Effective edge security needs to be holistic

October 2018 Information Security

Over and above the hacks perpetrated by so-called ‘bad actors’ that make the headlines all too frequently, organisations nowadays have to deal with highly tech-savvy millennials entering their business environments. The modern paradigm requires that a holistic and layered approach be adopted to secure net-works from breaches at the edge, in the view of Mayleen Bywater, senior product manager at Vox.

Mayleen Bywater.
Mayleen Bywater.

“As we’ve seen in the news, people have been able to get into networks through things as innocuous as printers and other devices we find around our home and office environments. Edge security in terms of IoT (Internet of Things) devices is really about empowering clients to have control over their data, and understanding exactly what’s connecting in, where, and how. This requires them to have stricter control over their asset management, so that not just any Tom, Dick or Harry is able to connect to their network without going through their IoT provider,” she says.

To this end, it is vital to build robust systems that can detect breaches, and then manage those policies and make sure that best practices are in place to address issues quickly and forcefully, but with specific boundaries and set controls that can be enforced. “You also need to make sure that your edge network security is built in such a way that, should someone try to get in, you have the correct tools in place to ensure a layered approach that will give you a pro-active defence. This means if someone does manage to penetrate your network you are able to mitigate, manage and remediate the breach.

“It’s not enough to have just one tool or system in place, the layered approach must be holistic at the various entry points into your network or organisation. This extends from your network to email to devices and appliances like air conditioners – anything that’s IoT based should be able to trigger an alert that is registered and that can be actioned,” Bywater continues.

Generation gap

Catering for users of different ages is particularly challenging, given that the gulf in technical know-how between the generations that comprise a typical business environment has never been wider. Bywater asserts that while you don’t want to alienate the less tech-savvy users, it’s also important not to squander the fresh ideas and new approaches the younger generation brings to the table.

“Change control is something most people don’t like and don’t embrace easily, yet the younger generations tend to go with it because that’s how it’s always been for them – everything changes in the blink of an eye and you need to be able to adapt quickly,” she says. “To account for this diversity it is important to have best practices and processes in place, and to communicate them to the end user in such a way that it is understandable and therefore easier to embrace.

“If someone is punching their details into a printer, you want them to have the confidence that they don’t need to stress about whether someone will hack into that machine, copy the document they’ve scanned and leak it across the network, because they know their IT team has their best interests at heart and they’re doing consistent scans and network checks to make sure that nobody’s getting into that data.”

Management’s role

While upper management execs have sometimes been accused of not adequately understanding or acknowledging their IT departments’ concerns over cybersecurity, Bywater believes the latest hacks have been so high-profile that the issue is taken more seriously. “As much as you can have the best firewalls, the best network security, best edge asset management, if your staff aren’t on board and security conscious down to the company culture level, you’re still going to have some loopholes that somebody will try to get around – just because they can, it’s human nature.

“Businesses must have these things properly documented and have a plan in place to do consistent training, or risk having problems down the line. So a lot of businesses (and we’re trying to embrace this on our own platforms) are placing an emphasis on how to train people more effectively, but in such a way that they can test the waters and actually report on simulations,” she explains.

“If the IT department sees something that’s not right they should be able to report it efficiently so something can be shut down, for example if they see a thermostat’s temperature rising they can report it quickly so someone can address it. We need to get away from that nonchalant attitude that ‘it’s not my problem.’ Security is everyone’s problem and we need to start to embrace that, right down to every person that works in an organisation.”

Security 360

Vox offers a security 360 strategy entailing a full network solution which includes perimeter, email, endpoints, backup etc. and is suitable for SMEs to larger enterprises. “We have a skilled technical team that can help guide, manage and look after any environment, as well as set up security sessions with our customers on a quarterly basis to help guide them and map those best practices mentioned above,” says Bywater.

“One of our newer products, in conjunction with Mimecast, involves doing training sessions and simulations with our clients where we can test their security posture and whether their end users are actually aware of the security risks they pose to their businesses, in order to nurture a security conscious culture. In that way everybody is collaborating to shut down these perpetrators, whether they like it or not.”

The company also offers a backup solution to provide peace of mind that if anything does go wrong, its clients can easily restore their data and get systems and services up and running quickly and seamlessly. “All of this combined gives the client a complete strategic positioning. We can also help them with vulnerability testing and checkpoints to make sure those systems are all completely in line,” she concludes.

For more information, contact Mayleen Bywater, Vox, +27 87 805 0000, [email protected], www.vox.co.za


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Integrated, mobile access control
SA Technologies Entry Pro Technews Publishing Access Control & Identity Management
SMART Security Solutions spoke to SA Technologies to learn more about what is happening in the estate access world and what the company offers the residential estate market.

New ransomware using BitLocker to encrypt data
Technews Publishing Information Security Residential Estate (Industry)
Kaspersky has identified ransomware attacks using Microsoft’s BitLocker to attempt encryption of corporate files. It can detect specific Windows versions and enable BitLocker according to those versions.

SMART Estate Security returns to KZN
Nemtek Electric Fencing Products Technews Publishing Axis Communications SA OneSpace Editor's Choice News & Events Integrated Solutions IoT & Automation
The second SMART Estate Security Conference of 2024 was held in May in KwaZulu-Natal at the Mount Edgecombe Estate Conference Centre, which is located on the Estate’s pristine golf course.

Creating employment through entrepreneurship
Technews Publishing Marathon Consulting Editor's Choice Integrated Solutions Residential Estate (Industry)
Eduardo Takacs’s journey is a testament to bona fide entrepreneurial resilience, making him stand out in a country desperate for resilient businesses in the small and medium enterprise space that can create employment opportunities.

From the editor's desk: Just gooi a cable
Technews Publishing News & Events
      Welcome to the 2024 edition of the SMART Estate Security Handbook. We focus on a host of topics, and this year’s issue also has a larger-than-normal Product Showcase section. Perhaps the vendors are ...

Create order from chaos
Information Security
The task of managing and interpreting vast amounts of data is akin to finding a needle in a haystack. Cyberthreats are growing in complexity and frequency, demanding sophisticated solutions that not only detect, but also prevent, malicious activities effectively.

Trend Micro launches first security solutions for consumer AI PCs
Information Security News & Events
Trend Micro unveiled its first consumer security solutions tailored to safeguard against emerging threats in the era of AI PCs. Trend will bring these advanced capabilities to consumers in late 2024.

Kaspersky finds 24 vulnerabilities in biometric access systems
Technews Publishing Information Security
Customers urged to update firmware. Kaspersky has identified numerous flaws in the hybrid biometric terminal produced by international manufacturer ZKTeco, allowing a nefarious actor to bypass the verification process and gain unauthorised access.

Responsible AI boosts software security
Information Security
While the prevalence of high-severity security flaws in applications has dropped slightly in recent years, the risks posed by software vulnerabilities remain high, and remediating these vulnerabilities could hinder new application development.

AI and ransomware: cutting through the hype
AI & Data Analytics Information Security
It might be the great paradox of 2024: artificial intelligence (AI). Everyone is bored of hearing it, but we cannot stop talking about it. It is not going away, so we had better get used to it.