Network Critical - The Window to your Network

Get Your Cyber Security Budget Approved

This blog can help you get your IT security budget approved. But first…here are some thoughts about the cost that various network attacks can extract from businesses.

We know that a strict security regime, rigorous employee training and sound accounting policies can help prevent costly attacks. Yet, it is surprising how few companies are deploying robust cyber security mitigation and remediation processes. One big reason for this lack of security diligence is the difficulty in justifying the expense. According to the Dell Data Security Report, a lack of investment in streamlined technologies and a shortage of talent are both barriers to fine-tuning data security programs.

The budget justification question for IT security is difficult to answer. How much is saved by not getting hacked? Well, if an event does not occur, it cannot be quantified. However, we can look at instances where companies with lax security policies that have been successfully attacked and extrapolate potential liability from their experiences. Thus, looking to the past can help us see into the future. Following are some research and examples of successful attacks on companies to help us get a picture of what this malicious behavior can cost:

  • According to Consumer Reports, the cost of phishing is nearly $500 million per year in the United States alone.

  • A study by the Ponemon Institute revealed that 71% of UK organizations are not cyber resilient, meaning that they lack the preparedness to handle a cyber attack.

  • TalkTalk has revealed that an October data breach has cost the firm up to £60 million, including exception losses. According to TalkTalk's first financial report of 2016, an estimated 101,000 customers left the company following the hack.

  • Russian businesses are forecast to lose almost US$1 billion (70 billion rubles, £662 million) from cyber-attacks this year and this figure is expected to continue to grow in the near future according to Lev Khasis, first deputy chairman of Sberbank, Russia's largest state-owned bank in an interview with SCMagazineUK.com.

  • The computers at Hollywood Presbyterian Medical Center have been down for more than a week as the Southern California hospital works to recover from a Ransomware attack. One local computer consultant said the ransom being demanded was about 9,000 BTC, or just over $3.6 million.

So, when your CFO asks what benefit network security and training brought to the company last year and what benefit your proposed budget request will bring say this; “Great Success! As a result of our security spend last year, our organisation is not on the list of companies that lost millions of dollars and thousands of customers to hacks and attacks. If this year’s IT security budget is approved, we will likely not be the subject of next year’s security blogs.”

Of course, once a budget is approved changing it can become more difficult than the original approval process. Therefore, a thorough plan going in is critical to not having to go back and ask for more to cover unexpected changes. It is important to include access and visibility to the initial budget and plan. Taps and Packet Brokers are critical components providing the necessary security appliance connectivity and accurate visibility to network traffic. These relatively low cost devices can actually save money overall by being able to combine traffic from multiple links and reduce the number of high cost security appliances that need to be deployed.

Taps and packet brokers can help keep your budget in line without compromising the protection provided by security appliances. They can also provide the scale necessary to grow without going off-budget. In both budgeting and design, diligent planning and disciplined execution can save, not cost. 

Posted: 23/03/2016 09:44:04 by Global Administrator with 0 comments

Data Connectors - This week we are in Houston!

This is a quick one to remind our readers that the team from Network Critical are attending the Data Connectors Conference in Houston this week! The event itself, is being held at the Westin Houston Memorial City and will take place on Thursday 24th March - Registration is from 8.15am.

Data Connectors’ conferences are one of the premier technology security events focused on the latest products and best practices available in an educational environment. You will find local product sources, seminars and meet with engineers from many of the top security companies.

The Network Critical teams will be demonstrating tap and packet broker technology to simplify the connection of security and performance tools to networks. While Network Critical is a global developer of network access technologies, we believe that these local events are great venues to meet with network engineers and designers.

So, if you are in Houston on the conference date, come and look us up. You can find more information on the Data Connectors web site www.dataconnectors.com

We look forward to meeting you there!

Posted: 21/03/2016 11:07:11 by Network Critical with 0 comments

Socialism for Networks

Socialism at its best is an equal distribution of resources to all the people. Further, when one or more of the people can not meet their work obligation, the others pick up the load. Everyone has what they need, no one gets too much and no one starves.

Translating this philosophy to the world of network access and visibility, you could say that a packet broker with traffic balancing is socialism for networks. Traffic balancing allows one or more high speed links to distribute the traffic evenly among a greater number of lower speed ports. If one of the ports becomes unavailable, the other ports will pick up the traffic load. This allows multiple security or analysis appliances to work on the load from a single high speed link.

Many networks are transitioning from 1G links to 10G links. However, there is still a significant embedded base of 1G appliances on those lower speed links. Many of these appliances are only a few years old and still “on the books.” This common conundrum can be solved and a positive ROI achieved with the deployment of high speed taps and packet brokers.

Incoming 10G core links can be accessed by a high speed fiber tap and fed into a 10G port on a packet broker. The packet broker can then evenly allocate the packets to multiple 1G ports for connection to security, analysis or performance appliances. Taking this approach further, it is possible for the packet broker to take in multiple 10G links and parse the data to multiple 1G or even 10G links. Filtering can further improve the feeds to appliances by removing data that is not relevant to the function of the appliance.

One example is a product from ntop, a new member of the Network Critical Technology Partner program. The nBox Recorder is a network traffic disk recorder application. With nBox Recorder you can capture full-sized network packets at gigabit rate from a live network interface and write them into files. It has been designed and developed mainly because most network security systems rely on capturing all packets (headers and payload), since any packets may have been responsible for the attack or could contain the problems. nBox Recorder uses the industry standard PCAP file format to dump packets into files so the resulting output can be easily integrated with existing third party or even open-source analysis tools like ntop, Wireshark. or Snort.

Using a 10G fiber tap on the network feeding a packet broker, multiple nBox recorders can be connected using 1G copper connections. This simple configuration can be used on high speed links to:

  • Analyze off-line network packets feeding a specialized tool (such as snort or ntop).
  • Reconstruct specific communication flows or network activities.
  • Reproduce the previously captured traffic to a different network.

I singled out ntop for this example because the company is a supporter of the open source community and committed to green practices such as using renewable photovoltaic energy and home offices for their geographically distributed staff reducing commute traffic and greenhouse gasses. Further, they provide free software to universities, schools, research and non-profit organizations. Network Critical supports these ideals and is pleased to be working with ntop as a partner.

Posted: 18/03/2016 09:18:24 by Global Administrator with 0 comments

Data Connectors - This week we are in Atlanta!

This is a quick one to remind our readers that the team from Network Critical are attending the Data Connectors Conference in Atlanta this week! The event itself, is being held at the Westin Peachtree Plaza and will take place on Thursday 17th - Registration is from 08.15am.

Data Connectors’ conferences are one of the premier technology security events focused on the latest products and best practices available in an educational environment. You will find local product sources, seminars and meet with engineers from many of the top security companies.

The Network Critical teams will be demonstrating tap and packet broker technology to simplify the connection of security and performance tools to networks. While Network Critical is a global developer of network access technologies, we believe that these local events are great venues to meet with network engineers and designers.

So, if you are in Atlanta on the conference date, come and look us up. You can find more information on the Data Connectors web site www.dataconnectors.com

We look forward to meeting you there!

Posted: 14/03/2016 11:06:34 by Network Critical with 0 comments

Global Data Center Expansion - Planning for Growth and Security

Oracle, Amazon and Microsoft have all announced plans to grow their presence in the UK with new and expanded data centers scheduled for 2016. As enterprise and public network demand for cloud services grows these giants, and other smaller companies, are competing for a piece of the data center market. This global expansion requires DC planners to build scale as well as security into their designs.

One of the concerns for companies considering a move to the growing portfolio of cloud services, is handing over management of confidential corporate information where servers are located in an often unknown foreign jurisdiction. There are concerns about the legal landscape, physical security and technical competence of the local management team. These UK based data centers will alleviate those concerns by allowing network customers to take economic advantage of the many cloud services being offered, while keeping their servers in a familiar environment. The same trend is leading to DC growth in the US and elsewhere. Companies want cloud services but want to keep their data within familiar legal and cultural jurisdictions.

Beyond the physical jurisdiction of the data center, however, there are many cyber security and traffic analysis issues that need to be addressed as well. How will the cloud service segregate one company's information from another? Will there be virtual or physical barriers among the cloud clients? What type of Intrusion Prevention (IPS) and Data Loss Protection (DLP) services will be provided to protect confidential data? How will data analytics and traffic flow metrics be performed and delivered? What about management of BYOD policies?

These are all issues that need to be addressed in the infrastructure development of the data center. It all starts with comprehensive planning in the very early stages with the foundation being rack planning. Rack, power, servers, switches and routers will be in the blueprint. But wait…what about firewall, IPS, DLP, probes and sniffers? How will they be allocated and how will they be connected to the client network? These questions need to be addressed early on and the appliance connectivity question is a big one.

In the early days of data center development, traffic analysis was strictly a troubleshooting tool. Soon, it was discovered that proactive, permanent traffic analysis can prevent many problems before they become serious performance issues. Further, the wide variety of specialized security appliances available today also require permanent link access.

New efficient TAP designs for both copper and fiber links make it easy to plan for current and future access needs. These taps require only 1U of rack space and allow permanent, ultra-reliable, scalable connection for multiple appliances. Permanent TAPS also provide efficient and economical power connection, with the passive fiber TAPs requiring no power at all. In addition to space and power efficient TAPS, visibility products such as Packet Brokers that can direct and manage traffic from many links to analysis, performance and security appliances.

Data center design must now include access and visibility in the original blueprint. Whereas, link access was an afterthought in the early days, the rapid expansion of cloud services and security requirements put the TAP on the map as a strategic necessity.

Whether building a new data center or designing an expansion, the access and visibility tools need to be part of the initial planning and budgeting process. Permanent TAPs should be thought of similar to power, as a basic building block of the rack. This can eliminate space and budget surprises down the line. Speaking about budgets…stay tuned for next week’s blog about a trick to help with budget approvals.

Posted: 10/03/2016 10:49:31 by Global Administrator with 0 comments

Global Security, Local Education - Data Connectors, Houston, March 2016

This is a quick one to let our readers in Houston know that Network Critical will be attending the Data Connectors Conference there later this month. The event itself, will take place at the Westin Houston Memorial City and will be held on March 24th.

Data Connectors’ conferences are one of the premier technology security events focused on the latest products and best practices available in an educational environment.  You will find local product sources, seminars and meet with engineers from many of the top security companies.

The Network Critical teams will be demonstrating tap and packet broker technology to simplify the connection of security and performance tools to networks. While Network Critical is a global developer of network access technologies, we believe that these local events are great venues to meet with network engineers and designers.

So, if you are in Houston on the conference date, look us up.  You can find more information on the Data Connectors web site www.dataconnectors.com.

We look forward to seeing you there!

Posted: 10/03/2016 09:52:21 by Global Administrator with 0 comments

Whaling... Beware of the Tale

American bank robber Willie Sutton was credited with saying when asked why he robbed banks, “Because that’s where the money is.” Whaling is a cyber scamming operation that goes after the top of the organization, CEO, CFO, Owner etc. The Whale, of course being the “big fish.” That’s where the money is.

This trend of hackers, fraudsters, cyber con artists targeting the Whales is popular because the payoff opportunity is potentially much greater than many other smaller scams. Generally, an email is presented to a high level executive or staff. Sometimes it might be a legal looking document demanding that the recipient click a link to see the full document. When the link is clicked, malware is uploaded to the corporate server to steal pass codes, account numbers etc.

This type of Whaling can be tracked and often prevented with network protection technology such as Intrusion Prevention Systems, Data Loss Protection, SIEM and other appliances. These appliances, when connected with Taps, can provide broad protections for your network while allowing authorized access to information. There is another Whaling attack, however, that is much harder to stop or manage through technology.

Social engineering scams do not necessarily rely on malware and other technological intrusions. Once a target is picked, the scammer goes on social media and becomes familiar with the target through LinkedIn, Facebook and other publicly available records. With a little research, the target’s family members, friends and colleagues become known. Then emails can be created and sent to the Whale, or to subordinates of the Whale purporting to be from the Whale, asking for checks to be written or phony invoices to be paid for a variety of reasons. Using background research, these emails will look authentic, use names, titles, logos and other personal information. The request will also usually be urgent. The personal nature of these emails increases the likelihood that action will be taken.

Just last week, in fact, a Snapchat employee was targeted by a scammer impersonating the Snapchat CEO, Evan Spiegel. The imposter named himself ‘Spiegel', and asked the unfortunate employee for payroll information, which was duly handed over. The information was released shortly after.

FACC AG, a manufacturer of aeroplane parts, has admitted in its third quarter financial report that cyber-criminals targeted the firm's accounting department and managed to defraud it of €50 million (£36 million). Whaling is not wholly a technology based scam so it can often elude technologically based protection. The point here is that technology alone can not protect against all fraud and theft.

Companies must be diligent with policy as well as technology. While check and balance policies seems a common sense solution, there are many reasons that strict anti-fraud policies are not in place in many companies, particularly privately owned companies. Policies such as requiring two signatures on checks over a certain amount and multiple levels of approval for invoices and requisitions can help reduce vulnerabilities to social engineering scams. Further, employee training to create awareness of these scams and following diligent email practices can go a long way to helping workers spot and report attempted fraud.

Perpetrators of fraud and theft will continue to attack companies large and small because, as Willie Sutton says, “that’s where the money is.” Cyber security technology is advancing every day but so is the sophistication of cyber scams. So, look beyond your technical security strategy and develop social anti fraud policies, employee email training and sound financial management practices into your security plan. Willie Sutton, by the way, spent most of his life in prison. Don’t be like Willie.

Posted: 03/03/2016 12:18:53 by Global Administrator with 0 comments

Global Security, Local Education - Data Connectors, Atlanta, March 2016

This is a quick one to let our readers in Atlanta know that Network Critical will be attending the Data Connectors Conference there later this month. The event itself, will take place at the Westin Peachtree Plaza and will be held on March 17th.

Data Connectors’ conferences are one of the premier technology security events focused on the latest products and best practices available in an educational environment.  You will find local product sources, seminars and meet with engineers from many of the top security companies.

The Network Critical teams will be demonstrating tap and packet broker technology to simplify the connection of security and performance tools to networks. While Network Critical is a global developer of network access technologies, we believe that these local events are great venues to meet with network engineers and designers.

So, if you are in Atlanta on the conference date, look us up.  You can find more information on the Data Connectors web site www.dataconnectors.com.

We look forward to seeing you there!

Posted: 03/03/2016 10:40:44 by Global Administrator with 0 comments