Our first #NoSalesPitch event of 2024 saw the KedronUK team heading north into central Manchester. The No Sales Pitch format was a great success last year, with ten-minute presentations from five security vendors to keep things moving and interesting. With Sixes Manchester as the venue, there was the chance for networking over food and drink, along with some virtual cricket fun after the presentations had finished.

Zero Trust – Forescout
Phil Swainson, KedronUK’s Head of Technology, was compere for the afternoon. After a brief overview of KedronUK, he introduced our first presentation from Keith Gilbert of Forescout. Keith talked about Zero Trust (ZT), focusing on the steps required to begin the journey to a ZT world. We know from speaking to many enterprises, there’s a lot to consider when starting out with ZT and proper planning is essential. Using the NIST 800-207 document entitled “Zero Trust Architecture” as a guide, Keith outlined the key system components such as Policy Enforcement Points and Policy Decision Points, plus how these interact with the “data plane” of users and systems.

Ransomware Containment – BullWall.
In the IT security arena, ransomware remains an ongoing threat to businesses of all size. Whilst the exact attack techniques and methods evolve, the risk of severe business disruption remains. Bullwall Ransomware Containment (RC) is an innovative but lightweight solution to provide an extra layer of protection. To use an analogy, an IT datacentre or large building will have a sprinkler or fire suppression system which will trigger in the event of a fire. The job of the sprinkler system is not to stop the fire from happening in the first place but to extinguish the fire as quickly as possible. Andrew Grant outlined how Bullwall RC offers the same solution for ransomware – other security tools will hopefully block and prevent as many attacks as possible but in the worst case, it will automatically trigger and stop the ransomware.

Breach & Attack Simulation – Keysight.
The ever-expanding IT security market means new vendors and new products appear almost daily. Analysts will identify attack vectors which need tools to protect against but what about the existing security tooling you have deployed? Kevin Berry from Keysight showed how a Breach & Attack Simulation (BAS) tool can fit into your security testing plans. Whilst it is a new tool (somewhat ironically), BAS is not about directly filling a gap or replacing an existing tool, but helping you understand how your existing security solutions are working. With regular updates from the Keysight Application & Threat Intelligence (ATI) team, Keysight ThreatSim helps you validate your existing security policies and posture to ensure they are providing the best possible protection against the latest threats. BAS compliments point-in-time tests such as penetration testing which are performed perhaps annually or six-monthly, as well as frequent scans from vulnerability management tools such as Tenable Nessus.

API Security – NoName.
Our newest vendor partner is NoName Security. API security continues to gain focus for CISOs and other security practitioners. As far back as December 2021, Gartner predicted that APIs would become the top attack vector. As an example, the recent (May 2024) Dell data breach saw an attacker use a poorly secured and non-rate limited API to extract the details of around 49 million customers. As a market leader in API security, David Moss outlined how the key pillars provided by Noname cover Discovery (what is my API estate?), Posture (how many of those APIs have vulnerabilities or are mis-configured?), Runtime (who is attacking my APIs?) and Testing (finding potential vulnerabilities during development).

Network Detection & Response – ExtraHop.
The “Need for Speed” was the theme of the last presentation from Kyle Francis of ExtraHop. IT teams are always under pressure to work faster. Security threats need to be detected and contained quicker, whilst outages must be resolved quicker to avoid costly business disruption. However, incomplete data, blind spots and too many complex interfaces hinder the investigation and resolution process. As a Forrester Wave (Q2 2023) leader for Network Analysis and Visibility, ExtraHop can help enterprises eliminate blind spots, detect issue and anomalies in real-time, ultimately reducing investigation to drive quicker, positive, outcomes.

With the presentations complete, the bar opened, food was served and the cricket began. Across the two nets, the best attendee on each screen stepped forward at the end for a competition to win an Oculus VR Headset! Although the runner up didn’t miss out, receiving a £75 voucher to return to a sixes cricket near them…

We received some great feedback from the attendees at the event. From speaking to them, the key takeaway from the afternoon included that whilst not every tool presented is the right fit for every organisation (perhaps due to size, budget or security maturity), the format is an excellent way of getting a view of current security trends and risks. Finally, a number of attendees noted how the workload for IT teams is unrelenting, so “light-touch” tools (such as BullWall RC) which can quick enhance security with a low management footprint are extremely attractive.

To find out more about each technology discussed, take a look at our SOCial Cricket Event Presentation Slides here!

Throughout this blog post, we have put together some of the latest industry insights from us and our vendors in KedronUK’s monthly Techbrief! This month we share with you information on The Dangers of Cyber Risk Quantification, How AI is Enabling Resilience in Healthcare, Ransomware’s Impact on Government Organisations, and much more.

KedronUK
KedronUK Has Come of Age! (Case Study)
KedronUK has reached the grand old age of 21 and will be celebrating this milestone with the team by attending the Henley Royal Regatta 2024!

We find it hard to believe we are making over two decades of success in the ever-evolving IT industry, so we wanted to take a look back and share with our customers where it started, what has changed and where we think we will be going next!
Read the full blog here!

ExtraHop
The Dangers of Cyber Risk Quantification. (Blog Post)
Cyber risk quantification (CRQ) is an approach to analysing and reporting on cybersecurity risks that has grown in popularity over the past decade. One of the leading CRQ frameworks is known as the Factor Analysis of Information Risk (FAIR) model. The FAIR model posits that cybersecurity risk can be quantified in terms of its potential financial impact, just like any other business risk. The benefits to quantifying risk financially are that security leaders can communicate the impact of a potential cybersecurity incident in terms executives are familiar with and they can clearly demonstrate the effectiveness of their cybersecurity programs.
Read more here.

Infosim
StableNet® Analytics Portal (SNAP). (Blog Post)
Dashboards are an invaluable tool to visualize data, gain insight and share information with stakeholders. For network management, dashboards are not “one-size-fits-all”; specific user groups require different levels of granularity. With the all new StableNet Analytics Portal (aka “SNAP”), near-real-time dashboards can be customized easily and with multi-tenancy, your level of control has never been greater. .
To learn more, click here and see how, with the all new StableNet Analytics Portal, getting and sharing the information you need really is a “SNAP”.

Keysight Technologies
3 Ways that Artificial Intelligence is Enabling Resilience in Healthcare. (Blog Post)
The Covid-19 pandemic heightened existing pressure points in nearly every sector and industry. The pandemic exacerbated the already crisis-level burnout that healthcare workers were struggling with. Hospital networks are struggling to keep pace with more patients requiring care from a shrinking healthcare professional workforce. Inflation, increased doctor-patient ratios, and a shrinking healthcare talent pool have stretched the medical industry to its breaking point. Digital health technologies that leverage AI contribute to improving the efficiency and effectiveness of hospital systems in meaningful ways, including cost reductions, improved access to healthcare, and resource optimisation.
Find out more here.

Rapid7
Why The External Attack Surface Matters: An analysis into APAC related threat activities. (Blog Post)
Considerable focus within the cybersecurity industry has been placed on the attack surface of organisations, giving rise to external attack surface management (EASM) technologies as a means to monitor said surface. It would appear a reasonable approach, on the premise that a reduction in exposed risk related to the external attack surface reduces the likelihood of compromise and potential disruption from the myriad of ransomware groups targeting specific geographies and sectors.
Read more here.

Heimdal
There’s Something Phishy about Generative AI. (Blog Post)
The rise of GenAI (Generative AI) gives leeway to malicious content creators with 80% of all phishing campaigns discovered in the wild being generated by AI tools such as ChatGPT or similar.
In this article, we are going to explore the latest phishing techniques that capitalise on GenAI.
Find out more here.

Forescout
The Mega Impact of AI-Driven Disinformation Campaigns. (Blog Post)
The amount of money to run an AI-based disinformation campaign is miniscule compared to the influence the campaign can have on society. As noted in a recent SecurityWeek piece “Preparing Society for AI-Based Disinformation Campaigns in the 2024 US Elections”, there are four common steps in these efforts: Reconnaissance, content creation, amplification and actualisation. Unlike other threat actors who typically act out of financial motivation, the question here isn’t ‘how do we monetise the campaign?’ It’s ‘how do we effect change?’ They want to change the way people think and act — and change what they believe.
Read the full blog post here.

BullWall
How Ransomware Impacts Government Organisations. (Blog Post)
Government institutions provide critical services to citizens, including healthcare, public safety, transportation, and utilities and as such are prime targets for ransomware attacks. Ransomware attacks can disrupt these services, causing delays, shutdowns, and potentially putting lives at risk. In some cases, ransomware attacks on government institutions may have broader national security implications. For example, if critical infrastructure or sensitive government systems are compromised, it could impact national defence, intelligence operations, and diplomatic relations.
Read more here.

The KedronUK team once again journeyed south for the last “No Sales Pitch” event of 2023 – Bridging the Gap: Managing and Protecting IoT/OT in the IT World. We returned to Clays Bar in Moorgate as the feedback from our last event was that virtual clay shooting was good fun (not to mention that it avoided standing around in a cold, muddy field waiting for your next turn!).

The “No Sales Pitch” theme means no hard-sell but a chance for attendees to see and learn about products which can help with current and upcoming challenges. IT teams are now often finding that security for the myriad of OT and IoT devices now appearing on enterprise networks is a headache. What has worked in the traditional PC world such as endpoint or agent-based solutions doesn’t readily translate to basic or outdated devices that cannot be easily managed, upgraded or replaced. 

The first presentation was given by Axel Debray from Forescout, who are a new partnership for KedronUK. Established for over twenty years, Forescout has a huge amount of data on the riskiest devices, including 39 billion data points and over 18 million device profiles. Being able to automatically inventory networks and profile the discovered devices with supporting information such as risk scores (both operational and security) starts to address the problem that you cannot secure what you don’t know about. With the Vedere Labs (the research arm of Forescout) showing a proof-of-concept for IoT specific ransomware last year, the risks associated with these devices continues to grow.

Kevin Berry from Keysight Technologies looked at many of the practical challenges facing security teams, who are tasked with increasing protection in the OT / IoT world. We often find the Keysight brand isn’t well known in the IT industry, but as the world’s largest test and measurement company, they have a wide range of solutions. Aside from the technical challenges of gaining visibility of OT devices, the typical environment where OT device lives has physical challenges such as temperature, humidity and vibration which need special consideration. Some of the scenarios considered included:

• Analysing packets from network switches which are full (no space for a mirror port) or which nobody dares to touch as they are so old or unmanageable.
• Getting the capture traffic to multiple tools without wasting bandwidth or overwhelming the tool(s) with the wrong data.
• Ensuring that any downtime (scheduled or otherwise) with the monitoring tool(s) does not impact the OT environment being monitored.
• Capturing traffic in the harsh environments as noted above.

Unfortunately, airline problems prevented Jorg Schallmayer from Infosim GmbH joining us to present on his topic – “StableNet as an IoT Platform Manager”. Phil Swainson stepped-up in his absense to provide an overview of StableNet but we hope to feature more about the work being done in the StableNet Innovation Lab on the management of IoT devices in the future.

Pulling a “double shift”, Phil Swainson concluded the talks and spoke about how Totuus from KedronUK can help with the ever-present challenge of maintaining a fit-for-purpose CMDB. A recent survey we ran indicated that almost half the respondents did not believe their CMDB was fit for purpose.

With the presentations complete, the bar opened, food was served and the shooting could start. Across the three virtual shoots in the event room, the best attendee on each screen stepped forward at the end for a winner takes all shoot-off. The prize of a new Xbox perhaps made for a timely Christmas present for somebody…

From speaking to attendees, the key takeaway from the afternoon was that gaining visibility into and securing OT / IoT is difficult for a wide variety of reasons, but there are innovative solutions to help bridge the gap and manage the risk around these devices. The environments and challenges can be complex but help is at hand!

To find out more about each technology discussed, take a look at our Bridging the Gap Presentation Slides here!