networking Archives - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :

networking

NETWORK SECURITY MONTH: A decade of evolution to combat networking threats

 960 640 Stuart O'Brien
By:
0
0

In an era marked by sophisticated cyber threats, corporate cybersecurity professionals have had to evolve their strategies and technologies to protect organisational assets effectively. Here we delve into the key developments that have shaped IT network security management for cybersecurity professionals over the last decade, informed be attendees at the Security IT Summit…

1. From Perimeter Defence to Layered Security

Traditionally, network security focused on perimeter defence, akin to a fortress with strong walls. However, this approach has shifted due to the rise of cloud computing, mobile computing, and the Internet of Things (IoT), which have expanded the corporate network beyond traditional boundaries. The modern approach is layered security, also known as defence in depth, where multiple layers of security controls are deployed throughout the IT network. This method ensures that even if one layer is breached, others are in place to protect the network.

2. The Adoption of Advanced Threat Detection Technologies

The last decade has seen a surge in the adoption of advanced threat detection technologies. Tools such as Intrusion Prevention Systems (IPS), advanced malware protection, and anomaly detection systems have become standard. These technologies employ artificial intelligence (AI) and machine learning algorithms to detect and respond to threats in real-time, a significant leap from the traditional, signature-based antivirus and anti-malware software.

3. Emphasis on Network Segmentation

Network segmentation, the practice of splitting a network into subnetworks, has become increasingly popular. This approach limits the spread of cyber-attacks within networks. By segmenting networks, cybersecurity professionals can apply more stringent security controls to sensitive areas, thus reducing the attack surface.

4. Rise of Zero Trust Security Models

The concept of ‘Zero Trust’ has gained traction, fundamentally altering how network access is managed. Under a Zero Trust model, trust is never assumed, regardless of whether the user is inside or outside the network perimeter. This necessitates rigorous identity and access management (IAM) strategies, including multi-factor authentication (MFA) and least privilege access controls.

5. Increased Focus on Compliance and Regulatory Requirements

There has been an increased emphasis on compliance with legal and regulatory standards, particularly with the introduction of the General Data Protection Regulation (GDPR) in the EU. UK businesses have had to ensure that their network security practices comply with GDPR and other regulations, mandating a more rigorous approach to data security and privacy.

6. Integration of Security Information and Event Management (SIEM) Systems

SIEM systems have become a cornerstone of network security, providing a holistic view of an organisation’s security posture. These systems aggregate and analyse data from various sources within the network, enabling cybersecurity professionals to detect patterns and signs of malicious activity more effectively.

7. The Importance of Employee Training and Awareness

Finally, there is a growing recognition of the role of human error in network security breaches. As a result, there has been a concerted effort to enhance employee cybersecurity awareness and training. Regular training sessions, simulations, and awareness campaigns are now common, reducing the likelihood of breaches caused by employee negligence or error.

In conclusion, the evolution of IT network security management in the UK has been marked by a transition from traditional perimeter-based defence to more sophisticated, multi-layered approaches. Today’s cybersecurity professionals must navigate a complex landscape of advanced threats, regulatory requirements, and rapidly changing technologies. By adopting a more holistic, proactive, and adaptive approach to network security, they can better protect their organisations in an increasingly interconnected world.

Are you on the hunt for network security solutions? The Security IT Summit can help!

Photo by JJ Ying on Unsplash

Network protection in the hybrid era  

 960 640 Guest Post
By:
0
0

By Gary Cox, Director of Technology Western Europe at Infoblox  

Since emerging from the worst effects of the pandemic, a mix of in-office and remote work has become common practice for many organisations. Initially seen as a temporary way of easing employees back into the workplace after almost two years working from home, it appears that hybrid work is here to stay for the foreseeable future. As of May 2022, almost a quarter of UK employees worked in a hybrid fashion.

However, in an effort to accommodate the needs of their new hybrid workforce, business leaders have inadvertently increased their organisations’ security and compliance risks. This distributed way of working has dramatically increased the attack surface. It’s perhaps little surprise, then, that according to Infoblox’s 2022 UK State of Security Report, the majority of UK businesses experienced up to five security incidents in a year. The advent of the hybrid era means it’s never been more important for businesses to protect their network – or harder to achieve.

Expanded attack surface

Lockdown forced many organisations to leave their physical offices for good, while others adopted hybrid work where most of their employers worked remotely for at least part of the week. Whatever their preference, companies needed to move their applications and data into the cloud and protect them beyond traditional security solutions like firewalls and VPNs.

But employees logging in over their home WiFi networks, and using personal devices for work purposes – or work devices for personal affairs – meant the attack surface was enormous. As a result, businesses experienced a large number of attacks, many of which resulted in downtime, which can cost organisations considerable financial and reputational damage. Indeed, 43 percent of respondents cited breach damages of $1 million.

Hybrid work was found to provide bad actors with a much wider range of entry points into a company’s network, too. Insecure WiFi, for instance, was reported as being the biggest reason for data breaches, followed by insider access through current or former employees or contractors, and employee-owned endpoints, such as mobile devices and laptops.

Trust nothing

Most people today are aware of the perennial threat of cyberattack, but most can do little to protect themselves beyond just changing the password on their home WiFi router. Organisations must therefore take responsibility for security. This requires them to adopt a zero trust approach, which works on the assumption that attackers have already breached the network.

A multi-layered zero trust framework means all parties must undergo authentication checks at every point, as data flows in and out of an organisation’s network. Doing so will enable the organisation to protect everything that’s connected to that network, as well as limiting the damage in the event that an attacker breaches its defences.

Improved security posture

Organisations everywhere, regardless of industry, should consider how to leverage their existing technology to improve their security posture. For example, solutions that take advantage of DDI – a combination of DNS (Domain Name System), DHCP (Dynamic Host Configuration Protocol), and IPAM (IP Address Management) services, which are already used for device connectivity – to  gain visibility into network activities down to the device level.

In addition to this, DNS security is essential for a zero trust approach. Given that more than 90 percent of threats that enter or leave a network will touch DNS, it is ideal for detecting potential threats. DNS security can help IT teams spot threats that other security tools miss, accelerate threat hunting, and reduce the burden on stretched perimeter defences. It helps them get more value out of third-party security solutions, through real-time, two-way sharing of security event information and through automation, which lowers the costs associated with manual effort and human error.

The COVID crisis has changed the way we work – potentially forever. As long as people continue to work remotely – even only once a week – the use of home WiFi networks will continue to increase the threat of compromise. It’s essential, then, that organisations have sufficiently robust security strategies in place to meet the demands of the hybrid era. A zero trust approach, supported by DDI metadata and DNS security, will help businesses adjust.

Taking online networking back to basics in IT

 960 640 Guest Post
By:
0
0

IT professionals are struggling to get value from online networking, knowledge-sharing and content driven platforms. Too many recruitment requests, questionable connections, and far too much time spent wading through promotional messages to reach the right content. Individuals need less noise, more relevance. Max Kurton, Editor in Chief, EM360 explains why it’s time for online networking to get back to basics...

Noisy and Confusing

It may be hard to remember but online networking platforms started with a simple model: to provide professionals within a specific market – such as IT – the chance to network and interact with like-minded individuals, sharing content relevant to each individual’s interests, background and preferences. That doesn’t sound anything like today’s experience. Over the past decade that simple but highly effective premise has been completely lost. While still essential for day to day networking and collaboration, the deluge of irrelevant content and connections online platforms serve up second by second is adding to workplace stress rather than supporting any effective or timely knowledge sharing and collaboration.

Just consider how much time everyone spends each day sifting through irrelevant and intrusive recruitment messaging, ignoring sales pitches or checking the credentials of people asking to connect. And that is before trying to locate content relevant to your business or interests. The need for trusted information and effective collaboration has never been greater – but current online networking platforms are no longer providing the quality or relevance required.

Relevant and Like Minded

It is time to take the concept of online networking back to basics and deliver the focused, timely content and collaboration that can truly leverage shared knowledge, experience and objectives. The first step is to create a true community of like-minded individuals. The next step is to leverage Artificial Intelligence (AI) to further refine the experience by ensuring individuals are only presented with truly relevant content – whether that is business continuity, security, data management, unified communications or AI.

It is also essential to avoid overt selling by ensuring content is focused on thought leadership and education. A strong editorial team creating a raft of white papers, podcasts and articles will reinforce both the quality and tone of content, enabling individuals to quickly and confidently access high quality, informative information. Members posting content must also conform to these quality standards, following a simple but effective posting guideline to guarantee that the educational essence of the online networking platform is retained.

Critically, people need to be able to gain fast but trusted access to like-minded individuals – whether that is a technology area such as data science or a market such as financial services. Combining a model that rigorously qualifies those signing up to ensure their identity with simple ways to make connections, network members can engage with new connections with confidence. 

Trusted Experience

In an online world awash with vast amounts of, often questionable, information every business professional needs to find a safe, trusted source of informative and educational content. If that high quality resource can be combined with an online networking platform that ensures the credentials of members, like-minded individuals can rediscover the value of fast, relevant information sharing and collaboration.

By eradicating the noise and removing the extraneous activity, online networking can get back to basics, enabling IT professionals to experience once again the value of focused, relevant and effective information sources, connections and collaboration. 

GUEST BLOG: Having the right connections – Are VPNs really fit for purpose?

 960 640 Stuart O'Brien
By:
0
0

Stuart Sharp, Global Director of Solutions Engineering at OneLogin

Remote working has fast become commonplace in today’s business landscape. Free from the stress of the modern-day workplace, employees are increasingly keen to opt for the laptop and crack on with work uninterrupted, all from the comfort of their own home.

In fact, the Office for National Statistics (ONS) last year predicted that half of the UK workforce will be working from remote locations by 2020, many of whom cited how the increased flexibility can benefit their private lives. Not all business owners are convinced. Many tech goliaths, such as HP, IBM and Yahoo, have recently rescinded the option for their employees to work from home, inciting an ‘if you don’t like it, leave’ approach.

The reality is that for many companies, having a high percentage of employees working from home just isn’t the same as having an office full of busy employees, and it’s mostly down to the ease with which employees can access corporate applications remotely. The Virtual Private Network (VPN) was created to resolve this issue and provide a secure link between an employee, at home or on the road, to the corporate network. In fact, almost half (48%) of UK IT professionals surveyed by OneLogin require employees to use VPNs when working remotely. However, with 30% receiving frequent complaints that the use of a VPN slows down remote network access, many organisations are struggling to find a balance between productivity and security. The survey also found that half of remote workers spend up to one day per week connected to unsecured networks in an effort to circumnavigate VPNs and get on with their job, leaving organisations open to a host of cyber threats.

With ‘not fit for purpose’ VPNs, organisations are inadvertently making remote working impossible. The creativity, productivity and efficiency benefits that remote working originally boasted are being buried under a sea of stressed remote employees and IT teams battling complaints.

Organisations have outgrown the outdated tech they still rely on and can no longer afford to use unreliable VPNs that encourage employees to flaunt security best practices. If employees continue to favour unsecured networks, a cybersecurity catastrophe is just around the corner, particularly with the deadline looming for the EU’s General Data Protection Regulation (GDPR) on May 25th, 2018. Under GDPR, if data gets into the hands of cybercriminals as a result of neglect or employee ignorance, businesses could be faced with penalties that start at €10 million and can go up to as much as €20 million or 4% of a business’s annual turnover, whichever is higher [1].

While having a fully cloud-based strategy seems ideal for many, it isn’t always easy to realise. Many organisations, and particularly enterprises, are battling with a hoard of on-premise legacy IT systems. But the reality is that they simply can’t just move everything into the cloud overnight. IT policies and end-point management strategies need to account for both cloud and on-premise IT infrastructures. Neglecting either of them is not an option.

In order to evolve, businesses are on the hunt for a low-maintenance solution that handles employee provisioning and deprovisioning (when employees leave a company), while also improving security and reporting. To meet this demand, Identity and Access Management (IAM) providers need to step-up to the plate and offer solutions that manage both on-prem and cloud environments from one unified platform.

So how can companies make this a reality?

Regardless of whether companies deploy more on-premise or cloud applications, having one unified access management platform will simplify and manage access in real-time. Coupling this with a smart IAM system that can power intelligent authentication tools, bolster security measures and increase functionality for end users will only propel industries towards digital transformation in a safe and secure fashion. In today’s competitive landscape, business efficiency and agility are necessities — and safe and effective remote working has a key role to play going forward.