Our first #NoSalesPitch event of 2024 saw the KedronUK team heading north into central Manchester. The No Sales Pitch format was a great success last year, with ten-minute presentations from five security vendors to keep things moving and interesting. With Sixes Manchester as the venue, there was the chance for networking over food and drink, along with some virtual cricket fun after the presentations had finished.

Zero Trust – Forescout
Phil Swainson, KedronUK’s Head of Technology, was compere for the afternoon. After a brief overview of KedronUK, he introduced our first presentation from Keith Gilbert of Forescout. Keith talked about Zero Trust (ZT), focusing on the steps required to begin the journey to a ZT world. We know from speaking to many enterprises, there’s a lot to consider when starting out with ZT and proper planning is essential. Using the NIST 800-207 document entitled “Zero Trust Architecture” as a guide, Keith outlined the key system components such as Policy Enforcement Points and Policy Decision Points, plus how these interact with the “data plane” of users and systems.

Ransomware Containment – BullWall.
In the IT security arena, ransomware remains an ongoing threat to businesses of all size. Whilst the exact attack techniques and methods evolve, the risk of severe business disruption remains. Bullwall Ransomware Containment (RC) is an innovative but lightweight solution to provide an extra layer of protection. To use an analogy, an IT datacentre or large building will have a sprinkler or fire suppression system which will trigger in the event of a fire. The job of the sprinkler system is not to stop the fire from happening in the first place but to extinguish the fire as quickly as possible. Andrew Grant outlined how Bullwall RC offers the same solution for ransomware – other security tools will hopefully block and prevent as many attacks as possible but in the worst case, it will automatically trigger and stop the ransomware.

Breach & Attack Simulation – Keysight.
The ever-expanding IT security market means new vendors and new products appear almost daily. Analysts will identify attack vectors which need tools to protect against but what about the existing security tooling you have deployed? Kevin Berry from Keysight showed how a Breach & Attack Simulation (BAS) tool can fit into your security testing plans. Whilst it is a new tool (somewhat ironically), BAS is not about directly filling a gap or replacing an existing tool, but helping you understand how your existing security solutions are working. With regular updates from the Keysight Application & Threat Intelligence (ATI) team, Keysight ThreatSim helps you validate your existing security policies and posture to ensure they are providing the best possible protection against the latest threats. BAS compliments point-in-time tests such as penetration testing which are performed perhaps annually or six-monthly, as well as frequent scans from vulnerability management tools such as Tenable Nessus.

API Security – NoName.
Our newest vendor partner is NoName Security. API security continues to gain focus for CISOs and other security practitioners. As far back as December 2021, Gartner predicted that APIs would become the top attack vector. As an example, the recent (May 2024) Dell data breach saw an attacker use a poorly secured and non-rate limited API to extract the details of around 49 million customers. As a market leader in API security, David Moss outlined how the key pillars provided by Noname cover Discovery (what is my API estate?), Posture (how many of those APIs have vulnerabilities or are mis-configured?), Runtime (who is attacking my APIs?) and Testing (finding potential vulnerabilities during development).

Network Detection & Response – ExtraHop.
The “Need for Speed” was the theme of the last presentation from Kyle Francis of ExtraHop. IT teams are always under pressure to work faster. Security threats need to be detected and contained quicker, whilst outages must be resolved quicker to avoid costly business disruption. However, incomplete data, blind spots and too many complex interfaces hinder the investigation and resolution process. As a Forrester Wave (Q2 2023) leader for Network Analysis and Visibility, ExtraHop can help enterprises eliminate blind spots, detect issue and anomalies in real-time, ultimately reducing investigation to drive quicker, positive, outcomes.

With the presentations complete, the bar opened, food was served and the cricket began. Across the two nets, the best attendee on each screen stepped forward at the end for a competition to win an Oculus VR Headset! Although the runner up didn’t miss out, receiving a £75 voucher to return to a sixes cricket near them…

We received some great feedback from the attendees at the event. From speaking to them, the key takeaway from the afternoon included that whilst not every tool presented is the right fit for every organisation (perhaps due to size, budget or security maturity), the format is an excellent way of getting a view of current security trends and risks. Finally, a number of attendees noted how the workload for IT teams is unrelenting, so “light-touch” tools (such as BullWall RC) which can quick enhance security with a low management footprint are extremely attractive.

To find out more about each technology discussed, take a look at our SOCial Cricket Event Presentation Slides here!

Call us today on 01782 752 369
KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL

 In our rapidly evolving digital landscape, staying ahead of cyber threats is paramount. As we enter 2024, the world of cyber security is poised for significant changes and challenges. In this blog post, we explore four key cybersecurity trends that are likely to shape the landscape in the coming year. 

1. AI and Machine Learning Powered Threat Detection: 

The integration of artificial intelligence (AI) and machine learning (ML) into cybersecurity practices is not new, but its significance is set to grow in 2024. As cyber threats become more sophisticated, AI and ML algorithems play a crucial role in identifying patterns and anomalies in real-time, allowing organisations to respond swiftly to potential breaches. This trend will empower cybersecurity professionals to proactively defend against emerging threats and adapt to evolving attack methods. 

One use-case of this could be through AI/MLs ability to sift through large amounts of data and find outlying events which indicate security risks. A good example of this is ExtraHop Reveal(x), which uses AI/ML to surface detections from raw network data for SOC teams to investigate. Trying to analyse tens or hundreds of gigabytes of data would otherwise not be feasible. 

AI/ML also allows an organisation to improve or extend their security coverage, especially smaller organisations who have yet to make the step to a 24/7 SOC (either in-house or managed). The always-on nature of AI/ML, perhaps coupled with suitable remediation playbooks, can ensure the most dangerous threats are contained even if they happen outside of core business hours. 

2. Zero Trust Architecture: 

The traditional approach of trusting entities inside a network and distrusting those outsides has become outdated in the face of increasingly sophisticated cyber-attacks. Zero Trust Architecture is a paradigm shift that assumes no entity, whether internal or external, can be trusted by default. In 2024, organisations are expected to adopt Zero Trust principles more widely, implementing strict access controls, continuous monitoring, and multifactor authentication to ensure the highest level of security. This approach minimises the risk of unauthorised access and lateral movement within a network. 

Zero Trust does provide challenges in deployment, as network reconfiguration maybe required to ensure traffic is correctly routed through the relevant policy enforcement points. Thus, organisations may adopt a “long game” approach on moving to a Zero Trust model. 

3. Rise of Quantum-Safe Cryptography: 

With the advent of quantum computing on the horizon, the need for quantum-safe cryptography becomes imperative. Quantum computers have the potential to break widely used cryptographic algorithms, posing a serious threat to data security. In 2024, cybersecurity experts are likely to focus on developing and implementing quantum-resistant cryptographic methods to safeguard sensitive information. Organisations that embrace quantum-safe cryptography early will be better positioned to withstand the challenges posed by quantum computing advancements. 

4. Security Automation and Orchestration: 

As the volume and complexity of cyber threats continue to increase, the role of automation and orchestration in cybersecurity operations becomes more pronounced. In 2024, organisations will increasingly leverage security automation to streamline routine tasks, respond to incidents faster, and reduce the burden on cybersecurity teams. Automated incident response, threat intelligence sharing, and orchestration of security tools will become integral components of a robust cybersecurity strategy, allowing organisations to enhance their resilience against evolving threats. The use of playbooks is a good example to ensure any alert presented to a SOC analyst is supported by as much information as possible to support their immediate decision making. Examples of this include any files being flagged as suspicious are automatically validated against platforms such as Virus Total or IP addresses are cross-checked with threat intelligence feeds for any history in cyber-attacks.

Conclusion 

As highlighted above, AI/ML can offer tangible benefits but there is a danger that vendors rush to claim that products use it simply to be on the “bandwagon”. Thus, genuine use-cases and benefits become hidden amongst all the noise and hype. When evaluting products to add to our portfolio of tools, KedronUK look beyond to glossy datasheet to see how vendor claims really stack up and if they are the right tool for our customers. 

For more information on our full product portfolio, please contact us, or email our sales team at sales@kedronuk.com. 

Call us today on 01782 752 369
KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL

The KedronUK team once again journeyed south for the last “No Sales Pitch” event of 2023 – Bridging the Gap: Managing and Protecting IoT/OT in the IT World. We returned to Clays Bar in Moorgate as the feedback from our last event was that virtual clay shooting was good fun (not to mention that it avoided standing around in a cold, muddy field waiting for your next turn!).

The “No Sales Pitch” theme means no hard-sell but a chance for attendees to see and learn about products which can help with current and upcoming challenges. IT teams are now often finding that security for the myriad of OT and IoT devices now appearing on enterprise networks is a headache. What has worked in the traditional PC world such as endpoint or agent-based solutions doesn’t readily translate to basic or outdated devices that cannot be easily managed, upgraded or replaced. 

The first presentation was given by Axel Debray from Forescout, who are a new partnership for KedronUK. Established for over twenty years, Forescout has a huge amount of data on the riskiest devices, including 39 billion data points and over 18 million device profiles. Being able to automatically inventory networks and profile the discovered devices with supporting information such as risk scores (both operational and security) starts to address the problem that you cannot secure what you don’t know about. With the Vedere Labs (the research arm of Forescout) showing a proof-of-concept for IoT specific ransomware last year, the risks associated with these devices continues to grow.

Kevin Berry from Keysight Technologies looked at many of the practical challenges facing security teams, who are tasked with increasing protection in the OT / IoT world. We often find the Keysight brand isn’t well known in the IT industry, but as the world’s largest test and measurement company, they have a wide range of solutions. Aside from the technical challenges of gaining visibility of OT devices, the typical environment where OT device lives has physical challenges such as temperature, humidity and vibration which need special consideration. Some of the scenarios considered included:

• Analysing packets from network switches which are full (no space for a mirror port) or which nobody dares to touch as they are so old or unmanageable.
• Getting the capture traffic to multiple tools without wasting bandwidth or overwhelming the tool(s) with the wrong data.
• Ensuring that any downtime (scheduled or otherwise) with the monitoring tool(s) does not impact the OT environment being monitored.
• Capturing traffic in the harsh environments as noted above.

Unfortunately, airline problems prevented Jorg Schallmayer from Infosim GmbH joining us to present on his topic – “StableNet as an IoT Platform Manager”. Phil Swainson stepped-up in his absense to provide an overview of StableNet but we hope to feature more about the work being done in the StableNet Innovation Lab on the management of IoT devices in the future.

Pulling a “double shift”, Phil Swainson concluded the talks and spoke about how Totuus from KedronUK can help with the ever-present challenge of maintaining a fit-for-purpose CMDB. A recent survey we ran indicated that almost half the respondents did not believe their CMDB was fit for purpose.

With the presentations complete, the bar opened, food was served and the shooting could start. Across the three virtual shoots in the event room, the best attendee on each screen stepped forward at the end for a winner takes all shoot-off. The prize of a new Xbox perhaps made for a timely Christmas present for somebody…

From speaking to attendees, the key takeaway from the afternoon was that gaining visibility into and securing OT / IoT is difficult for a wide variety of reasons, but there are innovative solutions to help bridge the gap and manage the risk around these devices. The environments and challenges can be complex but help is at hand!

To find out more about each technology discussed, take a look at our Bridging the Gap Presentation Slides here!

Call us today on 01782 752 369
KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL

A typical SAP deployment is usually a sprawling, complex system and is one of the most critical applications an enterprise relies on to keep the business functioning, with it interacting with production, sales, dispatch, HR and other areas of the business.

Monitoring the performance and availability of SAP is therefore key.  Proactive monitoring may allow minor issues to be resolved before they become major issues.  SAP provide a number of tools such as Solution Manager and CCMS which can be used to monitor the platform.  It is however, worth considering the wider picture when it comes to selecting the right tool for this particular job.

Why should I consider a third-party tool?  I have the tools from the vendor, why do I need something else?

As an independent IT reseller and consultancy specialising in security, monitoring and management, these are common questions posed to KedronUK.  At first glance, it’s a sensible question as who should understand the intricacies and key performance indicators of an application better than the producer of that application?

Answering a question with a question doesn’t always provide an answer, but in this case, is a logical response.  What other IT resources does your SAP environment depend on?  For an on-premise environment this will undoubtedly cover storage and virtualisation stacks, networking and more.  Given one of the benefits of virtualisation is to share those expensive hardware resources and make better use of them, a SAP performance issue could actually be caused by another unrelated application which lives in the same infrastructure.  In a modern hybrid cloud / on-premise environment, dependencies will reach out further to include providers such as Microsoft Azure or Amazon AWS.

So, whilst the vendor’s own tools may seem the wise choice, monitoring the wider IT environment brings more visibility.  The phrase “knowledge is power” is commonly but possibly incorrectly attributed to Sir Francis Bacon back in 1597 (I’ll admit I had to look that fact up!) but regardless of when it was first said, it still rings true today. 

The eG Enterprise Suite is application aware, so can monitor the key SAP applications / services such as HANA, ABAP, Business One and NetWeaver to name but a few.  The monitoring of each application includes multiple tests at multiple layers.  As an example, when eG Enterprise monitors an ABAP Server instance, it reports on layers such as SAP Basis, Workload, Work Processes, Gateway and User Sessions.  Alongside this, eG Enterprise can also monitor the wider IT infrastructure such as a VMware vSphere virtualisation environment which may underpin SAP.  Unifying that visibility into a single place not only delivers that sort after knowledge but can also improve productivity for the IT team by reducing the number of tools they need to interact with.

A full list of the platforms and technologies supported by eG Enterprise can be found at:

https://www.eginnovations.com/it-monitoring/technologies

Another common issue we tackle with customers at KedronUK is the dreaded “alert cannon”.  As soon as somebody has the rule in their e-mail client to automatically move e-mail alerts from a monitoring system to a sub-folder as the messages are clogging up their Inbox, it’s arguable the monitoring is no longer doing the right job.  The eG Enterprise Suite capabilities include event correlation and analytics which make use of modern AI/ML techniques to reduce the noise and target something that really matters to an IT team – Root Cause Analysis (RCA).  I’ve never met anyone in IT who doesn’t want to resolve an issue as quickly as possible (we all want to look good, right?) so having a holistic view of your infrastructure with quick and easy RCA drill-down is essential.

Expanding on the previous example of an unrelated application impacting SAP performance, a lot of time, and therefore money, can be saved if your monitoring can indicate that whilst your SAP database server is suffering from poor disk performance, the real underlying problem is a run-away process on another VM, which shares the same virtualisation host and storage array, consuming all the storage I/O.

To understand more about the correlation and analytics functionality of eG Enterprise, I’d recommend reading John Worthington’s blog post:

https://www.eginnovations.com/blog/what-is-event-correlation/

Call us today on 01782 752 369
KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL

Many businesses have a desire to move away from complex, difficult to support legacy applications.  Actually achieving that is far harder than just putting it into a strategy document, though!

In the case of Tipico, the Maltese gaming and betting business, they had 160 servers supporting a three-tier Java application. With so many servers involved, it’s only natural that despite the very best intentions, different parts of the application stack end up on different Java or other library version. This all adds up to more complexity and thus Mean Time To Resolution (MTTR) for any issues.

Tipico transitioned their platform to be orchestrated by Kubernetes (K8s), all run using components of Amazon Web Services. Their infrastructure is now purely infrastructure as code and Cloud based.

Moving your key application(s) to microservices running on a Cloud platform doesn’t just involve deciding on which provider is the most cost effective, has the best geographical presence to suit your customer base or offers the right services for your applications. If Kubernetes has the ability to shrink or grow the number of nodes or pods running your application, how do you monitor it?  Just including your monitoring agent in your base server build image doesn’t work anymore.

A next-generation APM tool which automatically and continuously discovers your infrastructure and application is the key. Tipico’s evaluation of the APM market determined that Instana was the best fit for their infrastructure.

Instana’s ability to create ‘Application Perspectives’ is great for DevOps teams, where different teams are focused on different parts of the application.  Does a team working on the payments microservice really need to know how the login microservice is performing? Application Perspectives let teams filter out the noise, letting them focus on the metrics of the services they are responsible for.

A DevOps mindset (Continuous Improvement/Continuous Development or CI/CD) also means regular code releases to add features or fix bugs. Instana’s API provides an easy method to further integrate the CI/CD pipeline and monitoring. A simple curl call can notify Instana of a release, which is then visible in Instana UI as a ‘release marker’. This means developers and support teams can both immediately correlate any radical changes in performance or stability against the release.

Normally, a blog post needs a conclusion. In this case though, I think two statistics from the Tipico case study stand out to really show the success of the project:

• 3x increase in the number of deployments per month
• 10x improvement in MTTR

Call us today on 01782 752 369
KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL