As the threat landscape changes – and the implications of cyber-attacks become more targeted and damaging – security has become one of the top priorities for organisations across the board.
“Every network is going to be breached eventually,” warns Stefan van de Giessen, GM: cyber security business unit at Networks Unlimited. “How long it takes before you fall victim to an attack really depends on how valuable the your information is to them and how well you’ve got it protected.”
While this might sound like disaster is inevitable, there is a lot that can be done to prevent attacks, identify breaches, limit the damage, and ensure that systems get back up and running.
What’s required is a security strategy that acknowledges the threats from all attack vectors and works proactively on preventing them.
“There are three vectors that are important in security: time, product and skills,” Van de Giessen points out. “The skills are abundantly lacking in our markets across Africa, so companies resort to throwing products at the problem.”
However, simple interventions like regular patch control and audits of policies go a long way towards safeguarding systems, while analytics can identify anomalies before they become a threat.
Going forward, Van de Giessen believes that the growth in public cloud adoption is going to see cloud access security brokers become more relevant to protect the data leaving an organisation.
“However, for me one of the biggest challenge we are facing now is the convergence of IT/OT space. Hackers are targeting the OT network which has generally been a out of and network to bring down critical infrastructure such as Eskom for example.
Another area where we can expect to see a lot of movement is in risk and compliance. “There is a big demand for people who know how networks work and can do penetration testing.”
However, one of the biggest changes that Van de Giessen expects to see in the months ahead is the growing importance of the managed service security provider (MSSP) which will have a massive influence on the way products are delivered.
“We can already see the consolidation in the country. The hyperscale cloud providers are putting down their services, and managed services will shortly be offered on top.”
The move to MSSPs is definitely a growing trend, he adds. “People don’t want to manage things that are unmanageable due to lack of skills or resources”
However, Van de Giessen cautions that using an MSSP doesn’t abrogate an organisation from responsibility for its own data. “From a compliance point of view, it is still your responsibility to know what products are being used to protect your data.
“There are a lot of gunslingers out there that may not be using properly-certified solutions – you want to make sure you are working with one that has heavy-duty, up to date and compliant data security.”
Van de Giessen adds that NU is able to help customers and partners to navigate the complex security landscape.
“We can help customers look at their networks holistically, identify key gaps and bring in a solutions with skilled partners that can offer the level of support required.
Working along side traditional brands, NU takes on innovative new technologies and brings them to market while developing a depth of skills unseen in the market.
“However, we work exclusively through the channel,” Van de Giessen stresses. “All solutions are brought to market through Networks Unlimited market enablement and supplied and support via our system integrators .”
Solutions line-up
Van de Giessen believes that building a next-generation security solution should include various products that complement each other, starting securing the edge of the networks, then moving to business critical services and solution and ultimately start covering other attack vectors such internal segmentation
“Once your baseline is established, we need to look at how we protect against unknown threats, encryption of your data and, ultimately, deploy decoys in your network to lure hackers off your network. We advise adopting a phased approach to developing a layered posture due to cost and the complexity of management.”
He outlines this phased approach as follows:
- Investing in a next-gen firewall (NGFW), next-gen antivirus (NGAV) with EDR capabilities and a secure email solution is critical in securing against the most prevalent attacks.
- Protecting the applications that are Internet-facing and transacting with customers online: a Web application firewall (WAF) and a secure payment gateway will ensure these applications and websites are protected, and comply with PCI , POPIA and GDPR compliance irrespective if these are on premise or in the cloud. Onsite and offsite backups are best practice.
- User education and training is essential in making sure that employees are able to recognise and respond accordingly to suspicious and malicious activity. This also means that any threats which bypass security measures are identified at the last line of defence.
- Having an advanced threat protection (ATP) strategy has become necessary as malware and threats are evolving constantly, making it hard to rely on a known signature alone. The need to include an ATP product in your security structure is now more relevant than ever to ensure we can stop zero-day attacks.
“The phased security posture advice outlined above applies to on-premise, cloud and hybrid environments,” Van de Giessen says. “Additionally, device, operating systems, software and policy updates should be carried out regularly and stringently to ensure no vulnerabilities cant be exploited.”
Fortinet is one of NU’s flagship vendors, and leads the pack in its security line-up.
“We started off with the firewalling solution from Fortinet and have had huge success with this vendor over the last five years,” says Van de Giessen.
Today, NU offers Fortinet’s Security fabric that encompasses products that integrate from the edge of the network to the core and cloud with 3rd party API intregraion to allowe dynamic threat sharing to stop advanced targeted attacks. These products cover solutions such as firewalls, web applications , secure email gateways to end point protection to name a few
“FortiGate has been the leader in unified threat management for the last five years, with the biggest worldwide unit shipments of any security vendor,” he adds.
Fortinet is able to offer leading edge products at affordable prices because it produces most of it hardware and protieity ASIC chipset . “This means there is competitive pricing as well as great integration,” says Van de Giessen.
“It creates a security fabric, with a single pane of glass covering multiple factors. On top of that, Fortinet provides application programming interface (API) integration so other security vendors can be connected as well.”
He stresses that security is not a single-product solution. “Only with a multi-product posture will customers be able to defend themselves proactively and reactively.”
NU product offering fills out its proactive security offerings with Carbon Black, RSA , Cofesne and Indegy – all of what can be integrated via an AP.
Van de Giessen explains that Carbon Black and RSA both operate in the data security field, and can help to ensure compliance with regulation like the Protection of Personal Information (PoPI) Act and the General Data Protection Regulation (GDPR).
“These products would typically be implemented to be inline with regulations in the banking or financial sector to protect critical data.”
Assuming that even the most security networks will be breached due to malicious insiders or human error, NU also offers a deception based technology from Attivo. The solution creates decoy environment that simulate the actual environment, by deploying a decoy VM into existing network with Attractive decoys , Credential lures, Ransomware bait and Data deceptions.Allowing the early and accurate detection to track Lateral movement and credential theft
CoFense is an phishing prevention solution w that enables staff to identify targeted phishing attacks. Once the attack is reported to solution can quarantine suspicious messages out of the entire network from a single console. “So you can sanitise email without having to run around like a headless chicken,” says Van de Giessen.
One of the big changes in the IT world is the increasing automation of industrial systems and the integration of IT and operational technology (OT).
Fortinet is now expanding its solutions into the world of industrial machines and the networks controlling them.
Also addressing the OT market is a relatively new entrant into the NU family – Indegy.
OT is the use of information technology to control physical processes, devices and infrastructure, and has operational and management uses in public infrastructure, transportation, energy, urban planning, industry and manufacturing. Critical infrastructure is a term used by governments to describe assets that are essential for the functioning of a society and its economy. An industrial control system is unique in the interaction that it has with physical processes.
Van de Giessen explains: “The combination of IIoT connectivity offered across production and supply lines, and the way in which OT is automating the modern world, interfacing through electro-mechanical devices and sensors, is opening up new vulnerabilities and thus making cyber security for industrial infrastructure a critical business imperative.
“The potential penetration of OT systems by hackers puts critical infrastructure such as water and energy supplies, transport networks and production lines at the risk of being disrupted or even shut down. The main challenge in ensuring cyber security for industrial systems is therefore the ability to maintain uninterrupted industrial processes.
“Indegy operates in the industrial control and OT business,” Van Giessen says. “It is critical for governments, manufacturers, health and safety that these systems operate at 100% capacity and trust.”
The NU value-add
Security is a big focus for NU, and each product in the division has a product manager and admin of one certified system engineer, with a total of 11 engineers in the team.
Van de Giessen explains that partner education and support is high on the company’s priorities.
“With established products, we engage with our partners via training events and round tables – there is a tremendous amount of education about what’s new and what’s changed.
“For new products we are driving the value proposition to end customers; The end customer enablement drives adoption of new technologies that drive sales back through the reseller channel.
The value-added distributor is able to help partners across the board with fully integrated solution sales.
“You have to understand the value of the product; and understand the customers’ problems; and how the solutions can help them,” Van de Giessen says.
“We also work with Qualifying Small Enterprises (QSEs) to help grow businesses based on broad-based black economic empowerment (B-BBEE) to ensure these partners are skilled up, inviting them for certification training and more.”
NU runs an authorised training facility and can provide certification for Carbon Black and Fortinet products.