Last week we talked about security however this week we will discuss networking and connectivity.
Time for the basics – why do we have networks? Networks only exist to facilitate engagement, communication, creation and sharing, points often forgotten in the midst of features and endless buzz words. By holding onto those key points summarising the purpose and drivers for network existence, at the heart of all discussions and chunking the conversation up, the reason (s) for network need or change is exposed. It may be a user need, an application requirement, a service orientated outcome, but without doubt the outcome “isn’t the network” – the driver of the networking need is the main story.
It’s time to overtly challenge all enterprise networking discussions – “Why does this network exist, what are the user / applications that drive the need for this network, what user or application measures validate network activities and so on”? It’s time to hold the network to account and unlock the business value of a secure connected enterprise.
In keeping with last week’s security summary, this outline will focus on three networking aligned areas of “interest” for 2020 (without doubt there are many more). No predictions, purely areas that may stimulate valuable discussion and ideally actions.
Secure networking – secure connected outcomes.
It’s important that we link security and networking together at all times with no discussions about networking in isolation. Its time to intentionally switch all conversations to signpost secure networking or secure connectivity. The addition of the single word secure will change the mindset of all concerned and ensure the only outcome validated as successful is a secure one. Networks are the technological digital transport umbilical cord of the digital age therefore inherent security is fundamental to ensure successful, connected digital outcomes.
See all – secure all.
Next up, visibility is the hidden jewel within networks but only if explicitly leveraged for the value it delivers. Networks as the digital transport in the midst of all digital transactions see all of the traffic they transport and connect. By utilising data packet by packet “see all” capability within enterprise networks with end to end visibility from user, though system, through application, though cloud and back, networks are as powerful as security control layers as they are digital data transport layers. Its time to exploit the network as one of the best digital security sensors available.
Optimum operations – time for NetDevOps.
And finally network operations MUST change. I write with no ambiguity when positioning the importance of network operational change now, to unlock tomorrows benefits, today. There is no digitisation without secure network connectivity, no digital user experience, no world of “smart” technology and human engagement – nothing.
Networks must not only understand the language of applications, they must proactively and consistently “enable” applications to deliver user & business outcomes. Network automation isn’t the story, it’s a component of a bigger story of applications, operations and network technology working in perfect harmony.
The changing face of network operations must result in enhanced platform efficiency, operational consistency and network automation bound into the application and software development life cycle. Without an intentional business and cultural shift to leverage the network intentionally and proactively beyond digital data transport, business agility, user experience and application value may be compromised.
Start now – change now
Enterprise networks have become a victim of their own reliability, performance and effectiveness. Networks are often invisible as technology entities, however complaints appear in an instant when problems or network failure occurs but with little said during times of “normal”. Networks are expected to “just be there”, “always on” delivering optimum reliability and performance for both known and unknown requirements. This is a tough ask, however by using the network as a security control layer, proactively using the network for optimum levels of end to end visibility and accelerating the evolution of network operations, the enterprise network will act as a springboard to every good in the digital age. That’s got to be worth it.
Until next time
Business Line CTO UK (Networking & Security)
Email inboxes around the globe are filled though January with a flurry of IT market and technology predictions. I’ve been guilty of writing them in the past but chose not to this year. However, a few people have nudged me and requested at least a summary or a few ideas on a few significant IT security areas to consider through 2020 (not predictions). One thing I can convey with certainty, is that fact we actually don’t know what will happen in the security arena moving forward, we can assume and theorise but don’t really know. The business and technology landscape has never been more uncertain, with well skilled and financed attackers (at times more so than the defenders) due to the potential for immense rewards. To that end organisations need to be aware, pragmatic, agile with effective security controls and actionable remediation strategies to help them deliver “Secure IT”.
So, what might happen
The “Windows 7” platform will be a highly targeted attack vector (whether embedded, full function or other). Whilst many users remain emotionally and operationally wedded to the now reliable and robust legacy operating system, the end of operating system support and patches for Windows 7 software platforms means enterprises as a minimum must evolve away from Windows 7 to Windows 10 or to another secure and supported operating environment. If a move from Windows 7 cannot be undertaken in a timely manner, compensatory controls for example the use of virtual patching may add a layer of defence but that will very short lived. A move from the Windows 7 operating platform is the only outcome to maximise user and system security.
Next up, “connected things”. IOT is the collective term frequently used to describe connected devices, often without an interface for human input but “connected things” collect, process, transmit and sometimes store data. The sheer volume of connected things increases the security challenge with defenders requiring real time visibility, always on controls as they seek to minimise or eliminate the potential for attack. To make matters worse, many of the “things” become invisible to the human eye hidden in ceilings, behind walls or embedded in other devices. But they remain highly visible to attackers are easily located with simplistic scanning tools and can be used to launch highly damaging attacks (or as a beachhead to enter a networked environment). Visibility visibility visibility is everything – you can’t secure things you cannot digitally see. Connected device visibility platforms or advanced NAC systems help to determine the type, status, behaviour of all connected devices. This allows them to determine posture, grant and revoke access, supply data inputs to asset and CMDB databases but more importantly to help organisations to create and maintain a baseline of “normal or known good security”.
And last but not least, “the human vector” remains a key consideration in 2020. Un-informed users have the potential to become the weakest link in the security chain, but informed, engaged, security conscious users become one of the most significant elements of optimum security. Users have the power to make intellectual and dynamic decisions, interpreting situations in a way technology based controls cannot. With users as educated, security advocates and technical security controls working together in harmony, end to end optimum security becomes a reality not a dream.
As a recap, to maintain a security by design and by default in 2020 for users, business & consumers, three areas will be high on my list:
- Acceleration of the move from Windows 7 (or to secondary compensatory security deployed if a platform move is not possible)
- Optimum visibility of connected things (traditional connected devices and IOT) to ensure they can be located, patched, secured.
- Inspirational education of “the human” to intentionally become the strongest security link in the digital chain.
Through 2020 we must strive to make intentional security simple to consume, manage, operate and EFFECTIVE. This will help users, organisations and the industry to shift the current mindset and position security positively as the essential enabler of the digital world. Its time to start now, start today.
Until Next time.
Business Line CTO Networking and Security – Computacenter UK
Everyone loves a sequel – just look at how well the latest Toy Story instalment is performing at the box offices. But there’s one sequel that we could all do without: Ransomware 2. It’s back, and like the best horror movie villains, it’s nastier and bolder than ever before.
Ransomware 2 has already claimed a number of high-profile victims. At the end of June, two US cities paid around $500,000 each to get files and data unlocked following successful attacks. The bill for Norsk Hydro, a global aluminium producer, was even higher. It didn’t pay the ransom, but it still paid the price.
The entire workforce had to resort to pen and paper when ransomware took hold across 22,000 computers in 40 different countries – Norsk Hydro is still recovering nearly three months later. On average, a ransomware attack results in seven days of downtime.
Although the Norsk Hydro’s tough stance has boosted its reputation; it’s also damaged its bottom line – the cost of the attack has already topped £45 million. The company is not the first to end up with a multi-million dollar bill: the Baltimore City government was hit with a massive ransomware attack that left it crippled for over a month, with a loss value of more than $18 million.
The resurgence of ransomware is not surprising – it’s a proven business model and a repeatable one. It works not only at an enterprise level but a personal level too. Individuals can be just as willing to pay a ransom to unlock personal data, such as family photos and financial files, if they are the targeted by an attack.
So how do you avoid joining the ransomware ranks? Although ransomware is powered by malicious software, it still needs human interaction to succeed. Just one click on a spam email or an infected ad is all it needs for a ransomware attack to be initiated. Even a visit to a legitimate website can land you in trouble, if the site is infected with code installed to redirect users to a malicious website.
Better user education can help prevent ransomware being unleashed – whether it’s on a home device or a business computer – but it will never completely eliminate the risk. So organisations need to be ready to fight back when the ransomware ball starts rolling, which means they need robust protection from the DNS layer to the email and the endpoint.
Blocking spam and phishing emails along with malicious attachments and URLs is an important first step. But the need to balance employee flexibility with IT security means the net can never be fully closed.
Even if someone clicks on a malicious link or file, organisations can still supress an attack. If ransomware can’t connect back to the mothership, it can’t be activated.
With thousands of DNS requests being initiated across an enterprise every day, detecting which ones are genuine and which are malicious requires highly sophisticated technology. Instead of proxying all web traffic, intelligent ransomware defence solutions will route requests to risky domains for deeper URL and file inspection. They will also be able to draw on contextual security to identify unusual and potentially unsafe requests from individual endpoints.
These insights enable IT teams to make quick risk judgements that block threats without blocking genuine business activity. With new risks emerging all the time, ransomware defence solutions need to receive constant updates on the latest sources of malicious content.
If the call back to a command and control server is successful, there are still ways to contain a ransomware attack before it proliferates across an entire organisation. For example, dynamic segmentation can prevent ransomware from travelling across the network – helping to avoid a full-scale outage as experienced by Norsk Hydro.
By taking a layered approach to security, organisations and individuals can mount multiple defences against ransomware whether it’s launched via the web or email. And they will need every one of these defences because Ransomware 2 looks like it’s going to be a blockbuster. Ransomware damages are predicted to reach $11.5 billion in 2019.
Stay safe until next time.
Business Line CTO Computacenter UK – Networking and Security
Happy New Year and I hope the festive break was “a break”. Some continue to work throughout the festive season (or the global economy would meltdown), but for many back to work for 2019 started in earnest this week. I have so far avoided 2019 “predictions”, “prophecies”, “educated articulation of interesting stuff” to date based on so many of them circulating the social media and email landscape. However, a fair few messages asking for a perspective on the networking and security world for 2019 have stimulated me to scribble a few words.
And here comes the shock, I will be quite boring with my summary of the market and technology impacts for 2019 (well at least the first half) because I will continue to encourage to all who will listen that the most important edict they can institutionalize in their own psyche and the organisational operational IT approach is to ensure the basics are “brilliant”. Modern business should only have a single state, secure business with an unintentionally insecure environment almost unthinkable in the digital age. As the creation, processing, analysis and management of digital data streams continue to underpin and energize both user and business outcomes an intentionally secure by design philosophy is the only way to stem the attack tide.
Security isn’t the task of security professionals alone, but every application or system user with a level of consciousness about the consequence of breach or failure must now acknowledge “intentional security” is the responsibility of all.
Ensuring the basics are brilliant, with security controls mapped to business activity, outcome and consequence, with auditing and automation leveraged to optimize operations will increase the level of certainly of a user or organisations security posture.
· Privileged account security
· Multi factor authentication
· Managed encryption.
· Vulnerability management PLUS
· Identity management PLUS
· Enterprise anti phishing with associated user education
· Intelligent endpoint security (user or things)
Can you embrace how boring the list above may seem – hopefully that’s the case. The list above are subset of the “Brilliant Basics” that MUST underpin the secure defences of all. You are possibly about to click away from this screen buoyed by the view “we have got all of those” and that may be the case. But even with great guidance from Cyber Essentials, CIS, NIST, etc many organisations I meet are a snippet of “luck” away from a comprehensive breach due to absence, failure or poor execution of the controls above with the negative consequence avoidable.
If there is no auditable and actively managed operational state of the items mentioned above integrated together to ensure security is seamless, intentional, proactive why consider the wealth of advanced and esoteric new products showcased daily – get the basics right.
So my 2019 ask so early in the year is to be brutal and rigorously appraise the brilliance of your “basic” security controls. Are they operational consistent, audited, integrated, holistic, bidirectional from an information and threat exchange, automated where possible – score your current state.
Why make it easier to be breached when organisations highly engineered, often very expensive, operational complex defences fail due to the failure to control the controllables or optimise the known basic elements.
Until next time.
LOB CTO – Networking and Security Computacenter UK
Note: This perspective is the viewpoint of Colin Williams and does not constitute an opinion of Computacenter Group.
This must be the “strangest” of strange states as our consumer society evolves from zero “Black Fridays” to two – and gives my original article a second lease of life. The early bird resellers launched Black Friday part one last week attempting to steal a march on the masses, but the real frenzy and furore starts now with the default Black Friday fast approaching followed by Cyber Monday just around the corner.
These two shopping days were absent from my childhood as I lived a world of window shopping that on the odd occasions evolved to in store browsing when I sought to interact and engage with the myriad of products I hoped I could one day afford to buy. Click and collect didn’t exist but via a very thick paper based catalogue “click and deliver” was a highly rewarding activity with the click of buttons on the home phone followed by that feeling of Christmas when the catalogue item was delivered via the postal service (nothing ever fitted or looked as amazing as the catalogue pictures).
But as we fast forward to the present day with frequent announcements of the demise of the high street, much of our in store browsing is online (and frequently from a mobile device), click and collect / deliver an essential way of life and our approach to product selection and purchasing is now unrecognisable from a decade ago. Our immersion in social networks, digital procurement platforms and financial systems have helped to make many of us digital by default when we shift into product buying mode because the sheer breadth of offerings and convenience is unmatched.
But it comes with a health risk. The “digital me (or you)” and our always on entity existing on both known and unknown public platforms, ensures we become valid targets for attackers seeking to emulate our digital personas for financial gain. Black Friday signals the start of one of the busiest and most frenzied trading weekends of the year. The mix of in store and online price reductions results in both “want and need” based purchasing to ensure “too good to be true” deals are not missed, culminating on Cyber Monday with an online price war second to none.
Secure business, secure purchasing, secure user experience are often assumed by customers without a second thought of the cyber threat spectre waiting in the wings. This leaves many combing the net for deals, offers, codes or any other digital token to make “cheap” even “cheaper”, blissfully unware that many of those “benefits” are fake, malware ridden or designed to harvest personal credentials for future use.
Cyber Monday 2017 surpassed $6.7bn of sales which for both retailers and cyber treat actors is a prize too lucrative to ignore (stat CNBC). For retailers, getting the security basics right will be essential to ensure successful and secure consumer trading outcomes. DDOS mitigation, enhanced phishing protection, web application security, anti-malware, access review and least privilege are essential controls that must be tested and optimised in advance of the starting gun for Black Friday.
For consumers / users, education and heightened levels of cyber vigilance plus a realisation that too good to be true – “is too good to be true” when interacting with online systems prior to and beyond the Black Friday / Cyber Monday weekend. This is the time of year where spam and phishing Email volumes reach unprecedented levels with social engineering used to make those “offers” too compelling to ignore. DONT CLICK emails for “amazing deals and offers” – pure and simple as a moment of weakness may result in malware, ransomware or other forms of compromise taking hold of your digital persona and potentially that of your company. Its safer to visit the website of the vendor in question “directly”, no need to click a link that may not be from the company in question.
If you want to be “online smart” a few simple things can deliver HUGE security enhancements to your Black Friday shopping experience. Ensure you turn on the two-factor (or multi) authentication and notification options on your various online email services and accounts with further security improvements gained by using a password manager to ensure different passwords are applied to various services you use.
Building the walls higher just won’t do, both vendors and consumers must work in tandem to ensure the most secure possible online and digital trading experience is realised by all reducing the potential for data breach or subsequent misuse.
Safe and happy shopping during Black Friday and Cyber Monday 2018 (and beyond).
Until next time.
LOB CTO UK: Networking and Security – Computacenter UK
October is Black History month and celebrated as such in the UK, USA, Canada, Irish Republic and the Netherlands to name a few nations. It reflects on the history of the African, African American, Afro Caribbean community and its experiences both negative and positive within the world as we know it. I have been torn for many years on my viewpoint of the use of a single month in the year to celebrate the achievements of Black people – we are no different from every other race with experiences and achievements illuminated daily through the course of normal life, so why the focus on a single month.
However my stance has softened somewhat in recent years in the midst of the lack of focus and importance placed on reflecting on historical experiences in the many forms irrespective of race, or colour as constant digital recalibration of the past becomes the historical signpost for our future. We live in an information rich world with access greater than ever before to the amazing historical insight available and via the magic of AI & ML now have a platform to “what if” the future. The film “Hidden Figures” told the story of three Black women mathematicians who were fundamental the success of early NASA Apollo space programmes. If the “Black History Month” moniker results in more positive historical stories of a similar nature to be told and heard, it will help so many unwind public domain, lazy stereotypes that may exist.
But our absorption of those knowledge nuggets can be somewhat compromised by the harsh realisation that “written doesn’t mean real” with fake news at times impossible to discern from real news (and who validates real as real). With all of the above guiding our historical lenses, it’s essential an underrepresented community at times from a “good historical news” standpoint is granted a stage or a spotlight to expose past and showcase current good news stories for the present generation to reflect on and learn from.
This post isn’t the forum to chronicle the achievements of black people and how they have positively affected humanity, many are well documented elsewhere. But it is to radiate a digital smile that for at least one month in the year children, adults, all people of all races within the countries that celebrate black History month can be informed, stimulated and educated based on valuable historical information that without focus they may have no imperative to seek out and consume.
Black History Month October 2018
Until Next Time.
LOB CTO UK – Networking and Security
Things just became really interesting.
The recent news is awash with worrying claims from a credible source of “hidden” spying chips embedded within the motherboard of a leading server manufacturer. As yet, no manufacturer has released a statement confirming their existence but the information illuminating the potential is compelling. Surely it forces us all to consider our own personal, personal and professional “digital state” in this heavily connected world. Do we technically appraise every computer based device we use at design and component level to determine the source, use and security impact of all of the minute elements that make the device work. Of course we don’t, not only would the majority of us struggle to find out how to even open the device (have you tried to open a modern mobile phone with the myriad of specialist tools and hidden pressure points to make things pop open), we no way of actually understanding the function and outcome delivered by the components (when they work in harmony).
Can we be sure the most innocuous of household device has no secret and potentially malicious embedded elements that whilst not explicitly installed to be utilized in a nefarious way in the right hands can’t be leveraged to invoke a surveillance, recording or tracking function? It is this total ambivalence to the likelihood of it, until possibly today that means the potential may be more likely that we ever dreamed.
The days of hardcoded firmware delivering static intelligence to all but the most expensive and programmable devices is from a bygone era. Even the simplest digital device consists of user or system driven remotely programmable aspects that in some cases are core to the function of the device. Whether it’s used from software updates, device troubleshooting or in the case of some advanced modern vehicles to deliver totally new functionality, device or system programmability is a fundamental aspect of modern IT that enhances the consumer or user experience by making it “personal”.
Could we be shifting to a position of worry so great that we “sweep for bugs” when entering a room or prior to switching a device on in true James Bond mode – highly unlikely. But I suggest the recent announcements will ensure many IT leaders and operational teams increase the priority of network based security visibility platforms, AI or machine learning systems that examine and re-examine the most granular elements of telemetry and security aware behavioral analytics platforms that understand things we can’t comprehend.
Ask yourself when considering the IT platforms that underpin your business (or social existence), what can you really see, are you sure you know how they work and do you really understand the security heart that beats within?
Who would have thought, we are not even close to the iconic year 2020 and already we may be worrying about the moral intent in the digital soul of our machines. The future ahead is likely to be way more interesting than we have ever previously dreamed.
Until next time.
LOB CTO UK – Computacenter Networking and Security