Displaying items by tag: Network security

Infoblox operates in the DDI (DNS, DHCP and IP address management) space, working with network security and cloud security operations and has done for the past 25 years. It was recently in Sydney and told us about its new networking product.

Recent reports about the potential ban of TP-Link products in the U.S. have highlighted a growing concern: the security and reliability of the network devices we rely on daily. As smart devices continue to proliferate in our homes, so do the risks they bring — from cyberattacks to vulnerabilities that expose personal data. With these issues coming to the forefront, taking proactive measures to secure your home network has become more essential than ever. In this article, we will explain how to protect your home network and the importance of network segmentation.

• Collaborative testing validates secure and trusted quantum-safe IPsec protection against future network security threats
• First deployment of its kind marking critical step in securing mobile networks against future threats posed by quantum computing.

COMPANY NEWS: Nokia and Turkcell have successfully demonstrated a world-first ability to implement quantum-safe IPsec network cryptography for its mobile subscribers. This groundbreaking achievement marks a critical step in securing mobile networks against future threats posed by quantum computing. By leveraging the latest cryptographic standards, Nokia and Turkcell are proactively addressing the evolving landscape of network security and ensuring the resilience of mobile communications well into the future.

COMPANY NEWS:  New Check Point Quantum Firewall Software R82 delivers new AI engines, post-quantum encryption, accelerated DevOps, with greater simplicity for data centre operations

COMPANY NEWS: Survey of 200 CIOs and Senior IT professionals finds majority of respondents desire a single integrated platform for networking AI and security to improve productivity, streamline investments and ensure protection against evolving cyber threats

COMPANY ANNOUNCEMENT: Check Point CloudGuard Network Security is recognised for providing industry-leading advanced threat prevention for all public, private and hybrid cloud deployments

GUEST OPINION by Prakash Sinha, Radware: ‘Identity as a perimeter’ is a concept in cybersecurity that represents a shift in the traditional approach to network and application security.

GUEST OPINION:   Paul Crighton, Managing Director ANZ at Barracuda Networks

People and businesses take out insurance to cover their potential losses from all kinds of adverse events: fire, flood, storm and theft are threats for which cover is commonly sought. There has also been a growing trend in recent years of businesses taking out insurance to cover the cost of damage caused by cyber attacks, but the ecosystem around cyber insurance is much more complex and evolving more rapidly than conventional types of insurance.

By far, the biggest cyber threat against which organisations seek insurance cover is ransomware. However, unlike other conventional risks where the insurance covers the cost of remediation following an adverse event, the damage from a ransomware attack can potentially be mitigated by paying the ransom, and having insurance cover often places this decision in the hands of the insurer.

Insurers are no longer paying up so easily

In the past, insurers were much more likely to help policyholders cover losses and minimise damages from a ransomware attack. However, in the face of increasingly frequent and costly attacks, insurers are tightening their parameters.

They are placing more stringent requirements on clients, which is forcing organisations to pay more attention to their cyber security measures. In the past, organisations tended to be somewhat lax because they had cyber insurance, but increasingly insurers are demanding strong cyber security measures as a prerequisite for taking out a policy.

While these requirements are having a positive impact by lifting the overall level of cyber security in Australian businesses, awareness is still much lower than it should be, with only 20 per cent of SMEs and 35-70 per cent of larger businesses taking out cover specifically for cyber risk.

If you try to take out an insurance policy against burglary, chances are the insurer will require you to have some basic security measures such as window locks and deadlocks, or they will bump up the premium significantly if you don’t. It is becoming a similar case with cyber insurance: insurers are increasingly demanding clients have some basic cyber security measures, such as:

• Requiring all users to authenticate themselves with unique passwords, biometrics, or digital ID.
• Ensuring system access is limited only to those who require it to perform their roles, enforced through a policy of least privilege.
• Multifactor authentication (MFA) for all access to cloud services and critical devices, and all users accessing services remotely.
• They may also require all sensitive data to be encrypted in storage and transit, and for mission-critical data to be regularly backed up and isolated so it cannot be compromised by ransomware.

What effect is this having on the cybersecurity industry?

All of this external pressure is a good thing for Australia’s cybersecurity industry. It can help CISOs get the necessary budget to introduce more cybersecurity measures against which there might normally be internal resistance. However, having cyber insurance can also increase the chance of a cyber attack! If attackers are able to ascertain that an organisation has insurance, they may believe they have a better chance of extracting a ransom.

A recent global survey of senior IT and IT security decision-makers across multiple industries found 77 per cent of organisations with cyber insurance had been hit by a successful ransomware attack in the previous year compared to 65 per cent without cyber insurance.

And whatever compensation a cyber insurance policy might provide, it can never guarantee replacement of encrypted data, or compensate for the reputational damage inflicted on an organisation when large amounts of sensitive personal data on customers is exfiltrated and exposed on the dark web – as recent high-profile attacks against major Australian organisations have demonstrated.

It is therefore extremely important that organisations aren’t overly-reliant on cyber insurance. They must have robust measures in place to prevent attackers from gaining access to corporate IT systems and minimise the damage they can cause if they are successful.

The four basic tools all organisations should have in place:

1. Email protection: Deloitte has estimated that 91 per cent of all cyber attacks begin with a phishing email. Using AI-powered email protection can help prevent these attacks by analysing thousands of emails around the world to identify and block phishing attempts. Security awareness training is also an effective way to prevent phishing emails from being opened and allowing system compromise.

2. Application protection: Hacking web applications has become an increasingly-popular way to gain access to wider company networks. Thankfully, tools such as  WAF or WAF-as-a-Service are available that can offer comprehensive protection for applications, whether these are deployed on-premises, in the cloud, or across both environments. The best tools are constantly updated to offer protection against emerging threats: they collect threat data from worldwide networks of sensors and customer traffic and use machine learning and artificial intelligence to update protection tools in near real time.

3. Network security: The rise in remote working precipitated by COVID has greatly increased the scale and vulnerability of many corporate networks. There’s a new approach to securing networks, which all organisations should be aware of and consider adopting. It’s called Secure Access Service Edge (SASE) and combines a range of security features including VPN and SD-WAN secure web gateways, cloud access security brokers, firewalls and zero-trust network access and delivers all these from the cloud.

4. Backups: Having a reliable backup (or multiple) is essential to protect vital data against error, system malfunction, natural disaster and criminal activity. But crucially, backups must provide the ability to easily recover data rapidly and restore normal operation in the event of any kind of disruption or data loss. For many business operations, minimising downtime caused by disruption is a high priority. Not all backups are created equal, and organisations need to look for a solution that restores data efficiently and easily, from any point in time.

The takeaway:

Getting these four aspects of data and system protection right: email security, application protection, network security and backups should be the first priority for any organisation before it starts considering cyber insurance, which can do nothing to protect against attacks or prevent the damage to operations and reputation that ensues.

https://assets.barracuda.com/assets/docs/dms/2023-Ransomware-insights-report.pdf

https://www2.deloitte.com/my/en/pages/risk/articles/91-percent-of-all-cyber-attacks-begin-with-a-phishing-email-to-an-unexpected-victim.html

https://actuaries.asn.au/Library/Opinion/2022/CyberRiskGreenPaper.pdf

GUEST RESEARCH: A10 Networks today published research, titled Global communication service providers: Market growth fuels security investments, exploring how communication service providers (CSPs) worldwide are evolving as they expand services and infrastructure in response to changing customer demand and technology evolution.

Worldwide network security market maintained its ongoing rebound from the 2020 pandemic-induced recession with the eighth consecutive quarter of stronger revenue growth and the sixth quarter of double-digit revenue growth, according to market research firm Dell’Oro Group.

Seventy percent (70%) of CEOs believe their network maturity level is negatively affecting their business delivery, according to the 2022 Global Network Report from IT infrastructure and services company NTT.

Global networking giant Cisco has tied up with the University of Canberra to address the shortage of cyber security skills, with the focus to be on defence and critical infrastructure.

Demand for network security—email security, firewall, security service edge, secure web gateway, and web application firewall technologies—is expected to remain strong and will exceed at US$150 billion ($210 billion) over the next five years as solid enterprise investment in cloud applications and hybrid work drive the need for greater security and offset macro-economic headwinds, forecasts market firm Dell’Oro Group.

Consultancy firm Advent One has acquired Layer 8 Networks, a provider of unified communications, networking, and network security services.

API security vendor Noname Security has appointed network security products company Netpoleon as its distributor in Australia and New Zealand.

Value-added distributor Netpoleon has appointed Luke Scerri as its first CTO for ANZ.

GUEST OPINION: There's no doubt the last couple of years have been interesting ones for ICT channel businesses. The curve ball that was COVID-19 brought unprecedented uncertainty to the market and triggered a tsunami of digital transformation. So, what does the remainder of the year hold in store? Here are five security-related trends your channel business should be across in 2022.

GUEST RESEARCH: Illumio, the pioneer and leader of zero trust segmentation, today released new findings of a commissioned study conducted by Forrester Consulting that explore how organisations are approaching their zero trust strategies in 2022 to better navigate the remote world brought on by the COVID-19 pandemic and continuing digital transformation initiatives.

D-Link's Nuclias Cloud-Managed DBG-2000 SD-WAN Security Gateway completes the end-to-end capability of the Nuclias range by adding centralised control over network and Internet traffic.

Networking specialist Extreme Networks has announced Extreme Trusted Delivery, which it describes as a carrier-grade solution designed to protect critical network infrastructure and ensure its performance, wherever it is located – including unattended sites.