Why Run Regular Vulnerability Assessments?

Why run regular security tests?

As we probably all know, information security is a broad subject and for many of us understanding the different layers that can help within this spectrum can be at times difficult. In this blog we will look at the risk and what you as a business could do about it!
Over the years when advising various organisations on the importance of regular vulnerability scanning, conversations would typically suggest that most would adopt some form of security measure including the likes of conducting a yearly manual penetration test, having a web application firewall in place (WAF) or conducting ASV PCI scanning if not a combination of the three, just to highlight a few.

What is the actual risk to your business?

The Verizon report suggests that more than 75% of attacks are actually from external sources rather than your internal disenfranchised employees. “While this goes against InfoSec folklore, the story the data consistently tells is that, when it comes to data disclosure, the attacker is not coming from inside the house. And let’s face it, no matter how big your house may be there are more folks outside it than there are inside it.” – Verizon Data Breach Investigations Report
Verizon Data Breach Investigation Report: 40% of Breaches from Web App Attacks, 5,334 total incidents (through web apps,)
908 with confirmed data disclosure. If you look at the stats they all point to the fact that external and web applications specifically is a highly likely route for a hacker to exploit.

Three common misconceptions

1) Performing a manual penetration test is important for most organisations, although this is not always easily accessible on a regular basis for various factors. An in-depth penetration test will certainly give you a thorough snapshot of your current vulnerabilities at that moment in time and allow you to make remediations before a hacker can breach any vulnerability that was discovered. However, in between your next penetration test how can you confirm that you do not have a major vulnerability within one of your websites?

2) Many organisations feel they are protected by their firewall or other forms of external ‘wrapper like’ defence. The fact is that no matter what defences you have in place you will not be un-hackable (the Dark Web Specialist Darkbeam believes that more than 98% of business have already been hacked-they just aren’t aware of it yet). And the landscape is changing every day making it impossible to be ahead of the game, to say that having a firewall will protect you unfortunately just isn’t the case. Blue chip companies will spend millions on firewalls but still have data breaches.

3) Now it must be mentioned that conducting your ASV PCI scanning is a crucial part of your compliance, however it is an important point to highlight the difference between PCI scanning and vulnerability scanning. If you were to swap your compliance hat with your security hat for just a moment it is fair to point out that passing your ASV PCI scan may give you a false sense of security. Your PCI scan will limit your vulnerability discovery to only find the vulnerabilities within PCI standards which may lead to exploitable vulnerabilities that would not fall within the PCI remit.

I am sure for many the above points will sound familiar, however, a key question to ask yourself, should you incorporate regular vulnerability scanning into this equation? Is it worth the extra costs? The areas highlighted can certainly raise potential security gaps but the simple answer is that without having regular checks you do not have consistent visibility on your vulnerability landscape and are potentially one step behind a hacker. If you would like more information on how Netshield can assist you please email info@netshield.net or call 0333 200 1636.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

e

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

ld

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

are helping businesses across the UK run regular vulnerability assessments please get in touch with ourselves

Advertisements

Netshield Announce Our New Vulnerability Scanning Service, NetScan.

NetScan is a popular and capable infrastructure and web application vulnerability scanner, providing the ability to carry out regular scanning to identify vulnerabilities before they become a huge business security risk.

First Class Scanning.

Unpatched software, configuration weaknesses and software vulnerabilities also need to be managed effectively. NetScan includes a vulnerability assessment module to perform vulnerability scans across your external network infrastructure.

• Access sophisticated scanning and exploit technology designed by experienced penetration testers
• Provides a single platform to identify and manage web application and infrastructure risk
• Confirms vulnerabilities through safe exploitation to eradicate false positives and provide proof of concept
• Prioritise each vulnerability’s remediation
• Generates reports in Microsoft Word and CSV. PCI and UK Government PSN compatible formats
• Schedule scans to run at any given date and time. Scan at regular recurring intervals with email notification.

Web Applications.

Vulnerabilities within web applications pose a significant threat to your organisation’s network security. NetScan can identify all known web application vulnerabilities and provide exploit capabilities to demonstrate their impact and eradicate false positives.

Many existing web application scanners rely on parsing web pages in order to discover application components (e.g. links and forms). This approach is no longer effective when testing modern web 2.0 based applications. Components generated at runtime using JavaScript, Flash or Silverlight components will remain invisible to traditional discovery techniques.

NetScan employs two integrated crawling technologies to overcome this challenge. Our HTTP/HTML based crawler is used to components quickly and to identify hidden components through forced browsing. A second integrated crawling engine then executes web pages in the same way a normal browser would. Any embedded scripts or components then able to run as intended whilst allowing full visibility to the discovery engine. If a modern web browser such as Google Chrome can access the application, NetScan can crawl it.

• Thorough assessment of all known web application vulnerability classes such as those defined within the OWASP top ten.
• Advanced detection of DOM based Cross Site Scripting (XSS) vulnerabilities through JavaScript taint analysis.
• Decompilation and static analysis of Adobe Flash files.
• HTML5 postMessage analysis. • Confirmation of discovered flaws through safe vulnerability exploitation

Identifying False Positives.

A false positive is where a vulnerability scanner indicates there is a vulnerability when in fact there isn’t one. Sorting through scanner results to determine which reported issues are real and which are false positive is a time-consuming process. To eliminate false positives, and to provide proof of concept evidence, NetScan employs safe custom exploit techniques to actively confirm discovered vulnerabilities.

Third Party Applications Download custom filtered results and view via HTML, Docx or CSV. NetScan includes a simple JSON data API for retrieving, aggregating, processing and reporting raw vulnerability data for use in third party applications.

Complex authentication schemes are supported when NetScan is supplied with the minimal information, such as a username and password pair. Optionally, a login URL may be provided to direct the scanner where to use the credentials and for scenarios such as single sign-on. The scanner may easily be adapted to support bespoke authentication schemes that require non-standard credentials or processes.

NetScan can provide comprehensive vulnerability assessment and analysis against remote hosts to determine if a misconfiguration exists that could allow an attack to get behind the application and into sensitive data.

Please call us to discuss any aspect of your IT Requirements on 0333 200 1636 or visit our website http://www.netshield.net to find out more about the ways that our expert support and advice will improve the health of your IT.

How to encrypt your data for free!

Last month, the Talk Talk cyber-attack resulted in the theft of a substantial amount of sensitive customer data, in the region of:

28,000 credit card/debit card details

15,656 bank account details and sort codes

15,000 dates of birth

1.2 million Email addresses, names and phone numbers

This was Talk Talk’s third attack of this kind in the last 12 months, putting the company firmly on the ever-growing list of multinationals to have suffered a major cyber-attack. The question is, if large corporates such as, Sony, EBay, Carphone Warehouse and Talk Talk (with their expert IT departments and security specialists), can’t prevent hackers from infiltrating their networks, what chance do smaller companies and home users have?

Talk Talk’s CEO, Dido Harding couldn’t confirm whether the data of around 4 million customers had been encrypted or not and when asked why, she didn’t know and responded stating that it wasn’t a ‘legal’ requirement to do so. Ok, so it isn’t required by law but surely any company, regardless of size has a duty of care over their customers’ private data?

The fact is, encryption isn’t a hard thing to implement. It won’t guarantee total prevention of a data leak but together with other security tools, like firewalls, email filtering, intrusion prevention systems, patching and anti-virus, it adds another important layer of protection.

Together with our partner Kaspersky, we’ve outlined the top 5 benefits of encryption:

  1. Full protection of data – Securely encrypted data is completely protected, even if it is stolen. Why? If, for example, a file is encrypted with 256-bit AES, it would take a hacker more than a lifetime to crack the code using the brute-force method.
  2. Security across your devices – Many companies are currently struggling with the boom in smartphones and tablets. Whether administrators like it or not, data is pouring out of companies and being distributed among the most diverse of devices. Encryption removes the stress from this situation, as it ensures that data remains secure, regardless of the device on which it is stored.
  3. Safe transmission of data – Users sending files via email or distributing them via a cloud server can use encryption to ensure that no unauthorised user can view them.
  4. Retain data integrity – Targeted data theft is one thing, but another way to misuse data is through manipulation. Even though a hacker may have absolutely no interest in the information in question, he or she can manipulate specific data to disrupt corporate communications. If encrypted data is used, the recipient will definitely notice that it has been tampered with.
  5. Ensure compliance – IT departments often have to comply with legal or contractual regulations on data protection. These may involve archiving banking data or providing special protection for customer information. In many cases, encrypting the data involved is the easiest way to comply with these rules.

If you are a home user or a small company looking to encrypt your data, lifehacker.com recently published their poll to establish the most popular ways of using encryption for free, with these desktop tools:

  • Veracrypt (Windows/ OS X/Linux) – MOST POPULAR – 40% of the vote
  • 7- Zip (Windows/OS x/Linux) – RUNNER UP – 20 % of the vote

Netshield’s IT security specialists have a wealth of experience and can offer expert advice. If you are a company and not sure where to go next with your IT security, we can arrange a full security health check across your network starting at just £295 (+VAT). Your data is your business – let us help you keep it secure.

Call us on 0333 200 1636 or email info@netshield.net for more details.

Proactive IT Monitoring = Knowledge, Knowledge = Power

The term ‘managed services’ has been around in the IT industry for a fair few years now. The level of importance placed on managed services varies from business to business and is directly related to how a company prioritises the efficiency and performance of their IT network and infrastructure.

For many companies, the more traditional break-fix mantra of, ‘When it is broken, we will get the “IT guys” in to fix it,’ is the extent of their IT strategy. In recent years, the more forward thinking organisations recognise the importance of keeping their IT systems running efficiently, to minimise downtime. Unfortunately, relying purely on a break-fix approach can be risky.

The majority of the time, just reacting to problems that have already occurred is too late. Productivity has been diminished, data has been lost and downtime has had an impact. Consider these real life scenarios:

Scenario 1

Backups have failed and have for the last few weeks but without proper monitoring, nobody noticed. It is only when the HDD gives up the ghost that the company discovers the loss of invoices, product orders, communications and more.

Scenario 2

A spam bot attacks the exchange server because the firewall isn’t being monitored. This creates a spam relay causing the customer’s domain to be blacklisted. The ISP terminates service and the internet and email shut down.

Scenario 3

A virus has hit the network due to the server anti-virus expiring over a month ago. Due to the lack of monitoring and management, this has escalated into the users not being able to start their workstations up until everything has been cleaned.

The ability to strategically look forward, for many IT departments is a tricky task, mainly due to various operational and commercial pressures. However, in order to enhance and maintain technology performance, planned monitoring will ensure that corporate objectives are met and, more importantly, reduce the exposure to risk.

‘But it is too expensive!’ I hear you cry….IT purchases are often about justifying upfront costs for hardware and software. After those expensive purchases, it is rare that a company would monitor the performance of the costly kit and just rely on the vendor’s claims. This makes little sense after spending so much putting the kit in place.

In fact, for a modest monthly fee, monitoring will allow you to:

  • Analyse historical trends to enable data driven insights and decisions
  • Prevent outages rather than fight fires
  • Increase productivity and run at peak performance
  • Plan and budget for future upgrades
  • Minimise downtime and save money

Perhaps more importantly, a managed service provider, such as Netshield take on all the risk for you. When your systems are running at peak performance, you are happy and so are we!

Contact us to enquire about a health check or to find out more about our monthly NetManage rates.

Still cloudy about the cloud? A hybrid approach could be the answer

There is no doubt that there are many advantages for moving to the cloud, as we have discussed in previous blog posts. With all the hype and noise surrounding cloud solutions, it is easy to get distracted from the most important issue – which solution best fits your business right now and moving into the future? As part a recent survey conducted by IDG Connect and cio.co.uk, it was revealed the use of third party datacentres or colocation is growing in popularity:

  • 4 in 10 companies cited a major restructure, merger, change of premises or an acquisition as one of the main reasons for turning to a third party resource.
  • 29% pointed to a lack of capital to extend their current facilities.
  • 28% stated that their datacentres were not currently designed for the modern world of high density, heavily virtualised servers.
  • 24% simply don’t have the floor space to keep extending and the same proportion said that they were running out of electrical power and that it was increasingly difficult to hit energy efficient targets based on current designs.

Netshield currently provides colocation services in our ‘out of city’, state of the art datacentre for many of our customers. Before making the important decision of whether or not to place equipment offsite, we are frequently asked to outline the benefits:

  • Reduced costs – Rather than investing in backup generators, UPS and HVAC units and paying the ongoing expense associated with this equipment, we take on this responsibility, providing a secure datacentre environment that is scalable to the evolving needs of your business.
  • Reliability – The peace of mind that you are guaranteed a 100% network reliability. When running an in-house datacentre, this can have its difficulties and related costs. Our network configurations are designed to deliver reliability, availability and uptime for you.
  • Robust bandwidth – As requirements increase, colocation allows you to keep up with more complex applications, maintain service provider diversity and take advantage of volume pricing without the hassle of negotiating and managing multiple contracts.
  • 24/7 local support – You decide how much control you need or want over your own equipment. Coupled with our NetManage solution, we have a remote hands service and onsite service to provide 24/7 management of servers, giving you assurance that there is always a professional at hand to assist you and manage your assets.
  • Greater power capacity & redundancy – Our increased power capacity means that you can take advantage of this to introduce virtualisation and high density computing. Our constant, uninterrupted power supply means constant uptime and the knowledge that there is always a backup in the case of a power outage.
  • Security & data protection – We have multiple layers of security including 24/7 onsite security, biometric and key card entry, cabinet/cage locks, CCTV. Your data and equipment is protected at all times.
  • Business continuity & disaster recovery – In the event of a natural disaster or power outage, we can ensure your offsite servers, equipment and applications will remain available and operational. Even with the increased risk of a terrorist attack, our datacentre is located out of the city centre.

While the ‘cloud’ remains a hot topic, security seems to be at the forefront for many IT managers. It maybe that the cloud is not suitable for every application, perhaps that is due to compliance, specialised hardware dependencies, or the need for direct physical control over the IT environment – colocation is a strong alternative for overcoming these issues. Contact us today to find out more about our colocation services.