Why Run Regular Vulnerability Assessments?

Why run regular security tests?

As we probably all know, information security is a broad subject and for many of us understanding the different layers that can help within this spectrum can be at times difficult. In this blog we will look at the risk and what you as a business could do about it!
Over the years when advising various organisations on the importance of regular vulnerability scanning, conversations would typically suggest that most would adopt some form of security measure including the likes of conducting a yearly manual penetration test, having a web application firewall in place (WAF) or conducting ASV PCI scanning if not a combination of the three, just to highlight a few.

What is the actual risk to your business?

The Verizon report suggests that more than 75% of attacks are actually from external sources rather than your internal disenfranchised employees. “While this goes against InfoSec folklore, the story the data consistently tells is that, when it comes to data disclosure, the attacker is not coming from inside the house. And let’s face it, no matter how big your house may be there are more folks outside it than there are inside it.” – Verizon Data Breach Investigations Report
Verizon Data Breach Investigation Report: 40% of Breaches from Web App Attacks, 5,334 total incidents (through web apps,)
908 with confirmed data disclosure. If you look at the stats they all point to the fact that external and web applications specifically is a highly likely route for a hacker to exploit.

Three common misconceptions

1) Performing a manual penetration test is important for most organisations, although this is not always easily accessible on a regular basis for various factors. An in-depth penetration test will certainly give you a thorough snapshot of your current vulnerabilities at that moment in time and allow you to make remediations before a hacker can breach any vulnerability that was discovered. However, in between your next penetration test how can you confirm that you do not have a major vulnerability within one of your websites?

2) Many organisations feel they are protected by their firewall or other forms of external ‘wrapper like’ defence. The fact is that no matter what defences you have in place you will not be un-hackable (the Dark Web Specialist Darkbeam believes that more than 98% of business have already been hacked-they just aren’t aware of it yet). And the landscape is changing every day making it impossible to be ahead of the game, to say that having a firewall will protect you unfortunately just isn’t the case. Blue chip companies will spend millions on firewalls but still have data breaches.

3) Now it must be mentioned that conducting your ASV PCI scanning is a crucial part of your compliance, however it is an important point to highlight the difference between PCI scanning and vulnerability scanning. If you were to swap your compliance hat with your security hat for just a moment it is fair to point out that passing your ASV PCI scan may give you a false sense of security. Your PCI scan will limit your vulnerability discovery to only find the vulnerabilities within PCI standards which may lead to exploitable vulnerabilities that would not fall within the PCI remit.

I am sure for many the above points will sound familiar, however, a key question to ask yourself, should you incorporate regular vulnerability scanning into this equation? Is it worth the extra costs? The areas highlighted can certainly raise potential security gaps but the simple answer is that without having regular checks you do not have consistent visibility on your vulnerability landscape and are potentially one step behind a hacker. If you would like more information on how Netshield can assist you please email info@netshield.net or call 0333 200 1636.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

e

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

ld

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

are helping businesses across the UK run regular vulnerability assessments please get in touch with ourselves

Advertisements

Microsoft Azure – How it can increase productivity for businesses

Microsoft Azure is a scalable and powerful cloud platform that can help businesses improve productivity and save money. It offers both infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS), supporting a range of operating systems, languages, tools and frameworks. Organisations can easily build, deploy and manage applications and services with a few clicks. Check out the video to find out more.

Top 10 Advantages of Cloud in 2 minutes!

As discussed in an earlier post Cloud Computing has its disadvantages and may not be suitable for every organisation. However, cloud is still going strong, with many businesses opting for a hybrid IT environment with a mixture of on-premise and hosted cloud technologies.

If you are still undecided and want to know more about the benefits of cloud, check them out here in this short video:-

Why moving to a hosted desktop service is beneficial

Moving to a Virtual Desktop environment helps unify and centralise network management for IT administrators and empowers employees to work remotely using their choice of devices. However, to migrate from a physical desktop to a virtual desktop environment can be costly and time consuming due to the hardware, software and expertise required to install and manage it. A simpler way would be to opt for a ‘Hosted Virtual Desktop service’ from a services provider and here are a few reasons why…

Reduce costs
Helps convert capital expenditure to operational expenditure, there will be some software and hardware costs but, it will be considerably less than implementing it yourself. VDI infrastructures are flexible, it can be scaled up as well as down – the service provider can add new user accounts within minutes. Desktop bandwidth consumption will also reduce as all the processing work is done at the core of the network (at the service provider’s datacentre) – so, existing WAN bandwidth will be able to support more branch users.

Manageability
It consolidates, standardised, cut hardware costs and centralise management where administrators can monitor and maintain the desktops all in one place. VDI streamlines day-to-day management, new application deployments and operation system upgrades. Choosing a hosted service means businesses will not need to worry about the management of the network, as the service provider will manage it all.

Device and Location Independence
Remote WorkingIt provides mobility to the workforce – allowing users to access corporate data and applications from any device securely and efficiently. It offers location independence so, employees can work from anywhere with an internet connection and the service provider can efficiently and effectively provide remote IT support to users. So, workers will not be tied to a physical place of work, when ‘working’ and it will assist in decreasing branch office energy costs, required desk space etc.

Flexibility
Whether it is the Cloud-Hosted option or an internal Virtual Desktop Infrastructure it offers flexibility and scalability. Virtual desktops can be added or removed with a few clicks on a global scale and monthly costs can be adjusted accordingly. Setting up new branch offices worldwide can also be done quickly using this solution. Opting for a hosted VDI, monthly costs often includes remote IT user support and any changes required you will just have to call the service provider, the monthly costs will also be adjusted accordingly to reflect the number of users, saving you time.

Security
Employees can work anywhere in a secure manner, as workers are granted access toSecure Remote Working Netshield corporate networks and all data that is amended or created is stored in a central location. This also makes disaster recovery planning simpler as it can be implemented and managed easily and promptly. Service providers will ensure all security configurations, user policies and data backup procedures are always up-to-date which all helps to lower the risk of data loss.

Conclusion
Virtual Desktops can help lower the total cost of ownership for organisations while providing a robust and scalable infrastructure. Hosted services removes the barriers to adoption and eliminates the cost and complexities of deploying and managing desktops while providing flexibility to end-users. This type of hosted service also allows SMEs, to gain competitive advantage and adopt to market changes quickly without having to worry about the IT infrastructure capacity and management.

For more information on Hosted VDI services contact Netshield today.

Ability to work anywhere, with a virtual desktop environment (disclaimer internet required)

With technology constantly changing, maintaining the complexities of a physical desktop infrastructure can be labour-intensive and costly depending on the size of the IT estate. Employees need to work remotely, require out of hours access to corporate data and applications, increases the demands on the network. Changes in customer expectations and the era of the 24/7 marketplace also adds to the demands. So, it is necessary to review IT infrastructures regularly to ensure they are supporting the organisational needs and meeting the requirements.

Bye bye physical desktops?

One of the ways to save time and money on migrations and management is to just get rid of the desktops (not literally) and move to a ‘Virtual Desktop Infrastructure’ or VDI.
Imagine you have an estate of over 100 physical desktops and they all need to be upgraded to a new operating system, you would need to work on each desktop individually to upgrade it, taking up a lot of your time. But, if you utilise VDI technology you would only need to upgrade it in one place and deploy it to the rest of the estate.

VDI repurposes PC devices into thin clients and transforms a traditional desktop Hosted Virtual Desktopsenvironment into a low footprint virtualised environment, offering flexibility and scalability allowing employees the ability to access their desktop or corporate user account remotely, without the worry of data confidentiality or unmanaged devices on the network. It also unifies and centralises management where IT administrators can manage users and applications with ease.

Implemented internally it will require expertise in order to plan, deploy and managed the virtualised infrastructure. It would also require upfront capital expenditure for things like storage, thin clients, virtualisation software etc. Another option is to use a Cloud-Hosted Virtual Desktop environment provided by a Managed Services Provider (MSP), it will provide all the VDI benefits, but with less hassle or you could employ a provider to carry out the migration for the organisation.

For more information on VDI or Hosted Virtual Desktop services please contact us today