Work from anywhere

The Work From Anywhere Security Check list

The post-pandemic trend of ‘work from anywhere’ may offer many benefits both to employer and employees alike, but for security teams across the board, it adds a myriad of issues and concerns regarding exactly how data can be kept safe.

The ability to be connected on any device with access to every application, anywhere at all, is a reality today. But this reality hugely increases the attack surface within any organisation.  Together with the ever-growing instances of phishing and ransomware attacks, the need for robust and co-ordinated security strategies grows ever more important.

Many organisations find themselves with piecemeal security solutions, continually bolting on the next ‘sounds great’ solution without any holistic thought.  This results in security gaps, fragmented visibility, and a complex system, practically impossible to manage.

There is no doubt that we humans are the biggest threat of all.  We make mistakes.

So, what can be done?  Here is a checklist of the 10 ‘must-have’ protections for users, devices, and access.

  1. Email Security: Email is like sending a postcard. If you don’t mind the postman reading what is written on your card then it is fine, but would you put your bank details and PIN on a Postcard, obviously not. So, consider email in the same way. Always use an email security application to encrypt them, detect suspicious emails and block them, stop accidental emails going to the wrong person, or to check that attachments are not confidential.
  2. Ongoing Cyber Security training: We all tend to forget things quickly and, in the heat of the moment, may not recall how to spot a suspicious link. Training should be on-going and one useful element is to use an application that generates spoof emails to maintain awareness, has the ability to monitor progress and, provides The Board with a measurement of the improvement of staff cyber awareness.
  3. Endpoint Security: It is difficult to know what a remote user is doing, but by having an application on the endpoint which monitors the status of the device, checks that it is fully patched and that there are no rouge services running, can help to stop endpoints being compromised. Furthermore, adding services such as automatic back-ups, remote diagnostics and support, will enhance the remote user’s situation and reduce the support overhead of remote workers on IT Support Teams.
  4. Access control: We all know the problems surrounding the issue of passwords and their management. Making access to networks easy but secure, is a goal all remote working solutions should strive for. Multi-Factor Authentication removes the password issue in a simple fashion and can be extended to encompass signal sign-on, across other platforms and cloud services.
  5. Encryption: this is the only technology outlined within the GDPR rules and can significantly reduce the exposure of a data breach to a company. Encryption does not slow down a device, nor does it mean that data cannot be shared. It is simply there to protect the valuable asset of the data, whether it be in transit, at rest on a device or server, or in a cloud-based system, either managed by a third party or within your own cloud solution.
  6. Backup & Disaster Recovery: Data has value and blocked access to it poses a real threat to business. Ensuring data is protected against ransomware, secured by encryption and access controls, held in multiple locations in different formats, all lead to data being available on demand, to any user or device, in as timely fashion as can be managed during any recovery process.
  7. Threat intelligence: To be forewarned is to be forearmed. Therefore, understanding where threats may be, gives the business time to prepare and deploy measures to minimise risk.
  8. Third Party Risk Assessments: The supply chain is critical to a business but should that chain have a weak link, it could open a door into the network and allow a hacker in. Consequently, it is important to ensure suppliers’ networks are also robust by adding some form of risk assessment on key suppliers to ensure businesses can operate together in a trusted environment.
  9. Network Security: Data travels over networks, often in the public cloud, so should be protected by using a Virtual Private Network (VPN) to ensure that no third party can eavesdrop on communications or, insert data such as an altered invoice into the stream.
  10. Application Security: Applications are easy to deploy but often we do not check that they are functioning correctly or may have higher administration rights than needed, leading to application exploits or open doors into networks. Any new application should be checked for its handling of security and follow the GDPR standard of a Data Protection Impact Assessment (DPIA) to verify the application. As a last resort a full code review should be undertaken which will highlight any code trap doors hidden within it by the developer.

If you need any advice or would like to discuss any of the security checklist components please give us a call on 0844 586 0040 or email [email protected]

Every organisation can benefit from added protection, we’ll be happy to advise you.

Cyber Essentails

Why Adopt The Cyber Essentials Programme?

Why Adopt The Cyber Essentials Programme?

The government’s Cyber Essentials Programme was developed in collaboration with industry and is intended to help businesses mitigate common, online threats.

Operated by the National Cyber Security Centre (NCSC), it was launched in 2014 and has become a key element of excellence for cybersecurity.

Applicable to all sizes of organisations, it offers help to those seeking to implement a robust data security strategy, to protect both themselves and their clients. It does this by encouraging organisations to adopt good practice in information security and includes a simple set of security controls, protecting information from external and internal threats.

The controls, suggested by Cyber Essentials, are designed to prevent basic cyber attacks and come in two formats:

  1. Cyber Essentials – A self-assessment application that addresses basic threats and helps to prevent the most common attacks.
  2. Cyber Essentials Plus (CE+) – The same as for Cyber Essentials, but rather than being self-assessed, it requires verification of cybersecurity carried out independently by a certification auditor and includes a vulnerability scan.

Cyber Essentials offers a sound foundation of basic hygiene elements that all types of businesses can implement and potentially build upon. The government believes that implementing these measures can significantly reduce vulnerability. However, it isn’t a silver bullet to remove all cybersecurity risk; for example, it is not designed to address more advanced, targeted attacks, and hence, organisations will need to implement additional measures as part of their security strategy.

The Assurance Framework, leading to the awarding of Cyber Essentials Plus Certificates, has been designed to be light of touch and achievable at low cost. It is important to recognise that certification only provides a snapshot of cybersecurity practices, at the time of assessment.

It is always advisable to have an internal and external network scan before a certification test is booked, as the scan will highlight any areas of weakness giving time to fix issues and avoid having a failure on certification day, or a few ‘last minute’ fixes whilst the assessor is on-site!

The CE+ process falls into two sections, external and internal. Within these sections the assessor checks the following areas:

External System test details:

1          Review of customer questionnaire information on ports

2          Full-service scan / TCP and UDP service scans

3          External vulnerability scan

4          Web application testing for common known vulnerabilities, if in scope.

Internal system test details:

1          Internal vulnerability scan

2          Facility walkthrough.

3          Manual system checks:-

    • Un-necessary user accounts
    • Weak passwords
    • User access control (privileges check)
    • Un-necessary software
    • Auto run feature check
    • Security firewall and malware protection checks
    • Review password, Internet security, starter & leaver policies, Patch Management.

4          Email system checks to test possible weaknesses.

5          Mobile device checks to confirm the latest operating system is installed and password enabled.

During the test, evidence is required such as audit logs from firewalls and servers.

For businesses who are willing to adopt these measures, the benefits can be many, including the ability to tender for contracts that require a Cyber Essentials Certified supplier (mandatory for public sector work) and enhanced customer trust and confidence.

Becoming accredited helps to meet the needs of GDPR as it covers the requirement to understand where Personally Identifiable Information (PII) data is held and therefore, can provide evidence for GDPR statements/policies, showing that as an organisation, you have considered such issues and had controls verified by an independent assessor.

Businesses now live with the spectre of cyberattacks as the norm. Adopting Cyber Essentials Plus is one way of taking control and starting the process of fighting back.

Every organisation can benefit from added protection. Call us on 0844 586 0040, or email [email protected] and we’ll be happy to advise you.

Cloud security

Should You Rely On Your Cloud Providers Security?

Should you rely on your cloud provider’s security?

Storing data in the Cloud has really only been ‘a thing’ during the last decade but most enterprises now have some kind of cloud presence.  So the question arises, just how secure is your data when there?

Many organisations consider that because data is stored in the Cloud by a third party, the burden of responsibility moves from themselves to their service provider, but they would be wrong, the final responsibility remains theirs.

Of course, cloud storage offers convenience, reliability, scalability, cost savings, and yes, security.  However, this needs to be underpinned by some baseline strategies before being moved across.

Firstly, ensure data is secured using multi-factor authentication.  This should be set up generally, but especially for administrator accounts, where hackers are particularly active due to their high-level access privileges.

As human error remains the number one cause of cyber attacks, ensuring employees are continually trained, kept up to date with security protocols, and employ strong passwords is critical, and, only allow access to areas essential for employees to carry out their work. Controlling who has access to data will reduce the chances of it falling into the wrong hands.

When an employee leaves the company, do not forget to remove all their access rights and delete them.

Know what data you have and where it is stored. This is important not only as a good security practice but for any Subject Access Requests you may receive under GDPR. If your data is scattered, your only resort is to use a data discovery tool to find it.

Realise the importance of each category of data and ask yourself what are the consequences should this data get leaked, tampered with, or deleted? Would you face regulatory fines, incur revenue losses, would it impact you operationally?

Email is critical to any business operations and we can’t live without it.  Be sure that your email service is as secure as it can be and remember, it’s always best to be sceptical of any email you get and keep in mind the spam warning signs.

Finally, back up! You can choose to back up with another cloud provider, or locally on an external hard drive or disk. You can also keep them off-site but make sure the data is encrypted for extra protection.

Data protection is not only an important part of maintaining trusting relationships with customers, suppliers, and stakeholders, it’s also a legal requirement, and you could suffer real consequences if you experience a breach because you’ve not taken the necessary steps to keep your data secure.

Relying solely on your cloud provider is not an option.

Every organisation can benefit from added protection. Call us on 0844 586 0040, or email [email protected] and we’ll be happy to advise you.

AI and ML

The Security Conundrum of Artificial Intelligence/Machine Learning

The Security conundrum – Whilst Artificial Intelligence (AI) and Machine Learning (ML) are two buzzwords right now, especially within the broader waves of technological change sweeping through our world under the banner of the Internet of Things (IoT), they are, in fact, different.

AI is the concept of machines carrying out tasks in a smart way.  ML is an application of AI.  It is based on the premise that the machine is given data and left to learn for itself.

Though the benefits of both look good, there is a fear that these programmes could ‘go rogue’, turning on us, or, being hacked by other AI programmes.

Researchers from Harvard University demonstrated how medical systems using AI could be manipulated by an attack on image recognition models, getting them to see things that were not there. The attack programme found the best pixels to manipulate in an image to create adversarial examples that pushed models into identifying an object incorrectly and thus, caused false diagnoses.

Another doomsday scenario comes from the RAN Corporation, a US policy think tank, which describes several scenarios in which AI technology tracks and sets the targets of nuclear weapons. This involves AI gathering and presenting intelligence to military and government leaders, who make the decisions to launch weapons. If the AI is compromised, it could be fooled into making the wrong decision and lead to ‘the button’ being pressed incorrectly.

Hackers love AI as much as everyone else in the technology space and are increasingly tapping into it in order to improve their phishing attacks.

Anup Gosh, a cybersecurity strategist said, “The evidence is out there that machines are far better at crafting emails and tweets that get humans to click. Security companies that fight these bad guys will also have to adopt machine learning.”

An AI security arms race is likely to be coming, as hackers’ machine-learning-powered attacks are met with cybersecurity professional’s machine-learning-powered countermeasures.

This is seen in training applications that educate users to spot phishing attacks. Phishing is the process of attempting to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity using bulk email, which tries to evade spam filters.

Emails claiming to be from popular social websites, banks, auction sites, or IT administrators, are commonly used to lure the unsuspecting public. It’s a form of criminally fraudulent social engineering. However, these emails are so well crafted that many users click on the offered links or attachments, launching the attack.

By using AI and ML techniques, email training systems can take a company’s normal email behaviour and craft emails to simulate a phishing email into an organisation. It then monitors the level of opens and, when triggered, can run a short training video to educate the user on why they missed the evidence that the email was fraudulent. Deploying such systems can save companies from expensive shutdowns or rebuilds, due to ransomware outbreaks.

A new concern around AI is in regard to regulation, specifically GDPR. Is it permissible to let a user give an application permission to make automated decisions on their behalf? If yes, will it be accompanied by a comprehensible explanation of how the AI makes decisions and how these may impact the user? This could be a problem for companies developing AI.

It is hard to make a definitive statement about how all this will play out in practice. From a technical perspective, the level of granularity GDPR requires in explaining automated decisions is unclear. Until this is known, some innovators may choose to forge ahead with super algorithms. Others, worryingly, may ban European citizens from using some highly valuable functionality.

What is needed in the AI world is to ensure that the fundamental code is sound and not compromised by human error.

All software, no matter how well written, has bugs. These bugs can, if an attacker becomes aware of them, become a vector for attack. It is difficult for even the most skilled programmers to see the flaws in their own work, an outside review of the code will often turn up potentially dangerous vulnerabilities that have been missed by the development team.

With a source code review from Digital Pathways, you can minimise the number of vulnerabilities in your software and gain the assurance you need that your source code keeps to the very best security practices.

When code is developed, organisations need some shared accountability to ensure that all future application development remains secure. This requires security issues to be discussed at the beginning of each development cycle and then integrated throughout. Code should be regularly tested during the development phases and signed off, ensuring copies are securely kept to allow a controlled roll back to a known, previously verified position, should the need arise.

AI and ML are however having a positive impact within data security.  They have the ability not only to ingest information but to react and positively block attacks or ransomware outbreaks. Such systems combine Security Information & Event Management (SIEM) and Extended Detection & Response (XDR), along with Security Orchestration, Automation & Response (SOAR), and Incident Response Management (IRM) all in a single command and control interface.

It integrates disparate technologies to improve security monitoring, operations & incident response capabilities across SOC teams, Network & Security Operations, Security Analysts, InfoSec Managers, CTOs & CISOs. All interested parties can be aware of an incident but need not take action, as it can be left to the intelligence of the system to take the steps needed to stop the attack.

It has been reported that Elon Musk speaking with Demis Hassabis, a leading creator of AI, said his ultimate goal at SpaceX was the most important project in the world: interplanetary colonisation. Hassabis replied that, in fact, he was working on the most important project in the world: developing artificial super-intelligence. Musk countered that this was one reason we needed to colonise Mars so that we’ll have a bolthole if AI goes rogue and turns on humanity. Amused, Hassabis said that AI would simply follow humans to Mars!

AI/ML are with us and will remain so, with the development of human-like AI seen as an inevitability by technologists.  But, will they overcome the challenges to solve problems that are difficult for the computer but relatively simple for humans? How many issues will we face before we can trust the code that runs the programmes, If ever?

Only time will tell.

Every organisation can benefit from added protection. Call us on 0844 586 0040, or email [email protected] and we’ll be happy to advise you.

Streamlining Data

The Case for Streamlining Data

Do you know what data you have? Where it is and who uses it?

No, then you need to read this blog!

It is not easy to understand where unstructured data exists in the enterprise. There can be massive volumes of documents, spreadsheets, presentations, and emails, all typically scattered about the organisation.  And this represents not only a major security weakness but an expensive one at that, which now, in COVID times, means that data could be in places your organisation does not control, such as Dropbox. This is where the term ‘Shadow IT’ has come from. All these diverse locations for data and its volume represents not only a major security weakness but an expensive one at that.

Having huge amounts of data scattered across the enterprise can result in heavy costs in terms of storage, whether in data centres or third party storage facilities.

Add to that, the requirements of GDPR and, in particular, Subject Access Requests (SAR’s), and you can see what a nightmare situation unstructured data storage can become.

Data classification systems are the answer.  They are able to take the challenge down to a focused data set of in-scope data, that can amount to only 10 to 20% of the entire environment. They can ensure that all personal data is found, using a more efficient and targeted approach, which could result in a saving of some 40% in storage capacity and removing risky data from shadow IT locations.

Indexing file properties including activity logs, who has accessed what, and ACLs, who has read/write/browse permissions to specific files, facilitates a proactive approach to data protection. Combining in-depth monitoring and active controls to confine any suspicious activity before it becomes a risk is key, for example, a Ransomware attack.

Personal data can be managed according to the data owner’s request. Deleting, migrating, archiving, restricting, and correcting content.

Capturing sensitive data that is no longer needed on the primary storage network, but must be maintained for long-term retention requirements, can be moved to an archive that can be easily managed and will ensure sensitive data is not left unprotected on the network. Retention policies can be defined, and compliance teams can easily search and manage the content.

Without an integrated approach, there will be too many aspects to the workflow and too many areas that can fail when managing significant volumes of personal data.

Knowing what data is held, where it is and who uses it, is key to good data management. Without it, data storage will simply grow and grow, cluttering the network and costing vast amounts in storage solutions or worse still, data being held in multiple silos to keep costs down but, with the inevitable situation of data loss.

So, streamline data handling today, before it gets out of control.

Every organisation can benefit from added protection. Call us on 0844 586 0040, or email [email protected] and we’ll be happy to advise you.

Cybercrime

Is Your Data Being Secretly Manipulated?

So, you are alert to the threat of ransomware but, can you be sure that your data has not, is not and will not be, manipulated by outside forces?

More insidious than a ransomware attack is the hack where data or the network is compromised but is secretly hidden from view. The exploit can go unchecked for a long time, with information taken at will, the outcome of which may be very damaging for the victim company.

Such attacks fall under commercial espionage and the actors range from competitors, disgruntled employees, and even nation-states. Once in the network the attacker remains hidden and takes various approaches dependent on what is to be achieved. It is never the intention of the attacker to tell the victim that they have their data, but to remain hidden, indefinitely.

There have been instances where data has been monitored and fed back to the competition when a tender has been submitted or a change to pricing. Such information can be valuable, for example, when governments are placing large contracts.

Another example is where data is modified, resulting in expensive product recalls and loss of market confidence. It is likely that these attacks will convert into a blackmail scenario, where the victim is advised of the infiltration and possible data modification ramifications, should on-going payment not be forthcoming.  This is similar to a protection racket or extortion money!

These attacks generally occur due to the poor monitoring of network access and the missing of unusual events that are happening within the infrastructure. Frequently, incidents are flagged up, but due to the busy nature of many IT departments, they go unchallenged.

Companies need to protect themselves by being more proactive in stopping the unknown, rather than relying on known attack vectors which Antivirus and DLP solutions focus on. Fileless attacks are impossible for AV to detect and once triggered, look like a normal application able to hide themselves away and exploit at will.

There are solutions that are designed to understand what is normal on a network and take action on the unusual. They can take away the delay associated with SIEM solutions, as the required action is taken immediately rather than waiting for someone in the IT team to investigate, by which time, it is too late.

File integrity is another solution. Using file integrity monitoring you create a hash of the file itself, enabling you to be able to compare that hash. If it is the same, then you know no one has changed that file. Furthermore, you can apply classification, such as ‘Secret’, and should these types of files move, change or leave the organisation, an alert is sent to the data owners.

Companies face a continual stream of threats including, reputation, revenues, and future market share. Sadly, it often takes companies years to even realise they have had a breach, let alone know what data was affected. We need to stop thinking only in terms of data being taken and understand that it may also be manipulated.  Planning for the consequences of both scenarios is critical.

Protection rackets are no longer just in old films with Elliott Ness!  They are a clear and present danger and cannot be ignored!

Every organisation can benefit from added protection. Call us on 0844 586 0040, or email [email protected] and we’ll be happy to advise you.

 

Jargon Explained image

Cyber Security Jargon Explained

We all need to be cybersecurity savvy these days, but how many of us understand the jargon often associated with it?

  1. The Cloud

The Cloud is a term used for a large computer facility where computer space can be rented either in a shared form, where multiple companies would share one physical machine or, a dedicated computer used exclusively by one company. Often these computer facilities are located around the country or overseas, creating a mesh that provides resilience, should one computer facility fail.

The Cloud can also be referred to as the Public Cloud, but there is also the term Private Cloud and this refers to a computer facility that is owned by a company or, leased from another service provider. In general, Private Cloud facilities are used by one company only.

Generally, all Cloud facilities are accessed via the Internet rather than having dedicated communication lines into the facility from a company’s own buildings.

  1. Mesh

In our homes and offices, we have a router that connects us to the Internet and we either plug an Ethernet cable from the router to our PC or, more commonly, we use WiFi to connect our devices to the router.

WiFi is fine in a small space but is not so good in a large area or a house with many rooms and floors, where both users and devices move around. Mesh networks are appearing, to overcome the failings of WiFi.

In a standard WiFi network each WiFi access point is a standalone system (i.e. it has no relationship with any other WiFi access point in your network) and so a device, such as a Smartphone, will try and hang on to a connection even when the signal is very low. Only when the signal is lost will the Smartphone try to find another WiFi access point. This means that if your phone is connected to a WiFi point in the lounge, and you move upstairs, your phone will try and stay connected to the lounge, not to the WiFi upstairs unless the signal is lost or you switch off the WiFi connection on the phone and then switch on again.

In a Mesh network, each Mesh access point is connected to all other Mesh points in your network and as you move around your home, it is the Mesh that connects you to the closest point as it is controlling your phone connection. By doing this you will always have a strong signal and will have no data loss due to losing a WiFi connection.

  1. BYOD

This stands for Bring Your Own Device and refers to an employee or contractor using their own computer, Smartphone, or other such devices as opposed to using a company-supplied device.

There are benefits to individuals using their own devices rather than being forced to use a company-supplied unit and whilst there are the obvious cost savings for companies, often the hidden costs of technical support and data security are overlooked.

  1. Crowd Sourcing

This term is often mistaken for Crowd Funding, where many hundreds or even thousands of people put small amounts of money into a company as shareholders in order to gain financial returns if the company becomes successful.

The term CrowdSource is used in a similar way, in that a vast amount of people and their devices send information to a central source that aggregates all the data together, to form a bigger picture, and to enhance a provided service. An example would be a navigation system, where the route plan is sourced from digital maps and GPS but, by overlaying crowdsourced data on traffic flows, reroutes or journeys and average speeds, taken from devices in vehicles, then fed back to the navigation systems and incorporated into the travel plan, allows them to dynamically route the journey to avoid congestion. It also eases the amount of traffic in an area for example, following an accident, as traffic will be routed around the incident until such time as traffic in the area clears or speeds up.

  1. Credential Stuffing

Credential stuffing is a new form of attack to gain an account takeover through automated Internet attacks. It works by a hacker gaining access to a list of user ID’s and passwords and then systematically using each ID and password pair to log onto any website until they find a positive logon. Once gained they can take over the account and, if it is a financially interesting one such as a shopping site or bank, will proceed to exploit the user’s account.

Credential stuffing is dangerous to both consumers and enterprises because of the ripple effects of these breaches, such as system crashes due to the high volume of login attempts, loss of user confidence in online shopping and, possible loss of money both to a business or an individual.

  1. GDPR

This stands for the General Data Protection Regulation that came into force in May 2018 and replaced the Data Protection Act. This regulation puts greater emphasis on companies to protect personally identifiable data and allow the data owner to have access to any data held on them by an organisation.

The regulation has improved the way data is stored and used and is being enforced by the Information Commissioner’s Office in the UK.

  1. AI

AI stands for Artificial Intelligence and refers to the simulation of human intelligence in machines that are programmed to think like humans and mimic their actions, including learning and problem-solving.

The holy grail of Artificial Intelligence is for it to rationalise/balance ideas or issues and take actions that have the best chance of giving a positive outcome.

The fear is when or if AI takes away human controls, as it decides the human is not making the right decision. This might be fine on occasions but certainly not in others such as life or death situations.

  1. Disruptive technology

This is a technology where its application significantly affects the way a market or industry functions. An example is The Internet. Pre The Internet, most of us visited shops to buy goods however, the introduction of the Internet significantly altered the way we shopped which saw the demise of busineses  unwilling to adapt to it.

  1. Biometrics

The use of biometrics is a way to measure a person’s physical characteristics to verify their identity. It can include physiological traits, such as fingerprints, eyes, and voice, or behavioural characteristics, such as the unique way you type on a keyboard.

These characteristics are electronically stored and used to identify a person.

Biometrics can be blended together to form a very strong form of user authentication, vital in our digital world where user identity, in electronic form, is key for areas such as Internet banking.

  1. Open Source

Originally referred to Open Source Software (OSS), It has now been shortened to Open Source, but remains software code that is designed to be publicly accessible so anyone can see, modify and distribute the code, as they see fit.

Unlike commercial software, such a Microsoft Word or Adobe Illustrator, it refers to code owned by the inventory/company with users paying to have access to it.

Confusion often arises as some Open Source code is offered ‘free of charge’ whilst for others, a paid-for licence is required.

In general, payment is requested when a company develops further Open Source code and then provides technical support or enhancements to that code.

If there are any other ‘Jargon’ related queries/questions you have or anything you are confused or concerned about in relation to Cyber Security please do not hesitate to get in touch and we will endeavour to help.

SOARX :Security, Orchestration, Automation & Response. SOAR Picture

SOARX, Mitigating Threats

Threats to organisations are coming thick and fast from a variety of different directions, and often businesses do not have adequate, or up-to-date, solutions to mitigate them.

Many find themselves with layered security systems; multiple data packages all trying to work in sync with each other, a result of the continued adoption of the latest software packages, with little holistic forethought.

This commonly seen situation is far from ideal, and now, more than ever, there is a definite need to employ a system that can look at the complete structure. One that can drill through the layers and unify the threats into a single view.  It should have the built-in ability to take appropriate action, based on business dynamics relevant to the threat, stopping the attack from happening in the first place.

Gartner was first to define SOAR as Security Orchestration, Automation and Response (SOAR). Solutions should provide three core functions; Orchestration and Automation, which enable Response, as well as Measurement.

They explained, “SOAR solutions are gaining visibility and real-world use, driven by early adoption, to improve security operations centres. Security and risk management leaders should start to evaluate how these solutions can support and optimise their broader security operations capabilities.”

SOARX, is such a solution.  It provides a central management offering to security orchestration, automation and response, going beyond existing SOAR offerings due to its ability to fully manage, monitor, automate, and orchestrate complex network and security ecosystems, from a single pane of glass, not only for known applications or devices but also custom-built applications, legacy devices, and cloud-based services both public and private.

Applying business logic to the findings of the system enables proactive actions to be taken that can be linked to the level of threat on a particular application or device. Take a reservations system, for example, a threat to a bookings system can be graded so that a low threat level would not be taken offline, resulting in loss of revenue. The old-style Intrusion Prevention Systems (IPS) are unable to do this, as they only have an on/off approach.

Furthermore, using SOARX in such scenarios as the one above can be fed into an existing Support Ticketing system to make the wider management team aware of a critical incident from which SOARX could be instructed to take automated action, or the ticket could be passed to a technician to deal with the situation.

Using the platform for the migration of systems and devices is another benefit.  Switching from one load balancing company to another. Normally a complicated thing, fraught with potential errors and downtime, but with a SOARX approach, configurations can be replicated whilst both systems are in place and working together. Once the new system is deployed and signed off, the old system can be taken offline, by SOARX, in a controlled way.

This type of a system is truly able to manage complex networks of systems and applications, which is not bound by ‘standard’ communications, but is a truly multilingual, multi-disciplined platform that enables organisations to have a much greater view on their world and, make decisions based on real information, not speculation.

When considering SOARX, it is critical to begin by identifying the gaps in the current security program that you are trying to solve. Are you trying to better orchestrate and automate your disparate security technologies? Are you trying to better define your security workflow? Are you seeking a solution that provides better incident management capabilities?

Once the core target problems have been documented, it is possible to identify the processes to be performed by the SOARX. It will be critical to ensure it is possible to perform each process in the desired manner.

Additionally, any integrations with existing tools and technologies that may be needed should be identified and categorised as either ‘must-haves’ or ‘nice to haves’.

SOARX will increase the effectiveness and efficiency of the overall security program. Return on investment (ROI) is critical and SOARX has an inbuilt ROI calculator to identify cost savings the system is creating. It is important to keep in mind that the focus of automation should be on supporting people, processes, and force multiplication, not to replace analysis.

For organisations finding themselves with a complex web of differing security packages, with the expense and manpower necessary to maintain them, SOARX is really a ‘no brainer’!

Every organisation can benefit from added protection. call us on 0844 586 0040, or email [email protected] and we’ll be happy to advise you.

It's behind you

It’s Behind You!

Oh no, it isn’t! Oh, yes it is!

All of us have experienced big changes in our lives thanks to Covid 19.  And, few of us will have failed to come up against the video conferencing phenomena, whether for business or as a way of communicating with friends.

TV channels have produced endless interviews featuring ‘professionals’ at home including cabinet ministers, pop stars, virtual choirs of 400 plus people, children’s birthday parties with entertainers, even Royalty had a go, all in little boxes on a screen!

And, whilst it may be jolly good fun, how many of us are thinking about what we are showing behind and around us? How we are opening up our homes to hackers or other ‘badies’ who get a chance to review what we have. It is so easy for them to take a screenshot and then take their time to process the image, zooming in on details which usually, would never be seen, unless you were inside the house.

Consider for example the personal information you may have on show. Individual’s photographs should be turned over so as to protect identity. Just think about the GDPR aspects of PII data, as this is still in scope for the regulation and could lead to a data breach and ICO investigation.

What is displayed behind you can say a lot about you and your hobbies. This is a good source of information for a hacker, who will use it to try and guess your password theme. For example, if you have a model of an E Type Jaguar and books on the history of the mark, there is a good chance your passwords might be linked to the brand.

A hacker can also gain information to furnish a phishing email campaign, using relevant information that it is likely that you will find of interest and therefore, more likely to click on a link. If you have a lot of books by a particular author for instance, you could be the target of a phishing campaign with content relevant to that author, including a call to action that you can’t resist.

And, often when online, other technology used in the house can be seen. Printers are often in view giving a hacker a head start about routes to hack, by sending a spoof message appearing to come from your printer manufacturer or known backdoors in devices, to allow for remote connections.

On-line visual communications are here to stay so we must get better at thinking about what others can see behind us, ensuring that we are happy to share that information. When in doubt, keep it simple, use a pale wall to frame your background, make sure you are the star not the information you are giving away unknowingly!

10 Things You Can Do To Stay Safe

Working From Home And Surviving The Cyber Attacker

10 things you can do to stay safe

We are living in a new world order right now with many of us finding ourselves working from home, without the protection and constraints of our usual places of work.

This makes working safely even more important.  Here are ten things you can do to ensure you keep yourself, your employer and your data, safe.

  1.  Check the security settings on your PC or Mac to ensure your system has the latest patches and that you are running a quality anti-virus programme. It should be set to auto-check for new updates and also run a regular scan.
  2. Review your passwords.  They should be strong, that is to say, that they should include upper and lower case letters, numerals and special characters or, be a phrase that is more than twenty characters long, with no spaces. Try to avoid personal information and do not fall into the trap of opting for your birthday or pets name!  Default passwords should be changed immediately.
  3.  Ensure that you regularly review and change your passwords and don’t rely on one for everything. If you are struggling to remember your passwords, never store them in a file on your device, such records can easily be found. Opt for an online password manager such as LastPass. These services can generate strong passwords for you, as well as storing them, where only you have access. But if you distrust online password managers, your only option is to write them down on a piece of paper. If you do this, take a copy so you have a backup in the event that your original is lost or damaged and hide the papers, not near your device, when not in use.
  4.  Establish two-factor authentication security, if you have the option. This process involves you not only entering a strong password, but also a unique, one-time password – which is sent via text or, a code taken from your smartphone.  This code is then used to establish your identity. These password generators are often free and are available from many companies such as Google and Microsoft.
  5. Your devices will connect to your internal network to gain access to your broadband connection, so always check your router settings and ensure you have changed the default passwords and, ensure that encryption is switched on (you will see terms such as WEP in your settings for the encryption). Also, change the device or router name, so it does not identify the manufacturer or ISP. This just makes it harder to determine from the outside. Also, never use your surname or address as an identifier, this is just exposing your personal information and every little bit of information you leak, could be used against you. If you have your router on a windowsill, make sure the details on the back of it are covered. Often the router password or encryption key is noted here. Better still, don’t have the router on a windowsill!
  6. Check your router activity log regularly, to see what has or is connected to your network. Most routers have a log of all devices that are connected. Any you see which you do not recognise could be a hacker’s device ‘listening in’ on your network. Also, check to see if any connected device is communicating out to the worldwide web when not expected. This could indicate your device has been compromised and it is sending out your personal data or, it could be being used, along with thousands of other devices, to attack other web sites which was the case with Spotify, Netflix, and PayPal, who were temporarily shut down, due to such an attack.
  7. If you have the Internet of Things devices attached to your network, such as Alexa, camera-enabled doorbell, CCTV, WiFi kettle or fridge etc., ensure these devices are secure and that default passwords have been changed. Most of these devices are insecure if not correctly configured and as they are on your network, if they can be compromised, then they can be used to attack or monitor you. Just imagine a hacker taking over your CCTV camera and listening to your conversations or noting down your password as you type it out!
  8. If you have confidential papers or data at home, ensure you put these away after you have finished for the day. Compliance extends to wherever data is handled and working from home will not exempt you from GDPR, PCI or any such regulatory controls.
  9. If you have children and they also have access to a device, never set their profile to be an administrator. The easiest person to hack is a child, as they will click on links without considering the security. By stopping their device from installing a program, many trojan’s and viruses will be stopped. It might be a pain them asking you to authorise a download, but it will save you a lot of grief if you have to set up new bank accounts!
  10. Before you click on a link in an email or open an attachment, consider if the email looks genuine. Is the spelling correct, or the language used in line with what you would typically expect from the sender. Hover your mouse pointer over any link and see if the destination address matches the sender’s address. If in doubt, don’t click anything and contact the sender via a new email or via a second channel, or copy the link or attachment into a scanner site such as VirusTotal or Trend Micro. Click here for more advice on email security.

By practising good cybersecurity techniques, we can keep our data safe as we continue to work from our homes over the next weeks and months.