Cyber Security Trends to Look For in 2024

Cyber Security Trends to Look For in 2024

 In our rapidly evolving digital landscape, staying ahead of cyber threats is paramount. As we enter 2024, the world of cyber security is poised for significant changes and challenges. In this blog post, we explore four key cybersecurity trends that are likely to shape the landscape in the coming year. 

1. AI and Machine Learning Powered Threat Detection: 

The integration of artificial intelligence (AI) and machine learning (ML) into cybersecurity practices is not new, but its significance is set to grow in 2024. As cyber threats become more sophisticated, AI and ML algorithems play a crucial role in identifying patterns and anomalies in real-time, allowing organisations to respond swiftly to potential breaches. This trend will empower cybersecurity professionals to proactively defend against emerging threats and adapt to evolving attack methods. 

One use-case of this could be through AI/MLs ability to sift through large amounts of data and find outlying events which indicate security risks. A good example of this is ExtraHop Reveal(x), which uses AI/ML to surface detections from raw network data for SOC teams to investigate. Trying to analyse tens or hundreds of gigabytes of data would otherwise not be feasible. 

AI/ML also allows an organisation to improve or extend their security coverage, especially smaller organisations who have yet to make the step to a 24/7 SOC (either in-house or managed). The always-on nature of AI/ML, perhaps coupled with suitable remediation playbooks, can ensure the most dangerous threats are contained even if they happen outside of core business hours. 

2. Zero Trust Architecture: 

The traditional approach of trusting entities inside a network and distrusting those outsides has become outdated in the face of increasingly sophisticated cyber-attacks. Zero Trust Architecture is a paradigm shift that assumes no entity, whether internal or external, can be trusted by default. In 2024, organisations are expected to adopt Zero Trust principles more widely, implementing strict access controls, continuous monitoring, and multifactor authentication to ensure the highest level of security. This approach minimises the risk of unauthorised access and lateral movement within a network. 

Zero Trust does provide challenges in deployment, as network reconfiguration maybe required to ensure traffic is correctly routed through the relevant policy enforcement points. Thus, organisations may adopt a “long game” approach on moving to a Zero Trust model. 

3. Rise of Quantum-Safe Cryptography: 

With the advent of quantum computing on the horizon, the need for quantum-safe cryptography becomes imperative. Quantum computers have the potential to break widely used cryptographic algorithms, posing a serious threat to data security. In 2024, cybersecurity experts are likely to focus on developing and implementing quantum-resistant cryptographic methods to safeguard sensitive information. Organisations that embrace quantum-safe cryptography early will be better positioned to withstand the challenges posed by quantum computing advancements. 

4. Security Automation and Orchestration: 

As the volume and complexity of cyber threats continue to increase, the role of automation and orchestration in cybersecurity operations becomes more pronounced. In 2024, organisations will increasingly leverage security automation to streamline routine tasks, respond to incidents faster, and reduce the burden on cybersecurity teams. Automated incident response, threat intelligence sharing, and orchestration of security tools will become integral components of a robust cybersecurity strategy, allowing organisations to enhance their resilience against evolving threats. The use of playbooks is a good example to ensure any alert presented to a SOC analyst is supported by as much information as possible to support their immediate decision making. Examples of this include any files being flagged as suspicious are automatically validated against platforms such as Virus Total or IP addresses are cross-checked with threat intelligence feeds for any history in cyber-attacks.

Conclusion 

As highlighted above, AI/ML can offer tangible benefits but there is a danger that vendors rush to claim that products use it simply to be on the “bandwagon”. Thus, genuine use-cases and benefits become hidden amongst all the noise and hype. When evaluting products to add to our portfolio of tools, KedronUK look beyond to glossy datasheet to see how vendor claims really stack up and if they are the right tool for our customers. 

For more information on our full product portfolio, please contact us, or email our sales team at sales@kedronuk.com

Phil Swainson

Phil Swainson

Head of Technology

Responsible for the KedronUK portfolio, including in-house product development.

Call us today on 01782 752 369
KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL

Bridging the Gap: Managing and Protecting IoT/OT in the IT World.

Bridging the Gap: Managing and Protecting IoT/OT in the IT World.

The KedronUK team once again journeyed south for the last “No Sales Pitch” event of 2023 – Bridging the Gap: Managing and Protecting IoT/OT in the IT World. We returned to Clays Bar in Moorgate as the feedback from our last event was that virtual clay shooting was good fun (not to mention that it avoided standing around in a cold, muddy field waiting for your next turn!).

The “No Sales Pitch” theme means no hard-sell but a chance for attendees to see and learn about products which can help with current and upcoming challenges. IT teams are now often finding that security for the myriad of OT and IoT devices now appearing on enterprise networks is a headache. What has worked in the traditional PC world such as endpoint or agent-based solutions doesn’t readily translate to basic or outdated devices that cannot be easily managed, upgraded or replaced. 

The first presentation was given by Axel Debray from Forescout, who are a new partnership for KedronUK. Established for over twenty years, Forescout has a huge amount of data on the riskiest devices, including 39 billion data points and over 18 million device profiles. Being able to automatically inventory networks and profile the discovered devices with supporting information such as risk scores (both operational and security) starts to address the problem that you cannot secure what you don’t know about. With the Vedere Labs (the research arm of Forescout) showing a proof-of-concept for IoT specific ransomware last year, the risks associated with these devices continues to grow.

Kevin Berry from Keysight Technologies looked at many of the practical challenges facing security teams, who are tasked with increasing protection in the OT / IoT world. We often find the Keysight brand isn’t well known in the IT industry, but as the world’s largest test and measurement company, they have a wide range of solutions. Aside from the technical challenges of gaining visibility of OT devices, the typical environment where OT device lives has physical challenges such as temperature, humidity and vibration which need special consideration. Some of the scenarios considered included:

  • Analysing packets from network switches which are full (no space for a mirror port) or which nobody dares to touch as they are so old or unmanageable.
  • Getting the capture traffic to multiple tools without wasting bandwidth or overwhelming the tool(s) with the wrong data.
  • Ensuring that any downtime (scheduled or otherwise) with the monitoring tool(s) does not impact the OT environment being monitored.
  • Capturing traffic in the harsh environments as noted above.

Unfortunately, airline problems prevented Jorg Schallmayer from Infosim GmbH joining us to present on his topic – “StableNet as an IoT Platform Manager”. Phil Swainson stepped-up in his absense to provide an overview of StableNet but we hope to feature more about the work being done in the StableNet Innovation Lab on the management of IoT devices in the future.

Pulling a “double shift”, Phil Swainson concluded the talks and spoke about how Totuus from KedronUK can help with the ever-present challenge of maintaining a fit-for-purpose CMDB. A recent survey we ran indicated that almost half the respondents did not believe their CMDB was fit for purpose.

With the presentations complete, the bar opened, food was served and the shooting could start. Across the three virtual shoots in the event room, the best attendee on each screen stepped forward at the end for a winner takes all shoot-off. The prize of a new Xbox perhaps made for a timely Christmas present for somebody…

From speaking to attendees, the key takeaway from the afternoon was that gaining visibility into and securing OT / IoT is difficult for a wide variety of reasons, but there are innovative solutions to help bridge the gap and manage the risk around these devices. The environments and challenges can be complex but help is at hand!

To find out more about each technology discussed, take a look at our Bridging the Gap Presentation Slides here!

Phil Swainson

Phil Swainson

Head of Technology

Responsible for the KedronUK portfolio, including in-house product development.

Call us today on 01782 752 369
KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL

SAP Monitoring

SAP Monitoring

A typical SAP deployment is usually a sprawling, complex system and is one of the most critical applications an enterprise relies on to keep the business functioning, with it interacting with production, sales, dispatch, HR and other areas of the business.

Monitoring the performance and availability of SAP is therefore key.  Proactive monitoring may allow minor issues to be resolved before they become major issues.  SAP provide a number of tools such as Solution Manager and CCMS which can be used to monitor the platform.  It is however, worth considering the wider picture when it comes to selecting the right tool for this particular job.

Why should I consider a third-party tool?  I have the tools from the vendor, why do I need something else?

As an independent IT reseller and consultancy specialising in security, monitoring and management, these are common questions posed to KedronUK.  At first glance, it’s a sensible question as who should understand the intricacies and key performance indicators of an application better than the producer of that application?

Answering a question with a question doesn’t always provide an answer, but in this case, is a logical response.  What other IT resources does your SAP environment depend on?  For an on-premise environment this will undoubtedly cover storage and virtualisation stacks, networking and more.  Given one of the benefits of virtualisation is to share those expensive hardware resources and make better use of them, a SAP performance issue could actually be caused by another unrelated application which lives in the same infrastructure.  In a modern hybrid cloud / on-premise environment, dependencies will reach out further to include providers such as Microsoft Azure or Amazon AWS.

So, whilst the vendor’s own tools may seem the wise choice, monitoring the wider IT environment brings more visibility.  The phrase “knowledge is power” is commonly but possibly incorrectly attributed to Sir Francis Bacon back in 1597 (I’ll admit I had to look that fact up!) but regardless of when it was first said, it still rings true today. 

The eG Enterprise Suite is application aware, so can monitor the key SAP applications / services such as HANA, ABAP, Business One and NetWeaver to name but a few.  The monitoring of each application includes multiple tests at multiple layers.  As an example, when eG Enterprise monitors an ABAP Server instance, it reports on layers such as SAP Basis, Workload, Work Processes, Gateway and User Sessions.  Alongside this, eG Enterprise can also monitor the wider IT infrastructure such as a VMware vSphere virtualisation environment which may underpin SAP.  Unifying that visibility into a single place not only delivers that sort after knowledge but can also improve productivity for the IT team by reducing the number of tools they need to interact with.

A full list of the platforms and technologies supported by eG Enterprise can be found at:

https://www.eginnovations.com/it-monitoring/technologies

Another common issue we tackle with customers at KedronUK is the dreaded “alert cannon”.  As soon as somebody has the rule in their e-mail client to automatically move e-mail alerts from a monitoring system to a sub-folder as the messages are clogging up their Inbox, it’s arguable the monitoring is no longer doing the right job.  The eG Enterprise Suite capabilities include event correlation and analytics which make use of modern AI/ML techniques to reduce the noise and target something that really matters to an IT team – Root Cause Analysis (RCA).  I’ve never met anyone in IT who doesn’t want to resolve an issue as quickly as possible (we all want to look good, right?) so having a holistic view of your infrastructure with quick and easy RCA drill-down is essential.

Expanding on the previous example of an unrelated application impacting SAP performance, a lot of time, and therefore money, can be saved if your monitoring can indicate that whilst your SAP database server is suffering from poor disk performance, the real underlying problem is a run-away process on another VM, which shares the same virtualisation host and storage array, consuming all the storage I/O.

To understand more about the correlation and analytics functionality of eG Enterprise, I’d recommend reading John Worthington’s blog post:

https://www.eginnovations.com/blog/what-is-event-correlation/

    Chris Booth

    Chris Booth

    Solutions Architect

    Listens to your problems, then identifies the best tools and products to build solutions.

    Call us today on 01782 752 369
    KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL

    Why Cloud apps need next-gen APM

    Why Cloud apps need next-gen APM

    Many businesses have a desire to move away from complex, difficult to support legacy applications.  Actually achieving that is far harder than just putting it into a strategy document, though!

    In the case of Tipico, the Maltese gaming and betting business, they had 160 servers supporting a three-tier Java application. With so many servers involved, it’s only natural that despite the very best intentions, different parts of the application stack end up on different Java or other library version. This all adds up to more complexity and thus Mean Time To Resolution (MTTR) for any issues.

    Tipico transitioned their platform to be orchestrated by Kubernetes (K8s), all run using components of Amazon Web Services. Their infrastructure is now purely infrastructure as code and Cloud based.

    Moving your key application(s) to microservices running on a Cloud platform doesn’t just involve deciding on which provider is the most cost effective, has the best geographical presence to suit your customer base or offers the right services for your applications. If Kubernetes has the ability to shrink or grow the number of nodes or pods running your application, how do you monitor it?  Just including your monitoring agent in your base server build image doesn’t work anymore.

    A next-generation APM tool which automatically and continuously discovers your infrastructure and application is the key. Tipico’s evaluation of the APM market determined that Instana was the best fit for their infrastructure.

    Instana’s ability to create ‘Application Perspectives’ is great for DevOps teams, where different teams are focused on different parts of the application.  Does a team working on the payments microservice really need to know how the login microservice is performing? Application Perspectives let teams filter out the noise, letting them focus on the metrics of the services they are responsible for.

    A DevOps mindset (Continuous Improvement/Continuous Development or CI/CD) also means regular code releases to add features or fix bugs. Instana’s API provides an easy method to further integrate the CI/CD pipeline and monitoring. A simple curl call can notify Instana of a release, which is then visible in Instana UI as a ‘release marker’. This means developers and support teams can both immediately correlate any radical changes in performance or stability against the release.

    Normally, a blog post needs a conclusion. In this case though, I think two statistics from the Tipico case study stand out to really show the success of the project:

    • 3x increase in the number of deployments per month
    • 10x improvement in MTTR
    Chris Booth

    Chris Booth

    Solutions Architect

    Listens to your problems, then identifies the best tools and products to build solutions.

    Call us today on 01782 752 369
    KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL

    ExtraHop Remote Working

    ExtraHop Remote Working

    Saying this year has been strange is, obviously, something of an understatement. Back in January I don’t expect anyone at Zoom expected their brand to become a genuine household name by now. IT professionals will have been exceptionally busy not just supporting business transformation from office to home working, but helping friends and families keep in touch.  There’s no escape once you are the go-to technical guru in your extended family!  I’ve ended up giving advice on Zoom / Skype meetings for school governors in Liverpool and helping a nephew build his first gaming PC (all socially distanced of course!).

    Whilst family quizzes on Zoom and Skype sessions with grandparents have been essential for beating the boredom and retaining a degree of contact, they are also just two of the things which might be impacting on business remote access.  Are those family calls routing across a corporate connection as somebody forgot to disconnect their VPN into the office?  Visibility at protocol level can help identify gremlins such as retransmission timeouts and zero windows.  Likewise, analysis can help identify traffic destinations – if we don’t use Zoom in the business, why is it transiting my network?  A combination of these metrics can also aid help desks who, by default, now troubleshoot home broadband connections.  Is a user’s poor virtual desktop or application experience down to an issue in the datacentre or because they are competing for bandwidth with Netflix, Disney+ and Fortnite on their home WiFi?

    Utilisation Metrics can provide critical information on capacity and associated bottlenecks.  If more capacity is needed, then you have hard facts to backup a business case for an upgrade.  On the other hand, if things are running smoothly, you can provide information to management to show previous investment has been money well spent and any considerations of reducing bandwidth to save money would impact on productivity.

    Another impact of the current business climate is that budgets are being scrutinised more then ever now, so any new IT project must offer the highest amount of value to the business.  Thus, a platform such as ExtraHop Reveal(x), which builds on ExtraHop’s experience in Performance Analytics but adds industry leading Security Detection and Response becomes much more attractive.

    The rush to home working in the UK led to a shortage of laptops and PCs.  To stay productive, some staff have been using their own home computing equipment.  Home networks and PCs are notorious for being a security nightmare, with unpatched routers, unsupported OSes, outdated AV and the like.  It is more important then ever to watch the activities of these devices when they are connected to a corporate Network.

    VPN policies may have been relaxed but even so, some events represent actionable findings.  If a member of UK staff connects to the VPN from a North American IP address, are they perhaps using a commercial VPN service to access a US streaming service which has geo-location restrictions?  Or is it an attacker making use of compromised credentials?  Similarly, should a user be connected to the VPN from two different countries at the same time?

    Further insight into Network traffic, obtained through Reveal(x)’s ability to decode over 50 Enterprise protocols, can also enhance Network Security.  If there is a sudden spike in Active Directory accounts being locked out, is this a sign of a brute force attack in progress?  By linking Security Detections, Reveal(x) can present alerts using the MITRE ATT&CK framework, enabling a responder to understand if the lockouts are user error or part of a more dangerous attack.

    In summary, ExtraHop Reveal(x) can play an important part in assisting businesses to cope with the “new normal”.  Reveal(x) can help Operation and Security teams gain valuable insight into their Domains, with a wide range of off-the-shelf and custom integrations ensuring it is not just another siloed tool.  Take a look at ExtraHop’s Datasheet to find out tips for ensuring the availability and securing of remote access.

    Chris Booth

    Chris Booth

    Solutions Architect

    Listens to your problems, then identifies the best tools and products to build solutions.

    Call us today on 01782 752 369
    KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL