classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn

Hi-Tech Security Solutions Business Directory
Residential Estate Security Handbook 2017

Intelligence and monitoring
March 2017, This Week's Editor's Pick, Access Control & Identity Management, Cyber Security, IT infrastructure

Securing your network and the data that travels over it continuously has become something every person needs to consider when using electronic communications, whether at home or in the workplace. There are endless stories about how people and companies have been breached and the consequences resulting.

While many researchers have put a monetary value of a breach – the sale price for Yahoo is supposedly being reduced by $250 million because of its carelessness about a major data breach – there are other issues to consider. If you don’t protect your customers’ sensitive data, will they trust you in future? If something happens to that data once stolen that can be traced back to your company, what legal actions might be faced? And then there is the cost of simply recovering from a breach and placating shareholders, partners and customers.

All too often, the consequences of not protecting your data can be self-destructive. The criminals may end up stealing your future business plans, your customer database and all your competitive secrets. If a competitor gets hold of that, your business could suffer.

To obtain a better idea of what’s happening in the world of network security, which is only one area of a complete security posture, Hi-Tech Security Solutions asked a number of people involved in the industry to provide some insights into this seemingly never-secure world.

Know what you’re up against

Paul Williams, Fortinet.
Paul Williams, Fortinet.

Paul Williams, country manager for southern Africa at Fortinet, says the network security approaches of recent years are simply not fast or comprehensive enough to deal with a constantly changing threat landscape.

“The threat environment is constantly evolving,” explains Williams. “Attackers are increasingly sophisticated and they are collaborating more, often from various bases around the world. We’re seeing an increased incidence of multi-modal attacks, where the victim is distracted by one form of attack while the attackers simultaneously attack from another point.”

He adds that the frequency and speed of attacks has increased too: you may find sub-hour or even sub-second attacks. Time to response has therefore become crucial, and traditional network security approaches are simply not fast enough.

“Organisations today need to integrate and orchestrate their security network off a single pane of glass. They need full visibility and manageability across the network to allow them to analyse the attack, clamp down and mitigate it as quickly as possible, and afterwards run comprehensive reporting and mitigation exercises.”

John Mc Loughlin, J2 Software.
John Mc Loughlin, J2 Software.

John Mc Loughlin, MD of J2 Software agrees, noting that the threat landscape is changing “almost daily and the primary threats we see are not around bragging rights anymore. Today’s threats are primarily focused on money.”

The list of reasons for attacks varies from basic attempts to steal money, more sophisticated strategies to extort money, or even to prevent a competitor from making money. “Cyber criminals are spending time innovating by changing attack paths or running multiple pronged and targeted attacks on individuals, while traditional security practitioners are still defending their castles in the same old way. Spending time speaking and consulting – rather than effecting real change by monitoring the items which need to be monitored and reacting to changes,” says Mc Loughlin.

Referring to the Cisco 2017 Annual Cybersecurity Report (, Cisco’s Greg Griessel highlights the top three attacks companies face. “There are multiple threats to networks and companies always face the challenge of staying ahead of the ‘bad apples’ can disrupt operations. Adversaries have more tools at their disposal than ever before, but currently the top-three threats are:

Spam: The volume of ‘digital junk’ rose during 2016 reaching nearly record-high levels seen a decade ago. New anti-spam technologies and high-profile takedowns of spam-related botnets have helped fight spam, but in the past year Cisco has observed a global increase in spam to the Necurs botnet. Adversaries are becoming professionalised to the point that they are able to continually evolve their strategies and tactics, such as experimenting with a wide range of attachment file types. Some of the more dangerous threats to have emerged include Locky ransomware and the Dridex banking Trojan.

Adware: Software that downloads or displays advertising through redirections, popups, and ad injections (without user consent), is considered adware. It can be difficult, or impossible, for users to distinguish legitimate online ads from malvertising. Increasingly, cybercriminals are using adware to help deliver malvertising, which serves as a critical first step for ransomware and other malware campaigns.

OAuth connection risk: As enterprises shift to the cloud, their security perimeter extends into the virtual realm. With each third-party cloud application that employees introduce into this environment there is an increased risk of Open authentication (or OAuth) connections touching corporate infrastructure and Software-as-a-Service (SaaS) platforms.

The numbers don’t lie

Yet, it’s not all about data theft. The proliferation of ransomware has seen a huge industry develop around simply blackmailing people to regain access to their own data. This seems to be evolving into a dual attack of encrypting data for ransom while also stealing information, but the basics of ransomware remain the same.

Fred Mitchell, Drive Control Corporation.
Fred Mitchell, Drive Control Corporation.

Fred Mitchell, software solutions division manager: Drive Control Corporation, highlights ransomware as “undoubtedly the main threat faced by organisations today. Ransomware is malware that is covertly installed on basically any device connected to the Internet. It can then lock the system or certain files, requesting payment to unlock it.”

According to an Osterman Research survey, e-mails with malicious links and malicious attachments accounted for 59% of ransomware infections in 2016, Mitchell continues. The Osterman Research also shows that just 4% of respondents (from US organisations) were confident that their current security infrastructure will be able to prevent a future ransomware attack.

Gareth James, VMware Southern Africa.
Gareth James, VMware Southern Africa.

Gareth James, network & security sales specialist at VMware Southern Africa quotes a survey from PwC in collaboration with InfoSecurity which found that 75% of large organisations suffered staff related security breaches in 2015. This figure was up from 58% the year before. The insider threat, which has been overplayed in the past, seems to be becoming more dangerous, whether due to malicious intent on the part of employees or careless behaviours.

James notes that the profile of threats is also changing and that they don’t “seek to disrupt, but rather to create a foothold in a network and slowly, but quietly, steal information from the target.

“In order to adjust to this new trajectory of attack, organisations must increasingly seek to secure the inside of the network. The analogy is that of a modern-day ship. Old ships would sink if the external shell was in any way compromised. Modern ships are made up of multiple compartments, each separated from the next by a watertight door. In the same way, our modern networks must compartmentalise into individual security zones, and this prevents what is known as ‘lateral movement’ within a network.”

The result of all these threats is that, according to Andy Robb, chief technology officer at Duxbury Networking, companies – and individual computer users – are moving away from traditional anti-virus solutions to next-generation advanced malware detection and prevention systems. “These incorporate technologies such as behaviour detection, malicious traffic detection as well as emulation and security heartbeat monitoring.”

What to do?

Identifying the problem is one thing, actually putting the processes in place to deal with it is another. As Williams notes, with the scope of attack vectors growing, it’s safe to assume that any automated or digital system is vulnerable to attack.

“We have even seen attacks on self-contained analogue automated manufacturing systems and CCTV camera recording systems recently; while at the same time the rapid uptake of connected wearables and Internet of Things (IoT) is broadening the risk profile of every organisation,” he adds. “The digital economy is expanding networks to encompass users, devices, data, goods and services. Data and applications are now flowing faster across an increasingly diverse landscape of users, domains, and devices.”

With this knowledge as a starting point, Griessel advises on the ways one can protect your network:

• Adopt integrated defence systems.

• Improve threat defence technologies and processes by separating IT and security functions.

• Increase security awareness through employee training and education.

• Implement risk mitigation techniques.

It is important to remember that security is not simply a matter of installing an application and all’s well. In the past, a firewall that was regularly updated was seen as a good defence. Not anymore. The traditional firewall approach to security is rapidly becoming obsolete as the modern Internet environment has many applications that send/receive traffic over ports that are typically allowed by traditional firewalls, explains Robb.

He adds that newer firewall products have extended their scope with built-in applications to overcome the limitations of yesterday’s firewalls. “The technology is able to monitor, control and block hundreds of applications, such as Skype, Facebook, BitTorrent and Yahoo! Messenger, thus helping to enhance employee productivity and rigorously enforce network usage policies.”

And the edge of the network is an important target. James says it is “virtually impossible to plug all the possible entry points into a network. With low-tech attacks, potential intruders simply give ‘free’ USB sticks to employees and wait for the Trojan horse software on the device to dial home once someone inserts it into their computer. The most practical approach is to assume that one will be compromised at the edges, and that one must control both the objects within the network and how the objects in different parts of the network communicate.”

Visibility is key to this approach, he says. One must be able to record normal network interactions and form a baseline of activity that gives the security team the information to raise a flag when it notices background noise that is different from normal network interactions.

Mc Loughlin echoes this, noting that trying to secure your network with a point solution is almost meaningless unless you provide ongoing and continuous monitoring with behavioural analytics that provide visibility and insight into what is really happening.

“Using actionable threat intelligence, you have the ability to make sure the perimeter security measures are working correctly and have not been breached, you ensure that your users are not making accidental mistakes to jeopardise your network, and you can respond as soon as there is a breach. In short, you need unified security management.”

Of course, it isn’t quite that simple. Companies use their networks for many different communications requirements and you may find your needs are not the same as the company next door. Mitchell notes that your security solution will depend on your network, your current security posture and budget. “Once a thorough assessment is conducted, a security solution must be tailored to safeguard your network against potential threats.”

What’s available?

To end off the article, we asked the interviewees what solutions their companies provide that will assist in securing networks. The following is a brief summary of their responses, there is naturally much more to each of the solutions than we can cover here.

Mc Loughlin says J2 Software provides a selection of solutions, and more importantly, services to help clients. “We push to first provide visibility (we cannot manage what we cannot see), identify risks and take corrective action. The worst thing that security providers do is to drop off a solution, do some training and move to the next sale. We provide tools and we have the artisans to make sure the investment is used to maximum benefit.”

Duxbury Networking provides a range of security solutions incorporating next-generation firewalling, anti-virus, anti-ransomware and wireless security to businesses of all sizes. “Our objective is not only to secure their data, but to give managers the power to maintain complete control over their network environments,” explains Robb. “For example, with intelligent QoS settings and policy based-optimisation, organisations will not only be able to protect their networks and the sensitive data they hold from outsiders, but also from malicious attacks from employees, partners and other insiders.”

“Fortinet offers security solutions across the board, covering every inch of the infrastructure, including wired and wireless networks, end user and IoT devices, access layers, public to hybrid cloud models, software-defined networks, and virtualisation,” states Williams. “We employ advanced technologies like hardware-accelerating FortiASIC processors and security embedded network appliances, including virtual and cloud instances, ensure that a network’s function, performance, and scalability are not compromised by the solutions securing it.

“Our Fortinet Security Fabric brings traditionally autonomous systems together into a single, aware architecture, designed with three critical and interdependent attributes – broad, powerful and automated. Operating as a single entity, the Fabric delivers complete awareness across devices, users, content, and data flowing into and out of the network, as well as insight into traffic patterns.”

Cisco’s first line of defence for customers is knowledge. “One has to ‘know the enemy’ first, understanding their strategies and tactics,” explains Griessel. “Each year – for the past 10 years – we have compiled the Cisco Annual Security Report. It is part of equipping organisations with a necessary understanding of the threats that exist, as well as new developments or trends.

“The next solution is improving responsiveness. Time to Detection (TTD) is an important measure of the window of time between a network being compromised and the detection of a threat. (TTD is determined by using opt-in security telemetry gathered from Cisco customer security products deployed around the globe.) Bringing down TTD, we are able to reduce attackers’ operational space and the risk for our customers.”

VMware has a network visibility tools called vRealize Network Insight that shows all traffic flows within a data centre. James says, “This mapping tool also makes recommendations of security rules that one should apply within the data centre based on the information collected. VMware also has added capability to place firewalls at every virtual machine in the data centre. These firewalls can easily be mapped to your security policies. This combination of visibility and compartmentalisation gives our customers the capability to secure the inside of their networks.”

As noted above, there are many solutions one can choose to secure a network, but it’s not simply a case of selecting the cheapest one or the one with the best reputation. Each organisation needs to conduct its own security audit to determine what it needs, followed by a process of selecting the solutions that deliver what they require.

Minimise your risks

Cisco’s Greg Griessel has some advice for organisations concerned about their network security. Cisco advises organisations to follow these steps to minimise network risks as part of preventing, detecting and mitigating threats:

• Make security a business priority: Executive leadership must own and evangelise security and fund it as a priority.

• Measure operational discipline: Review security practices, patch, and control access points to network systems, applications, functions, and data.

• Test security effectiveness: Establish clear metrics. Use them to validate and improve security practices.

• Adopt an integrated defence approach: Make integration and automation high on the list of assessment criteria to increase visibility, streamline interoperability, and reduce the time to detect and stop attacks. Security teams then can focus on investigating and resolving true threats.

For more information, contact:

• Cisco:

• Drive Control Corporation:

• Duxbury Networking:

• Fortinet:

• J2 Software:

• VMware:

Supplied By: Drive Control Corporation
Tel: +27 11 201 8927
Fax: +27 11 201 8101
Supplied By: Duxbury Networking
Tel: +27 11 351 9800
Fax: +27 11 646 3079
Supplied By: J2 Software
Tel: 087 238 1870
Fax: 086 619 3563
  Share via Twitter   Share via LinkedIn      

Further reading:

  • People on the move
    November 2017, This Week's Editor's Pick, Access Control & Identity Management, Integrated Solutions, IT infrastructure
    Sanjay Dharwadker looks at some of the changes that have been enacted to better manage Europe’s borders.
  • Access and identity: looking ahead
    November 2017, neaMetrics, ZKTeco, Powell Tronics, This Week's Editor's Pick, Access Control & Identity Management, Integrated Solutions
    Access and identity is more important than ever with more options than ever for companies looking for solutions that go beyond mere entry and exit.
  • Trusting your privilege
    November 2017, Technews Publishing, This Week's Editor's Pick, Access Control & Identity Management, Integrated Solutions
    Privileged access management is the starting point for effective enterprise identity and access management, whichever device you're logging in from.
  • The access edge
    November 2017, Johnson Controls, This Week's Editor's Pick, Access Control & Identity Management, Integrated Solutions, Security Services & Risk Management
    With the common denominator of IP networks as their backbone, building automation, security and, in particular, access control systems are increasingly providing opportunities to both security integrators and building managers.
  • Home run for integrated security
    November 2017, Milestone Systems, Integrated Solutions, CCTV, Surveillance & Remote Monitoring, Access Control & Identity Management, IT infrastructure
    Axis Communications, Extreme, Lenel and Milestone team up to secure 2017 Little League Baseball Series.
  • Facing the future
    November 2017, neaMetrics, Virdi Distribution SA, This Week's Editor's Pick, Access Control & Identity Management, IT infrastructure
    Facial biometrics is coming into its own today, but is it a 100% reliable means of identity verification and authentication?
  • Securing your access security
    November 2017, G4S South Africa, Impro Technologies, This Week's Editor's Pick, Access Control & Identity Management, Cyber Security
    While one may not consider access control solutions a prime hacking target, any connected device is a target in today’s world.
  • Ding dong, it’s IP
    November 2017, Elvey, TOA Electronics, Zhejiang Dahua Technology, CAME BPT South Africa, This Week's Editor's Pick, Access Control & Identity Management
    IP and open standards have taken the security technology world to a new level where proprietary systems and customer lock-in are no longer the global standard.
  • A mobile holiday
    November 2017, Access Control & Identity Management, IT infrastructure
    The use of mobile devices, specifically smartphones for access control has taken off over the past year or two, with expectations that its adoption will grow even more.
  • Access a mobile-first world
    November 2017, Axis Communications SA, This Week's Editor's Pick, Access Control & Identity Management, IT infrastructure
    Mobile access control enables mobile devices – such as smartphones and wearables – to function as credentials in providing access to secured buildings, rooms and areas.
  • Portable biometric solutions gain ground
    November 2017, Powell Tronics, Access Control & Identity Management, Integrated Solutions, IT infrastructure
    Portable devices offer a cost-effective and reliable alternative for a number of traditional access control applications.
  • Access control as a service
    November 2017, Impro Technologies, Access Control & Identity Management, IT infrastructure
    Serve the skills and cash shortage notice by opting for access control as a service, which promises to make the access control spending more manageable.

Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Terms & conditions of use, including privacy policy
PAIA Manual
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.