CS May-Jun 2022

Computing 

Security 

Secure systems, secure data, secure people, secure business 

NEWS 

OPINION 

INDUSTRY 

COMMENT 

CASE STUDIES 

PRODUCT REVIEWS 

CHAINS OF FREEDOM 

Stabilising the wild swings and 

uncertainties of the supply line 

QUANTUM GOES BIG! 

Lift-off for commercial trial of quantum secured 

communication services 

GET THE BASICS RIGHT 

Guidance to see you 

through tough times 

ISOLATED AND VULNERABLE 

Human error levels hit new high 

as hackers step up attacks on 

solitary workers 

Computing Security May/June 2022 

'ZERO TRUST' 

SPECIAL INSIDE

Nobody likes feeling 

vulnerable. 

It’s the same when it comes 

to information security. 

That’s why our information security services have 

been designed to provide you with the robust security 

assurances you require. 

Penetration Testing 

Red Teaming 

Information Security Consultancy 

www.pentest.co.uk 

0161 233 0100 

pentest 

INFORMATION SECURITY ASSURANCE

comment 

COLONIAL PIPELINE ATTACK REMEMBERED 

Saturday, 7 May, this 

year marked the first 

anniversary of the 

infamous Colonial 

Pipeline hack, which 

ended with a ransom fee 

of US$4.4 million being 

handed over. In July 

2021, ISA Cybersecurity 

of Canada published a set 

of takeaways from the 

event. "They are still valid 

today and sync well with the Biden administration Executive Orders that grew out of the 

attack," says Bedrock Open Secure Automation. 

LESSON 1: THE IMPORTANCE OF SYSTEM MONITORING 

Although the publicised attack was on May 7, 2021, the hackers reportedly breached 

the system on April 29, a week earlier. ISA says that Security Information and Event 

Management (SIEM) tools, coupled with advanced threat intelligence, detection and 

monitoring, can help to recognise anomalous activities. 

LESSON 2: THE IMPORTANCE OF IT GOVERNANCE 

In his testimony to the United States Senate, Colonial Pipeline President and CEO Joseph 

Blount said: "We believe the attacker exploited a legacy virtual private network (VPN) 

profile that was not intended to be in use." 

LESSON 3: OT AND IT NETWORK CONVERGENCE CREATES ADDITIONAL RISK 

Colonial Pipeline shut down its system, because it did not know who was attacking, 

why or how it might affect its OT network, demonstrating the need for complete 

visibility into OT network operations and integrations. 

LESSON 4: SUCCESSFUL BREACHES CARRY A VARIETY OF COSTS 

Although the FBI recovered about 85% of the ransom paid, the threat actors still reaped 

hundreds of thousands of dollars in extorted funds and Colonial's Blount revealed at the 

time that it would cost the company "tens of millions of dollars" to repair the damage 

and restore all its business systems fully. 

LESSON 5: A SUCCESSFUL BREACH BREEDS OTHER HACKING EFFORTS 

This is the timeliest warning for every vulnerable organisation - and it needs to heeded. 

Brian Wall 

Editor 

Computing Security 

brian.wall@btc.co.uk 

EDITOR: Brian Wall 

(brian.wall@btc.co.uk) 

LAYOUT/DESIGN: Ian Collis 

(ian.collis@btc.co.uk) 

SALES: 

Edward O’Connor 

(edward.oconnor@btc.co.uk) 

+ 44 (0)1689 616 000 

Lyndsey Camplin 

(lyndsey.camplin@btc.co.uk) 

+ 44 (0)7946 679 853 

Stuart Leigh 

(stuart.leigh@btc.co.uk) 

+ 44 (0)1689 616 000 

PUBLISHER: John Jageurs 

(john.jageurs@btc.co.uk) 

Published by Barrow & Thompkins 

Connexions Ltd (BTC) 

35 Station Square, 

Petts Wood, Kent, BR5 1LZ 

Tel: +44 (0)1689 616 000 

Fax: +44 (0)1689 82 66 22 

SUBSCRIPTIONS: 

UK: £35/year, £60/two years, 

£80/three years; 

Europe: £48/year, £85/two years, 

£127/three years 

R.O.W:£62/year, £115/two years, 

£168/three years 

Single copies can be bought for 

£8.50 (includes postage & packaging). 

Published 6 times a year. 

© 2022 Barrow & Thompkins 

Connexions Ltd. All rights reserved. 

No part of the magazine may be 

reproduced without prior consent, 

in writing, from the publisher. 

www.computingsecurity.co.uk May/June 2022 computing security 

@CSMagAndAwards 

3


Computing Security May/June 2022 

contents 

CONTENTS 

Computing 

Security 


Stabilising the wild swings and 

uncertainties of the supply line 


Lift-off for commercial trial of quantum secured 

communication services 

NEWS 

OPINION 

INDUSTRY 

COMMENT 

CASE STUDIES 

PRODUCT REVIEWS 

GET THE BASICS RIGHT 

Guidance to see you 

through tough times 


COMMENT 3 

Colonial Pipeline attack remembered 

Human error levels hit new high 

as hackers step up attacks on 

solitary workers 

'ZERO TRUST' 

SPECIAL INSIDE 

ARTICLES 

NEWS 6 & 8 

Cyberattack on Toyota sparks alarm 

Top court rules on misuse of data 

Malware back with a vengeance 

No let-up in lack of diversity 

ALL SET TO EXCEL! 10 

This year’s Infosecurity Europe show is 

now fast approaching - and promises 

to deliver a great line-up of exhibitors, 

events, presentations and more at the 

ExCeL in London. See our preview 

ABSOLUTE ZERO 18 

Organisations are starting to switch from a 

model based on 'trust anyone and anything 

inside the network' to a 'trust no one and 

nothing' architecture. Brian Wall reports 

SECURE SYSTEMS: IS HARDWARE 

THE STARTING POINT? 11 

Hardware-assisted security capabilities are 

CHAINS OF FREEDOM 26 

seen as critical to robust security strategy 

Supply chains are prone to wild swings and 

uncertainties. How exactly can those chains 

SEVEN KEY TIPS WHEN CHOOSING 

be stabilised and less exposed, in order to 

AN IDENTITY SECURITY SOLUTION 12 

create a cooperative supply-chain platform? 

SecurEnvoy points to the advantages of 

selecting an offering that can be deployed 

as public cloud, fully Managed Service 

Provider (MSP) or On-Premise 

THE CAPTIVATING QUESTION 14 

Why aren't more companies using packet 

capture? asks Cary Wright of Endace 

HACKING GETS BACKING! 15 

ISOLATED AND VULNERABLE 30 

A university ethical challenge platform has 

Hackers are driving up the levels of human 

won government backing in the build-up 

error by preying increasingly on solitary 

to its launch into the commercial market 

workers - especially those at home, cut off 

from immediate IT support 

RANSOMWARE AND THE CLOUD 16 

John Tipton, Adarma, looks at the deep 

impact that ransomware is now making, 

especially through 'RansomCloud' 

GET THE BASICS RIGHT… 29 

Adoption of cyber security-related tools a 

growing problem in cyber security world, 

QUANTUM GOES BIG! 32 

warns Brookcourt Solutions' Steven Usher 

BT and Toshiba, along with EY, have 

IF YOU CAN'T STAND THE HEAT… 34 

launched the trial of what is described as 

… then do something about it. The time 

a "world-first commercial quantum-secured 

has arrived to fight back as Highly Evasive 

metro network". The infrastructure will be 

Adaptive Threats (HEAT) hit hard 

able to connect numerous customers 

across London. How safe will that be? 

PRODUCT REVIEW 24 

Endace Endaceprobe 9200 G4 

computing security May/June 2022 @CSMagAndAwards www.computingsecurity.co.uk 

4

news 

Senior lawyer 

Edward 

Machin 

TOP COURT STEPS IN TO RULE 

AGAINST THE MISUSE OF DATA 

The European Court of Justice has 

recently ruled that the general and 

indiscriminate retention of traffic and 

location data, for the purposes of 

combatting serious crime, is prohibited 

by EU law.* 

The court found in favour of convicted 

murderer Graham Dwyer who had 

duly challenged Ireland's use of mobile 

phone metadata in his conviction, with 

potential implications for criminal 

investigations across Europe. 

Comments Edward Machin, a senior 

lawyer in Ropes & Gray's data, privacy 

& cybersecurity practice: "This decision is 

no surprise, given the court's previous 

rulings on data retention. Indeed, the 

repeated references to 'settled case-law' 

perhaps betray its snark in having to 

reiterate that indiscriminate retention 

is not permitted for combatting serious 

crime," he states. 

"The case is timely, as it follows the 

recent agreement in principle of a new 

transatlantic data pact between the EU 

and US," continues Machin. 

"Given that the agreement is designed 

to rein in US government surveillance, 

that a European member state has again 

breached similar obligations under EU 

law doesn't look good when the US is 

being told that it needs to reform its 

snooping laws, if it wants a data deal," 

he points out.* 

https://curia.europa.eu/jcms/upload/docs/application 

/pdf/2022-04/cp220058en.pdf 

CYBERATTACK ON TOYOTA SPARKS ALARM AND SERVES AS WARNING 

The fact that the world's largest car manufacturer Toyota 

was recently forced to shut down 14 factories and 28 

production lines for an entire day due to a cyberattack serves 

as a warning in these volatile times, warns Tim Wallen, 

LogPoint UK&I regional director. "While the manufacture 

of cars is not necessarily critical to societies, it's a warning 

of how cyberattacks can influence 'in real life', not limited 

to leaks of digital information or systems being held for 

Ransome. When production lines are halted, and workers 

have to stay at home, we have to carefully consider whether 

we have done enough to protect our digital infrastructures. 

"With some 180,000 people employed directly in 

automotive manufacturing in the UK and in excess of 

864,000 across the wider automotive industry," adds 

Tim Wallen, LogPoint 

Wallen, "this is a crucial industry to protect." 

MALWARE BACK WITH A VENGEANCE AS PANDEMIC APPEARS TO WANE 

Malwarebytes recently announced the findings of 

its 2022 Threat Review (formerly the 'State of 

Malware' report), showing that, while the global 

pandemic may be waning, the 'cyberthreat epidemic' 

is likely here to stay for businesses and consumers. 

The research has uncovered a massive 2021 

resurgence of cyberthreats across multiple categories 

after pandemic-induced declines in 2020, tracking 

a 77% increase in malware detections over 2020. 

Business-focused cyberthreats jumped 143%, while 

consumer-specific threats rose by 65% to more than 

152 million. The resurgence was much more than a 

"return to business as usual, with detection numbers 

far exceeding pre-pandemic numbers, too", according 

to the company. 

ONE IN THREE COMPANIES ARE VICTIMS OF CYBERATTACK STATES SURVEY 

Cyber security awareness provider SoSafe's 

Dr Niklas- 

'Human Risk Review 2022' survey shows an 

Hellemann, 

SoSafe 

ever-worsening cyberthreat situation. 

According to the survey, a worrying one in three 

organisations (35%) has experienced a successful 

cyberattack in the past year. Furthermore, nine 

out of 10 (90%) cyber security experts confirmed 

this deteriorating situation. "With the Human Risk 

Review, we want to provide insights into current 

trends and developments in the European cyber threat landscape. Our goal is to further raise 

awareness of this topic - especially for the 'human factor' in information security," says Dr Niklas 

Hellemann, managing director of SoSafe. 

6 

computing security May/June 2022 @CSMagAndAwards www.computingsecurity.co.uk

Strengthen your data resilience with 

Immutable Backup from Arcserve 

Buy an Arcserve Appliance secured by Sophos, 

and get OneXafe immutable storage! 

Arm your business with a multi-layer protection approach to strengthen your overall data resilience. Arcserve 

brings you data backup, recovery, and immutable storage solutions with integrated cybersecurity to defeat 

ransomware and provide the best-in-class data management and data protection solution in the market. 

Arcserve UDP Data 

Protection Software 

Unified data and ransomware 

protection to neutralize 

ransomware attacks, 

restore data, and perform 

orchestrated recovery. 

Arcserve Appliances 

All-in-one enterprise backup, 

cybersecurity, and disaster 

recovery, with multipetabyte 

scalability. 

StorageCraft OneXafe 

Immutable Storage 

Scale-out object-based NAS 

storage with immutable 

snapshots to safeguard data. 

Get multi-layer protection! 

SCAN HERE

news 

Camellia Chan, 

X-PHY 

LACK OF DIVERSITY 

AND INCLUSION PERSISTS 

Asevere lack of diversity and inclusion in 

technology was one of the issues that 

was highlighted on International Women's 

Day. Camellia Chan, CEO and founder of 

cybersecurity company X-PHY (a Flexxon 

brand), firmly believes that talent is crucial 

to the industry, "especially as we witness 

an upheaval in innovation and digital 

transformation. Despite this, the number 

of tech roles held by women increased by 

a mere 2% in 2021". 

Chan also points out: "In order to increase 

this figure, as a society, we need to 

empower women from a young age and 

encourage them to be ambitious. Seeing 

women in high-powered roles is excellent 

and proactivity is key to ensuring they stay 

there." 

NORMS MUST BE CHALLENGED 

Businesses, too, have a crucial role to play, 

she adds. "Hiring and recruitment practices 

are incredibly important and, with visible 

female role models and leaders in the 

industry, we encourage women to envision 

a future in tech. Put simply, diverse talent 

brings new perspectives and innovation. 

Talented, driven women - as well as 

employees of different ages, nationalities 

and domains - create an impactful 

environment by challenging norms, building 

competencies and championing excellence." 

UK RANSOMWARE ATTACKS 'UP 200%' IN THE LAST YEAR, SAYS LAW FIRM 

New data released by law firm RPC has revealed that UK 

Jack Chapman, Egress 

ransomware attacks have doubled in the last year. 

Comments cybersecurity expert Jack Chapman, VP of Threat 

Intelligence at Egress: "Ransomware is one of the most serious 

cybersecurity threats facing UK organisations today. Our recent 

study found that less than a quarter of board of directors see 

ransomware as a top priority - organisations must tackle a 

number of serious threats, not just ransomware, and many 

just don't know where to focus their efforts." 

Preventing ransomware must become a top concern for 

organisations, and leadership must focus on building a robust 

security posture, he adds. "That includes evaluating overall 

spend and what's in the security stack, looking to intelligent 

technology to tackle sophisticated phishing attacks and other 

common entry points for malware." 

BEWARE THE LURKING DANGERS AS RETURN TO THE OFFICE GROWS 

The lifting of working from home restrictions means it's 

time for IT departments to consider that employees 

Chris Vaughan - Tanium 

returning to the office and reconnecting their devices to 

the corporate network may increase risks, warns Chris 

Vaughan, AVP - Technical Account Management, Tanium. 

"Employees working off personal laptops, tablets and 

mobiles often carry higher cybersecurity risks, due to 

issues like not having up-to-date patches installed. 

"Now, as employees return to the office, there is a 

possibility that they will unknowingly bring in devices that 

are infected with malware, trojans, viruses etc that have 

laid dormant until this point, ready to spread when an 

opportunity occurs." 

Once reconnected to a network, malware can then travel 

through a company, infecting every computer, he warns. 

SUPPLY CHAIN SECURITY RISKS SERVE AS 'BACK DOOR' FOR HACKERS 

New research unveiled by NCC Group suggests that cyber-attacks on supply chains 

soared by 51% in the last six months of 2021. 

"Organisations have an opportunity to reduce their third-party risk by clarifying whether 

they or their suppliers are responsible for supply chain risk management," says the company. 

Around one in three (36%) surveyed said they are more responsible for preventing, 

detecting and resolving supply chain attacks than their suppliers. Just over half (53%) said 

their company and its suppliers are equally responsible for the security of supply chains. 

"This could affect organisations' third-party risk, if it means that they are not conducting 

appropriate due diligence on their suppliers, and could expose them to regulatory 

penalties." Encouragingly, respondents recognised supplier risk as one of their top 

challenges for the next 6-12 months and report that they plan to increase their security 

budgets by an average of 10% this year. 

8 


shows & events 

ALL SET TO EXCEL! 

INFOSECURITY EUROPE, BILLED AS THE BIGGEST GATHERING OF THE 

INFORMATION SECURITY COMMUNITY IN EUROPE, IS ALMOST HERE 

Infosecurity Europe has played a key role 

in connecting the Infosec community for 

more than 25 years. Attracting over 13,000 

visitors, 300 exhibitors and 170 speakers, this 

year's event will take place from 21-23 June 

at ExCeL London, bringing industry peers 

together to network, share and ultimately, say 

the organisers, "become stronger together". 

CONFERENCE THEME & PROGRAMME 

Infosecurity Europe 2022's theme, Together 

we are Stronger, will focus on the need 

for cybersecurity professionals to increase 

collaboration to keep society safe and secure. 

The conference programme will explore 

several associated topics. The Keynote Stage 

will cover key threats and adversaries, tackling 

insider threats, building a security culture, 

the paradigm change in ransomware, 

monetisation of threats, Cybercrime-as-a- 

Service (CaaS), third party risk, how cyber 

criminals are changing their approaches, 

and improving the detection of known and 

unknown threats. 

Visitors will have the chance to engage in 

discussions around the latest cybersecurity 

challenges on the Insight Stage, equipping 

themselves with new strategies and techniques, 

and exchanging ideas and expertise. 

In the Talking Tactics theatre, real-world case 

studies will provide practical and actionable 

knowledge on how to keep up with the 

increasing sophistication of security threats. 

This year, Infosecurity Europe has also 

teamed up with NotSoSecure, which will 

deliver formal cybersecurity training courses 

live on the show floor for the first time. 

KEY SPEAKERS 

The Keynote Stage will give delegates direct 

access to information security knowledge and 

expertise from some of the industry's leading 

practitioners, policymakers, analysts and 

thought leaders. 

The main opening keynote speaker will be 

Major General Tom Copinger-Symes CBE, 

director of Strategy and Military Digitisation 

with UK Strategic Command, who will lead 

with his presentation, ‘Tackling the Uncertain 

Future of Security Threats’ (Tuesday 21 June, 

10:20). 

Baroness Eliza Manningham-Buller, former 

Head of MI5 and now serving on the Lords 

Select Committee on Science and Technology, 

will discuss ‘Leadership in an Age of 

Uncertainty’ (Wednesday 22 June, 10:10). 

Misha Glenny, author, journalist and 

specialist in organised crime and cybersecurity, 

has acted as consultant to European 

governments and the EU on the Balkans, and 

advised the US departments of State and of 

Justice on US-European relationships. He will 

discuss ‘Geopolitics and Cyber Insecurity’ 

(Tuesday 21 June, 15:20). 

FACTFILE 

Investigative journalist Geoff White, a 

reporter for the BBC and Channel 4 and 

author of The Lazarus Heist, will explore 

‘Lessons Learned from Most Recent 

Cybercrime Investigations’ (Wednesday 22 

June, 16:10). 

WHY ATTEND? 

"With threats increasing [39% of UK 

businesses reported a breach in the last year], 

acquiring the right knowledge and tools has 

never been more important," add the 

organisers. "At Infosecurity Europe 2022, you 

will have the opportunity to Learn, Explore 

and Network." 

Learn: Attend conference sessions and 

speak with industry experts. Earn CPE & 

CPD credits at a series of immersive 

workshops and demonstrations 

Explore: Discover, evaluate and benchmark 

products, solutions and innovations to 

transform your business 

Network: Meet new and established 

international suppliers from around the 

world. Build relationships with a diverse 

range of infosecurity professionals. 

To register to attend the show, go to: 

https://www.infosecurityeurope.com/en-gb 

WHAT: Infosecurity Europe 2022 

WHEN: 21-23 June 2022 

WHERE: ExCeL London, Royal Victoria Dock, London E16 1XL 

OPENING TIMES: 

Tuesday 21 June: 9:30am-5:00pm 

Wednesday 22 June: 9:30am-5:00pm 

Thursday 23 June: 9:30am-4:00pm 

10 


esearch special 

SECURE SYSTEMS: 

IS HARDWARE THE 

STARTING POINT? 

ORGANISATIONS VIEW 

HARDWARE-ASSISTED SECURITY 

CAPABILITIES AS CRITICAL TO 

A ROBUST SECURITY STRATEGY 

Key findings in a new Intelsponsored 

study reveal that 

"organisations value security 

product innovation, especially at the 

hardware level, when purchasing 

technologies and services", states the 

company. 

Businesses are expected to spend some 

$172 billion in 2022 on increasing 

their cybersecurity commitments and 

enhancing measures to protect 

themselves. "Organisations recognise 

hardware-assisted security capabilities 

are critical to a robust security strategy, 

with many searching out transparent 

technology providers to supply 

innovative security solutions," adds Intel. 

And adoption is growing; while the 

study found only 36% of respondents 

say that their organisation's current 

cybersecurity protocols use hardwareassisted 

security solutions, 47% state 

that these solutions will be adopted 

within the next six months (24%) or 

12 months (23%). 

"The security threat landscape 

continues to evolve, becoming more 

sophisticated and challenging for 

organisations to defend against," 

comments Suzy Greenberg, vice 

president, Intel Product Assurance and 

Security, pictured above. "Today more 

than ever, companies are demanding 

assurance capabilities and hardwareenhanced 

security solutions that help 

protect the entire compute stack." 

Key findings from the study include: 

64% of respondents say their 

organisations are more likely to 

purchase technologies and services 

from technology providers that are 

leading edge with respect to 

innovation. 

The top areas of focus for security 

innovation are security automation 

(41% of respondents), security at the 

silicon level (40%), cloud migration 

(40%), and education and training 

(38% of respondents). 

53% of those surveyed say their 

organisations refreshed their security 

strategy because of the pandemic. 

Of the 36% of organisations using 

hardware-assisted security solutions, 

85% say hardware - and/or firmwarebased 

security - is a high or very high 

priority in their organisation. And 

64% also say it is important for a 

vendor to offer both hardware- and 

software-assisted security 

capabilities. 

IMPACT OF ZERO TRUST AND 

TRANSPARENCY TRENDS 

Key findings indicate that organisations 

are looking to integrate hardware-based 

security solutions into their Zero Trust 

strategies. Of the 36% of organisations 

using hardware-assisted security 

solutions, 32% of respondents have 

implemented a Zero Trust infrastructure 

strategy and 75% expressed increased 

interest in Zero Trust models as the 

pandemic continues and the remote 

workforce grows. 

As organisations incorporate new 

security technologies, hardware-assisted 

security complements existing protocols 

and bolsters overall security hygiene. 

Additionally, the rapid sophistication 

of the threat landscape requires 

organisations to be one step ahead of 

security updates, although challenges 

remain when it comes to managing 

vulnerabilities and patching updates. 

The study reveals that fewer than half 

of organisations have visibility into 

newly disclosed vulnerabilities and 

patches/updates (48% of respondents) 

and mainly prioritise security updates 

for the latest product generation (42%), 

when there are still many legacy devices 

in use around the world. 

www.computingsecurity.co.uk @CSMagAndAwards May/June 2022 computing security 

11

identity security 

7 REASONS WHY SECURENVOY MIGHT 

SERVE AS AN ALTERNATIVE TO MICROSOFT 

AZURE AD MFA FOR IDENTITY SECURITY 

THE SUMMER OF 2020 SAW MICROSOFT ROLL OUT AZURE AD 

PREMIUM 1 FEATURES TO ALL MICROSOFT 365 BUSINESS PREMIUM 

ACCOUNTS. IS THIS THE SILVER BULLET FOR ALL IAM ISSUES? ASKS 

TOM HILLS, PRE-SALES CONSULTANT AT SECURENVOY 

" This article is our experience and 

customer feedback over the past 

12-24 months, covering the key 

considerations and reasons why organisations 

might look outside of their Microsoft 

licensing schemes," states Tom Hills, pre-sales 

consultant at SecurEnvoy. Here follows his 

take on that topic and the suggested '7 

Reasons' for taking that path: 

1. Deployment Flexibility 

On-Premise & Cloud Deployment 

"SecurEnvoy's offering can be deployed 

either as a public cloud, fully Managed 

Service (MSP) or On-Premise," says Hills. 

"This flexibility is key for clients where 

security is paramount, or where clients are 

bound by local law and compliances." 

Speed of Deployment 

"SecurEnvoy product offerings are based 

around a quick time to deploy. The onpremise 

platform is light on requirements. 

SecurEnvoy IAM offers agents that, once 

installed, can enable synchronisation of user 

identities from Active Directory in moments." 

2. Simplified Administration & Management 

Intuitive Administration 

"The SecurEnvoy administration console is 

clutter free. Configurations are easily 

accessible and not hidden within nested 

menus. Administrators familiarise their way 

around the UI quickly. Often, configurations 

are only applied once, so there is little need 

to constantly tweak the solution." 

Integrations Out of the Box 

"Use prebuilt application integrations from 

the catalogue. The integration automatically 

generates identity provider (IdP) URLs and 

certificates. Enable single-sign-on (SSO) 

to the applications in a couple of clicks. 

Application access centralised from day one." 

Single Pane of Glass 

"An easy to interpret dashboard provides 

a visualisation of both live and historical 

activity, capturing user metrics such as logon 

activity, licence count, agent connection 

status, throughput and application access," 

according to Hills. 

Self-Service 

"Reduce helpdesk overheads by providing the 

users with self-service password reset. The 

password reset can be completed from either 

Desktop, web portal or the mobile app. 

For users who have lost their MFA method, 

a self-service helpdesk portal can allow the 

user to securely create a new temporary MFA 

method." 

User Lifecycle Management 

"Onboarding is automatically controlled from 

the parent directory, (Azure AD, Microsoft 

AD, Google Directory). The synchronisation 

control granularity varies depending on 

domain, OU or group membership." 

3. Protecting Desktop Logon 

Protect Windows with MFA 

"The Windows Logon Agent is installed on 

Windows workstations and Servers. Console 

and RDP logins can be secured with MFA. 

Anyone attempting to access Windows 

will be prompted for MFA. MFA can still 

be provided, if a user is attempting to 

authenticate whilst offline. Users can be 

enabled for MFA via Group Memberships. 

For example, only Domain or Local 

Administrators can be prompted for MFA 

12 


identity security 

when authenticating, mitigating the risk of 

credential misuse." 

Protect MacOS with MFA 

"Users of these devices are typically business 

executives, board members, software 

developers and security teams, meaning 

securing this attack vector should be a 

priority. The MacOS Logon Agent can be 

deployed to enable MFA access to the 

MacOS devices, reducing the risk of 

unauthorised access into the environment." 

4. Advanced RADIUS Support 

"On-premise environments are often 

protected by a VPN or other remote access 

methods. Predominantly, these methods 

support the RADIUS protocol. Microsoft 

Azure AD MFA can support the RADIUS 

protocol; however, it requires Network Policy 

Server (NPS), which can increase complexity. 

Also, some users feel that NPS does not 

always integrate well with all VPNs." 

Support RADIUS-Based Clients with MFA. 

"SecurEnvoy offers rich RADIUS capability, 

meaning support for a variety of use cases, 

including traditional VPN based technologies 

and Remote Desktop environments. Support 

for RADIUS clients extends to implementing 

a 'Trusted Networks' policy, where users 

connecting from a specific network would 

not get prompted for MFA. Secondly, 

'Blocked Networks' can be added. 

Authentication attempts from a specified 

network location(s) will get blocked. 'Trusted 

Groups' can also be configured, whereby 

users within specified groups will not 

require MFA. For example, users within the 

'administrators' group must always provide 

MFA. Authentication can only be permitted 

from specific domains, too, which is ideal 

with Managed Service Providers running 

multi-tenant environments." 

5. Increased Granularity of Authentication 

Policies 

"Challenges exist around authentication 

methods and some configurations are only 

available as a global 'on/off' setting. For 

example, this can leave organisations unable 

to configure policies to only allow mechanisms 

such as SMS OTP for some low-risk user 

activities. Organisations must have a broad 

range of authentication mechanisms at their 

disposal to address each use case and user 

group appropriately." 

Select Authentication Methods Based on 

Group/User Profile 

"SecurEnvoy offers the ability to configure 

a range of authentication methods that are 

available for user or group. Options vary 

from biometrically protected smart phone 

apps, hardware tokens, to SMS OTP options. 

The platform can report on which users are 

enrolled for which authentication methods 

at any time, providing a bird's eye view of 

selected authentication types." 

Reduce IT overhead with self-service 

"Providing users with the ability to select 

their desired Multi Factor method during 

enrolment speeds up deployment and 

creates a positive user experience. 

SecurEnvoy has self-service functionality 

built in, which allows users to change their 

authentication method securely, quickly and 

easily. A different method might be required 

in case of a new device, or the working 

environment changes." 

Implement True Location Awareness 

"SecurEnvoy can guarantee user location 

at time of authentication, so strict policies 

can be used to allow exact pre-defined 

'safe' locations, or an allowed amount 

of deviation between the request and 

the authentication (PUSH) response. 

Corporations can be assured not only 

the identity of the user, but also an exact 

location, to provide a deeper level of user 

access control." 

6. Multiple Directory Environments 

"Projects to consolidate multi-domain 

environments typically take a long time, 

drain internal resources, are costly and, if 

not well thought-out can lead to security 

issues," adds Hills. 

SecurEnvoy Universal Directory 

"A Universal Directory is the core of the IAM 

platform, synchronising bi-directionally 

against multiple directories and Domains. 

SecurEnvoy becomes the identity provider 

(IdP), creating a single digital user identity. 

This approach then allows for consistent 

security and access policies to be deployed, 

minimising security risks. Joiners, movers and 

leavers (JML) are handled on an automated 

basis: if a user is disabled somewhere, ALL 

their access is disabled, in real time." 

7. Enhanced Concierge Style Customer 

Support 

Dedicated Support Team 

"Calls are answered directly by an engineer. 

Calls are resolved quickly, without having to 

navigate time consuming 1st line helpdesk 

functions," he comments. "We often assign 

calls to engineers who have previously 

worked with the customer, maintaining 

deeper understanding of the customer 

environment. Customers benefit from our 

unique consultative approach, helping solve 

technical and business issues." 

"To summarise, Microsoft Azure AD MFA 

does work well in most environments, but 

certainly not all. The deployment and 

management can be complex and, in many 

areas, lacks flexibility and granular controls. 

To have all your eggs in one basket with one 

vendor may leave you open to unexpected 

downtime. Particularly with Microsoft, due 

to its global customer footprint, it could be 

a prominent target for hackers. Some of our 

customers have raised concerns about the 

licensing model, commenting they feel 

locked in, leaving them vulnerable to price 

increases. Prices increased on 1 March 2022 

(around 10% overall). Taking a Microsoft 

'plus' approach could be the way forward, 

subscribing to the minimum bundle and 

integrating best-of-breed solutions to 

achieve business objectives." 


13

ehavioural insights 

2022: WHERE PACKET CAPTURE 

WENT NEXT 

IN TODAY'S RAPIDLY CHANGING THREAT LANDSCAPE, WHY AREN'T 

MORE COMPANIES UTILISING PACKET CAPTURE? CARY WRIGHT, 

VP OF PRODUCT MANAGEMENT, ENDACE, OFFERS HIS VIEWS 

Historically, packet analysis has had 

real accessibility challenges. Security 

teams have often struggled to 

wrangle massive packet capture files to 

find the evidence they need within them. 

Packet capture has also mainly been used 

by senior security analysts with deep 

experience in packet forensics. How can 

we change things, so that even junior 

analysts can quickly find the data they need, 

get to relevant packets from alerts in their 

relevant tools and extract value from full 

packet data? 

ACCESS THE ACTUAL CONTENT OF 

NETWORK CONVERSATIONS 

Modern packet capture solutions have 

matured significantly. Companies are now 

deploying distributed, full packet capture 

solutions that provide the evidence needed 

to accelerate investigation and response 

times. 

They've moved beyond relying on logs and 

metadata to recording full packet data, 

which lets analysts analyse historical traffic to 

investigate threats more closely. This provides 

access to files, malware, ransomware, 

executables, zip archives, exfiltrated 

documents, code downloads and more - 

anything attackers use to compromise user 

and network security and steal data. 

Analysts can also re-analyse recorded 

packet data to generate detailed logs - 

including DNS, HTTPS, TLS, SMTP, database 

transactions, and more. And re-scan 

historical traffic using new detection rules to 

provide deep contextual insight into network 

activity. 

ACCELERATING INVESTIGATION 

AND RESPONSE 

Many organisations' previous experience 

with packet capture was that it was 

challenging both to accurately record and 

manage large volumes of data at high-speed 

- and then time-consuming to locate the 

specific data that is needed for an 

investigation. 

However, modern packet capture solutions 

are scalable, and can cost-effectively record 

weeks to months of history. They enable 

analysts to find packets of interest quickly 

and easily and integrate that critical evidence 

into workflows and investigations. Scalable 

solutions can provide always-on recording 

at today's fast network speeds (10 Gbps up 

to 100 Gbps or more) and deep storage 

capacity - giving analysts time to go back 

and investigate historical events. 

Analysts can search/data-mine recorded 

data to find and analyse relevant packets 

quickly from within what may be petabytes 

of data. Integration with a wide variety of 

cybersecurity solutions makes it possible to 

'pivot' in-context from an alert in a security 

or performance monitoring tool directly to 

the relevant packets. This speeds up and 

streamlines the investigation process and can 

also enable the automation of common 

evidence collection and analysis tasks (eg, 

using SOAR tools). 

EASY EXTRACTION AND 

ANALYSIS OF DATA 

Analysts can also extract and analyse useful 

information from packet data easily - such 

as reassembling files or generating detailed 

analysis logs - without needing deep packet 

analysis expertise. 

Recorded packet history can be easily 

and quickly reviewed for incident response, 

threat-hunting or troubleshooting network 

or application performance issues. Networkwide 

packet capture can be enabled using a 

scalable fabric with multiple capture points, 

which can be centrally searched and 

managed. 

With these improvements and more, the 

next generation of packet capture solutions 

can provide the gold standard for 

understanding the threats traversing 

networks and resolving IT operational or 

performance issues. 

14 


ethical hacking 

HACKING GETS BACKING! 

UNIVERSITY ETHICAL CHALLENGE PLATFORM WINS GOVERNMENT 

BACKING TO PREPARE FOR LAUNCH INTO COMMERCIAL MARKET 

internationally and there is potential for so 

many more people to gain from what we 

have developed - from security professionals 

to other universities and employers." 

Aunique and innovative cyber security 

hacking and education platform - 

created by academics at Leeds Beckett 

University - has received government funding 

to help prepare it to launch into the 

commercial market. 

Hacktivity Cyber Security Labs is a virtual lab 

environment, allowing computing students 

to remotely log into virtual machines (VMs) 

and receive randomly generated security or 

ethical hacking challenges, individualised to 

each user. The platform features hands-on 

tasks, league tables, progress monitoring 

dashboards, and instant feedback and 

challenges through a chatbot. 

Dr Z. Cliffe Schreuders, reader in Computer 

Security and Director of the Cybercrime and 

Security Innovation Centre at Leeds Beckett, 

designed the Hacktivity platform. "Hacktivity 

is the product of nine years of academic 

research and development," he says. 

"Creating hacking challenges for our 

students helps them to put theory into 

practice. We want to make it fun and 

engaging to learn cyber security - so we have 

been developing a lot of our own software 

and techniques." 

The £32,000 funding boost was awarded as 

part of Innovate UK's Cyber Academic Startup 

Accelerator Programme (CyberASAP), 

which aims to help universities commercialise 

cyber security research. The academic team 

will receive training to develop a value 

proposition, carry out market research and 

investigate the pathways to commercialising 

the platform. The team will then pitch for 

further stages of funding, to begin working 

with partner organisations and carry out 

further research and development. 

"CyberASAP is a great opportunity to learn 

from experts how we can commercialise our 

state-of-the-art platform, grow its user-base 

outside of the university and fund its 

continued growth," continues Schreuders, 

"including further technical development and 

content creation. Hacktivity is a unique and 

useful resource, and has had a great impact 

on our students. Our open-source framework, 

SecGen, is already used by many 

There are several unique features that 

Hacktivity provides in comparison to other 

existing platforms, according to Paul Doney, 

head of Subject for Computing at Leeds 

Beckett. "Most hacking challenges involve 

manually setting up a challenge, which you 

would use once, and each student would 

have the exact same challenge. Our software 

creates and automates that process and 

makes it interesting by randomising it, so 

that each student has a uniquely configured 

system and problem and a unique 

experience. We also have Hackerbot 

automated chatbots which present hacking 

and defensive challenges and carry out real 

attacks." 

Hacktivity has a large library of content. It 

has all been mapped to the Cyber Security 

Body of Knowledge (CyBOK), the national 

Body of Knowledge informing and 

underpinning education and professional 

training for the cyber security sector. It 

challenges students' skills on areas including 

systems security and defensive controls, 

web and network security, ethical hacking 

and penetration testing, malware analysis, 

software exploitation, and incident response 

and investigation. 

Last year, Leeds Beckett University's BSc 

(Hons) and MSc Cyber Security degree 

courses received accreditation from the 

National Cyber Security Centre NCSC, the 

UK's leading technical authority on cyber 

security. It is one of only nine universities in 

the UK to be awarded the accreditation for 

an undergraduate degree. 


15

ansomware 

RANSOMCLOUD: HOW RANSOMWARE 

IS ATTACKING THE CLOUD 

JOHN TIPTON, SENIOR SECURITY CONSULTANT AT ADARMA, LOOKS AT THE DEEPLY CONCERNING IMPACT 

RANSOMWARE IS NOW MAKING, ESPECIALLY WITH THE EMERGENCE OF 'RANSOMCLOUD' 

John Tipton, Adarma 

Within the mob of malware, 

ransomware appears to be leading 

the pack. While other malicious 

software - such as viruses, worms, spyware, 

and adware - ransack computer systems, 

ransomware goes further by making 

demands. It infiltrates computers and servers 

with intention, encrypting files and data 

along the way; thus, rendering devices 

unusable. Once satisfied, the operators 

behind the attack will insist that a hefty sum 

is paid up in return for the decryption key. 

It's the age-old tactic of extortion, but reenacted 

in the digital world. Now that our 

everyday lives have become highly dependent 

on the internet, the playing field for this 

particular strain of malware has expanded 

immeasurably. At the same time, cybersecurity 

threats are growing - in 2020, malware and 

ransomware attacks increased by 358% 

and 435% respectively - and are outpacing 

societies' Though ransomware may have 

started as an operation of opportunity, it 

has since become an established criminal 

enterprise in its own right. And in the same 

way a legitimate business might adapt and 

evolve to remain competitive in the market, 

threat actors leveraging ransomware are 

doing the same. The mass shift to the cloud 

is a prime example of this. 

Cloud migration is not a new phenomenon, 

but it has certainly been expedited by the 

pandemic. In an effort to maintain businesses 

continuity, companies have transferred their 

digital assets and operations to a cloud 

computing environment; minimising or even 

eliminating the use of on-premise databases. 

In other words, software, services and 

databases can now be accessed via the 

internet. Among a host of other benefits, 

cloud computing has enabled companies to 

be more flexible and mobile, while improving 

collaboration efficiency. It has also facilitated 

scalability and reduced overall IT costs. 

Unfortunately, cybercriminals have recognised 

this shift and the valuable data now held 

within the cloud; leading to 'Ransomcloud' 

attacks. Such attacks occur through three key 

methods: File sync piggybacking, remote 

connection with stolen credentials and 

attacking the cloud provider. Here is how 

these approaches work. 

FILE SYNC PIGGYBACKING 

The first type of ransomcloud attack leverages 

the common attack vector of phishing to 

infect the victim's local computer. Contrary 

to popular belief, the malicious attachment 

or link included in the email, often does not 

contain the malware payload. Rather, it 

delivers a small program that runs stealthily 

in the background, and it is this program 

that will then install the malware. 

Once in the system, the malware will 

disguise itself as a popup permission request 

from a trusted software like an anti-virus 

scan request. By approving, the malware is 

activated and can now disseminate itself; 

not just in the local computer, but across the 

network to any machine or server it may be 

16 


ansomware 

connected to. As it spreads, threat actors will 

be on the lookout for a file sync service 

interacting with a cloud service. When it has 

been identified, the ransomware piggybacks 

on the file sync allowing threat actors to 

access, infect and encrypt data in the cloud. 

Of course, should the organisation have 

measures such as air gapping in place, 

ransomware may be unable to compromise 

a route to the cloud and settle on local 

infection instead. It's no wonder then that 

we are witnessing a rise in the use of Google 

Drive, Slack, Microsoft Teams etc. to distribute 

malicious software. These applications sit 

between the cloud and on-premise devices, 

syncing relevant files as appropriate. Once 

compromised, it becomes incredibly difficult 

to reverse the impact. This is where Advanced 

Cloud Access Security Broker (CASB) tools 

prove useful as they sit between the onpremise 

and cloud infrastructures, vetting 

the traffic between them. 

REMOTE CONNECTION WITH STOLEN 

CREDENTIALS 

The second tactic sees threat actors monitor 

network connections for authentication 

attempts. They will then capture the user's 

cloud credentials; usually, by presenting a fake 

login portal masquerading as the real cloud 

platform. By tracking the keystrokes on the 

infected local computer, connection details 

can be copied to a remote computer and 

automatically entered to the real cloud 

platform from there. As the local malware 

captures the keystrokes and passes this on to 

the remote computer, cybercriminals can gain 

entry to the cloud via simultaneous login. 

Therefore potentially bypassing two-factor 

authentication methods that ask for a code, 

as the user would type this in also. Now, they 

have a connection to the cloud from their 

own computer and gain as much or as little 

access as the cloned user, depending on their 

privilege level. 

ATTACKING THE CLOUD PROVIDER 

Last but not least, a ransomcloud attack 

could arise by targeting the cloud provider 

directly. This is the most damaging of 

methods and most lucrative for the attacker, 

because, if they are successful, it would mean 

they have compromised the entire cloud 

platform. In short, they could demand 

ransoms from some or all customers of the 

compromised service. 

Consider Microsoft Azure cloud. In August 

2021, Microsoft was notified of a vulnerability 

in their Azure Cosmos Database. The vulnerability, 

an issue identified within Jupyter 

Notebooks, enabled the perpetrator to 

escalate privileges and move laterally across 

the Microsoft cloud. Although it was quickly 

rectified and there were no reported incidents 

of ransomware, it does highlight the risk. 

Having now investigated the ways in which 

the cloud could be compromised, we might 

then ask who bears the responsibility of 

maintaining its security. The truth of the 

matter is the responsibility is shared. Cloud 

vendors, businesses or its managed service 

provider and even individual employees all 

have a role to play; though it may flex 

depending on how the business consumes 

cloud. For instance, a cloud provider will 

bear greater responsibility for businesses 

who adopt serverless computing. Conversely, 

the business will own a greater degree of 

responsibility if they utilise an Infrastructure 

as a Service (IaaS) model. One must simply 

establish who is responsible for what early in 

the cloud migration process. 

Nevertheless, it is important to remember 

that a business is always responsible for its 

data; regardless of where it is hosted. With 

that said, they need to be attentive to their 

permissive policies, insider threats, phishing 

campaigns and leaked credentials. The best 

way to combat some of these challenges is 

to adopt best-practice measures, like 

following the principle of least privilege to 

limit the damaging actions that may transpire 

should a cloud account be hacked. It also 

means investing in security awareness training 

to curb successful phishing attempts. 

Businesses must also ensure they have clear 

visibility of their cloud environments, so they 

can detect and remediate issues sooner, 

rather than later. 


17

special focus 

ABSOLUTE ZERO 

ORGANISATIONS ARE STARTING TO SWITCH FROM A MODEL BASED ON 'TRUST ANYONE AND ANYTHING 

INSIDE THE NETWORK' TO A 'TRUST NO ONE AND NOTHING' ARCHITECTURE. BRIAN WALL REPORTS 

Zero Trust has become an ever-growing 

mantra across the security community, 

but what exactly does it mean? 

According to Cloudflare, Zero Trust is an IT 

security model that requires strict identity 

verification for every person and device 

trying to access resources on a private 

network, "regardless of whether they are 

sitting within or outside of the network 

perimeter". ZTNA - Zero Trust Network 

Access - is the main technology associated 

with Zero Trust architecture; but Zero Trust 

is a holistic approach to network security 

that incorporates several different principles 

and technologies. 

"More simply put," states Cloudflare, 

"traditional IT network security trusts anyone 

and anything inside the network. A Zero 

Trust architecture trusts no one and 

nothing. Traditional IT network security is 

based on the castle-and-moat concept. In 

castle-and-moat security, it is hard to obtain 

access from outside the network, but 

everyone inside the network is trusted by 

default. The problem with this approach is 

that once an attacker gains access to the 

network, they have free rein over everything 

inside." 

This vulnerability in castle-and-moat 

security systems is exacerbated by the fact 

that companies no longer have their data in 

just one place, it adds. "Today, information 

is often spread across cloud vendors, which 

makes it more difficult to have a single 

security control for an entire network. Zero 

Trust security means that no one is trusted 

by default from inside or outside the 

network and verification is required from 

everyone trying to gain access to resources 

on the network. This added layer of security 

has been shown to prevent data breaches. 

Studies have shown that the average cost 

of a single data breach is over $3 million. 

Considering that figure, it should come as 

no surprise that many organisations are 

now eager to adopt a Zero Trust security 

policy. 

Meanwhile, Cloudflare is integrating its 

Zero Trust platform with CrowdStrike Falcon 

Zero Trust Assessment (ZTA) to ensure 

employees have secure access to 

applications wherever they are working. 

"Every business needs to protect users and 

teams, no matter where they are or how 

they're working," says John Graham- 

Cumming, chief technology officer at 

Cloudflare. "Cloudflare's Zero Trust platform 

delivers comprehensive protection to 

organisations of all sizes. Now we're 

making it even easier for joint customers 

of Cloudflare and CrowdStrike to benefit 

from new combined security features for 

the connect-from-anywhere economy." 

According to Zeki Turedi, CTO EMEA, 

CrowdStrike, it's natural for leaders to be 

complacent when a situation seems 

business-as-usual. But can a state of 

constant attack from adversaries, 

particularly when sheltered by national 

authorities, really be judged that way? 

"Moving to a strong state of cybersecurity 

preparedness is the only way organisations 

can control their fate," he states. "Best 

practices and technology constantly evolve, 

and working towards a Zero Trust policy 

and technology initiative is the part of the 

strongest defences we have. It's the way 

businesses can take control of their riskreadiness." 

HOT TOPIC, BUT NO SILVER BULLET 

Zero Trust is without doubt the hottest topic 

in cybersecurity right now, and certainly 

presents an approach for organisations to 

redress their approach to trust and secure 

access to apps, networks and data. 

However, like all models, it's not a silver 

bullet, cautions Neil Langridge, marketing 

director, e92plus, and for many 

organisations highlights significant 

challenges to be overcome before it can 

be deemed a success. 

"First, Zero Trust is often effectively used 

for a grouping of products, rather than a 

strategy, because it's those cybersecurity 

18 


special focus 

products that form the actual defences. 

This means that the success of the Zero 

Trust strategy ends where those products 

end, not where the company needs it [as 

they are third party the company doesn't 

control or legacy software that could have 

critical vulnerabilities, but are businessessential 

and can't be simply replaced]. 

"Secondly, that's compounded by having 

multiple vendors involved with their own 

definition of Zero Trust or consolidated to 

one single vendor, which is not just hard 

for a comprehensive, layered cybersecurity 

strategy but also presents its own risk with 

a single point of failure," states Langridge. 

"Finally, there's the cost and implementation 

- Zero Trust reverses the usual 

approach of allowing access and then 

controlling it, so can easily impact 

productivity as the IT learns what's 

essential and what's not, and sprawl can 

quickly happen as those lessons are learnt. 

It could even result in lower security to 

balance out the need for productivity in 

the short term." 

Nothing is non-negotiable, he adds, 

and, if the CEO can't connect his corporate 

laptop to his personal printer at home 

for something urgent, then red lines can 

become quickly blurred! 

"In terms of practical steps, the ideal 

approach would be to build from the 

ground up - but that's invariably not 

practical, in terms of overhauling strategy, 

processes and technology. We're seeing 

most engagement in the enterprise, but, 

as it filters down to smaller organisations, 

the focus is often on particular sections 

of a business, technology areas or newer 

deployments to start with. This means that 

Zero Trust is a guiding principle or best 

practice, but avoids consuming all focus 

and slowing down the realities of ensuring 

technology is keeping a business running, 

balanced against the promises that digital 

transformation brings." 

ACCELERATING MOMENTUM 

The pandemic has caused the existing 

momentum for Zero Trust to accelerate, as 

the approach aligns with the technological 

and cultural evolution taking place within 

organisations, points out Laurence Pitt, 

security strategist, Juniper Networks. 

"With hybrid work fully in swing, the 

workforce is now distributed across 

multiple locations, expanding the network 

perimeter far beyond the traditional 

confines of an organisation. "As employees 

work from home, the door to network 

vulnerabilities is being opened by higher 

numbers of non-managed, mobile, 

Internet of Things [IoT] and other 

connected devices. 

"Organisations now have an extensible 

edge, extending to wherever data users 

are located. Even prior to the pandemic, 

the growth of technologies like IoT and 

5G meant data was increasingly being 

generated, processed and consumed at 

the edge of the network. Applications, 

workloads and data are anywhere and 

everywhere, spanning multiple clouds 

and multiple locations, rather than being 

confined to the corporate data centre." 

Therefore, to truly secure the data centre, 

organisations must consistently and 

reliably secure applications everywhere 

and anywhere. However, as the surface 

vulnerable to attack continues to expand, 

gaps in visibility and protection are 

widening, and companies are often forced 

to bolt on multiple, disconnected tools to 

see and secure everything, advises Pitt. 

"As organisations realise that inherently 

trusting internal users, networks and 

systems is no longer a viable option, 

Zero Trust is gaining traction. Its guiding 

principle is the belief that user and device 

identity must be authenticated every time 

to access a network and anything on it, 

such as business applications, servers or 

other devices. 

"By using controls to create micro 

perimeters around critical data, applications 

and services, IT teams can ensure that only 

known, allowed traffic and applications 

have access to assets. With a Zero Trust 

architecture, IT professionals can set 

controls close to the protected assets, 

preventing unauthorised access and 

potential exfiltration of sensitive, valuable 

data," he says. 

An extensible edge requires new 

architectures that enable users to connect 

directly to data wherever they are. In this 

case, the secure access service edge (SASE) 

is increasingly proposed, in conjunction 

with Zero Trust, to safeguard users, their 

applications and their infrastructure. SASE 

intends to move security from the enterprise 

data centre and closer to users and devices. 

"It must be noted, however, that SASE isn't 

a product - despite what some vendors 

might say," points out Pitt. "They may say 

that organisations can deploy SASE, 

regardless of what else they have on their 

network; but SASE is much more than that. 

The SASE umbrella can include a collection 

of components, such as software-defined 

WAN, centralised security management, 

zero-trust network access, advanced threat 

protection and next-generation firewall 

services." 

METEORIC RISE IN ATTACKS 

The 2022 SonicWall Cyber Threat Report 

clearly exposes why organisation should 

always follow a Zero Trust approach to 

cybersecurity, maintains David Trossell, CEO 

and CTO of Bridgeworks. Over the course of 

the last 12 months, the company's threat 

researchers have noticed what they describe 

as a "meteoric rise in cyberattacks…across 

all threat vectors", with significant increases 

in ransomware [623 million ransomware 

attacks in 2021, up 105% YoY], cryptojacking, 

encrypted threats, Internet of 

Things (IoT) malware and Zero-day attacks. 

Other kinds of cyber-attacks have also been 

noted - as has a significant increase in 


19

special focus 

Ashley Stephenson, Corero: any company 

that hasn't made itself aware of Zero 

Trust is essentially being negligent. 

Brian Foster, ReliaQuest: Zero Trust stops 

security complacency, as it takes many of the 

key security questions out of human hands. 

activity following the start of the war in 

Ukraine. 

"These cyber-risks, threats and trends 

mean that small businesses, government 

agencies, enterprises and other 

organisations cannot be complacent," 

Trossell comments. "Protecting themselves 

to remain able to operate without 

downtime is crucial. It's also about 

protecting their supply chains, their 

partnerships, their reputations and their 

customer relation-ships. All of them should 

therefore consider cyber-security as being 

non-negotiable - or face the reckoning of 

customers, partners and regulators 

worldwide." 

Cybersecurity isn't just about having 

firewalls, anti-virus software and other 

measures in place. Organisations, 

particularly those with large data centres, 

need to make sure data centres aren't 

located in the same circles of disruption by 

setting them far apart. "They ideally need to 

back up their data in three locations, having 

a service continuity plan that involves 

deploying WAN Acceleration solutions to 

mitigate the effects of latency and packet 

loss to allow accelerated backups and 

restores," adds Trossell. This approach can 

enable the organisation to keep running, 

even in the face of any type of cyber-attack. 

"Furthermore, it's important to create 

airgaps to protect an organisation's most 

sensitive data - including personal data - 

which falls under EU General Data 

Protection Regulation (GPDR) and under 

the UK version of it. By preventing data 

breaches, organisations can ensure 

regulatory compliance and forestall any 

need to pay huge fines: UK GDPR and Data 

Protection Act 2018 set a maximum fine 

of £17.5 million or 4% of annual global 

turnover. So, by taking a Zero Trust 

approach, data protection compliance can 

be achieved, data secured and penalties 

like this avoided." 

The challenge, he says, is that data 

volumes are increasing exponentially - and 

this can become a major issue, whether an 

organisation is backing up their data, 

restoring it after a ransomware attack or 

doing it for indexing purposes to comply 

with regulations, such as GDPR. Doing all 

this over Wide Area Networks (WANs) can 

be both slow and expensive. Slow, because 

WANs are often impacted by latency and 

packet loss; issues that WAN Optimisation 

can't adequately mitigate. "It also can't 

handle encrypted data, making data 

security a concern. SD-WANs are a good 

option, but they also need a boost and this 

can be achieved with a WAN Acceleration 

overlay - making it harder for hackers to 

divert data traffic, while providing a 

supporting platform for a Zero Trust 

approach to effective cybersecurity." 

WIDENING THE ATTACK VISTA 

As Dave Waterson, CEO, SentryBay, 

confirms, hybrid working has pushed up the 

number of companies that have adopted 

bring-your-own-device (BYOD) models. 

While this has the advantage of helping 

them to control, even reduce, capital 

expenditure on hardware, it also has the 

potential to leave organisations even more 

wide open to cybersecurity attacks. 

"The problem lies in the lack of control 

over employee's home PCs, laptops or 

mobile phones, many of which may not be 

adequately protected by up-to-date and 

appropriate security. The pandemic saw 

a rapid increase in malicious cyber activity, 

with attacks including keylogging, screen 

scraping, infiltration of browsers, file 

interception and RDP double-hop events, 

and the effect can be devastating to 

companies. 

"One way of combatting the risk is by 

adopting Zero Trust," he states. "This means 

that anybody and any device that wants to 

connect with an organisation's network, 

whether it's on-premise, in the cloud or 

20 


special focus 

across a hybrid IT set-up, must first be 

verified before it - or they - can be allowed 

access to data, applications or platforms," 

he adds. 

He also reiterates how Zero Trust is not a 

technology, but an approach, and requires 

a serious commitment to implement 

successfully. "Building Zero Trust into an 

organisation's IT and security strategy must 

be done in manageable stages and the 

first step for security teams is to elevate 

the company's security posture. A layered 

defence helps to ensure that attacks can be 

foiled by a second measure, even if they 

get past a first, so it's best to use a set of 

solutions that provide a common security 

baseline. Even better, if they are fit for 

purpose, wrap data and applications in 

a secure container, and do this without 

regard for the status or type of device that 

the employee is using." 

KEY SHIFT IN FOCUS 

Paul German, CEO, Certes Networks, hails a 

new set of standards relating to Zero Trust. 

"Until recently, the debate around Zero Trust 

has remained, in my view, focused solely on 

authenticating the user within the system, 

rather than taking a more holistic approach 

and looking at user authentication and 

access to sensitive data using protected 

micro-segments. This concept has changed 

with NIST's [US National Institute of 

Standards and Technology] Special Publication 

[SP 800-207]; no longer is the 

network the focus of Zero Trust, finally it 

is the data that traverses the network." 

At its core, NIST's Special Publication 

decouples data security from the network, 

he continues. "Its key tenets of policy 

definition and dynamic policy enforcement, 

micro-segmentation and observability offer 

a new standard of Zero Trust Architecture 

(ZTA), for which today's enterprise is responsible. 

Under NIST's Zero Trust standards, 

access to individual enterprise resources is 

granted on a per-session basis, based on a 

combination of component relationships, 

such as the observable state of client 

identity, application/service and the 

requesting asset-and may include other 

behavioural and environmental attributes - 

with operational policy enforcement." 

Authentication and authorisation to one 

resource does not grant access to another 

resource, he points out. 

"It is also dynamic, requiring a constant 

cycle of obtaining access, scanning and 

assessing threats, adapting and continually 

re-evaluating trust in ongoing communication." 

states Gerrman. "Moreover, 

cybersecurity best practice demands that, 

by creating fine-grain policies, authentication 

and authorisation are done on 

a 'per-packet' basis, only allowing access 

to the resources required. 

ZERO-DAY VULNERABILITIES 

EXPLOITED 

By the end of 2021, Mandiant Threat 

Intelligence had identified 80 zero-days 

exploited in the wild, more than double 

the previous record volume in 2019. 

State-sponsored groups continue to be 

the primary actors exploiting zero-day 

vulnerabilities, led by Chinese groups, says 

the company's James Sadowski. "The 

proportion of financially motivated actorsparticularly 

ransomware groups-deploying 

zero-day exploits also grew significantly, 

and nearly 1 in 3 identified actors exploiting 

zero-days in 2021 was financially 

motivated. We suggest that a number of 

factors contribute to growth in the quantity 

of zero-days exploited. For example, the 

continued move toward cloud hosting, 

mobile and Internet-of-Things (IoT) 

technologies increases the volume and 

complexity of systems and devices 

connected to the internet-put simply, more 

software leads to more software flaws." 

The expansion of the exploit broker 

marketplace also likely contributes to this 

growth, adds Sadowski, with more 

Dave Roche, DigiCert: business leaders 

can get distracted with trends and forget 

about fundamentals such as digital trust. 

John Graham-Cumming, Cloudflare: every 

business needs to protect users and teams, 

no matter where they are or how they're 

working. 


21

special focus 

resources being shifted toward research and 

development of zero-days, both by private 

companies and researchers, as well as threat 

groups. "Finally, enhanced defences also 

likely allow defenders to detect more zeroday 

exploitation now than in previous years 

and more organisations have tightened 

security protocols to reduce compromises 

through other vectors." 

Significant campaigns based on zero-day 

exploitation are increasingly accessible to 

a wider variety of state-sponsored and 

financially motivated actors, including as a 

result of the proliferation of vendors selling 

exploits and sophisticated ransomware 

operations potentially developing custom 

exploits. "The marked increase in 

exploitation of zero-day vulnerabilities, 

particularly in 2021, expands the risk 

portfolio for organisations in nearly every 

industry sector and geography," Sadowski 

adds. "While exploitation peaked in 2021, 

there are indications that the pace of 

exploitation of new zero-days slowed in the 

latter half of the year; however, zero-day 

exploitation is still occurring at an elevated 

rate, compared to previous years." 

PROFOUND PROBLEM 

Business complacency has become a 

profound problem for security, says Brian 

Foster, chief product officer, ReliaQuest. 

"It's that kind of attitude which prevents 

an organisation from spotting the gaps 

which attackers exploit. Zero Trust stops 

this security complacency, because it takes 

many of these key security questions out 

of human hands." 

Traditional security architectures have 

a binary vision of trust. "Those outside of 

the network perimeter are considered 

untrustworthy and those on the inside are 

trusted. However, once that wall is passed, 

security controls often stop and the 

supposedly trustworthy entity is given free 

rein of the corporate network. That's why 

cybercriminals have focused on, and have 

become so good at, getting past perimeter 

defences." 

Zero Trust architecture embeds security 

controls throughout the network and 

continuously ensures that entities on that 

network can be trusted. "While there is no 

single product that enables Zero Trust, there 

are a number of architectural elements that 

make Zero Trust possible," adds Foster. 

Asset Discovery: "Zero Trust architectures 

must first have a command over all the 

assets that sit within an enterprise's 

environment and be able to map network 

transaction flows." 

Data Classification and Access 

Management: "Zero Trust portions out 

access according to the potential risk of that 

interaction. More sensitive assets - such 

as classified or personally identifiable 

information - will need higher levels of 

protection and more restricted access." 

Continuous Monitoring and Automation: 

"Zero Trust architectures are constantly 

verifying the security of the entities within 

the network," Foster points out. "It ensures 

this hygiene by using multiple factors of 

identification and continuous monitoring 

to ensure that trust is maintained and that 

those entities are not behaving suspiciously." 

ZERO TRUST IN ACTION 

"To put it plainly, any company that hasn't 

made itself aware of Zero Trust is essentially 

being negligent," says Ashley Stephenson, 

CTO, for Corero Network Security, who 

points out that Zero Trust is often spoken 

about as if it were a single end-to-end 

solution. "But that's a misapprehension. 

The Zero Trust model is a series of design 

principles which adapt network architectures 

to both modern threats and modern 

computing. There are multiple parts to a 

Zero Trust Architecture and many companies 

are busily adopting those individual 

principles, if not the whole package." 

When it comes to trusting people, Multi 

Factor Authentication (MFA or 2FA) is 

already a widespread security practice, he 

adds. "The same goes for biometrics, single 

sign on (SSO), and identity and access 

management (IAM), which increasingly can 

be found throughout the most popular 

consumer apps and devices." 

When it comes to applications, 

organisations are beginning to use microsegmentation, 

restricting which applications 

can talk to each other and watching the 

communications that go on between them. 

"For networking, organisations are taking 

fundamental steps to reorganise how they 

interact with the open internet. When an IP 

address shows up at a network port from 

the internet, that IP address is often 

considered trustworthy. In most cases, 

anybody can come to a website without any 

prior validation or trust assessment at all. 

That's a big problem when it comes to 

DDoS attacks, in which a flood of malicious 

traffic attempts to overpower a targeted 

website or service. 

"As a result, Zero Trust principles are also 

being used to head off these threats. They're 

validating the origins of web traffic to make 

sure it doesn't come from a suspicious or 

spoofed IP addresses; they're also using 

proxies which could obscure or shield the 

true IP address, making them harder to 

target and they're using Captchas to make 

sure that the entity accessing their website 

is indeed a human being. Most importantly, 

they are also inspecting inbound traffic in 

real time and trying to build rules that can 

be used to remove untrustworthy or 

malicious traffic." Zero Trust may soon 

become non-negotiable, says Stephenson. 

"The price of entry into the digital market 

will be some form or elements of Zero Trust 

embedded within a security architecture." 

DON'T FIXATE! 

When it comes to security, business leaders 

can get distracted with trends and forget 

22 


special focus 

about fundamentals such as digital trust, 

comments Dave Roche, senior product 

manager, DigiCert. "But it's those basic 

foundational elements that actually defend 

against attacks. While leaders get fixated 

on things like cloud native or blockchain, 

those foundational elements fall by the 

wayside. 

"In the meantime, stretched engineers 

and Infosec personnel are busy putting out 

fires when they should be stopping them 

from breaking out in the first place. In 

the last year, we've seen log4j, Zero Day 

Vulnerabilities for Spring Core Java and 

the Okta hack, among a long list of other 

widespread security problems." 

So, while business leaders are distracted 

with fashion trends and Infosec personnel 

are firefighting, fundamental security 

questions get left by the wayside, he points 

out. "Code Signing is a good example of 

this. It's a practice that secures code and 

engenders digital trust as it passes from 

link to link along the supply chain. It's a 

foundational part of creating connected 

trust throughout digital ecosystems. But 

many merely sign their software and stop 

there. They don't realise that it's not good 

enough just to sign the code; they also 

have to secure the process of signing itself." 

To adequately secure the process, states 

Roche, signing keys have to be protected 

and access to them has to be restricted 

and logged, so that the process can be 

audited at any time. 

"Furthermore, generation of those keys 

must also be a controlled and secure 

process, so that your infosec standards 

flow down to your engineers. Code 

repositories must be secured, too, so you 

can make sure the code is malware and 

vulnerability free. Then, code signing 

processes must be systematised and Code 

signing should be automated, using CI/CD 

tools to minimise human error." 

LOGICAL STEP 

With Zero Trust at its heart being a 

collection of IT security design principles 

attempting to reduce or eliminate the 

chances of the wrong entity getting a hold 

of vital information or resources possessed 

by your organisation, Felix Rosbach, VP of 

product management at comforte AG for 

the Zero Trust feature, sees this as "a logical 

step in a world where breaches are 

inevitable, due to the complexity of our 

modern IT landscape". 

When thinking of Zero Trust, most security 

practitioners think of network segmentation 

first. "But is network segmentation 

the real goal of a Zero Trust architecture?" 

he asks. "According to NIST, Zero Trust at its 

core removes any implicit trust or privilege, 

which might be granted to users or devices 

based on where those people/things are 

physically or on the network (NIST Special 

Publication 800-207). Keep in mind that 

what you're guarding is actually information 

[data] and services [resources], not 

parts of an environment. 

"Data isn't a supporting part of the IT 

infrastructure the way networks and devices 

and applications are. Data is on top, king 

of the hill, the crowning glory of your IT 

infrastructure and your entire organisation. 

We call it information technology for a 

reason. Remember, the ultimate objective 

is to protect the data itself by rendering it 

useless in the wrong hands." 

Another key point to recall, continues 

Rosbach, is that one of the basic premises 

of Zero Trust is to assume a breach has 

already occurred, meaning that perimeter 

defences have already failed and that a bad 

actor is actively working within your IT 

environment. "When we protect the data 

itself, we assume that it will fall into the 

wrong hands eventually," he adds, "but the 

outcome will not be severe, because 

sensitive knowledge is in some way made 

incomprehensible." 

Laurence Pitt, Juniper Networks: Zero 

Trust’s guiding principle is the belief 

that user and device identity must be 

authenticated every time to access 

a network and anything on it. 

Neil Langridge, e92plus: for many 

organisations, the Zero Trust model 

highlights significant challenges that have 

to be overcome before it can be deemed 

a success. 


23

product review 

ENDACE ENDACEPROBE 9200 G4 

Packet capture is an essential tool for 

SecOps and NetOps teams but full 

visibility into network activity demands a 

solution that records with zero packet loss. 

For teams to respond quickly to cyberattacks 

and resolve network or application 

performance issues quickly the solution must 

be able to capture, store, index and analyse a 

completely accurate historical record of all 

activity. 

Endace specialises in high-speed packet 

capture. Its EndaceProbe Analytics Platform 

appliances offer a range of features you won't 

find elsewhere. Endace's flagship model, the 

EndaceProbe 9200 G4, is the world's first 

appliance to deliver petabyte storage capacity 

and record at a sustained 40Gbps with 

nanosecond accurate timestamping. 

This 4U rack-mount appliance achieves this 

storage density by combining a very high raw 

storage capacity with Endace's integral 

hardware compression and patented Smart 

Truncation technology. Compared with 

previous EndaceProbe models, the 9200 G4 

offers a four-fold increase in storage capacity 

and can record weeks or months of network 

traffic data enabling customers to go much 

further back in time when investigating 

security threats. 

Aimed at data centre deployments, the 

9200 G4 offers a choice of eight 1/10GbE or 

dual 40GbE recording interfaces. It scales 

easily with demand as multiple appliances 

can be stacked to increase storage capacity 

and capture rates. A stack of five 9200 G4 

appliances, for example, can deliver a 

sustained 200Gbits/sec recording speed with 

bursts up to 400Gbits/sec. The stack provides 

up to 5PB of storage allowing it to record up 

to five days of traffic at an average rate of 

100Gbits/sec. 

EndaceFabric takes scalability to the next 

level as single EndaceProbes and stacks 

located in globally distributed networks can 

be centrally managed by EndaceCMS, which 

provides a single pane of glass for all 

administrative functions, including health 

monitoring, configuration and upgrades. 

Likewise, searches, data mining and 

investigations are fully centralised with 

Endace's InvestigationManager application. 

Using InvestigationManager's integrated 

EndaceVision - a browser-based analysis tool 

- analysts can choose data sources from 

multiple EndaceProbes, view them 

simultaneously and use data visualisation 

tools to zero-in on areas of interest such as 

flows, top talkers, protocols and users. Its 

parallel, distributed architecture delivers rapid 

search that enables multiple users to conduct 

searches simultaneously across many 

appliances and petabytes of data with results 

delivered in seconds. 

An outstanding feature of EndaceProbe 

appliances is that they enable third-party 

applications to be hosted on the appliance 

where they can access and analyse real-time 

or recorded packet data. This is a major 

differentiator with competing full-stack 

solutions as it lets customers host best-ofbreed 

analytics solutions from multiple 

vendors. 

Endace partners with an impressive range of 

vendors. Its appliances can integrate with and 

host tools such as Cisco StealthWatch and 

Firepower, Palo Alto Networks NG Firewalls, 

Plixer Scrutinizer and many more. Even better, 

Endace's APIs enable integration directly into 

the user-interfaces of these products so 

analysts can analyse packet data directly from 

the tools they already use. 

For example, when Splunk shows alerts or 

events, analysts can click on that alert in 

Splunk to access related packets so there's no 

need to change their existing workflows. 

Analysts can create, share and customise 

investigations accessing data from multiple 

EndaceProbes, view conversations, extract 

files from suspicious communications, 

generate rich logs for insight into network 

activity, and decode packets directly in hosted 

Wireshark without needing to download 

pcap files. 

The EndaceProbe Analytics Platform gives 

SecOps and NetOps teams the visibility and 

agility they need to see everything that's 

happening on their networks and respond 

quickly to cyberattacks. EndaceProbes deliver 

industry leading performance and storage 

capacity and their 100% accurate packet 

recording fills the knowledge gaps other 

solutions leave behind. 

Product: EndaceProbe 9200 G4 

Supplier: Endace 

Web site: www.endace.com 

Sales: +44 (0)800 088 5008 

24 


ADISA ICT Asset Recovery Standard 8.0 

is formally approved by the UK ICO 

(Approval ICO – CSC/003 and ICO – CSC/004) 

Use an ADISA Certified company to be assured of UK GDPR compliance 

when disposing of your IT assets. 

Visit adisa.global to find out more 

Want to know how to retire assets 

so you can promote reuse AND meet 

data protection legislation? 

ADISA offers a range of training courses all presented by 

leaders in the field, including a brand-new course which helps 

data controllers write an asset retirement program to achieve 

the objective of meeting sustainability and security targets. 

Visit adisa.global/training to find out more

supply chain 


SUPPLY CHAINS ARE PRONE TO WILD SWINGS AND UNCERTAINTIES. HOW CAN THEY BE STABILISED 

AND LESS EXPOSED, IN ORDER TO CREATE A COOPERATIVE SUPPLY-CHAIN PLATFORM? 

The third-party supply chain ecosystem of 

a modern business is much more farreaching 

and porous than ever before," 

cautions Ewen O'Brien, SVP of Third-Party 

Cyber Risk Management at BlueVoyant. "This 

presents a cybersecurity threat that both 

government and industry should take very 

seriously. It is increasingly hard to have full 

visibility; only in recent years have businesses 

realised the scale of the threat that weakened 

cybersecurity amongst third parties can pose 

to their organisations, even if they have done 

a very good job in protecting their own 

networks." 

With supply chains growing at an 

exponential rate, risk visibility and risk 

mitigation should be a priority, he adds. 

"Security teams need an inherent 

understanding of an attacker's mindset and 

the vulnerabilities that they are looking to 

exploit. These weaknesses are unlikely to be 

present in the 'prime' organisation, which is 

usually the best-defended entity, but in those 

third-party providers that have left ports 

open, that haven't patched or have general 

poor cybersecurity practices. Whilst many 

attackers are described as 'sophisticated', 

many breaches are achieved using old 

methods. Therefore, organisations and their 

supply chain have to start getting the basics 

right." 

Recent cyber incidents and the COVID-19 

pandemic has highlighted the fragility of 

supply chains, and the resulting business 

disruption that incidents can cause, states 

O'Brien. "This has forced organisations to take 

a hard look at their software development 

security stance, particularly those within the 

critical national infrastructure. With opensource 

development becoming increasingly 

popular, organisations are particularly 

focusing on improving testing and standards 

to ensure that developers know what they're 

doing when it comes to security. 

"The scale of vendor ecosystems often 

means full visibility into cyber risk is beyond 

the capabilities of in-house teams. The 

businesses best able to protect their 

organisation and meet new government 

regulations will be those that seek external 

expertise to triage and manage incidents 

based on cyber risk tolerance and business 

context, freeing their in-house teams to focus 

on true cyber risk management. 

"However, recent, high-profile cyber-attacks 

have reinforced that, if one company in a 

supply chain doesn't have the security they 

need, this presents a sizeable risk for both the 

private and public sector. Most recently, we 

saw an illustration of this in the LAPSUS$ 

breach at Okta, which caused a ripple effect 

across a wide network of customers from 

a range of industries. 

"For this reason, the solution demands 

a joint effort between governments and 

industry, in which the value of cybersecurity 

is enforced through regulatory efforts, 

incentives, and business competition," he 

concludes. 

MORE COMPLEX SUPPLY CHAINS 

Although businesses have always struggled 

with supply chain disruptions, it has become 

worse as the chains have grown longer and 

more complex, making them increasingly 

vulnerable to geopolitical and economic 

shocks. 

That is the view of Harry Powell, head of 

Industry Solutions, TigerGraph, who adds: 

"Although disruptions will always be with us, 

our ability to adapt would improve greatly, 

if we had better supply chain visibility." 

But how do we achieve this? "The obvious 

solution would be for all parts of the supply 

chain to pool their information into a single 

platform," he suggests. "Surely this would be 

easily done in the Cloud - and then everyone 

would have more certainty." 

However, there are commercial and 

technical reasons why this is not feasible, 

adds Powell. "First, each participant in the 

supply chain is competing as much with 

its partners as it is cooperating. Although 

cooperation is required at the operational 

level, businesses also seek to maximise 

revenues and profit at the expense of others, 

and it is in their best interests to withhold 

26 


supply chain 

information from customers and suppliers to 

achieve greater leverage in negotiations." 

The second reason he singles out is that 

every IT system is different, and it is hard 

enough to combine information from 

different business units and geographies 

within a single business, let alone from 

separate companies. 

"Thirdly, the Cloud presents problems in 

itself. Who will control the information and 

how it is used? Can businesses trust that 

platform owners will only use the data as 

agreed? By putting the data on a common 

platform, will all the businesses in that supply 

chain become vassals of the platform owner? 

It only takes one link in the chain to have 

these doubts and the rationale behind a 

cooperative supply-chain platform falls apart." 

Some businesses are taking a different 

approach to how to deal with the wild 

swings and uncertainties in supply chains, he 

adds. "They are using graph databases and 

graph analytics to analyse supply chain data 

in real-time, run supply chain scenarios and 

feed high-value data to machine learning 

systems. And they are using data they already 

hold to do it. 

"Conventional data systems find it difficult 

to do 'what-if' analyses on complex systems, 

but graph data platforms are optimised to 

do this naturally and quickly, allowing these 

businesses to model and evaluate supply 

chains in real time, and act with greater 

speed and agility than their competitors." 

SECURITY HYGIENE 

Securing data with third-party vendors in 

mind will be critical, emphasises Bindu 

Sundaresan, director, AT&T Cybersecurity. 

"Today, a robust cybersecurity posture 

encompasses much more than your 

employees, your hardware and software, 

and security tools. Any third-party tools or 

vendors with access to your environment 

should be considered a critical component 

of your security hygiene." As she also points 

out, attacks via third parties are increasing 

every year, as reliance on third-party vendors 

continues to grow. "Organisations must 

prioritise the assessment of top-tier vendors, 

evaluating their network access, security 

procedures and interactions with the 

business. Unfortunately, there are many 

operational obstacles that will make this 

assessment difficult, including a lack of 

resources, increased organisational costs and 

insufficient processes. The lack of up-to-date 

risk visibility on current third-party ecosystems 

can lead to loss of productivity, monetary 

damages and damage to brand reputation." 

Vendor management is a complex and timeintensive 

task, to which many organisations 

do not - and, in many cases, cannot - dedicate 

the time and resources to managing. 

"For companies with a small number of 

vendors, this can be manageable, but most 

organisations will need additional support to 

create and implement these programmes 

effectively. 

By dedicating resources to developing 

a programme, organisations can begin to 

understand and mitigate the threats posed 

by third parties. For those organisations that 

do not have the resources to establish or 

maintain this type of programme, there 

are many options available to help create, 

implement and manage vendor management 

programs of any size." For a successful thirdparty 

risk management programme, she 

offers the following '4 Cs' as a guideline: 

• Comprehensive - evaluate all aspects 

of the third- party, including systems, 

processes and personnel 

• Configurable - 'one-size-fits-all' evaluations 

are not accurate; measure what matters 

• Collaborative - identifying the risks is only 

the first step; working to correct deficiencies 

is the key 

• Continuous - organisations evolve, so 

you need to monitor and adjust to truly 

understand the risks. 

Ewen O'Brien, BlueVoyant: the third-party 

supply chain ecosystem of a modern 

business is much more far-reaching and 

porous than ever before. 

CYBER SECURITY PRINCIPLES 

The National Institute of Standards and 

Technology (NIST) points out that 

cybersecurity in the supply chain cannot be 

viewed as an IT problem only. "Cyber supply 

chain risks touch sourcing, vendor 

management, supply chain continuity and 

quality, transportation security and many 

other functions across the enterprise and 

require a coordinated effort to address," it 

states, while offering these three cyber supply 

chain security principles: 

1. Develop your defences based on the 

principle that your systems will be breached. 

When one starts from the premise that a 

breach is inevitable, it changes the decision 

matrix on next steps. The question becomes 

not just how to prevent a breach, but how to 

mitigate an attacker's ability to exploit the 

information they have accessed and how to 

recover from the breach 

2. Cybersecurity is never just a technology 

problem, it's a people, processes and 


27

supply chain 

Bindu Sundaresan, AT&T Cybersecurity: any 

third-party tools or vendors with access to 

your environment should be considered a 

critical component of your security hygiene. 

Harry Powell, TigerGraph: our ability to 

adapt would improve greatly, if we had 

better supply chain visibility. 

knowledge problem. Breaches tend to be 

less about a technology failure and more 

about human error. IT security systems won't 

secure critical information and intellectual 

property unless employees throughout the 

supply chain use secure cybersecurity 

practices 

3. Security is Security. There should be no 

gap between physical and cybersecurity. 

Sometimes the bad guys exploit lapses in 

physical security in order to launch a cyberattack. 

By the same token, an attacker 

looking for ways into a physical location 

might exploit cyber vulnerabilities to get 

access. 

"Cyber supply chain risks cover a lot of 

territory," the NIST adds. Some of the 

concerns include risks from: 

• Third-party service providers or vendors - 

from janitorial services to software 

engineering -- with physical or virtual 

access to information systems, software 

code, or IP 

• Poor information security practices by 

lower-tier suppliers 

• Compromised software or hardware 

purchased from suppliers 

• Software security vulnerabilities in supply 

chain management or supplier systems 

• Counterfeit hardware or hardware 

with embedded malware 

• Third-party data storage or data 

aggregators. 

NIST also points to a range of questions 

companies are using to determine how risky 

their suppliers' cybersecurity practices are: 

• Is the vendor's software/hardware 

design process documented? 

Repeatable? Measurable? 

• Is the mitigation of known vulnerabilities 

factored into product design (through 

product architecture, run-time protection 

techniques, code review)? 

• How does the vendor stay current on 

emerging vulnerabilities? What are 

vendor capabilities to address new 'zero 

day' vulnerabilities? 

• What controls are in place to manage 

and monitor production processes? 

• How is configuration management 

performed? Quality assurance? How is it 

tested for code quality or vulnerabilities? 

• What levels of malware protection and 

detection are performed? 

• What steps are taken to 'tamper proof' 

products? Are backdoors closed? 

• What physical security measures are 

in place? Documented? Audited? 

• What access controls, both cyber and 

physical are in place? How are they 

documented and audited? 

• What type of employee background 

checks are conducted and how 

frequently? 

• What security practice expectations 

are set for upstream suppliers? How is 

adherence to these standards assessed? 

• How secure is the distribution process? 

• Have approved and authorised 

distribution channels been clearly 

documented? 

• What is the component disposal risk 

and mitigation strategy? 

• How does vendor assure security 

through product life cycle? 

Finally, the NIST looks at some practices that 

companies have adopted to help manage 

their cyber supply chain risks, such as: 

• Security requirements are included 

in every RFP and contract 

• Once a vendor is accepted in the formal 

supply chain, a security team works with 

them on-site to address any vulnerabilities 

and security gaps 

• 'One strike and you're out' policies with 

respect to vendor products that are either 

counterfeit or do not match specification 

• Component purchases are tightly 

controlled; component purchases from 

approved vendors are prequalified. 

Parts purchased from other vendors 

are unpacked, inspected and X-rayed 

before being accepted. 

28 


expert view 

GET THE BASICS RIGHT… 

THE EXPONENTIAL ADOPTION OF NEW CYBER SECURITY RELATED TOOLS IS A GROWING PROBLEM IN 

THE CYBER SECURITY WORLD, CAUTIONS STEVEN USHER, SENIOR ANALYST, BROOKCOURT SOLUTIONS 

Year-on-year, the number of cyber 

security tools that are being used by 

companies of all sizes is growing at a 

rate that many consider unsustainable longterm 

and this almost frenetic rate of adoption 

could lead to cyber security issues; in fact, 

it is already. 

While this situation is notable, what is, 

in fact, more of a concern is that, while 

companies are rushing to adopt newer and 

more complex technologies to deal with the 

ever-expanding cyber security threats, they 

rarely, if ever, have even got the basics right. 

I am talking here about firewall rules, base 

endpoint security policies, data loss prevention 

or, at the very least, awareness of what 

data is on their network, a robust and 

sensible password policy and most of all - 

in my eyes at least - most companies do 

not have an up-to-date inventory of what 

hardware and software is on their network. 

ESSENTIAL BULDING BLOCK 

Knowing what you are protecting should be 

considered one of the main building blocks 

of creating a cyber security program within 

your organisation. The fact that this often 

seems to not be the case is a concern. How 

do you protect and defend what you do not 

know about? The same applies to a software 

inventory - without knowing what is currently 

in use in your organisation, how do you 

determine which patches have priority, where 

the major points of potential ingress are or 

who is at the greatest risk of exploitation? 

After decades of dealing with incidents, it is 

common for unknown hardware or software 

to have a hand in the incident. 

Both hardware and software inventories are 

made more complicated in the modern world 

with concepts like BYOD (Bring Your Own 

Device) which allow all sorts of hardware 

onto networks and inside the defences of 

an organisation. While there is the idea that, 

with solid security policies, BYOD can be 

managed appropriately, the truth is that 

BYOD is a true security nightmare and 

often results in the overall weakening of 

an organisation's security posture. Another 

concept that is worth considering here is 

WFH (Work From Home). 

While there is the fact that company 

hardware can be sent out to users and 

centrally managed, there are various other 

pieces of hardware on that home network 

and even the hardware - for example, routers 

- used to host the network in that home 

that are not only unknown, monitored 

or updated appropriately, but simply not 

capable of being managed in the first place. 

There is no magic method to solve this 

issue. There are products that can help 

considerably with scanning, listing and, more 

importantly, managing the various hardware 

and software found on the networks, but it 

is down to the people to constantly question, 

scan and investigate to ensure that any and 

every possible piece of hardware and 

software is documented and known about. 

Steven 

Usher, 

Senior 

Analyst, 

Brookcourt 

Solutions. 


29

insider threats 


HACKERS ARE DRIVING UP THE LEVELS OF HUMAN ERROR BY PREYING INCREASINGLY ON 

SOLITARY WORKERS - ESPECIALLY THOSE AT HOME, CUT OFF FROM IMMEDIATE I.T. SUPPORT 

Oliver Paterson, VIPRE: hackers prey on 

those working from home, away from their 

trusted IT teams. 

As the yearly number of cyber-attacks 

continues to accelerate, hackers are 

becoming more innovative in their 

tactics. "They can spot weaknesses in 

workforces, preying on those who are 

working from home as a result of the 

pandemic, away from their trusted IT 

teams," points out Oliver Paterson, 

product expert, VIPRE 

Security Awareness 

Training and 

Safesend. 

It is no surprise that hackers use humans to 

their advantage, as human error is the cause 

of 90% of cyber data breaches, Paterson 

continues. "Humans make mistakes - stressed, 

tired employees who are distracted at home 

will make even more mistakes; whether 

it's sending a confidential document to the 

wrong person or clicking on a phishing email, 

no organisation is immune to human error 

and the consequences this can have on the 

business." 

Yet these risks can be mitigated by educating 

workforces on the modern threat landscape 

and the existing risks, he says. "Teamed with 

anti-malware solutions and technology, 

employees can be alerted to double-check 

their email attachments and recipients, as well 

as any potentially malicious incoming emails. 

Additionally, it is essential that businesses 

implement consistent training programmes 

to get the most value and retention out of 

this learning. Such educational programmes 

should be relevant, adding in real-life 

situations, including phishing simulations, 

that help to fortify crucial cyber threat 

prevention messaging and educate 

workforces on how to protect both the 

business and themselves. This, in turn, 

strengthens the workforce security culture, 

ensuring employees know what to do 

when faced with a cyber threat." 

Once educated on existing security 

risks, workforces must understand 

their responsibilities when securing 

an organisation's IT infrastructure. 

"Now, more than ever, the responsibility 

must be reinforced 

throughout the entire business. 

After all, the final choice in 

sending sensitive information 

via email is with them." 

Organisations have been spending millions 

in building defences against external threat 

actors, comments Gagan Arora, director in 

Protiviti UK's Technology Consulting Practice. 

"While this approach has been effective to 

some extent towards mitigating risks leading 

to a breach, the risks associated with the 

internal threat actors continue to remain 

unaddressed to a large extent. Significant 

reliance is placed on human and process 

elements of a capability/control [eg, forcing 

IT workers to change passwords as per rules 

written in a policy], which often leads to 

failure and significant exposure of the valuable 

assets in the organisation." 

PRIVILEGED CREDENTIALS RISKS 

One of the key capabilities to provide a strong 

defence against internal threat actors 

is Privileged Access Management (PAM), he 

states. "Today, the root cause of most of the 

breaches is the misuse of privileged credentials, 

whether this is on the cloud or for onprem 

assets. The risk is further heightened 

when privileged credentials remain with the 

users who are connecting remotely, which is 

a norm these days, or with third parties who 

are providing services to the IT organisation. 

"Many organisations have also embraced 

agile delivery practices, such as continuous 

integration/continuous delivery (CI/CD), 

for delivering business applications, which 

introduces a different set of risks from their 

DevOps environment. While statistics vary 

on the prevalence of breaches caused by 

attackers within an organisation, the existence 

of proven tools to mitigate these has made 

them a de facto expectation of boards, 

regulators and insurers." 

PAM capabilities offered by various leading 

solutions in the market today provide a strong 

30 


insider threats 

defence against several scenarios that could 

lead to a breach, he further comments. "These 

capabilities include automatic password 

retrieval, pass-word rotation, session 

management, session isolation, just-in-time 

access, session recording and monitoring. 

The coverage over IT estate is also expanding, 

as various solution providers now offer 

capabilities for protecting DevOps secrets, 

SaaS applications access and even managing 

cloud infrastructure entitlements. 

Organisations lacking PAM capability and 

controls should assess their technology 

environment, risk landscape and invest into 

a solution that is relevant not only for their 

existing environment, but also for future 

needs." 

MORE DAMAGING IMPACT 

"Ever since the days of Edward Snowden 

leaking secrets, organisations have been 

considering what they could do to prevent 

insider threats," says Javvad Malik, lead 

security awareness advocate at KnowBe4. 

"While breaches caused by insiders may not be 

as prevalent as external attackers, the impact 

is often a lot more damaging. But before 

proceeding, let's take a step back to define 

precisely what we mean by an insider threat. 

"An insider could be defined as any individual 

with legitimate access to corporate assets, 

physical or virtual. It includes permanent and 

temporary employees, third-party contractors, 

as well as third-party support companies and 

outsourced service providers." 

In this context, states Malik, threat is better 

defined as abuse of the trust the company 

has placed in an insider. "To sum it up, an 

insider threat is someone who misuses 

legitimate access granted to them for the 

purposes of self-interest that could potentially 

harm the organisation. It's worth noting that 

not all insiders who fall within this definition 

of insider threats will harm the organisation. 

Abuse of trust could be as simple as someone 

trying to get their job done by using the 

wrong tools or, for example, using their 

personal unapproved device to work on 

sensitive documents." 

When breaking down the different types 

of insiders, insiders can be of three types, 

he adds: malicious, non-malicious or 

compromised. "A malicious insider, as the 

name suggests, is one that is knowingly 

undertaking activities that can cause harm to 

the organisation. A non-malicious insider is 

one who, in many cases, wants to get their 

job done, but goes about it in the wrong way, 

therefore weakening the security of the 

organisation. A compromised insider is where 

an account has been taken over by a third 

party, so it can be used to access internal 

resources." 

For risk purposes, organisations can map 

out the types of insiders and their impact with 

a matrix. Then, the various threats can be 

positioned in the matrix, depending on the 

intent and harm, with the size of the bubble 

representing the likelihood of it occurring. 

By way of example of a particular matrix, 

while espionage might show as the most 

severe harm to an organisation, the likelihood 

of it occurring is relatively low, compared, say, 

to a user falling for a spear phishing attack. 

"Organisations should use their own internal 

incident log data, in addition to external 

sources to build up a list of threats and the 

likelihood of them occurring," he states. 

A matrix could be used, for example, to 

identify the top three areas of focus for an 

organisation and the controls that would 

need be to implemented to reduce the 

likelihood of spear phishing, unskilled staff 

making errors and shadow IT. "By going 

through such a data-driven exercise, 

organisations will be far better placed to 

understand the actual insider threat they 

face and where to focus their efforts on 

to minimise the risk." 

i https://www.infosecurity-magazine.com 

/news/90-data-breaches-human-error 

Javid Malik, KnowBe4: insiders can be of 

three types - malicious, non-malicious or 

compromised. 

Gagan Arora, Protiviti: one of the key 

capabilities to provide a strong defence 

against internal threat actors is Privileged 

Access Management. 


31

quantum on trial 


BT AND TOSHIBA LAUNCH FIRST COMMERCIAL TRIAL OF QUANTUM SECURED COMMUNICATION SERVICES 

BT and Toshiba, along with EY, 

have launched the trial of what 

is described as a "world-first 

commercial quantum-secured metro 

network". The infrastructure will be able 

to connect numerous customers across 

London, helping them to secure the 

transmission of valuable data and 

information between multiple physical 

locations over standard fibre optic links 

using quantum key distribution (QKD). 

QKD is an important technology, playing 

a fundamental role in protecting networks 

and data against the emerging threat of 

cyber-attack using quantum computing. 

The London network has been hailed 

as representing a critical step towards 

reaching the UK government's strategy to 

become a quantum-enabled economy. 

The network's first commercial customer 

EY will use the network to connect two of 

its sites in London, one in Canary Wharf 

and one near London Bridge. It will 

demonstrate how data secured using QKD 

can move between sites and showcase 

the benefits this network brings 

to its own customers. 

BT and Toshiba announced their 

commitment to creating a trial network 

in October 2021. BT will operate the 

network, providing a range of quantumsecured 

services, including dedicated high 

bandwidth end-to-end encrypted links, 

delivered over Openreach's private fibre 

networks, while Toshiba will provide 

quantum key distribution hardware and 

key management software. In the 

network, QKD keys will be combined with 

the in-built ethernet security, based on 

public-key based encryption, which will 

enable the resultant keys to be used to 

encrypt the data. 

Quantum computing certainly represents 

a unique challenge and opportunity, due 

to the scale and complexity of activity 

required, the size of the opportunity, 

the time to market, and the challenges 

quantum computing presents to modern 

encryption, states the government. 

"This requires a different approach to 

bring the community together and realise 

opportunities for growth. Being quantumready 

requires companies and government 

to engage now to upskill and 

explore applications that could have a 

significant impact on industry and wider 

society. Through the newly established 

National Quantum Computing Centre, we 

will undertake a programme of hardware 

building and software development, 

developing a UK capability, skills and 

knowhow and enabling the UK economy 

to explore useful applications." 

PROFOUND IMPACT 

Howard Watson, chief technology officer, 

BT, points to how quantum-enabled 

technologies are expected to have a 

profound impact on how society and 

business operates in the future, but adds 

pointedly: "they are remarkably complex 

to understand, develop and build: in 

32 


quantum on trial 

particular, ensuring that the end-to-end 

service designs meet the stringent 

security requirements of the market. I'm 

incredibly proud that BT and Toshiba 

have successfully united to deliver this 

unique network, and with EY as our first 

trial customer, we are paving the way for 

further commercial explorations for 

quantum technologies and their use in 

commercial, and societal applications in 

the future". 

Preparation, technical deployment and 

testing for the network commenced in 

late 2021. This included equipment 

deployment in racks, adding security 

systems and resilience testing, and finally 

running and optimising the network. 

While 26 April marked the official launch 

of the network, it has been running since 

early April and will operate for an initial 

period of up to three years. 

Shunsuke Okada, corporate senior vice 

president and chief digital officer of 

Toshiba, states that both Toshiba and 

BT have demonstrated world-class 

technology development and leadership 

through decades of innovation and 

operation. "Combining BT's leadership 

in networks technologies and Toshiba's 

leadership in quantum technologies has 

brought this network to life, allowing 

businesses across London to benefit from 

quantum secured communications for 

the first time." 

VAST POTENTIAL - AND RISKS 

Moreover, the role of quantum and its 

vast potential are pinpointed by Praveen 

Shankar, EY UK & Ireland managing 

partner for Technology, Media and 

Telecoms (TMT). "Quantum technology 

creates new and significant opportunities 

for business, but presents potential risks. 

Quantum secure data transmission 

represents the next major leap forward in 

protecting data, an essential component 

of doing business in a digital economy. 

Our work with two of the world's leading 

technology innovators will allow us to 

demonstrate the power of quantum to 

both EY and our clients." 

The UK Government's 'strategic intent' 

to develop a quantum-enabled economy 

was first published in 2020. It sets out 

a vision for the next 10 years in which 

quantum technologies will become an 

integral part of the UK's digital 

backbone, unlock innovation to drive 

growth and help build a thriving and 

resilient economy, and contribute 

significant value to the UK's prosperity 

and security. This new era of quantum 

technologies will, claims the government, 

"transform economies in our maturing 

digital age and help to address society's 

challenges; advancing health care and 

environmental protection, achieving 

net zero targets and better land use, 

supporting financial services and 

communications, providing defence and 

security capabilities and computing 

power". 

These technologies will focus on 

creating new global market opportunities 

and competitive advantage for those able 

to develop and exploit them, unlocking 

innovation by integrating them into 

complex systems, it continues, and for 

this reason significant efforts are being 

put into developing quantum 

technologies globally. The National 

Quantum Technologies Programme 

(NQTP) was established in 2014 by 

several partners with the objective of 

making the UK "a global leader in the 

development and commercialisation of 

these technologies". The partners are: 

The Engineering and Physical Sciences 

Research Council, Science and Technology 

Facilities Council, Innovate UK, 

Defence and Science and Technology 

Laboratory, Ministry of Defence, National 

Physical Laboratory, Department for 

Business, Energy and Industrial Strategy, 

Government Communications Headquarters 

and the National Cyber Security 

Centre. 

A REVOLUTION GATHERING PACE 

According to the government: "In the 

past five years, remarkable progress has 

been made towards both producing 

integrated systems, many of which are 

now nearing the market, and creating 

a UK quantum technologies industry. 

Our thriving and unique interconnected 

ecosystem is comprised of world-leading 

research institutes, innovative quantum 

technology spin-outs, systems integrators 

and components suppliers from existing 

industries, as well as major multinationals, 

all interacting to generate real 

successes and drive the development of 

products and services." But the UK needs 

to progress quickly, the government 

concedes, as the next technological 

revolution, driven by a fusion of 

technologies, data and advanced 

computational abilities, gathers pace. 

BT's Howard Watson adds: "This is a 

significant moment in the UK's journey 

towards a quantum-enabled economy, 

but we're not there yet. Further investment 

commitments will be required to 

broaden the study of quantum technologies 

that will contribute to this new 

economy, including quantum computing, 

quantum cryptography and quantum 

communications. We look forward to 

working with our government and 

industry partners to continue the 

momentum BT has started and shaping 

the UK's quantum strategy." 

The technical collaboration for this 

network was conducted in BT's Adastral 

Park labs in Suffolk, UK, and the 

Quantum technology Business Division 

of Toshiba, based in Tokyo, Japan and 

Cambridge, UK, where the quantum 

key distribution technology has been 

developed and is manufactured. 


33

threats insights 

IF YOU CAN'T STAND THE HEAT… 

… THEN DO SOMETHING ABOUT IT. TIME TO FIGHT BACK 

AS HIGHLY EVASIVE ADAPTIVE THREATS STRIKE HARD 

Mark Guntrip, Menlo Security: web 

threats are being more and more 

successfully deployed using HEAT 

techniques. 

Web malware (47%), along with 

ransomware (42%) now come 

out top of the list of security 

threats that organisations are most 

concerned about. Yet, despite these 

growing risks, less than a third (27%) 

have advanced threat protection in place 

on every endpoint device that can access 

corporate applications and resources. 

This is according to new research, 'The 

state of threat prevention: evasive threats 

take center stage', that has been 

published by Menlo Security, exploring 

what steps organisations are taking to 

secure themselves in the wake of a new 

class of cyber threats - known as Highly 

Evasive Adaptive Threats (HEAT). As 

employees spend more time working in 

the browser and accessing cloud-based 

applications, the risk of HEAT attacks 

increases substantially. Indeed, almost 

two-thirds of organisations have had a 

device compromised by a browser-based 

attack in the last 12 months. 

The report suggests that organisations 

are not being proactive enough in 

mitigating the risk of these threats, with 

45% failing to add strength to their 

network security stack over the past year. 

There are also conflicting views on the 

most effective place to deploy security to 

prevent advanced threats, with 43% 

citing the network, and 37% the cloud. 

"Threat actors seek to exploit gaps in 

traditional security defences and the fact 

that security capabilities haven't really 

changed over the past decade," states 

explains Mark Guntrip, senior director 

of Cybersecurity Strategy, Menlo Security. 

"One of the areas of focus for attackers is 

using web threats and we're seeing more 

and more of them successfully deployed 

using HEAT techniques. Last year, we 

saw Nobelium use HTML smuggling, a 

HEAT tactic to avoid static and dynamic 

content analysis, to deliver malware and 

ransomware attacks. The fact that these 

are successful means their usage will 

increase, which could have devastating 

consequences for companies of all sizes." 

"Working practices have changed," he 

points out, "and companies must stop 

relying on traditional tools and strategies 

that just don't cut it anymore. Adopting 

a prevention-driven approach to security 

is the only way to achieve this and using 

isolation-powered security to do so stops 

the browser from having any direct 

interaction with the website and content 

and ensures that HEAT attacks don't stand 

a chance." 

COMPETING SECURITY PRIORITIES 

According to the research among 500- 

plus IT decision makers in the UK and the 

US, hybrid/remote working (28%) is the 

biggest challenge that organisations 

expect to face this year when it comes 

to protecting their corporate network 

from advanced threats. This is followed 

by budget restrictions (15%), the 

presence of unmanaged devices (14%), 

and out-dated security solutions (13%). 

There are also a number of competing 

priorities for IT professionals when it 

comes to improving their security posture 

in 2022. Training staff tops the list (61%), 

followed by technology investment to 

protect the corporate network (60%), 

adapting to new ways of working (50%), 

and investing in skilled security members 

at 45%. 

ADDITIONAL RESEARCH FINDINGS: 

Although 55% of respondents have 

invested in their security stack over the 

past year and 27% have advanced threat 

protection in place, it is simply not having 

the desired effect, as attacks are still 

successfully penetrating their defence 

lines. Half of respondents to the survey 

believe that firewalls are an effective way 

of mitigating HEAT attacks, while a total 

of 31% favour VPNs. 

34 


Computing 

Security 


Product Review Service 

VENDORS – HAS YOUR SOLUTION BEEN 

REVIEWED BY COMPUTING SECURITY YET? 

The Computing Security review service has been praised by vendors and 

readers alike. Each solution is tested by an independent expert whose findings 

are published in the magazine along with a photo or screenshot. 

Hardware, software and services can all be reviewed. 

Many vendors organise a review to coincide with a new launch. However, 

please don’t feel that the service is reserved exclusively for new solutions. 

A review can also be a good way of introducing an established solution to 

a new audience. Are the readers of Computing Security as familiar with 

your solution(s) as you would like them to be? 

Contact Edward O’Connor on 01689 616000 or email 

edward.oconnor@btc.co.uk to make it happen.

PLAY IT 

SAFE WITH 

365 TOTAL 

PROTECTION!

CS May-Jun 2022

Create successful ePaper yourself

Delete template?

Save as template?