Beyond AI, cybersecurity challenges continue to evolve. Effective vulnerability management requires more than just CVSS scores, and supply chain attacks highlight the need for greater scrutiny of third-party providers. Meanwhile, advancements in quantum computing could reshape encryption and cloud security.

As we navigate 2025, understanding these trends will be key to staying ahead in an increasingly complex digital landscape.

AI is everywhere but does it need to be?

There’s been something of a stampede by vendors to add AI functionality into products.  It seems almost every product now has a Copilot or similar feature claiming to make life easier.  Understanding how beneficial this is to users is unclear at present.  When evaluating new products, KedronUK does cast a critical eye over the “datasheet benefits” and how they many actually work in the real world.

AI and ML does suit some applications very well though.  Surfacing performance or security detections (events / alerts) in large amoun’ts of data, such as raw network traffic in NDR tools or logs in a SIEM solution, is a great use case.

AI isn’t just all good though

I’m sure every IT professional has seen a terrible attempt at a phishing e-mail, either offering them money lost in a foreign bank account or one claiming to be from a senior colleague asking them to help with an urgent action.  Easy access to AI tools will make these harder to spot as they mimic the writing style or even voices of colleagues.  Alongside appropriate security tools, user awareness will be very important in helping combat this threat.

Managing the use of AI platforms will also continue to challenge organisations from a GRC perspective.  The leaking of sensitive data could occur thanks to careless but well-intentioned use of AI to help with productivity.

Look beyond just the vulnerability

Vulnerability scanners are a common and essential part of any IT’s team tooling.  Finding and addressing vulnerabilities early is important in maintaining a good secure posture.  However, just considering a CVSS score in isolation may not deliver the best results.  Leveraging additional data sources such as the CISA KEV catalogue can provide extra context to help prioritise remediation work.  As an example, a CVE with a score of 9.8 would, at first glance, look to need immediately addressing.  However, it may not be actively exploited.  Thus, a CVE with a lower score (eg 6.5) which is being commonly exploited should be addressed first.

Incorporating vulnerabilities (with all import context) and other signals can provide a much wider and more complete view of your attack surface.

Trusted Partners

The December 2024 attack on the US Department of the Treasury used BeyondTrust’s remote support tools to gain access to the Department’s infrastructure.  Supply chain attacks are nothing new though – the SolarWinds Sunburst and Supernova attacks date back to 2020/21.  Whilst SaaS (or other XaaS) still has many benefits, it can be extremely difficult to audit and build trust in a provider.  Major SaaS providers will continue to be a ripe target for nation state attackers.  This may encourage organisations to move back to self-hosted solutions, especially critical parts of the infrastructure such as ZTNA.

This topic doesn’t just cover technology service providers though.  With the change of government in the USA and their “unsettling” statements on subjects such as security, borders and tariffs, both private business and public sector users may start to reconsider the implications of hosting applications and storing data in cloud platforms owned by US technology companies such as Microsoft and Google.  Could unexpected policy announcements have sudden legal implications for data sovereignty and local compliance regulations?

The World of Quantum

For large enterprises, interest in quantum computing will continue to grow as they research and plan how the new age will impact their operations.  The applications of aspects quantum computing, such as Quantum Random Number Generation gives financial businesses the chance to improve the accuracy and speed of simulations.   QRNG also offers a truly random source of random numbers to provide an ideal basis for encryption keys.  Entropy as a Service offers a way to benefit for cloud applications and IoT devices to benefit from QRNG.

For more information please get in touch!

 In our increasingly digital world, cyber-attacks pose a significant threat to both individuals and organisations. Understanding these threats and learning how to protect yourself is essential. This blog post will delve into some of the most common cyber-attacks, providing detailed insights and practical prevention tips. 

1. Phishing Attacks 

Phishing attacks are deceptive attempts to obtain sensitive information such as usernames, passwords, and credit card details. These attacks often come in the form of emails, text messages, or websites that mimic legitimate communications from trusted sources.

How it works: 

• The attacker sends a message that appears to be from a reputable entity, such as a bank, telecommunications, cloud provider, courier / postal service or other well-known company. 
• The message contains a link or attachment that prompts the victim to enter personal information such as logon credentials or download malware. 

Prevention Tips:

• Verify the Source: Always check the senders email address and look for signs of spoofing. If unsure, contact the organisation directly using a known, legitimate contact method. 
• Think Before You Click/React: Hover over the links to see where they lead before clicking. Be cautious with unexpected attachments, even from known contacts. Services like Microsoft 365 and Google Workspace can place additional warnings into external e-mails to help users spot phishing attempts which try to make out they are internal from a colleague. 
• Use Security Services/Software: Implement email filters and anti-phishing tools to detect and block malicious messages. Alongside the standard security controls provided by email providers, third party vendors such as Heimdal offer additional layers of security. 
• Education: Regularly train employees on how to recognise and respond to phishing attempts. Simulated phishing attacks can be occasionally run to ensure user awareness is checked and maintained. 

2. Ransomware & Malware 

Ransomware is a type of malware that encrypts a victims files to prevent access and demands a ransom for the decryption key. Attackers may also exfiltrate the data and threaten to publicly release sensitive business information if a ransom is not paid. This attack can cripple businesses, plus cause significant financial losses and reputational damage.

How It Works: 

• Ransomware typically spreads through phishing emails, malicious ads, or by exploiting vulnerabilities in software. Once executed, it encrypts files and displays a ransom note demanding payment, often in cryptocurrency. It will also try to move laterally across a network to maximise the disruption. 

Prevention Tips: 

• Regular Backups: Again, maintain regular backups of critical data and ensure they are stored offline or in a secure cloud environment. Immutable backups can protect critical restore points from ransomware. Backup procedures need to be tested on a regular basis to ensure they are working as expected – do not just trust log reports!
• Install Antivirus / EDR Software: Ensure you have reliable antivirus and anti-malware software installed and regularly updated. That said, the recent CrowdStrike outage has shown regular updated can be a double-edge sword!
• Patch Vulnerabilities: Keep your software and systems updated to protect against exploits. A vulnerability scanner / solution such as Qualys. Tenable Nessus or Rapid7 InsightVM can help automate this process to avoid blind-spots when dealing with a large IT estate. Any vulnerabilities with a CVE score of 9 or more should generally be treated as a priority and either be patched or mitigated. 
• Network Segmentation: Segment your network to limit the spread of ransomware and contain potential damage. Zero Trust Network Access (ZTNA) solutions like Appgate can ensure users only have access to the applications they need, restricting the ability of ransomware to move laterally to other devices on the network. 
• Consider Fire-Break Solutions: Ransomware containment solutions such as BullWall RC can provide a last line of defence against encryption. These solutions aim to stop a ransomware attack as quickly as possible, isolating or shutting down the infected PC(s) to minimise the impact of the attack. 
• Examine your full supply chain and technology stack: A number of enterprises impacted by the ransomware groups which targeted the MOVEit vulnerabilities were actually affected due to the use of MOVEit by their payroll / HR software provider (TechCrunch). 

3. EOS/EOL and Unpatched Network Equipment

Patching operating systems and applications is a regular task for most businesses, with tools such as Heimdal Patch & Asset Management used to automate much of the repetitive work. However, it is also critically important to update network equipment, especially routers and firewalls which are internet facing. 

Research published this week by Vedere Labs, the cybersecurity research arm of our partner Forescout, identified 14 new security vulnerabilities in 24 models of the popular DrayTek Vigor network routers/firewalls. Around 785,000 impacted devices have been identified globally, with 20% of these considered to be End of Life (EOL) and 43% End of Support (EOS). 

Thankfully, DrayTek have provided firmware updates for EOS/EOL routers. 

How It Works: 

• Attackers use automated tools such as Shodan to scan the Internet for exposed devices with out-of-date firmware. 
• One located, attackers will have scripts ready to exploit the security bugs. 
• The attackers may use the device launch DDoS attacks as part of a botnet, intercept traffic or penetrate the private network behind the firewall/router to deploy ransomware.

Prevention Tips:

• Patch Firmware: Where possible, subscribe to vendor email notifications to automatically receive alerts for new firmware release. More importantly, arrange appropriate maintenance windows to install the updates, especially where they contain security fixes. 
• Replace End of Life (EOL) Equipment: Critical network infrastructure which is EOS/EOL and thus unsupported should be replaced. Even though the equipment may continue to work fine without support by the vendor, the lack of updates means rushing to replace a device when an exploit is found and widely abused. Not all vendors will product patches for old equipment like DrayTek!
• Remove or secure public management access: Although convenient for remote support, exposing router, firewall or other management interfaces directly to the Internet should be avoided wherever possible. The DrayTek research found over 704,00 devices with the management UI exposed to the Internet.

Conclusion

Understanding these common cyber-attacks and implementing robust security measures can significantly reduce your risk. Stay informed, stay vigilant, and prioritize cybersecurity to protect yourself and your organisation from these pervasive threats.

As an independent specialist consultancy working with leading cyber-security vendors, KedronUK can assist enterprises in addressing gaps within their security tooling from EOL device management through to ransomware containment solutions.

For more information on our full product portfolio, please contact us, or email our sales team at sales@kedronuk.com. 

 In our rapidly evolving digital landscape, staying ahead of cyber threats is paramount. As we enter 2024, the world of cyber security is poised for significant changes and challenges. In this blog post, we explore four key cybersecurity trends that are likely to shape the landscape in the coming year. 

1. AI and Machine Learning Powered Threat Detection: 

The integration of artificial intelligence (AI) and machine learning (ML) into cybersecurity practices is not new, but its significance is set to grow in 2024. As cyber threats become more sophisticated, AI and ML algorithems play a crucial role in identifying patterns and anomalies in real-time, allowing organisations to respond swiftly to potential breaches. This trend will empower cybersecurity professionals to proactively defend against emerging threats and adapt to evolving attack methods. 

One use-case of this could be through AI/MLs ability to sift through large amounts of data and find outlying events which indicate security risks. A good example of this is ExtraHop Reveal(x), which uses AI/ML to surface detections from raw network data for SOC teams to investigate. Trying to analyse tens or hundreds of gigabytes of data would otherwise not be feasible. 

AI/ML also allows an organisation to improve or extend their security coverage, especially smaller organisations who have yet to make the step to a 24/7 SOC (either in-house or managed). The always-on nature of AI/ML, perhaps coupled with suitable remediation playbooks, can ensure the most dangerous threats are contained even if they happen outside of core business hours. 

2. Zero Trust Architecture: 

The traditional approach of trusting entities inside a network and distrusting those outsides has become outdated in the face of increasingly sophisticated cyber-attacks. Zero Trust Architecture is a paradigm shift that assumes no entity, whether internal or external, can be trusted by default. In 2024, organisations are expected to adopt Zero Trust principles more widely, implementing strict access controls, continuous monitoring, and multifactor authentication to ensure the highest level of security. This approach minimises the risk of unauthorised access and lateral movement within a network. 

Zero Trust does provide challenges in deployment, as network reconfiguration maybe required to ensure traffic is correctly routed through the relevant policy enforcement points. Thus, organisations may adopt a “long game” approach on moving to a Zero Trust model. 

3. Rise of Quantum-Safe Cryptography: 

With the advent of quantum computing on the horizon, the need for quantum-safe cryptography becomes imperative. Quantum computers have the potential to break widely used cryptographic algorithms, posing a serious threat to data security. In 2024, cybersecurity experts are likely to focus on developing and implementing quantum-resistant cryptographic methods to safeguard sensitive information. Organisations that embrace quantum-safe cryptography early will be better positioned to withstand the challenges posed by quantum computing advancements. 

4. Security Automation and Orchestration: 

As the volume and complexity of cyber threats continue to increase, the role of automation and orchestration in cybersecurity operations becomes more pronounced. In 2024, organisations will increasingly leverage security automation to streamline routine tasks, respond to incidents faster, and reduce the burden on cybersecurity teams. Automated incident response, threat intelligence sharing, and orchestration of security tools will become integral components of a robust cybersecurity strategy, allowing organisations to enhance their resilience against evolving threats. The use of playbooks is a good example to ensure any alert presented to a SOC analyst is supported by as much information as possible to support their immediate decision making. Examples of this include any files being flagged as suspicious are automatically validated against platforms such as Virus Total or IP addresses are cross-checked with threat intelligence feeds for any history in cyber-attacks.

Conclusion 

As highlighted above, AI/ML can offer tangible benefits but there is a danger that vendors rush to claim that products use it simply to be on the “bandwagon”. Thus, genuine use-cases and benefits become hidden amongst all the noise and hype. When evaluting products to add to our portfolio of tools, KedronUK look beyond to glossy datasheet to see how vendor claims really stack up and if they are the right tool for our customers. 

For more information on our full product portfolio, please contact us, or email our sales team at sales@kedronuk.com. 

Recently, I’ve been deeply entrenched discussing the complex and evolving landscape of API security with my enterprise and service providers customers. 

As we step into this era of unprecedented connectivity and digital interaction, API’s have taken the centre stage, becoming the backbone that powers the modern digital ecosystem. However, the spotlight is now shining on the critical need for API security, a concern that is shared by numerous large enterprises I’ve had the privilege of working with through KedronUK. 

In this article I wanted to share an overview of why this topic is so important: 

API’s: The Glue that Holds our Digital World Together

API’S (Application Programming Interfaces) play a pivotal role in bringing diverse applications together enabling them to communicate, share data, and seamlessly perform tasks. With the increasing reliance on API’s for essential interactions between people, businesses, and applications, ensuring their security has become paramount. 

The Rising Concern of API Security

Recently there have been a notable rise in cyber-attacks via API’s. This alarming trend has prompted business leaders to re-evaluate their priorities. It’s quite unbelievable to note that while over 90% of executives understand the mission-critical nature of API’s, many have not place API security at the forefront of their concerns. 

In discussions with various contributors, it’s clear that API security problems are not just theoretical worries – a staggering 94% of those I’ve engaged with have directly experienced these issues. the impact goes beyond anecdotes: more than half of the companies have been forced to delay the release of new API’s due to security concerns. Despite these pressing challenges, a mere 11% have a dedicated API security plan in place, encompassing specialised API testing protective measures. 

Empowering Businesses with KedronUK and Wib Fusion Discovery

As a consultant who has collaborated on several substantial projects to address these concerns, I feel KedronUK are able to provide a market-leading solution that resonates deeply with the enterprises I’ve worked with. KedronUK, in conjunction with the innovative Wib Fusion Discover software, provides a comprehensive answer to the growing API security dilemma. 

The essence of Fusion Discovery lies in it’s ability to grant enterprises unprecedented visibility across the entire API lifecycle. This advanced approach drastically reduces blind spots, cuts down on false positives, and bolsters an organisations resilience against potential API security vulnerabilities. 

Real-world Impact: Unveiling the Power of Fusion Discovery

A recent experience with a major international media company showcased the remarkable potential of Fusion Discovery. This company, much like others, grappled with a lack of insight into their sprawling API ecosystem. Through Fusion Discovery’s capabilities, we swiftly generated a comprehensive inventory of their API estate – spanning both on-premises and cloud deployments – within two hours. What’s more, the ongoing documentation ensured not only the present API integrity but also a guarantee of future-proof assurance. 

Conclusion: Safeguarding Tomorrow’s Digital Landscape

As we reflect on the intricate web of API’s that underpin our digital interactions, one truth becomes abundantly clear: the future is API-centric. 

Yet, this future demands a holistic approach that addresses the growing concerns of security.

As a consultant, working closely with KedronUK and the cutting-edge Fusion Discover solution, I’ve witnessed a transformation in how enterprises perceive and tackle API security challenges. 

The numbers don’t lie – the overwhelming instances of API security problems and the postponement of crucial API releases underscore the gravity of the situation. However, this is not a tale of despair; it’s a story of proactive adaptation and empowerment. 

With Fusion Discovery’s steadfast ability to illuminate the entire API landscape, we’re standing at the precipice of a new era in cybersecurity. This is an era where enterprises can take charge of their digital destiny, fortify their systems against potential vulnerabilities, and enable innovation without compromise. 

So, as we move forward into this API-driven world, let’s remember that every interaction, every data exchange, and every application we rely on is supported by API’s. The responsibility to secure this foundation lies with us, and the tools at our disposal, like Fusion Discovery, are paving the way for a secure and prosperous digital future. Let’s embrace this journey together, armed with knowledge, innovation, and unwavering commitment to a safer tomorrow. 

For more information on how KedronUK and Wib can help your business with API service, feel free to contact us at sales@kedronuk.com or call us on 01782 752369. 

Although the concept of Zero Trust Network Access (ZTNA) has been with us for some time now, increases in digital adoption, remote working and mobile computing mean that ZTNA is now a hot topic amongst many of my enterprise customers.

A critical aspect of Zero Trust security is the elimination of the old rule to “trust, then verify” and replace it with “verify, then trust”.

Typically, one of the first steps my customers take on their zero-trust journey is to control user access with identity centric micro-perimeters, which requires an extensive verification of identity rather than a network-centric IP address.

However, with verification comes validation. The questions that I hear a lot of are “how can I verify that all of my users, devices, and systems are following the framework?” or “How do I know whether one of these controls is compromised?”

When our customers are asking these questions the Kedron answer is always Network Detection and Response (NDR).

NDR supports rapid investigation, internal visibility, intelligent response and enhanced threat detection across on-premises, cloud, and hybrid environments and can accelerate adoption of an effective Zero Trust framework by enhancing the IT visibility organisations need to get going.

Meaning you can continually monitor and safeguard network traffic, validate policy enforcement, and support enhanced collaboration between traditionally siloed teams.

The case for NDR is strengthened due to its capabilities in encrypted traffic flow capability as well as cloud-powered machine learning which can be used to baseline the “normal” behaviours of entities on the network and contextually identify anything suspicious.

As a provider of both ZTNA www.appgate.com and NDR technologies https://www.extrahop.com/ KedronUK is able to demonstrate this complimentary value to customers who are planning the transition, so feel free to contact us at sales@kedornuk.com and I can show you exactly how this would work.