OT/IoT Visibility Survey

OT/IoT Visibility Survey

The convergence of Information Technology (IT) with Operational Technology (OT), Industrial Control Systems (ICS), and the expanding landscape of Internet of Things (IoT) and Internet of Medical Things (IoMT) devices is transforming how modern enterprises operate. As these traditionally separate networks become more interconnected, organisations have a unique opportunity to optimise their operations, gain real-time insights, and improve overall efficiency. This integration allows for streamlined processes, predictive maintenance, and enhanced data analysis capabilities, driving digital transformation across industries.

However, the integration of IT with OT, ICS, and IoT/IoMT networks also introduces significant challenges, particularly in the realm of cybersecurity. As these systems become more intertwined, the attack surface for cyber threats increases, making critical infrastructure more vulnerable to potential breaches, data manipulation, or disruptions in service. Enterprises are now faced with the challenge of protecting both their IT and OT environments while ensuring that their interconnected systems remain secure, reliable, and resilient.

In response to these challenges we conducted a survey to better understand how enterprises are approaching the integration of these diverse systems. The survey aimed to gather insights into the strategies, technologies, and best practices that organisations are adopting to secure their interconnected networks. We are particularly interested in learning about how enterprises are navigating the complexities of cybersecurity, ensuring the safe operation of their ICS and IoT devices, and maintaining the integrity of their data in an increasingly interconnected world.

The results provided some common areas of risk which require mitigation and also demonstrate varying levels of success leveraging their cybersecurity and compliance tools.

For the full report and a summary of responses, please see the OT/IoT Visibility Survey Report.

Chris Booth

Chris Booth

Solution Architect

Listens to your problems, the indentifies the best tools and products to build solutions.

Call us today on 01782 752 369
KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL

Current Cyber Threats and how to Prevent Them

Current Cyber Threats and how to Prevent Them

 In our increasingly digital world, cyber-attacks pose a significant threat to both individuals and organisations. Understanding these threats and learning how to protect yourself is essential. This blog post will delve into some of the most common cyber-attacks, providing detailed insights and practical prevention tips. 

1. Phishing Attacks 

Phishing attacks are deceptive attempts to obtain sensitive information such as usernames, passwords, and credit card details. These attacks often come in the form of emails, text messages, or websites that mimic legitimate communications from trusted sources.

How it works: 

  • The attacker sends a message that appears to be from a reputable entity, such as a bank, telecommunications, cloud provider, courier / postal service or other well-known company. 
  • The message contains a link or attachment that prompts the victim to enter personal information such as logon credentials or download malware. 

Prevention Tips:

  • Verify the Source: Always check the senders email address and look for signs of spoofing. If unsure, contact the organisation directly using a known, legitimate contact method. 
  • Think Before You Click/React: Hover over the links to see where they lead before clicking. Be cautious with unexpected attachments, even from known contacts. Services like Microsoft 365 and Google Workspace can place additional warnings into external e-mails to help users spot phishing attempts which try to make out they are internal from a colleague. 
  • Use Security Services/Software: Implement email filters and anti-phishing tools to detect and block malicious messages. Alongside the standard security controls provided by email providers, third party vendors such as Heimdal offer additional layers of security. 
  • Education: Regularly train employees on how to recognise and respond to phishing attempts. Simulated phishing attacks can be occasionally run to ensure user awareness is checked and maintained. 

2. Ransomware & Malware 

Ransomware is a type of malware that encrypts a victims files to prevent access and demands a ransom for the decryption key. Attackers may also exfiltrate the data and threaten to publicly release sensitive business information if a ransom is not paid. This attack can cripple businesses, plus cause significant financial losses and reputational damage.

How It Works: 

  • Ransomware typically spreads through phishing emails, malicious ads, or by exploiting vulnerabilities in software. Once executed, it encrypts files and displays a ransom note demanding payment, often in cryptocurrency. It will also try to move laterally across a network to maximise the disruption. 

Prevention Tips: 

  • Regular Backups: Again, maintain regular backups of critical data and ensure they are stored offline or in a secure cloud environment. Immutable backups can protect critical restore points from ransomware. Backup procedures need to be tested on a regular basis to ensure they are working as expected – do not just trust log reports!
  • Install Antivirus / EDR Software: Ensure you have reliable antivirus and anti-malware software installed and regularly updated. That said, the recent CrowdStrike outage has shown regular updated can be a double-edge sword!
  • Patch Vulnerabilities: Keep your software and systems updated to protect against exploits. A vulnerability scanner / solution such as Qualys. Tenable Nessus or Rapid7 InsightVM can help automate this process to avoid blind-spots when dealing with a large IT estate. Any vulnerabilities with a CVE score of 9 or more should generally be treated as a priority and either be patched or mitigated. 
  • Network Segmentation: Segment your network to limit the spread of ransomware and contain potential damage. Zero Trust Network Access (ZTNA) solutions like Appgate can ensure users only have access to the applications they need, restricting the ability of ransomware to move laterally to other devices on the network. 
  • Consider Fire-Break Solutions: Ransomware containment solutions such as BullWall RC can provide a last line of defence against encryption. These solutions aim to stop a ransomware attack as quickly as possible, isolating or shutting down the infected PC(s) to minimise the impact of the attack. 
  • Examine your full supply chain and technology stack: A number of enterprises impacted by the ransomware groups which targeted the MOVEit vulnerabilities were actually affected due to the use of MOVEit by their payroll / HR software provider (TechCrunch). 

3. EOS/EOL and Unpatched Network Equipment

Patching operating systems and applications is a regular task for most businesses, with tools such as Heimdal Patch & Asset Management used to automate much of the repetitive work. However, it is also critically important to update network equipment, especially routers and firewalls which are internet facing. 

Research published this week by Vedere Labs, the cybersecurity research arm of our partner Forescout, identified 14 new security vulnerabilities in 24 models of the popular DrayTek Vigor network routers/firewalls. Around 785,000 impacted devices have been identified globally, with 20% of these considered to be End of Life (EOL) and 43% End of Support (EOS). 

Thankfully, DrayTek have provided firmware updates for EOS/EOL routers. 

How It Works: 

  • Attackers use automated tools such as Shodan to scan the Internet for exposed devices with out-of-date firmware. 
  • One located, attackers will have scripts ready to exploit the security bugs. 
  • The attackers may use the device launch DDoS attacks as part of a botnet, intercept traffic or penetrate the private network behind the firewall/router to deploy ransomware.

Prevention Tips:

  • Patch Firmware: Where possible, subscribe to vendor email notifications to automatically receive alerts for new firmware release. More importantly, arrange appropriate maintenance windows to install the updates, especially where they contain security fixes. 
  • Replace End of Life (EOL) Equipment: Critical network infrastructure which is EOS/EOL and thus unsupported should be replaced. Even though the equipment may continue to work fine without support by the vendor, the lack of updates means rushing to replace a device when an exploit is found and widely abused. Not all vendors will product patches for old equipment like DrayTek!
  • Remove or secure public management access: Although convenient for remote support, exposing router, firewall or other management interfaces directly to the Internet should be avoided wherever possible. The DrayTek research found over 704,00 devices with the management UI exposed to the Internet.

Conclusion

Understanding these common cyber-attacks and implementing robust security measures can significantly reduce your risk. Stay informed, stay vigilant, and prioritize cybersecurity to protect yourself and your organisation from these pervasive threats.

As an independent specialist consultancy working with leading cyber-security vendors, KedronUK can assist enterprises in addressing gaps within their security tooling from EOL device management through to ransomware containment solutions.

For more information on our full product portfolio, please contact us, or email our sales team at sales@kedronuk.com

Chris Booth

Chris Booth

Solution Architect

Listens to your problems, the indentifies the best tools and products to build solutions.

Call us today on 01782 752 369
KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL

SOC-ial Cricket Event: Disruptive Cyber Tech 2024

SOC-ial Cricket Event: Disruptive Cyber Tech 2024

Our first #NoSalesPitch event of 2024 saw the KedronUK team heading north into central Manchester. The No Sales Pitch format was a great success last year, with ten-minute presentations from five security vendors to keep things moving and interesting. With Sixes Manchester as the venue, there was the chance for networking over food and drink, along with some virtual cricket fun after the presentations had finished.

Zero Trust – Forescout
Phil Swainson, KedronUK’s Head of Technology, was compere for the afternoon. After a brief overview of KedronUK, he introduced our first presentation from Keith Gilbert of Forescout. Keith talked about Zero Trust (ZT), focusing on the steps required to begin the journey to a ZT world. We know from speaking to many enterprises, there’s a lot to consider when starting out with ZT and proper planning is essential. Using the NIST 800-207 document entitled “Zero Trust Architecture” as a guide, Keith outlined the key system components such as Policy Enforcement Points and Policy Decision Points, plus how these interact with the “data plane” of users and systems.

Ransomware Containment – BullWall.
In the IT security arena, ransomware remains an ongoing threat to businesses of all size. Whilst the exact attack techniques and methods evolve, the risk of severe business disruption remains. Bullwall Ransomware Containment (RC) is an innovative but lightweight solution to provide an extra layer of protection. To use an analogy, an IT datacentre or large building will have a sprinkler or fire suppression system which will trigger in the event of a fire. The job of the sprinkler system is not to stop the fire from happening in the first place but to extinguish the fire as quickly as possible. Andrew Grant outlined how Bullwall RC offers the same solution for ransomware – other security tools will hopefully block and prevent as many attacks as possible but in the worst case, it will automatically trigger and stop the ransomware.

Breach & Attack Simulation – Keysight.
The ever-expanding IT security market means new vendors and new products appear almost daily. Analysts will identify attack vectors which need tools to protect against but what about the existing security tooling you have deployed? Kevin Berry from Keysight showed how a Breach & Attack Simulation (BAS) tool can fit into your security testing plans. Whilst it is a new tool (somewhat ironically), BAS is not about directly filling a gap or replacing an existing tool, but helping you understand how your existing security solutions are working. With regular updates from the Keysight Application & Threat Intelligence (ATI) team, Keysight ThreatSim helps you validate your existing security policies and posture to ensure they are providing the best possible protection against the latest threats. BAS compliments point-in-time tests such as penetration testing which are performed perhaps annually or six-monthly, as well as frequent scans from vulnerability management tools such as Tenable Nessus.

API Security – NoName.
Our newest vendor partner is NoName Security. API security continues to gain focus for CISOs and other security practitioners. As far back as December 2021, Gartner predicted that APIs would become the top attack vector. As an example, the recent (May 2024) Dell data breach saw an attacker use a poorly secured and non-rate limited API to extract the details of around 49 million customers. As a market leader in API security, David Moss outlined how the key pillars provided by Noname cover Discovery (what is my API estate?), Posture (how many of those APIs have vulnerabilities or are mis-configured?), Runtime (who is attacking my APIs?) and Testing (finding potential vulnerabilities during development).

Network Detection & Response – ExtraHop.
The “Need for Speed” was the theme of the last presentation from Kyle Francis of ExtraHop. IT teams are always under pressure to work faster. Security threats need to be detected and contained quicker, whilst outages must be resolved quicker to avoid costly business disruption. However, incomplete data, blind spots and too many complex interfaces hinder the investigation and resolution process. As a Forrester Wave (Q2 2023) leader for Network Analysis and Visibility, ExtraHop can help enterprises eliminate blind spots, detect issue and anomalies in real-time, ultimately reducing investigation to drive quicker, positive, outcomes.

With the presentations complete, the bar opened, food was served and the cricket began. Across the two nets, the best attendee on each screen stepped forward at the end for a competition to win an Oculus VR Headset! Although the runner up didn’t miss out, receiving a £75 voucher to return to a sixes cricket near them…

We received some great feedback from the attendees at the event. From speaking to them, the key takeaway from the afternoon included that whilst not every tool presented is the right fit for every organisation (perhaps due to size, budget or security maturity), the format is an excellent way of getting a view of current security trends and risks. Finally, a number of attendees noted how the workload for IT teams is unrelenting, so “light-touch” tools (such as BullWall RC) which can quick enhance security with a low management footprint are extremely attractive.

To find out more about each technology discussed, take a look at our SOCial Cricket Event Presentation Slides here!

Chris Booth

Chris Booth

Solution Architect

Listens to your problems, the indentifies the best tools and products to build solutions.

Call us today on 01782 752 369
KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL

Cyber Security Trends to Look For in 2024

Cyber Security Trends to Look For in 2024

 In our rapidly evolving digital landscape, staying ahead of cyber threats is paramount. As we enter 2024, the world of cyber security is poised for significant changes and challenges. In this blog post, we explore four key cybersecurity trends that are likely to shape the landscape in the coming year. 

1. AI and Machine Learning Powered Threat Detection: 

The integration of artificial intelligence (AI) and machine learning (ML) into cybersecurity practices is not new, but its significance is set to grow in 2024. As cyber threats become more sophisticated, AI and ML algorithems play a crucial role in identifying patterns and anomalies in real-time, allowing organisations to respond swiftly to potential breaches. This trend will empower cybersecurity professionals to proactively defend against emerging threats and adapt to evolving attack methods. 

One use-case of this could be through AI/MLs ability to sift through large amounts of data and find outlying events which indicate security risks. A good example of this is ExtraHop Reveal(x), which uses AI/ML to surface detections from raw network data for SOC teams to investigate. Trying to analyse tens or hundreds of gigabytes of data would otherwise not be feasible. 

AI/ML also allows an organisation to improve or extend their security coverage, especially smaller organisations who have yet to make the step to a 24/7 SOC (either in-house or managed). The always-on nature of AI/ML, perhaps coupled with suitable remediation playbooks, can ensure the most dangerous threats are contained even if they happen outside of core business hours. 

2. Zero Trust Architecture: 

The traditional approach of trusting entities inside a network and distrusting those outsides has become outdated in the face of increasingly sophisticated cyber-attacks. Zero Trust Architecture is a paradigm shift that assumes no entity, whether internal or external, can be trusted by default. In 2024, organisations are expected to adopt Zero Trust principles more widely, implementing strict access controls, continuous monitoring, and multifactor authentication to ensure the highest level of security. This approach minimises the risk of unauthorised access and lateral movement within a network. 

Zero Trust does provide challenges in deployment, as network reconfiguration maybe required to ensure traffic is correctly routed through the relevant policy enforcement points. Thus, organisations may adopt a “long game” approach on moving to a Zero Trust model. 

3. Rise of Quantum-Safe Cryptography: 

With the advent of quantum computing on the horizon, the need for quantum-safe cryptography becomes imperative. Quantum computers have the potential to break widely used cryptographic algorithms, posing a serious threat to data security. In 2024, cybersecurity experts are likely to focus on developing and implementing quantum-resistant cryptographic methods to safeguard sensitive information. Organisations that embrace quantum-safe cryptography early will be better positioned to withstand the challenges posed by quantum computing advancements. 

4. Security Automation and Orchestration: 

As the volume and complexity of cyber threats continue to increase, the role of automation and orchestration in cybersecurity operations becomes more pronounced. In 2024, organisations will increasingly leverage security automation to streamline routine tasks, respond to incidents faster, and reduce the burden on cybersecurity teams. Automated incident response, threat intelligence sharing, and orchestration of security tools will become integral components of a robust cybersecurity strategy, allowing organisations to enhance their resilience against evolving threats. The use of playbooks is a good example to ensure any alert presented to a SOC analyst is supported by as much information as possible to support their immediate decision making. Examples of this include any files being flagged as suspicious are automatically validated against platforms such as Virus Total or IP addresses are cross-checked with threat intelligence feeds for any history in cyber-attacks.

Conclusion 

As highlighted above, AI/ML can offer tangible benefits but there is a danger that vendors rush to claim that products use it simply to be on the “bandwagon”. Thus, genuine use-cases and benefits become hidden amongst all the noise and hype. When evaluting products to add to our portfolio of tools, KedronUK look beyond to glossy datasheet to see how vendor claims really stack up and if they are the right tool for our customers. 

For more information on our full product portfolio, please contact us, or email our sales team at sales@kedronuk.com

Chris Booth

Chris Booth

Solution Architect

Listens to your problems, the indentifies the best tools and products to build solutions.

Call us today on 01782 752 369
KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL

Bridging the Gap: Managing and Protecting IoT/OT in the IT World.

Bridging the Gap: Managing and Protecting IoT/OT in the IT World.

The KedronUK team once again journeyed south for the last “No Sales Pitch” event of 2023 – Bridging the Gap: Managing and Protecting IoT/OT in the IT World. We returned to Clays Bar in Moorgate as the feedback from our last event was that virtual clay shooting was good fun (not to mention that it avoided standing around in a cold, muddy field waiting for your next turn!).

The “No Sales Pitch” theme means no hard-sell but a chance for attendees to see and learn about products which can help with current and upcoming challenges. IT teams are now often finding that security for the myriad of OT and IoT devices now appearing on enterprise networks is a headache. What has worked in the traditional PC world such as endpoint or agent-based solutions doesn’t readily translate to basic or outdated devices that cannot be easily managed, upgraded or replaced. 

The first presentation was given by Axel Debray from Forescout, who are a new partnership for KedronUK. Established for over twenty years, Forescout has a huge amount of data on the riskiest devices, including 39 billion data points and over 18 million device profiles. Being able to automatically inventory networks and profile the discovered devices with supporting information such as risk scores (both operational and security) starts to address the problem that you cannot secure what you don’t know about. With the Vedere Labs (the research arm of Forescout) showing a proof-of-concept for IoT specific ransomware last year, the risks associated with these devices continues to grow.

Kevin Berry from Keysight Technologies looked at many of the practical challenges facing security teams, who are tasked with increasing protection in the OT / IoT world. We often find the Keysight brand isn’t well known in the IT industry, but as the world’s largest test and measurement company, they have a wide range of solutions. Aside from the technical challenges of gaining visibility of OT devices, the typical environment where OT device lives has physical challenges such as temperature, humidity and vibration which need special consideration. Some of the scenarios considered included:

  • Analysing packets from network switches which are full (no space for a mirror port) or which nobody dares to touch as they are so old or unmanageable.
  • Getting the capture traffic to multiple tools without wasting bandwidth or overwhelming the tool(s) with the wrong data.
  • Ensuring that any downtime (scheduled or otherwise) with the monitoring tool(s) does not impact the OT environment being monitored.
  • Capturing traffic in the harsh environments as noted above.

Unfortunately, airline problems prevented Jorg Schallmayer from Infosim GmbH joining us to present on his topic – “StableNet as an IoT Platform Manager”. Phil Swainson stepped-up in his absense to provide an overview of StableNet but we hope to feature more about the work being done in the StableNet Innovation Lab on the management of IoT devices in the future.

Pulling a “double shift”, Phil Swainson concluded the talks and spoke about how Totuus from KedronUK can help with the ever-present challenge of maintaining a fit-for-purpose CMDB. A recent survey we ran indicated that almost half the respondents did not believe their CMDB was fit for purpose.

With the presentations complete, the bar opened, food was served and the shooting could start. Across the three virtual shoots in the event room, the best attendee on each screen stepped forward at the end for a winner takes all shoot-off. The prize of a new Xbox perhaps made for a timely Christmas present for somebody…

From speaking to attendees, the key takeaway from the afternoon was that gaining visibility into and securing OT / IoT is difficult for a wide variety of reasons, but there are innovative solutions to help bridge the gap and manage the risk around these devices. The environments and challenges can be complex but help is at hand!

To find out more about each technology discussed, take a look at our Bridging the Gap Presentation Slides here!

Chris Booth

Chris Booth

Solution Architect

Listens to your problems, the indentifies the best tools and products to build solutions.

Call us today on 01782 752 369
KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL