Throughout this blog post, we have put together some of the latest industry insights from us and our vendors in KedronUK’s monthly Techbrief! This month we share with you information on Disruptive Cyber Technology 2024, Cybersecurity platforms you should know about, and much more.

KedronUK
SOCial Cricket Event: Disruptive Cyber Tech 2024 (Blog Post)
Our first #NoSalesPitch event of 2024 saw the KedronUK team heading north into central Manchester. The No Sales Pitch format was a great success last year, with ten-minute presentations from five security vendors to keep things moving and interesting. With Sixes Manchester as the venue, there was the chance for networking over food and drink, along with some virtual cricket fun after the presentations had finished.
Read the full blog and download presentation slides here!

ExtraHop
Change Healthcare Ransomware Attack Represents Every CISO’s Worth Nightmare. (Blog Post)
The February 2024 ransomware attack on Change Healthcare is a perfect example of the kind of black swan cyber event that every CISO quietly dreads and prays will never happen: a devasting cyberattack that exposes the sensitive data of millions of customers, paralyzes and entire industry for weeks, and eats away at a company’s earnings for quarters and years to come.
Read more here.

Infosim
StableNet Innovation Lab – One Year of Open Innovation. (Blog Post)
With StableNet Innovation Lab, Infosim have created a driver for open innovation and given innovation management at Infosim a stronger structure and direction. The focus lies on the network Management market and their StableNet solution as well as on researching best practices and transferring them to real applications.

One year after the launch of the lab, a lot has changed and new additions have been added. In this blog post, Dr. David Hock gives an overview of the past year and an outlook on what to expect in 2024.
Find out more here.

Keysight Technologies
Decoding DNS Water Torture: Exploring DDoS Attack Patterns and Traffic Analysis. (Blog Post)
In the ever-evolving landscape of cybersecurity threats, Distributed Denial of Service (DDoS) attacks act as powerful weapons used by attackers to disrupt online services and infrastructure. Among the multitude of DDoS attack methods, one method stands out for its cunning strategy and relentless impact is DNS Water Torture attacks.
Read more here.

Rapid7
AI Trust Risk and Security Management: Why Tackle Them Now? (Blog Post)
In the evolving world of artificial intelligence (AI), keeping our customers secure and maintaining their trust is our top priority. As AI technologies integrate more deeply into our daily operations and services, they bring a set of unique challenges that demand a robust management strategy: The Black Box Strategy, Model Fragility, Easy Access, Staying Ahead of the Curve. The Black Box Dilemma, Model Fragility, Easy Access, Big Responsibility, Staying ahead of the Curve.

Our TRiSM (Trust, Risk, and Security Management) framework isn’t merely a component of our operations – it’s a foundational strategy that guides us in navigating the intricate landscape of AI with confidence and security.
Read more here.

Heimdal
11 Cybersecurity Platforms You Should Know About (2024). (Blog Post)
There’s growing evidence that organisations are consolidating their cybersecurity tools. One survey found that 60% of companies are looking to reduce the number of point solutions they use. And it’s not just about saving money – the top driver was in fact about improving usability.

Cybersecurity platforms are meeting this demand. By bringing most – if not all – of your cybersecurity tools into one environment, you can consiltate your activities into one robust platform.

In this article, you’ll learn about 11 of the best cybersecurity platforms currently available.
Find out more here.

Forescout
Beyond Bullet Holes: Unveiling Cybersecurity’s Hidden Risk Exposure. (Blog Post)
The art of risk assessment has long been a crucial element of military strategy and decision-making – and it remains critical to today’s best practices in cybersecurity defense. Abraham Wald, a mathematical genius, played a pivotal role in revolutionizing the understanding of hidden risk and exposure with his innovative work on aircraft survivability. During World War II, the US air force wanted effective methods to protect aircraft against enemy fire. Wald’s innovative approach stood out.

Wald’s ‘survivorship bias’ methodology offers a compelling analogy for today’s risk management. We need to think more strategically to gain a deeper understanding of risk – and not allow selective ‘success’ filters dissuade the mission. It’s time to accept there are hidden risks from limited visibility — and that hidden risks are a persistent threat to business and to human safety.
Read the full blog post here.

Call us today on 01782 752 369
KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL

Our first #NoSalesPitch event of 2024 saw the KedronUK team heading north into central Manchester. The No Sales Pitch format was a great success last year, with ten-minute presentations from five security vendors to keep things moving and interesting. With Sixes Manchester as the venue, there was the chance for networking over food and drink, along with some virtual cricket fun after the presentations had finished.

Zero Trust – Forescout
Phil Swainson, KedronUK’s Head of Technology, was compere for the afternoon. After a brief overview of KedronUK, he introduced our first presentation from Keith Gilbert of Forescout. Keith talked about Zero Trust (ZT), focusing on the steps required to begin the journey to a ZT world. We know from speaking to many enterprises, there’s a lot to consider when starting out with ZT and proper planning is essential. Using the NIST 800-207 document entitled “Zero Trust Architecture” as a guide, Keith outlined the key system components such as Policy Enforcement Points and Policy Decision Points, plus how these interact with the “data plane” of users and systems.

Ransomware Containment – BullWall.
In the IT security arena, ransomware remains an ongoing threat to businesses of all size. Whilst the exact attack techniques and methods evolve, the risk of severe business disruption remains. Bullwall Ransomware Containment (RC) is an innovative but lightweight solution to provide an extra layer of protection. To use an analogy, an IT datacentre or large building will have a sprinkler or fire suppression system which will trigger in the event of a fire. The job of the sprinkler system is not to stop the fire from happening in the first place but to extinguish the fire as quickly as possible. Andrew Grant outlined how Bullwall RC offers the same solution for ransomware – other security tools will hopefully block and prevent as many attacks as possible but in the worst case, it will automatically trigger and stop the ransomware.

Breach & Attack Simulation – Keysight.
The ever-expanding IT security market means new vendors and new products appear almost daily. Analysts will identify attack vectors which need tools to protect against but what about the existing security tooling you have deployed? Kevin Berry from Keysight showed how a Breach & Attack Simulation (BAS) tool can fit into your security testing plans. Whilst it is a new tool (somewhat ironically), BAS is not about directly filling a gap or replacing an existing tool, but helping you understand how your existing security solutions are working. With regular updates from the Keysight Application & Threat Intelligence (ATI) team, Keysight ThreatSim helps you validate your existing security policies and posture to ensure they are providing the best possible protection against the latest threats. BAS compliments point-in-time tests such as penetration testing which are performed perhaps annually or six-monthly, as well as frequent scans from vulnerability management tools such as Tenable Nessus.

API Security – NoName.
Our newest vendor partner is NoName Security. API security continues to gain focus for CISOs and other security practitioners. As far back as December 2021, Gartner predicted that APIs would become the top attack vector. As an example, the recent (May 2024) Dell data breach saw an attacker use a poorly secured and non-rate limited API to extract the details of around 49 million customers. As a market leader in API security, David Moss outlined how the key pillars provided by Noname cover Discovery (what is my API estate?), Posture (how many of those APIs have vulnerabilities or are mis-configured?), Runtime (who is attacking my APIs?) and Testing (finding potential vulnerabilities during development).

Network Detection & Response – ExtraHop.
The “Need for Speed” was the theme of the last presentation from Kyle Francis of ExtraHop. IT teams are always under pressure to work faster. Security threats need to be detected and contained quicker, whilst outages must be resolved quicker to avoid costly business disruption. However, incomplete data, blind spots and too many complex interfaces hinder the investigation and resolution process. As a Forrester Wave (Q2 2023) leader for Network Analysis and Visibility, ExtraHop can help enterprises eliminate blind spots, detect issue and anomalies in real-time, ultimately reducing investigation to drive quicker, positive, outcomes.

With the presentations complete, the bar opened, food was served and the cricket began. Across the two nets, the best attendee on each screen stepped forward at the end for a competition to win an Oculus VR Headset! Although the runner up didn’t miss out, receiving a £75 voucher to return to a sixes cricket near them…

We received some great feedback from the attendees at the event. From speaking to them, the key takeaway from the afternoon included that whilst not every tool presented is the right fit for every organisation (perhaps due to size, budget or security maturity), the format is an excellent way of getting a view of current security trends and risks. Finally, a number of attendees noted how the workload for IT teams is unrelenting, so “light-touch” tools (such as BullWall RC) which can quick enhance security with a low management footprint are extremely attractive.

To find out more about each technology discussed, take a look at our SOCial Cricket Event Presentation Slides here!

Call us today on 01782 752 369
KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL

Throughout this blog post, we have put together some of the latest industry insights from us and our vendors in KedronUK’s monthly Techbrief! This month we share with you information on Ransomware, Increasing Modularisations, Network Visualisation, and much more.

KedronUK
Streamlining Efficiency: A Dive into our Latest Automation Project (Blog Post)
Read our latest blog post from Phil Swainson where he explores how even seemingly ‘unbroken’ processes can benefit from automation, demonstrating the value of taking a proactive approach to innovation.

We find it hard to believe we are making over two decades of success in the ever-evolving IT industry, so we wanted to take a look back and share with our customers where it started, what has changed and where we think we will be going next!
Read the full blog here!

ExtraHop
Ransomware is About to Get Worse. Much Worse. (Blog Post)
If your organisation got hit with ransomware, what would you do? Would you pay the ransom?

As ransomware attacks once again take centre stage in cybersecurity, more and more organisations are opting to pay the ransom: 91% of security and IT decision makers surveyed on behalf of ExtraHop say they made at least one ransom payment in 2023, up from 83% in 2022, according to the 2024 Global Cyber Confidence Index.
Read more here.

Infosim
The Importance of Increasing Modularisations StableNet® Development. (Blog Post)
Network management software is tasked with oversight of complex network infrastructures comprised of a wide array of vendors, technologies, and innovations. Artificial intelligence and machine learning, novel approaches to data visualisation, the proliferation of IoT, telemetry… the list of tasks for a truly holistic and integrative solution are daunting indeed.

In this blog post, we will explore the myriad benefits of modularisation, focusing on its ability to simplify updates, foster specialized expertise, and pave the way for a more adaptable and forward-thinking approach to our unchanging commitment: the never-ending improvement of StableNet®.
Find out more here.

Keysight Technologies
Five Surprising Benefits of Network Visualisation. (Blog Post)
In the dynamic world of modern technology—where the intricacies of network systems continue to evolve at a rapid pace—the role of network visualisation stands as a game-changer in unravelling the mysteries of network modelling. Network visualisation provides a real-time view of network traffic and resource utilisation and can be used to identify bottlenecks, inefficiencies, and potential security vulnerabilities. Throughout this blog post Keysight delve into five surprising advantages that network visualisation brings to the realm of network modelling.
Read more here.

Rapid7
The Business of Cybersecurity Owndership. (Blog Post)
Cyber ownership can often be overlooked or misunderstood within an organisation. Responsibility and accountability should not rest solely on the CISO’s shoulders. And while the IT department will also have a role to play, security responsibilities must be ingrained in the culture of the entire organisation. They should include each responsible asset owner, not forgetting that data is also an asset.
The more eyes there are on security within your business, the greater the ability of your cyber teams to strive for increasing levels of maturity and a stronger overall security posture.
Read more here.

Heimdal
SharePoint Flaws Could Help Threat Actors Evade Detection Easier When Stealing Files. (Blog Post)
Two methods that researchers have found might allow attackers to get around audit logs or produce less serious entries when they download data from SharePoint. Due to the sensitivity of SharePoint data, a lot of businesses audit sensitive occurrences, such as data downloads, to set off alarms in security information and event management platforms (SIEMs), cloud access security solutions, and data loss prevention tools.

Two easy methods that users can employ to get around SharePoint’s audit logs or create less sensitive events by downloading data in a certain way or passing it off as data synchronization operations have been developed by security experts.
Find out more here.

Forescout
The Global Threat Evolution of Internet-exposed OT/ICS. (Blog Post)
Operational technology (OT) and Industrial Control Systems (ICS) are core parts of an engine fuelling critical infrastructure in industrialised nations worldwide. Water treatment facilities. Wastewater plants. Electrical transmission and distribution hubs. Nuclear power and manufacturing plants. Energy pipelines.

Over the years, these traditional technologies have become more connected and integrated to information systems that use the internet – opening them up for more efficient monitoring and automation of operational processes.
Read the full blog post here.

BullWall
Ransomware Prevention Best Practices. (Blog Post)
In an era that features constant cybersecurity threats that are increasingly complex and continually evolving, combating ransomware remains one of the most daunting challenges many organisations face. Though we understand that complete ransomware prevention is not possible, we are aware that having a well-executed list of best practices can significantly mitigate risks associated with a ransomware attack. Throughout this blog BullWall highlight some of the many different layers available to help your organisation avoid and mitigate the impact of a ransomware attack.
Read more here.

Call us today on 01782 752 369
KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL

The age-old adage “if it ain’t broke, don’t fix it” often serves as a deterrent to embracing automation. Many organisations are hesitant to disrupt existing technical workflows, especially if they’ve proven effective, if not efficient, over time. However, this mindset can also be a barrier to progress and innovation, and in some cases, costing time and therefore money.

While certain processes may appear functional on the surface, they may still harbour inefficiencies or limitations that could be addressed through automation. By challenging the status quo and being open to change, organisations can uncover hidden opportunities for improvement and unlock new levels of efficiency and effectiveness.

This blog post will explore how even seemingly “unbroken” processes can benefit from automation, demonstrating the value of taking a proactive approach to innovation, as highlighted by a recent automation project with a manufacturing company in an industry that dates back to the 19th Century.

“By focusing on objective evaluations of workflows and processes, stakeholders can identify areas for improvement and implement solutions effectively”.

An open-minded, collaborative approach is essential for successful automation projects, especially in network management. By focusing on objective evaluations of workflows and processes, stakeholders can identify areas for improvement and implement solutions effectively. This approach was exemplified in a recent manufacturing company’s successful automation project caried out by KedronUK, where a clear focus on process evaluation led to significant improvements.

Initially, ten workflows were identified for evaluation.

The goal was to:

• Identifying the stakeholders involved in each workflow.
• Thoroughly understand the current workflows.
• Quantify the time and effort involved in each workflow.
• Assess the feasibility of automation of each workflow.

Each of the ten workflows were assessed and categorised for feasibility, efficiency benefit and cost verses benefit. It was found that the initial ten workflows fell into the following three main categories:

1. Mitigating Ticket Proliferation in IT Service Management:
There was a need to address the issue of an excessive number of tickets being generated in the IT Service Management Platform. Streamlining and refining the ticketing process would be pivotal in enhancing overall operational effectiveness.

The Network Operation Centre (NOC) team, where finding it very difficult to stay on top of the 10,000 plus tickets being generated through existing integrations.

2. Worlkflow Automation for manual Tasks:
An automation opportunity was identified within manual workflows to eliminate redundancy associated with repetitive tasks. This included expediting the onboarding of new devices and the cessation process for existing devices. By automating these procedures, the aim was to enhance efficiency, reduce errors, and accelerate the overall pace of operations.

3. Efficient Ticket Generation for the NG Firewall Platform:
Automating the process of ticket generation for the Next Generation Firewall platform, with threat intelligence, to ensure a swift and accurate response to detected threats and assessments. This would involve integrating automation solutions that expedite the identification, logging, and resolution of issues on the platform, ultimately contributing to a more responsive and agile operational environment.

Lets look at these in turn:

Mitigating Ticket Proliferation in IT Service Management
Three tiers, or components were involved in raising ITSM tickets for the organisation, which within themselves already had a degree of automation implemented. The results however had become unmanageable, with approximately 10,000 tickets per month being raised for the 24×7 NOC team to triage and close. This equated to roughly 14 tickets per hour around the clock.

Upon investigation, it was discovered that a significant portion of these tickets were duplicates or repetitions of similar events, leading to a staggering 70% increase in ticket volume. The existing automation had become inadequate, exacerbating the issue rather than resolving it.

The first tier, the Network Management tool, had root cause calculation capabilities but was configured to forward all alarms, without root cause, to the second tier—a Network Management tool with integrations to the third tier, the ITSM platform. While this setup seemed promising in theory, it proved ineffective in practice, as evidenced by the overwhelming volume of tickets inundating the NOC team.

The immediate and pressing question arose: Why wasn’t a tool equipped with root cause analysis capabilities being fully leveraged? The answer, though somewhat surprising, revealed that the second-tier solution possessed the capability to filter—not correlate—for alarms tagged with a root cause from the first tier. Furthermore, the business had decided to only address root cause incidents of specific types via the proactive team in the ITSM, with the remainder managed by the Business as Usual (BAU) Team through reports. Consequently, this criterion was also added to the filter.

This setup meant that, regardless of the configurations in tier one, tier two would only forward what it was configured to, resulting in the decision to send everything from tier one to tier two.

We recommended reversing this logic, making the more capable tier one tool the one with the intelligence to determine what to send after calculating root cause. This approach would leave tier two with the straightforward task of merely forwarding what it receives. Additionally, this approach simplifies future configuration changes, as there is only one tool to configure.

This change resulted in a 33% reduction in the number of alarms sent to tier two, all of which matched the proactive team’s criteria. However, the number of ITSM tickets remained roughly the same.

In delving into the root cause of the ticket surge, we examined a month’s worth of ticket data. Our analysis revealed a trend: a substantial number of tickets were being closed by the proactive team, marked as acceptable within business utilisation thresholds. Moreover, we observed a proliferation of seemingly duplicate incidents, where multiple tickets were processed and closed by the team, referring to existing open tickets.

The investigation yielded two significant recommendations. Firstly, we proposed fine-tuning the tier one management platform to trigger alarms based on business utilization thresholds, which notably curtailed the number of utilization related ITSM tickets.

Secondly, we investigated the issue of apparent ticket duplication for identical incidents. We uncovered a limitation within the tier two platform—its ticket-raising process lacked an update mechanism. When a condition resolved to its KPI, an “OK” notification was issued from tier one to tier two. Tier two would then locally close the incident without updating the ITSM. This oversight led to recurrent breaches generating new tickets. The oversight was blamed on the business requirement for all tickets to be closed manually.

A solution was needed to update open tickets with both the “OK” notification and recurrent breaches. However, we hit dead ends with the tier two solutions capabilities and with the ITSM platform team due to a reluctance to alter logic, therefore, we redirected our focus to tier one. Leveraging its capability to directly interface with the ITSM tier bypassing tier two, we achieved the required ticket creation and update process.

Overall, monthly tickets saw a remarkable 77% reduction, plummeting from 10,000 to 2,300. This significant improvement allows the team to allocate more resources to incident resolution rather than ticket deduplication. Furthermore, the business is now evaluating the business case for the tier two solution, with potential cost reductions on the horizon.

As can be seen, the insights gained from our analysis led to recommendations aimed at optimising processes and enhancing productivity. In the upcoming segments of this blog series, we’ll continue our dive into additional facets of network management automation with a look at Workflow Automation for Manual Tasks followed by Efficient Ticket Generation for the NG Firewall Platform.

If you would like to discuss an Automation or Consolidation project, please contact phil.swainson@kedronuk.com.

Call us today on 01782 752 369
KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL

Throughout this blog post, we have put together some of the latest industry insights from us and our vendors in KedronUK’s monthly Techbrief! This month we share with you information on The Dangers of Cyber Risk Quantification, How AI is Enabling Resilience in Healthcare, Ransomware’s Impact on Government Organisations, and much more.

KedronUK
KedronUK Has Come of Age! (Case Study)
KedronUK has reached the grand old age of 21 and will be celebrating this milestone with the team by attending the Henley Royal Regatta 2024!

We find it hard to believe we are making over two decades of success in the ever-evolving IT industry, so we wanted to take a look back and share with our customers where it started, what has changed and where we think we will be going next!
Read the full blog here!

ExtraHop
The Dangers of Cyber Risk Quantification. (Blog Post)
Cyber risk quantification (CRQ) is an approach to analysing and reporting on cybersecurity risks that has grown in popularity over the past decade. One of the leading CRQ frameworks is known as the Factor Analysis of Information Risk (FAIR) model. The FAIR model posits that cybersecurity risk can be quantified in terms of its potential financial impact, just like any other business risk. The benefits to quantifying risk financially are that security leaders can communicate the impact of a potential cybersecurity incident in terms executives are familiar with and they can clearly demonstrate the effectiveness of their cybersecurity programs.
Read more here.

Infosim
StableNet® Analytics Portal (SNAP). (Blog Post)
Dashboards are an invaluable tool to visualize data, gain insight and share information with stakeholders. For network management, dashboards are not “one-size-fits-all”; specific user groups require different levels of granularity. With the all new StableNet Analytics Portal (aka “SNAP”), near-real-time dashboards can be customized easily and with multi-tenancy, your level of control has never been greater. .
To learn more, click here and see how, with the all new StableNet Analytics Portal, getting and sharing the information you need really is a “SNAP”.

Keysight Technologies
3 Ways that Artificial Intelligence is Enabling Resilience in Healthcare. (Blog Post)
The Covid-19 pandemic heightened existing pressure points in nearly every sector and industry. The pandemic exacerbated the already crisis-level burnout that healthcare workers were struggling with. Hospital networks are struggling to keep pace with more patients requiring care from a shrinking healthcare professional workforce. Inflation, increased doctor-patient ratios, and a shrinking healthcare talent pool have stretched the medical industry to its breaking point. Digital health technologies that leverage AI contribute to improving the efficiency and effectiveness of hospital systems in meaningful ways, including cost reductions, improved access to healthcare, and resource optimisation.
Find out more here.

Rapid7
Why The External Attack Surface Matters: An analysis into APAC related threat activities. (Blog Post)
Considerable focus within the cybersecurity industry has been placed on the attack surface of organisations, giving rise to external attack surface management (EASM) technologies as a means to monitor said surface. It would appear a reasonable approach, on the premise that a reduction in exposed risk related to the external attack surface reduces the likelihood of compromise and potential disruption from the myriad of ransomware groups targeting specific geographies and sectors.
Read more here.

Heimdal
There’s Something Phishy about Generative AI. (Blog Post)
The rise of GenAI (Generative AI) gives leeway to malicious content creators with 80% of all phishing campaigns discovered in the wild being generated by AI tools such as ChatGPT or similar.
In this article, we are going to explore the latest phishing techniques that capitalise on GenAI.
Find out more here.

Forescout
The Mega Impact of AI-Driven Disinformation Campaigns. (Blog Post)
The amount of money to run an AI-based disinformation campaign is miniscule compared to the influence the campaign can have on society. As noted in a recent SecurityWeek piece “Preparing Society for AI-Based Disinformation Campaigns in the 2024 US Elections”, there are four common steps in these efforts: Reconnaissance, content creation, amplification and actualisation. Unlike other threat actors who typically act out of financial motivation, the question here isn’t ‘how do we monetise the campaign?’ It’s ‘how do we effect change?’ They want to change the way people think and act — and change what they believe.
Read the full blog post here.

BullWall
How Ransomware Impacts Government Organisations. (Blog Post)
Government institutions provide critical services to citizens, including healthcare, public safety, transportation, and utilities and as such are prime targets for ransomware attacks. Ransomware attacks can disrupt these services, causing delays, shutdowns, and potentially putting lives at risk. In some cases, ransomware attacks on government institutions may have broader national security implications. For example, if critical infrastructure or sensitive government systems are compromised, it could impact national defence, intelligence operations, and diplomatic relations.
Read more here.

Call us today on 01782 752 369
KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL

Kedron UK has reached the grand old age of 21 and will be celebrating this milestone with the team at the Henley Royal Regatta in July! We find it hard to believe we are marking over two decades of success in the ever-evolving IT industry, so we wanted to take a look back and share with our customers where it started, what has changed and where we think we will be going next!

Starting out as a provider of network management tools in 2003, Kedron UK quickly expanded its services to include application performance and end-to-end service visibility.

As the industry continued to shift and evolve, so did we.

On Prem – Cloud – Hybrid
One of the most significant technology trends has been the shift towards cloud computing and virtualisation. As more businesses have moved their data and applications to the cloud, traditional IT management and monitoring tools faced challenges. However, we found it was important not jump into cloud monitoring specific tools only, as users still accessed services within their own networks and as we deal with predominately large and secure customers, often critical / sensitive applications and data would remain on premise. We needed to ensure we provided the best possible solutions for Hybrid environments using as few monitoring tools as possible.

We Entered the Cyber Security Market
Finally, the growing importance of cybersecurity has also impacted IT operation management and monitoring. With the increasing number of cyber threats and attacks, businesses need to be able to monitor their networks and systems for potential breaches and respond quickly when a threat is detected.

This has led to the development of new security-focused tools and platforms that are integrated with IT management and monitoring systems to provide end-to-end visibility and protection.

This is why, in 2017, KedronUK expanded its services to include cybersecurity. This move reflected the growing focus on cybersecurity threats in the industry and the need for businesses to protect their networks and data from malicious actors. We also ensured we stayed close to what we are we good at which is fundamentally getting our customers the right kind of visibility from the complex environments. By providing technologies like Network Detection and Response, Threat intelligence, SIEM, and SOAR we have been able to broaden on product portfolio, whilst ensuring we stay true to our quality design and delivery process.

Machine Learning and AI
Currently topical with our customer base is obviously the rise of artificial intelligence (AI) and machine learning (ML).

With the increasing amount of data generated by IT infrastructure, AI and ML have become useful tools for analysing and interpreting data to identify potential issues and optimise performance.

In many ways this is only just begun, but we have found again the importance of a pragmatic and balanced approach. From our works so far reviewing capabilities and their implications for the system we provide that as important as this technology is, it should not be seen as the magic answer to all challenges. In fact, the best outcomes seem to come when it this tech is layered on top of already functional and mature monitoring platforms.

Whats Next?
Here we have a look at a couple of areas where we think will be busy next, Phil Swainson our Head of technology plans to review each of these areas in more detail in a series of future posts celebrating our big birthday. Each edition will come with a special offer so keep your eye out!

• Unification of SOC and NOC – Maybe because of our background and development we have seen within our own portfolio, or because of the increased expectation of shared data via APIs and open standards we see that there will an increased awareness that multiple technology teams have very similar technologies running in parallels. More and more there are vendor solutions that cover multiple domains offering opportunity for cost saving and technical efficiencies. An example here would perhaps be Network Detection and Response and Network Performance Management, both solutions collecting network traffic from Taps, Packet brokers or SPAN ports for analysis.

• CMDB Comeback – Sometimes CMDB is a dirty word, many have tried to build and maintain an accurate solution that meets individual business operational, and compliance needs but many organisations we speak to are still left frustrated. For this reason, we have seen vendors move away from the term and start using other terms to describe similar functionality or narrow their focus into security and other niche’s, you could argue AIOPs is one of those to some extent. We think the concept is still correct and we just need better tools and process to achieve a reliable way of getting to the end goal that stakeholders can then learnt to trust. We think this is one area where AI and ML is extremely interesting and can complement but also assure best practice and process. However again we think AI on its own won’t solve the total problem. We’ve got some interesting ideas about what will so watch out for Phil’s upcoming blog post.

• IoT/OT and IT Convergence – Like or hate it these worlds are coming together and end to end views of performance and security are critical, bridging the gap between these two technology areas and cultures is surely a challenge that needs addressing with a unified approach.

We’d love to know what you think, both about how things have changes in the areas of performance and security visibility and what you think will be next!

Call us today on 01782 752 369
KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL