhance Partners’ Privileged Account Security Expertise and Help Drive New Business Opportunities Global Channel Partner Program<br />
<br />
Newton, Mass. and Petach Tikva, Israel – September 14, 2016 – CyberArk (NASDAQ: CYBR), the company that protects organizations from cyber attacks that have made their way inside the network perimeter, today announced new CyberArk Global Channel Partner Program offerings to enhance its partners’ privileged account security expertise and ability to drive new business opportunities. Partners can now benefit from access to expanded training and technical certification programs as well as enhancements to the CyberArk Discovery and Audit (DNA) tool that helps quantify security risk within enterprise networks.<br />
<br />
CyberArk University: New Technical Certification, Growing Course Catalog<br />
CyberArk is committed to helping its partners develop their own CyberArk practices, comprised of internal CyberArk-trained professionals to address customers’ cyber security skills gaps and maximize the effectiveness of CyberArk solutions. CyberArk is expanding its Global Certification Program for sales and technical learning, recently adding a new CyberArk Certified Delivery Engineer (CCDE) option. Achieving CCDE certification requires passing a rigorous course that involves an in-depth technical introduction to the CyberArk Privileged Account Security Solution as well as a shadowing and technical challenge component.<br />
<br />
“Access to the evolving CyberArk University curriculum enables our team to expand the application of business-critical privileged account security knowledge and experience,” said Kyle Kappel, advisory principal, KPMG Cyber Services. “As a result, we’re helping CIOs and their teams build competence and confidence in their risk management strategies, while improving the skills needed to positively impact business growth and innovation goals. We’re excited about the expanding program and look forward to more KPMG professionals becoming CCDE certified.”<br />
<br />
CyberArk regularly adds courses that closely mirror its product line, such as the addition of the CyberArk Viewfinity class, as well as new advanced level classes that complement its popular fundamentals courses. CyberArk University offers certified training through several flexible options including a new self-paced online option via the CyberArk Partner Portal, in addition to virtual classroom or face-to-face classroom training. More than 2,000 individuals across CyberArk’s global partner network have taken advantage of training courses through CyberArk University.<br />
<br />
“The IT security talent shortage is something we hear about every day, with customers needing help ranging from implementation to driving value from existing software,” said Charles Drum, director of security technology, Integral Partners LLC. “With new certifications and expanded training options available through CyberArk University, we are creating internal CyberArk experts who can augment customers’ existing teams and help close skill gaps to evolve privileged account security strategies as part of customers’ proactive security programs.”<br />
<br />
CyberArk DNA: Data-Driven Insight to Increase Deal Impact<br />
CyberArk DNA is a valuable tool for quantifying privileged account security-related risks, and gaining visibility into the vulnerable attack surface that exists within enterprise environments. In 2015, CyberArk DNA was used to scan seven million machines.<br />
<br />
“It’s widely accepted now that most – if not all – major data breaches in recent times have involved the compromise of privileged accounts as an essential part of how attackers got to what they wanted, or where they wanted to be,” said Andrew Tang, service director, security at MTI. “Organizations often have little to no idea of how many privileged accounts exist in their network and thus the extent of their vulnerability. MTI uses CyberArk DNA as a precursor to consulting projects, mapping networks to identify all privileged accounts and vulnerable machines. CyberArk DNA allows MTI to show prospective customers the weak points in their security posture and helps accelerate their security purchasing decisions.”<br />
<br />
Partners using CyberArk DNA can generate comprehensive reports for customers and prospects identifying privileged accounts on the network as well as privileged passwords – including hard-coded passwords in applications and scripts – and their status in terms of policy compliance. New CyberArk DNA reporting features help customers better visualize and understand the extent of their security vulnerabilities, with recommendations on how to prioritize risk mitigation using the CyberArk Privileged Account Security Solution. CyberArk recently received another patent for innovative security risk detection technology that has been implemented in the CyberArk DNA tool.<br />
<br />
CyberArk Partner Program Momentum<br />
CyberArk works with more than 250 channel partners around the world and is increasing collaboration with advisory firms, systems integrators and value added resellers worldwide and across key vertical markets such as healthcare and government. CyberArk’s success in the channel has contributed to increased sales momentum with indirect sales representing approximately 60 percent of CyberArk business in 2015. CyberArk has more than doubled its channel management team in the past 12 months.<br />
<br />
“With cyber attacks increasing in prevalence and sophistication every day, organizations need the right know-how, products and processes in place to effectively minimize risk and better protect their businesses,” said Andy Welsh, vice president of partner management, Optiv. “Optiv has built a strategic relationship with CyberArk to help us deliver end-to-end cyber security solutions and services that help organizations solve their unique cyber security problems. We look forward to leveraging CyberArk’s new global technology partner program to continue meeting the evolving needs of our clients.”<br />
<br />
CyberArk recently launched the C3 Alliance, its new global technology partner program. Providing the channel with greater access to integrated technology solutions is another strategic differentiator. The C3 Alliance delivers certified technology integrations between CyberArk and alliance member products that make it easier for channel partners and customers to extend the power of privileged account security across their organization and enhance their overall security posture.<br />
<br />
“CyberArk views the channel as an important growth engine and is committed to driving differentiation for our partners. Our focus on the channel has spurred new business opportunities over the past year across virtually all vertical industries and company sizes. We continue to have valuable, productive conversations with our partners who are helping to educate C-level executives about prioritizing privileged account security programs,” said Udi Mokady, chairman and CEO, CyberArk. “We value the important business relationships we are building with influential partners and view CyberArk-led programs, like the C3 Alliance, as well as CyberArk DNA and expanding training and certification offerings as strategic for helping partners uncover new revenue drivers.”</div>
andytangukhttp://www.blogger.com/profile/04703509194371482031noreply@blogger.com0tag:blogger.com,1999:blog-3770348951162846027.post-59543773166346572832016-09-14T15:50:00.000+01:002016-09-28T15:51:43.270+01:00Are our data centres insecure? [Link - SC Magazine]I was asked to contribute to an article on whether datacentres are secure following from the disclosure of the Fortinet and Juniper firewall vulnerabilities: <a href="http://www.scmagazine.com/are-our-data-centres-insecure/article/522463/" target="_blank">http://www.scmagazine.com/are-our-data-centres-insecure/article/522463/</a><br />
<br />
===============================<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://media.scmagazine.com/images/2016/09/14/datacentre856005_1052658.jpeg?format=jpg&zoom=1&quality=70&anchor=middlecenter&width=320&mode=pad" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://media.scmagazine.com/images/2016/09/14/datacentre856005_1052658.jpeg?format=jpg&zoom=1&quality=70&anchor=middlecenter&width=320&mode=pad" /></a></div>
<br />
Likewise, Andrew Tang, service security director for MTI Technology said: “Data centres are only as secure as you configure them to be. You can have a top of the range burglar alarm and locking system on your front door, but if you don't use them, or use them incorrectly, they aren't going to be very secure. Most data centres will have two firewalls: the front firewall which will come from one manufacturer, and a second firewall from a different manufacturer, with the ‘crown jewels' inside. If you're using two different firewall manufacturers, it's rather unlikely that someone will find the first firewall and then go on to find the second firewall – though that can't be ruled out completely. But again, while bad programming causes some issues, bad configuration causes more issues in data centres than the actual manufacturer of the firewall.”andytangukhttp://www.blogger.com/profile/04703509194371482031noreply@blogger.com0tag:blogger.com,1999:blog-3770348951162846027.post-81056912243653551852016-09-07T21:29:00.001+01:002016-09-07T21:30:12.068+01:00WatchGuard Secure Cloud Wi-Fi<div style="text-align: justify;">
Today I attend a WatchGuard wireless training session. I like to think of myself as a bit of wireless geek, as I have seen a few wireless solutions in my time. Over three years ago, I created this blog post around <a href="http://blog.andytang.com/2013/05/planning-wireless-network.html" target="_blank">Planning a Wireless Network</a>.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
I have seen high density wireless solutions, secure wireless solutions, retail solutions, education solutions, hospitality solutions, bean flexing solutions, controller based solutions, cloud controller solutions, cloud managed solutions, etc.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
When I'm told that I'll be looking at a <a href="http://www.watchguard.com/wgrd-products/secure-wifi/overview" target="_blank">cloud-based secure wireless solution from WatchGuard</a>, my mind wondered off the some of market leaders in this area, and I started to analyse what I was being told.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
I was told that this solution had a military grade WIPS (Wireless Intrusion Prevention System) which sounded too familiar to me. You see around 4 years ago I was introduced to a solution which was sold to me in the same way, which was the solutions offering from AirTight Networks, which recently rebranded to <a href="http://www.mojonetworks.com/" target="_blank">Mojo Networks</a>. It turns out WatchGuard is partnering with Mojo Networks, which assured me that we were looking at one of the most secure wireless solutions available in the market.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The solution is able to detect rouge access points on your network. A rouge access point is an unauthorised access point plugged into your network, giving wireless access to your network, where you haven't deployed one. Using patented technology, the wired network will send a packet out of the authorised access points, which can then be detected by the wireless network. By connecting and analysing both the wired and wireless networks, it is able to detect the access points you have authorised, and disable the ones which are not.</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-RSgTFjhX8LU/Uad09JdXAZI/AAAAAAAACGE/d4jsZ1vmNvwoM6FXKPHEVwkeyjD5yCjkgCPcB/s1600/RogueAP.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="356" src="https://4.bp.blogspot.com/-RSgTFjhX8LU/Uad09JdXAZI/AAAAAAAACGE/d4jsZ1vmNvwoM6FXKPHEVwkeyjD5yCjkgCPcB/s640/RogueAP.jpg" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: justify;">
When I attend the AirTight training around 4 years ago, I pulled in a USB access point into the network, and hid it in the wiring. Look at the picture above and see if you can find the access point. A physical search of the server room wouldn't have uncovered the rogue access point, but the solution was able to detect and disable the access point in less than a minute.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The WatchGuard wireless solution will give wireless access, wireless security, marketing portals and user analytics. A very rounded solution already, but combined with the WatchGuard UTM, you have the preferred solution to meet the <a href="http://www.friendlywifi.com/" target="_blank">Friendly WiFi</a> criteria.</div>
andytangukhttp://www.blogger.com/profile/04703509194371482031noreply@blogger.com0tag:blogger.com,1999:blog-3770348951162846027.post-57391719973462206882016-09-06T23:05:00.004+01:002016-09-07T21:34:04.010+01:00CLOUDSEC 2016<div style="text-align: justify;">
Today I attend <a href="https://www.cloudsec.com/event/clouds-london-2016/" target="_blank">CLOUDSEC 2016</a> in London, which gave an insight in how to take control of the cloud and have a good cyber security strategy.</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: justify;">
<a href="https://www.cloudsec.com/wp-content/uploads/2016/02/cloudsec2016_fb_uk.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="331" src="https://www.cloudsec.com/wp-content/uploads/2016/02/cloudsec2016_fb_uk.jpg" width="640" /></a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The speaker of the day for me was <a href="https://twitter.com/rik_ferguson" target="_blank">Rik Ferguson</a>, who made a few interesting points.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
During the Panel Discussion: "Key Questions Every CEO Should be Asking About Cyber Security", he made the comment, that we should sandbox our users. This may have brought a laugh to some of the more technically focussed audience who would blame users for everything! What Rik clarified was that organisations should allow users to make mistakes safely, and be able to learn from their mistakes.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
During his session "Take Control: Empower the People", there was a delay setting up the presentation, where Rik began to discuss the IT Skills Shortage. Why do employers looks for certifications rather than people? Many job adverts look for qualifications such as CISSP, CISA, CISM, etc but not character traits. As Rik points out, organisations should be looking for people with tenacity, who are analytical, lateral thinkers, natural problem solvers, and people who can think differently. Much like my belief, there isn't an IT Skills Shortage, employers aren't looking for the right things!</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
A few takeaways include:</div>
<div style="text-align: justify;">
<br /></div>
<ul>
<li style="text-align: justify;">"The board don't understand Security" - They don't need to, security need to understand the business.</li>
<li style="text-align: justify;">"Compliance is the obligation, Security is the aspiration" </li>
<li style="text-align: justify;">Have an Information Security program in place</li>
<li style="text-align: justify;">Ensure employees are educated, aware and engaged</li>
<li style="text-align: justify;">Form an incident response team - Include technical, legal, finance, PR, marketing and the board</li>
<li style="text-align: justify;">Investigate and fix incidents in a timely fashion - Look at people, process and technology</li>
<li style="text-align: justify;">Notify customers in the event of a breach</li>
<li style="text-align: justify;">Learn and Improve</li>
</ul>
andytangukhttp://www.blogger.com/profile/04703509194371482031noreply@blogger.com0tag:blogger.com,1999:blog-3770348951162846027.post-78795083135595426232016-09-05T23:00:00.000+01:002016-09-08T14:41:43.159+01:00How Technology and Employees Must Combine to Fight Cyber Crime [Link - VMware Blog]VMware asked for my opinions around Cyber Security for a guest blog piece to appear on the VMware EMEA Blog site: <a href="http://vmwareemeablog.com/uk/guest-blog-how-technology-and-employees-must-combine-to-fight-cyber-crime/" target="_blank">http://vmwareemeablog.com/uk/guest-blog-how-technology-and-employees-must-combine-to-fight-cyber-crime/</a><br />
<div>
<br /></div>
<div>
=============================</div>
<div>
<br /></div>
<div>
<div style="text-align: justify;">
Risk and security are two of the most often debated topics in IT in terms of the smooth and effective running of any organisation. Following our research campaign into the subject, we have been busy collecting the views of our partner community, gathering perspectives from across the market on all things security.</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://vmwareemeablog.com/wp-content/uploads/sites/14/2016/09/MTI-Blog-Image-650x355.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://vmwareemeablog.com/wp-content/uploads/sites/14/2016/09/MTI-Blog-Image-650x355.jpg" height="347" width="640" /></a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Here is Andrew Tang, Service Director of Security at MTI, a global provider of IT & security solutions and VMware partner, to share his views and explain how IT departments can make sure the board is listening…</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Although used as a plot device for countless Hollywood movies – from Swordfish to Die Hard 4 – it is only more recently that cyber security breaches have become a significant talking point for businesses, especially when it is their reputation, IP and competitiveness that is at risk. Due to the misfortune of security breaches at brands such as TalkTalk, Sony and Ashley Madison, business decision makers are beginning to look to cyber security, not simply as an IT afterthought but as an important investment.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
And it’s about time. Cyber security has never been so crucial.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The landscape is changing, with organisations becoming more open in how they manage data and IT services. This has caused difficulty for the tech community, and many IT departments are struggling to balance the demands of employee mobility with traditional security methods.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
At the same time, we are seeing numerous specialised players popping up with new fixes for niche problems. However, these incremental tactics are proving ineffective – like trying to fix a broken leg by covering it in sticking plasters – and organisations are crying out for a holistic solution that can go beyond the perimeter defence and siloed data. This is where VMware NSX comes in.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
However, technology is only half the story. Effective cyber security will always be limited if the end-users continue to let threats in through the back-door. Phishing scams and Trojan viruses often get their entrance through employee mistakes. It’s vital that everyone – from the CEO to the receptionist – is clear on the organisation’s security policies. And while all employees should have a basic understanding of cyber security, training can’t simply be a one-size-fits-all lecture. The board will be targeted in different ways than other roles in the business, so training should be bespoke and appropriately suited to the day-to-day risks employees can expect.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Ultimately, we advise customers to ask three critical questions to tackle the insider threat:</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Where is your data?</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Data is crucial, it is the lifeblood of your organisation. Keeping track of it means that you are best placed to protect it.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Who can access it?</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
This is just as much about who should access data, as who should not. To this end, MTI has a dedicated department of fully qualified Penetration Testers – also known as white hat/ethical hackers – who can test your infrastructure to identify weak points and ensure that your data is only seen by those with the right permissions.</div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
<b>How is it protected?</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
What safeguards do you have in place? Is this enough? Cyber attacks, especially using ransomware, have increased exponentially in recent years and its now a case of when – not if – an attack will occur. Have you secured all endpoints?</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
It might seem paranoid, but when it comes to cyber security paranoia is good! It’s vital that businesses are able to ask these questions. It is only when you can answer them that you know your organisation is once again safe. Additionally, putting into place solutions such as VMware NSX can help mitigate the inevitable insider threat. Thanks to microsegmentation even if an employee mistakenly clicks on a malware link the threat can be locked down and dealt with, instead of compromising the entire system. Although nothing is as effective as eradicating poor employee behaviours – after all, an ounce of prevention is worth a pound of cure – NSX offers a backstop in case something does go wrong. And the more checks and balances in place, the better.</div>
</div>
andytangukhttp://www.blogger.com/profile/04703509194371482031noreply@blogger.com0