Throughout this blog post, we have put together some of the latest industry insights from us and our vendors in KedronUK’s monthly Techbrief! This month we share with you information on Security Thoughts for 2025, Zero Trust Principles, AI- Powered Visibility, and much more.

KedronUK
Security Thoughts for 2025 (Blog Post)
Beyond AI, cybersecurity challenges continue to evolve. Effective vulnerability management requires more than just CVSS scores, and supply chain attacks highlight the need for greater scrutiny of third-party providers. Meanwhile, advancements in quantum computing could reshape encryption and cloud security.

As we navigate 2025, understanding these trends will be key to staying ahead in an increasingly complex digital landscape.

Please see the full blog here!

BullWall
Why Hospital Cybersecurity is More Than Protecting Patient Data. (Blog Post)
Today, hospitals are more than just medical facilities to be referred to for surgery or emergency healthcare needs; they’re complex ecosystems of interconnected services house value patient data.

Though modern medicine and the systems and servers used to store data have allowed quicker and safer patient care, they are also frequent targets of cybercriminals. Since the healthcare industry, especially hospital networks and medical facilities, is a frequent target of cyber-attacks, it is important to have a ransomware resilience tool prior to an attack.

If BullWall Ransomware Containment is in place when a cybercriminal attack happens, the spread will be halted, compromised devices will be instantly isolated, and encryption will be prevented. Find out more here.

Forescout
Zero Trust Principles: Address Asset Visualisation and Classification. (Blog Post)
Forescout has developed a step-by-step approach to realising Zero Trust security. They call it “The Adaptive Approach to Zero Trust Assurance,” and it’s designed to help meet zero trust mandates faster with a simplified transition roadmap. 2024 saw a rise in cyber threats and regulatory pressures. Personal liability for CISOs increased along with the number of audit requirements needed to prove compliance and quantify organisational exposure and risks.
To defend against these threats, organisations that want to be proactive must assume a breach mindset: Acknowledge the inevitability of a breach with active defences that minimize its impact.

It starts by addressing the most critical assets in the business with the principles of Zero Trust. Read more about Zero Trust here.

Infosim
KRITIS, DORA, NIS1 – Knowledge for Network Management. (Blog Post)
In an era of increasing cybersecurity risks and regulatory pressure, network operators must navigate a complex landscape of compliance frameworks. Three key regulations—KRITIS, DORA, and NIS 2—are shaping the future of network management and reporting requirements. While each framework serves a distinct purpose, they share common goals in strengthening resilience, cybersecurity, and operational stability across critical infrastructure. Understanding their differences and similarities is essential for network operators to ensure compliance and optimize their security strategies.

Find out more here.

Rapid7
MDR + SIEM: Why Full Access to Your Security Logs Is Non-Negotiable. (Blog Post)
Many Managed Detection and Response (MDR) providers promise world-class threat detection, but behind the scenes they lock away your security logs, limiting your visibility and control. It’s your data — so why don’t you have full access to it? Isn’t the whole point of security to see everything happening in your environment? Without full access to your own data, you’re left dependent on their tools, their timelines, and their interpretations of security events.

This isn’t just an inconvenience — it’s a risk.

Find out more about pairing MDR with SIEM here.

Keysight Technologies
The Sooner the Better: AI-Powered Visibility Accelerates Threat Detection and IT Operations. (Blog Post)
We expect Artificial intelligence (AI) to speed up processes and drive down costs, and that seems to be what’s happening in cybersecurity. A recent survey found that 1 in 5 organizations now use AI in their cybersecurity practices, and their investments paid high dividends on multiple fronts – like faster threat detection, lower breach costs, and reduced strain on overworked SOC teams.

After a quick update on the role and value of AI, Keysight introduce a new generation of AI-powered network visibility and explain why applying AI earlier in the process helps to find threats faster and give defenders an even greater advantage.

Read more here.

ExtraHop
Malicious Use of RMM: Remote Monitoring and Management. (Blog Post)
Network detection and response (NDR) refers to cybersecurity products that ingest and analyse network traffic to detect malicious activity. Where endpoint detection and response (EDR) tools collect and analyse endpoint data and behavior, network detection and response solutions work off wire data from network packets traversing the east-west and north-south corridors.

According to Gartner®, “Network detection and response (NDR) products detect abnormal system behaviors by applying behavioral analytics to network traffic data. They continuously analyse raw network packets or traffic metadata within internal networks (east-west) and between internal and external networks (north-south).

Find out more about NDR here.

Call us today on 01782 752 369
KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL

Beyond AI, cybersecurity challenges continue to evolve. Effective vulnerability management requires more than just CVSS scores, and supply chain attacks highlight the need for greater scrutiny of third-party providers. Meanwhile, advancements in quantum computing could reshape encryption and cloud security.

As we navigate 2025, understanding these trends will be key to staying ahead in an increasingly complex digital landscape.

AI is everywhere but does it need to be?

There’s been something of a stampede by vendors to add AI functionality into products.  It seems almost every product now has a Copilot or similar feature claiming to make life easier.  Understanding how beneficial this is to users is unclear at present.  When evaluating new products, KedronUK does cast a critical eye over the “datasheet benefits” and how they many actually work in the real world.

AI and ML does suit some applications very well though.  Surfacing performance or security detections (events / alerts) in large amoun’ts of data, such as raw network traffic in NDR tools or logs in a SIEM solution, is a great use case.

AI isn’t just all good though

I’m sure every IT professional has seen a terrible attempt at a phishing e-mail, either offering them money lost in a foreign bank account or one claiming to be from a senior colleague asking them to help with an urgent action.  Easy access to AI tools will make these harder to spot as they mimic the writing style or even voices of colleagues.  Alongside appropriate security tools, user awareness will be very important in helping combat this threat.

Managing the use of AI platforms will also continue to challenge organisations from a GRC perspective.  The leaking of sensitive data could occur thanks to careless but well-intentioned use of AI to help with productivity.

Look beyond just the vulnerability

Vulnerability scanners are a common and essential part of any IT’s team tooling.  Finding and addressing vulnerabilities early is important in maintaining a good secure posture.  However, just considering a CVSS score in isolation may not deliver the best results.  Leveraging additional data sources such as the CISA KEV catalogue can provide extra context to help prioritise remediation work.  As an example, a CVE with a score of 9.8 would, at first glance, look to need immediately addressing.  However, it may not be actively exploited.  Thus, a CVE with a lower score (eg 6.5) which is being commonly exploited should be addressed first.

Incorporating vulnerabilities (with all import context) and other signals can provide a much wider and more complete view of your attack surface.

Trusted Partners

The December 2024 attack on the US Department of the Treasury used BeyondTrust’s remote support tools to gain access to the Department’s infrastructure.  Supply chain attacks are nothing new though – the SolarWinds Sunburst and Supernova attacks date back to 2020/21.  Whilst SaaS (or other XaaS) still has many benefits, it can be extremely difficult to audit and build trust in a provider.  Major SaaS providers will continue to be a ripe target for nation state attackers.  This may encourage organisations to move back to self-hosted solutions, especially critical parts of the infrastructure such as ZTNA.

This topic doesn’t just cover technology service providers though.  With the change of government in the USA and their “unsettling” statements on subjects such as security, borders and tariffs, both private business and public sector users may start to reconsider the implications of hosting applications and storing data in cloud platforms owned by US technology companies such as Microsoft and Google.  Could unexpected policy announcements have sudden legal implications for data sovereignty and local compliance regulations?

The World of Quantum

For large enterprises, interest in quantum computing will continue to grow as they research and plan how the new age will impact their operations.  The applications of aspects quantum computing, such as Quantum Random Number Generation gives financial businesses the chance to improve the accuracy and speed of simulations.   QRNG also offers a truly random source of random numbers to provide an ideal basis for encryption keys.  Entropy as a Service offers a way to benefit for cloud applications and IoT devices to benefit from QRNG.

For more information please get in touch!

Call us today on 01782 752 369
KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL

Who are Logpoint and when was the company established?

Logpoint was founded in 2012, and safeguards society in a digital world by helping customers and Managed Security Service Providers (MSSPs) detect cyberattacks. Combining reliable technology with a deep understanding of cybersecurity challenges, Logpoint makes security operations easier, giving organisations the freedom to progress. Logpoint’s SIEM and NDR technologies improve visibility and give a multi-layered approach to cybersecurity that helps customers and MSSPs in Europe navigate the complex threat landscape. Headquartered in Copenhagen, Denmark, Logpoint has a European foundation and is the only European SIEM vendor with a Common Criteria EAL3+ certification. This demonstrates Logpoint’s strong focus on data protection and cybersecurity regulations. 

What’s new since KedronUK first partnered with Logpoint?

The biggest news in 2024 was Logpoint’s acquisition of Muninn, a Danish company specialising in AI-driven Network Detection & Response (NDR) technology. 

What new features have been introduced in the past year?

1. SIEM

• Support for .CSV and .TXT to import lists (IoC, malicious domains, IPs, etc.)
• Templated log sources, including syslog sources
• Dark mode
• Support for Azure Blog Storage for more cost-effective cloud-based storage methods and scalability to scale up or down in tiers of storage
• SaaS Logpoint Portal for centralised access management, expanding to on-prem SIEMs in 2025
• Onboarding with pre-configured compliance dashboards covering access management, incident management, and perimeter security monitoring. 

2. SOAR Playbooks

•  Playbook restoring
• Integration-agnostic playbooks for easier distribution to customers
• Playbook action for encoding/decoding HTML, changing case types and adding incidents as a new artifact

3. SOAR Case Management

• Automatic reading of the incidents and adding all the extractable data as artifacts to the case
• All-in-one screen case management with case timeline, graphical overview of artifacts relations in an incident, and the option to run automatic investigations from the case

4. Director 

• Templated log sources, including syslog log sources and cloud features
• Centralised health metrics monitoring dashboard
• Role-based access control for segregation of users permissions

What’s coming in 2025?

Throughout the following months, Logpoint will focus on different areas. To reduce operational overhead, Logpoint is looking for ways to improve log source onboarding and enhance log source activity monitoring and data integrity. Analysts will also benefit from better enrichment and querying features for threat hunting and will continue to get better threat detection, thanks to optimised T1 integrations and alerting. 

What gap does KedronUK fill for Logpoint?

Logpoint delivers a comprehensive end-to-end security platform, equipping organisations with everything they need for effective cybersecurity. Kedron complements this by providing value-added services and managing security complexities on behalf of end customers. Together, we enable organisations to stay focused on their core business while ensuring their security operations are well-managed and optimised. 

Phil Swainson, Head of Technology at KedronUK says: “We’ve found that customers managing enterprise networks are struggling to find a network performance management tool focused on packets that can handle the demands of high-speed, high-bandwidth networks, while not breaking the bank with excessive storage requirements. The unique way Allegro Packets solutions work means that network managers and IT Ops managers can get the information they need without having to search petabytes of data.”

What does Logpoint bring to KedronUK?

Logpoint brings a valuable SIEM capability to the KedronUK product and services portfolio. 

• Flexible deployment models including self-managed (on-premise / private cloud) and SaaS cover varying customer requirements. For users with specific compliance or contractual obligations, the SaaS instance can be provisioned in the UK to remove any concerns about data sovereignty.
• Logpoint’s transparent pricing model is easy to understand and provides cost clarity for users. Predicting costs can be difficult with other models such as ingestion-based billing (e.g. events per second or GB per day) and limit the scope of a deployment. There are also special license bundles for public sector customers such as the NHS. 
• Hundreds of out-of-the-box integrations allow users to collect data from a wide variety of sources and leverage existing security tools to improve detection, investigation, and response capabilities.

The recent acquisition of Muninn extends the security capabilities of Logpoint to include NDR/XDR. This provides additional visibility into Cloud, OT, and remote workers. 

To find out more about Logpoint, please Contact us or get in contact with our sales team through sales@kedronuk.com. 

Call us today on 01782 752 369
KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL

Throughout this blog post, we have put together some of the latest industry insights from us and our vendors in KedronUK’s monthly Techbrief! This month we share with you information on OT/IoT Visibility, Medical Ransomware, 2025 Cybersecurity Predictions, and much more.

KedronUK
OT/IoT Visibility Survey Report (Blog Post)
Although the integration of IT with OT, ICS, and IoT/IoMT networks allow for streamlines process, predictive maintenance, and enhanced data analysis capabilities, it also introduces significant challenges, particularly in the realm of cybersecurity.

In response to these challenges, we conducted a survey in partnership with Keysight Technologies and Forescout Technologies, to better understand how enterprises are approaching the integration of these diverse systems.

Please see the full report and summary of responses here!

BullWall
How BullWall Strengthens Resilience Against Medical Ransomware. (Blog Post)
The healthcare industry has become a prime target for ransomware attacks, with cybercriminals increasingly focusing on hospitals, clinics, and medical device manufacturers. Medical ransomware attacks compromise critical healthcare systems, disrupt patient care, and pose significant risks to sensitive patient data. For healthcare organisations, where every second counts, and downtime caused by ransomware can have devastating consequences – delayed treatments, financial losses, and even threats to patient safety.

Find out more about medical ransomware attacks here.

Forescout
7 Cybersecurity Predictions for 2025. (Blog Post)
As we quickly approach a new year, the threat landscape is evolving. Here, we share the most pressing cybersecurity predictions across critical infrastructure, operational technology (OT), ransomware, artificial intelligence, the supply chain, and more.

In 2025, the cybersecurity landscape will be defined by sophisticated, multi-layered threats from AI assisted hacking to persistent ransomware and targeted OT attacks. As threat actors evolve their tactics, organisations must stay proactive and use the latest technologies and strategies to protect their critical infrastructure and assets.

Read more here.

Infosim
How to Identify Better Ways to Manage Your Managed Service. (Blog Post)
Managed Service Providers (MSPs) play a crucial role in keeping IT operations running smoothly for their customers. From managing IT security to overseeing entire infrastructures, MSPs take on the heavy lifting so businesses can focus on what they do best.

But having the right tools in place is non-negotiable. Transparent, efficient, and seamless operations depend on them. The problem? The tech landscape is constantly evolving, and customer demands are only getting bigger. This makes building the perfect tech stack a real challenge. For MSPs, it’s all about staying ahead of the curve and proving they’ve got everything covered, no matter how complex the environment gets.

Read the full blog post here.

Rapid7
Unlocking the Power of AI in Cybersecurity. (Blog Post)
Todays SOC teams have to face dramatic challenges that include overwhelming volumes of alerts, blurred perimeter protections, and resource constraints; meanwhile, AI is bursting into SOC workflows as one of the most important elements in addressing these issues more productively and letting teams truly focus on what matters most.

See details from Rapid7’s recent webinar here.

Keysight Technologies
Keysight Launches All-in-One Solution for Network Visibility and Security. (Blog Post)
Keysight Technologies launched AppFusion, a network visibility partner program that integrates third-party security and monitoring solutions directly into its network packet brokers. The program integrates market-leading technologies from Forescout, Instrumentix, and Nozomi Networks enabling customers to streamline network and security operations (NetOps/SecOps) while significantly reducing infrastructure costs. This all-in-one, multi-vendor solution helps IT professionals reduce capital and operations expenses while improving security monitoring and performance.

Find out more here.

Logpoint
EDR Killers: After All, EDRs Are Not Invincible. (Blog Post)
Endpoint Detection and Response (EDR) tools are our frontline warriors in the ever-evolving cybersecurity battlefield. Yet, a new menace is taking shape: EDR killers – tools designed to impair these defences, leaving organisations exposed to devastating attacks.

Read more here.

ExtraHop
Malicious Use of RMM: Remote Monitoring and Management. (Blog Post)
For IT and security teams, remote monitoring and management (RMM) software, such as AnyDesk, ConnectWise, ScreenConnect, and Splashtop are a lot like cordless electric chainsaws. On one hand, they make tedious tasks like remote pitch installation and troubleshooting far faster and easier. But on the other hand, because they allow remote users such as helpdesk admins to take control of an end users computer, threat actors are increasingly exploiting legitimate RMM software to establish an interactive command and control (C2) channel, move laterally across an organisations network, maintain persistence, and fly under the radar of traditional detection by blending in with legitimate operations.

Find out more here.

Call us today on 01782 752 369
KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL

The convergence of Information Technology (IT) with Operational Technology (OT), Industrial Control Systems (ICS), and the expanding landscape of Internet of Things (IoT) and Internet of Medical Things (IoMT) devices is transforming how modern enterprises operate. As these traditionally separate networks become more interconnected, organisations have a unique opportunity to optimise their operations, gain real-time insights, and improve overall efficiency. This integration allows for streamlined processes, predictive maintenance, and enhanced data analysis capabilities, driving digital transformation across industries.

However, the integration of IT with OT, ICS, and IoT/IoMT networks also introduces significant challenges, particularly in the realm of cybersecurity. As these systems become more intertwined, the attack surface for cyber threats increases, making critical infrastructure more vulnerable to potential breaches, data manipulation, or disruptions in service. Enterprises are now faced with the challenge of protecting both their IT and OT environments while ensuring that their interconnected systems remain secure, reliable, and resilient.

In response to these challenges we conducted a survey to better understand how enterprises are approaching the integration of these diverse systems. The survey aimed to gather insights into the strategies, technologies, and best practices that organisations are adopting to secure their interconnected networks. We are particularly interested in learning about how enterprises are navigating the complexities of cybersecurity, ensuring the safe operation of their ICS and IoT devices, and maintaining the integrity of their data in an increasingly interconnected world.

The results provided some common areas of risk which require mitigation and also demonstrate varying levels of success leveraging their cybersecurity and compliance tools.

For the full report and a summary of responses, please see the OT/IoT Visibility Survey Report.

Call us today on 01782 752 369
KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL

First of all, Merry Christmas from all of us at KedronUK! It’s that time of year where, as a company, we like to reflect on the past year, and share what KedronUK has been working on, our view of what we’ve seen in the market over the last 12 months, and what some of our plans are for the next 12 months.

Welcoming New Faces to the KedronUK Family
This year, our team has expanded more than ever with the addition of five talented individuals who have seamlessly become integral parts of our sales team. Join us in welcoming:

• Maisie Cornwall – Business Development Assistant.
• Umer Khan – Account Executive 
• Joshua Phillipus – Internal Sales Executive.
• Thabo Molibola – Internal Sales Executive. 
• Wendy Mahashe – Business Development Assistant. 

Their expertise and enthusiasm have undoubtedly contributed to the success of our projects and the overall positive vibe within our work environment. 

We’ve also seen a number of role changes in the past year with: 

1. Phil Simms being promoted to Sales Manager.
2. Jeegar Shah being promoted to Technical Support & Delivery Team Leader.
3. Emma Fox changing roles from Sales to Assistant Project Manager. 

Meeting More Customers in Multiple Industries at Events throughout the Year
This year we’ve enjoyed attending and exhibiting at more events than ever before with a particular highlight being exhibiting in partnership with Infosim at Connected Britain at London Excel. This demonstrated our integrated approach to Network Management and CMDB

We also hosted more #NoSalesPitch events at unique venues across the country, where we focussed on hot topics for Cyber Security and IT Operations and create an ideal peer to peer networking environment around fun activities.

Our Key Partners & New Technologies
Last year we saw a number of change in this area, due to changes of ownership of some of our partners, and also because of new questions being asked by our customers.

In 2024 we’ve looked to stabilise that portfolio and really hone down on those technologies, and make sure we continue to keep our focus on the area visibility across NOC and SOC. 

We have made sure that we don’t dilute our skill set and maintain our ability to not only provide disruptive technologies, but also that we are able to deliver and support them to the high standards our customers expect. 

Keys Partnerships remain with: Infosim, Keysight, Rapid7, ExtraHop, BullWall, Opsramp, Logpoint, Thales, SolarWinds, Allegro Packets, and Instana. 

And despite the above emphasis, we did welcome new partnerships with:

FNT Software – Delivers tools to plan, document, and manage network resources across hybrid environments.

 UXM – Digital Experience Monitoring for any application

The Market
We found the market to be cautious this year with greater scrutiny on decisions, even with trusted providers and technology. We believe this to be related to pressure on budgets and economic uncertainty driven by political events. Although that sounds challenging, we actually found the reality and result of this validation that the technology we provide and the way in which we deliver is what our customers need and want. 

Customers tell us that they are short on resource, and the areas in which we work are critical to their organisations success. They need to be able to do more with less and ensure that the projects they commission in these areas are successful and delivered on time. 

All of this plays into Kedron’s strengths, and although some decisions we sometimes delayed due to the scrutiny, we still were successful in wining those key projects and strengthened existing customer relationships. 

We have also commissioned a new Customer Experience initiative where we have automated the process of receiving customer customer feedback in a structured way to make sure we are listening to our customers and acting on suggestion they provide. This has already provided excellent insight. 

Looking Forward to 2025
We have some very exciting projects commencing across all business lines in 2025 and will be growing our team again as a result. 

In the coming weeks and months you will see increased emphasis on our Managed Solution via our own Totuus Brand and Technology, where we look to address our customers challengers via providing the right technology as a service, where they still maintain the control and flexibility that we know large and secure organisations need. 

We will be running and attending even more events and looking to meet in person even more of you. 

And finally, we will look to be winning more projects to support our growth and to continue winning them the right way; by putting forward the best technology forwards delivered by the best people, our team and then standing by the results we promise.

And Finally… 

We’d like to thank our Customers and Partners for their support over the last 12 months, we hope you all have some great time off with your loved ones and we look forward to seeing you all in 2025. 

Merry Christmas, and a very Happy New Year, from all of us at KedronUK!

Call us today on 01782 752 369
KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL