What are successful organisations doing to beat today’s sophisticated cyber threats?

14/01/202113/01/2021 by Anthony Barrow

What are successful organisations doing to beat today’s sophisticated cyber threats?

Security Information Event Management (SIEM) has been the centre of the security operations centre for over a decade now. SIEMs are intended to log as much data as possible in order to assist with incident detection, response, and investigation. One challenge is that it can be prohibitive, either from a cost or storage perspective, to log everything. This is particularly true for the logs on all of the endpoints in an environment.

Modern IT and OT networks push massive amounts of data throughout the ecosystems per day, generating thousands of alerts and not enough security operations analysts to address these. Valuable time is wasted searching for the missing context needed to determine what’s a real threat and its priority, and too much time lost due to overwhelming numbers of false positives. Unfortunately, this has been the golden goose for countless number of MSSPs. With attackers aware of these limitations of SIEM tools (both technology and economics), the best way to evade a SIEM security is to use tactics that are unlikely to be logged at all. SIEM solutions do a fantastic job of aggregating logs, but need more context for them to make sense of the data

Over the last five years, the industry began shifting from log aggregation and rule-based event monitoring to security analytics, and user and entity behaviour analytics (UEBA). Unfortunately, attackers are growing confident and focus more and more on avoiding detection by well-known security analytics use cases such as in the recent Solorigate supply chain attack, where they took steps to avoid being detected based on IP geolocation anomalies, or by detecting Command & Control traffic based on typical beaconing behaviour. In short, experienced attackers are paying attention to what the best blue teams (e.g., FireEye) are doing out there and tweaking their methods to avoid detection.

SIEM tools are good but remain low on the detection maturity scale. Security Analytics methods are a powerful, and sometimes the only way to detect advanced attacks. Organisations adopting SIEM and security analytics-based use cases across the many tactics of the Mitre ATT&CK framework have a higher chance; however, monitoring remains an arduous task. Enter threat hunting, a proactive technique that combines security tools, analytics, and threat intelligence with human analysis and instinct as well as the quality of the data, not the quantity.

SIEM, Security Analytics, UEBA, security use-cases as well as Security Threat Hunting are capabilities that have provided a new map to direct and address execution and critical resourcing issues that have troubled the industry. To complement these, security automation technology such as Security Orchestration, Automation, and Response (SOAR) driven by artificial intelligence offers streamlined security operations in three key areas: threat and vulnerability management, incident response, and security operations automation.

The rapid rise of cyber threats is outpacing many organisation’s ability to combat these. At Iris Networks, we believe that a winning approach requires rapid detection that provides greater contextual relevance to the business and built on a dynamic understanding of an ever-changing threat landscape. This means a different AI-driven capability combining SIEM, Security Analytics, UBA, security use-cases as well as threat hunting and security automation to provide a new map to direct and address execution and resourcing issues that have troubled the industry.

Iris Networks Cloud & Security offers four distinct Managed Security Services to support our customers:

One-off Cloud Security Posture Assessment Service

This one-off cloud security assessment helps organisations to reduce their risk, and improves the visibility of their data life cycle in an era where cyber threats are complex and multi-faceted.

In this model, we provide a one-time assessment service our SaaS environment or for highly regulated customers, we also set up an on-demand offering.

Carrying out a cloud security assessment is a practical and strategic exercise to improve your cloud security health. A cloud security assessment helps you reduce your risk, and improves the visibility of the data life cycle in an era where cyber threats are complex and multi-faceted.

Managed Cloud Monitoring

This service provides organisations with continuous security monitoring, compliance adherence and custom policy building effectiveness, across multiple major cloud platforms.

As businesses everywhere move onto the cloud, they face new security challenges. There are thousands of configurations in the cloud and the numbers increase exponentially as you start leveraging more and more services from Cloud Service Providers and more so, when you have a multi cloud posture. It then becomes humanly impossible to keep up with and understand the nuances of the configurations involved in some of the key components in the cloud, mainly centred around Compute, Networks, Identity and Storage.

Using our industry-leading cloud-native platform, our Mission Control team enable you to have assurance that continuous monitoring, compliance adherence and custom policy building are effective as well as detecting cloud vulnerabilities and attacks as they occur, across multiple major cloud platforms. Our team work directly with you as an extension of your team, bringing their cloud security expertise to bear to guide implementation, risk surface identification, and ongoing cloud monitoring, enhancing your cloud strategy security posture.

Managed SIEM

This service goes beyond Managed Security Services, and is tailored for organisations not comfortable off-loading their data to a provider, while maintaining full transparency working with our Mission Control.

It covers a blended group of security operations specialists, running, managing, and perfecting your tools, while you retain total ownership.

This service enables your security analysts to prioritise alerts, and respond to the most suspicious threat behaviour faster, and ensuring that threats don’t go unnoticed and linger in your environment.

Managed Detection & Response (MDR)

MDR is for organisations struggling with detecting and responding to modern cyber threats efficiently across all environments: IT, OT, and cloud. MDR a cost-effective alternative to building an in-house SOC, delivers real-time monitoring, detection, and response using a holistic, turnkey approach.

We provide 24×7 coverage, extensive security expertise, and a well-staffed security team ensuring that threats don’t go unnoticed. We eliminate alert fatigue and false positives to promote a faster response with detection, and response capabilities that are tailored to your specific needs. Our Mission Control team work directly with you as an extension of your team to perform threat hunting, incident response, and guided remediation, while also providing strategic recommendations tailored to the unique needs of your environment.

For more information, or to book a no obligation solution overview, contact the team on

Tel: 01925 357 770

Email: sales@irisnetworks.co.uk

Security Awareness is Dead

31/07/202029/07/2020 by Anthony Barrow

If we’re honest with ourselves, we’ve all known it for a long time. Posters. Compulsory e-learning. Seminars and desk-drops. They’re security awareness staples. And they’re now all, without question, ineffective. They’re designed to teach people about security. Just on our terms.

People have overdue deadlines. Expectant bosses. Kids to feed. So we run our campaigns. And people smile and nod. Meanwhile, cyber criminals laugh and joke. For a long time, we’ve needed an overhaul.

It’s arrived.

Times have changed

Borderless security awareness is a radical change of thinking for a radically different world.

Consider COVID-19 for a second.

First, COVID-19 changed our tech. It changed the way we live, learn, shop and work. And by the way, the changes are permanent.

Now, old security awareness campaigns are absurd.

How many people are putting up their own security awareness posters at home?

How many people have security desk drops on their kitchen tables?

Good luck holding people’s attention in a virtual seminar. Or getting people on board by attacking them in their own home.

Compulsory e-learning?

Maybe. With seven other tabs open and the TV on in the background.

Enter borderless security awareness

Borderless security awareness is the only reasonable reaction to the permanently altered world.

It’s not just about securing remote people.

COVID-19 torched some time-honoured borders.

The physical separation between homes and offices. The assumed protection of in-situ office networks. The hope-filled comfort blanket of extensive security policies.

The border between personal and professional lives. And the border curtailing our expectations.

All are gone. And we need to adapt.

Borderless security awareness is our next move.

Borderless security awareness is about ditching a delusional blueprint.

It’s about downgrading enforced e-learning.

It’s about stepping beyond fake phishing.

Borderless security awareness is about supporting and assisting people at the right time and wherever they are.

It’s security awareness. For a world without borders.

The principles of borderless

At the heart of borderless thinking are six core principles:

Engage with people at the right time and in the right place. We must help people when they need help – not on our own arbitrary schedule.
Treat people like adults. We must build security into people’s lives in a people-centric way.
Go beyond training and education. Training and education alone do not work. People need support and assistance too.
Focus on security behaviours. What people do matters more than what people know.

Focus on resilience rather than absolute security. Security isn’t binary. We must watch and adjust our resilience as desired.
Measure. Use data and metrics to determine impact. Only then can you manage and reduce your cyber risk.

Borderless security awareness is an approach. It’s a mindset.

It guides how you view and address human cyber risk as it relates to security awareness, behaviour and culture.

Borderless security awareness examples

CybSafe’s Assist helps people on-demand, no matter where they are.

Let’s say they click a suspicious link.

Assist guides them. It tells them what to do next. It’s welcome advice that suffocates resulting cyber risk.

CybSafe’s Protect is another example.

With Protect, people get interactive “checklists” that help them build their security armour. Think fitness apps, or digital games.

People set security goals. – like securing their smartphone. Or security professionals set it for them. People work towards the goal in their own time, building their resilience as they go.

The above have almost nothing to do with the existing security awareness blueprint.

No posters; no desk-drops; no tick-box e-learning.

And they work. We have the data and metrics to prove it.

Changing security roles

COVID-19 has changed the world. In doing so, it’s changed the security awareness blueprint.

It’s also changed the role of security professionals.

We’re still here to manage cyber risk. But how that’s done has changed.

We need a new approach to security awareness. The new approach needs to be tailor-made for today’s world. And that means it needs to be borderless.

Traditional security awareness is dead.

Long live borderless security awareness.

Take a look for yourself how you can make a huge difference to your Cyber Security posture by empowering your workforce : CLICK HERE

Credit @cybsafe

Which is the right NetAlly tool for me?

09/06/202001/06/2020 by Anthony Barrow

Which NetAlly Tool is Right for Me?

Often, as specialist providers of network monitoring and test equipment and working with leading manufacturers in this space including NetAlly we often get asked the question “What is the right tool for me?” or “what would be the best tool for my engineers?”

Within NetAlly’s portfolio is a complete range of solutions, designed specifically to help everybody from a field technician or network technician through to 3^rd line engineer whether they are looking in to designing, installing, maintaining, troubleshooting or capacity planning for both wired and 802.11 wireless networks. Often, tool selection can simply come down to budget – however getting to grips with understanding exactly what you need to achieve with the product will pay dividends back during its lifetime and will ensure that you have the right tool for the right job whilst achieving the best return on investment and keeping the financial controllers happy.

The purpose of this document is to provide a brief summary into the purpose of some of the most popular tools which we provide here at Iris Networks, the types of customers who have typically purchased them and some examples of how they have been used. Whilst we understand that as networks become more and more borderless, we have decided to keep the wireless software (AirMagnet) range separate and will detail those products as a separate consideration.

Network Installer/Implementation

Although the name is very specific, we have used this title to describe an engineer who might be responsible for installing network devices, new switches, desktops, phones or access points. Whilst there may be an element of onsite troubleshooting. For this particular role, there is a need to be able to understand connectivity, where you are plugging in to, is it on the right switch port, is the remote switch configuration correct, is it advertising the correct speed, what VLAN is configured, are my PoE levels correct for the purpose. Another consideration might also be documentation required to sign off a job upon completion so the ability to save docs and report centrally.

If you are looking for a handy tool that can give you answers to all of the above then the LinkRunner AT is a great choice.

The NetAlly LinkRunner AT

The NetAlly LinkRunner AT comes in 2 flavours, the 1000 which is 1Gb copper RJ45 and the 2000 which is copper RJ45 and fibre SFP. The 2000 model also has TruPower PoE which inserts a resistance to solicit for PoE, and has the ability to save more reports. The LinkRunner AT enables technicians to be able to plug in to a port and understand what configuration is coming out of the port. So, which switch am I connected to and on which port, which VLAN, what PoE, is DHCP configured so that I can obtain an IP address and can I communicate out to the internet.

Core Capabilities : Cable Length , wiremap, Location, PoE

Using the NetAlly LinkRunner AT you can make light work of a potentially messy job with the ability to quickly and efficiently locating cable runs with toning (digital and analogue IntelliTone modes), switch port advertisement/light blinking and remote cable identifiers. I cast my mind back to a job a number of years ago when a client moved in to a serviced office where over time the port labels on the patch panel had faded away. Using the LinkRunner G2 with the wiremap identifiers which come in the kit enables me to plug the LinkRunner in to one end and the wiremap in to the other until I found the ports I needed to re-label.

From there, we configured VoIP VLAN on the switch and once patched in and PoE was enabled for those ports, we were able to check and verify everything was correct for the phone rollout to be seamless.

On the LinkRunner AT there is an inbuilt patch cable test using the onboard wiremap port which checks pin-to-pin connection, or installed wiring for length, shorts or open or split pairs.

Alternatively, you can do this using the wiremap adaptors which are conveniently numbered for identification.

Going up a level, the LinkRunner AT enables you to see the switch model, slot and port by using LLDP, CDP and EDP to give nearest switch information including:

Switch name and model
– IP address
– Chassis, slot, and port
– VLAN IDs
– Duplex and speed (actual and advertised)
– Signal Strength
– Connection (MDI or MDI/X)
– PoE voltage and power (actual and test limit)
– Graphical representation of power on pairs
– 1 Gig link on copper with PoE on port 30
– 1 Gig link on fiber on port 6

An important thing to consider is that there is no option to test wireless on the NetAlly LinkRunner AT.

You can purchase the LinkRunner AT via our eShop here:

NetAlly LinkRunner G2 Smart Tester

If you find yourself needing all of these features, and often finding yourself having to connect in to systems or applications to make network configuration changes, or are installing IoT devices or facilities requiring 802.3bt 90W then the NetAlly LinkRunner G2 may be a smart option given the flexibility afforded to it by being the first field tester able to validate loaded PoE 802.3bt 90W across all 4 pairs. Its also operating an Android OS which makes it very versatile by enabling you to load your own apps on top, such as ticketing apps, technical setup files, collaboration apps, iPerf, WLAN controller Apps and much, much more.

The LinkRunner G2 has similar inbuilt cable testing and link testing as the LinkRunner AT models, however with the addition on the enhanced testing for 90W 802.3bt across all four pairs, and with the flexibility of the inbuild Android OS it makes for a very versatile and capable tester, ideal for engineers for example who are having to check connections to building management systems, and IoT devices that are using PoE to power them. Whilst you can run an Edimax USB wifi adaptor, and download apps to look at wireless connectivity – its important to note that this should not be treated as a specific wireless tester, in those requirements we would highly recommend the NetAlly AirCheck

A good visual representation of how the Android OS gives a high degree of flexibility and customisation is represented in the image below, which highlights how installing your own applications on to the device extends its capabilities much further than cable testing.

You can purchase the NetAlly LinkRunner G2 via our eShop here:

Network Technician, Wireless Network Engineer, Wireless Network Installer etc

NetAlly AirCheck G2 Wireless Tester

The NetAlly AirCheck G2 has become the go to tester for wireless professionals all over the world, who are looking to install, maintain, troubleshoot and secure wireless 802.11 a/b/g/n/ac/ax networks.

If you are responsible for deploying Access Points and connecting them to the network, and then responsible for making sure that the wireless network is performing at its best then this could be the tool for you.

What makes this tool so popular, is a combination of its portability, speed, breadth of visibility, and ease of use. The AirCheck G2 even has a wired port on the side so that you can test the backhaul connectivity to the switch to ensure the correct configs are in place at a switch port level and that the right PoE levels are reaching the AP to power it.

From there, the AirCheck G2 gives clear information relating to the statistics of the network itself and the air quality – including Networks, Channels, AP’s, clients and interferers which are present including devices such as microwave, cameras, jammers etc. The AirCheck G2 is also compatible with the iPerf Test Accessory enabling you to test the performance of traffic traversing the wireless (and wired) networks using the industry standard iPerf. You might also want to take a read of our other blog post specific to Using AirCheck G2 to maintain great Wi-Fi here (https://irisnetworks.co.uk/2018/12/10/using-aircheck-g2-to-maintain-great-wi-fi/)

You can purchase the NetAlly AirCheck G2 via our eShop here:

Should you be in a role where you need all of the features of a portable tool that can help with not only what is mentioned above in the aforementioned platforms, but with the ability to go deeper in to the network, discover network devices and categorise them, to be able to capture network packets at and connect at speeds of up to 10G then you should be considering the NetAlly Etherscope nXG

Network Engineer, L3 Network Engineer, Senior Engineer, Network Manager etc

Etherscope nXG ; Portable Network Expert

The Etherscope nXG is designed to be a fully featured, all-in-one hand-held portable network tester that enables 2^nd and 3^rd line technicians the ability to do more, quicker with fewer tools. The Etherscope nXG uses custom built hardware and onboard testing. This combined with its Android OS it’s one of the most flexible, fully featured products on the market.

We often ask our customers “if you were despatched to a site to fix generic IT issues and could only take one tool, what would it be?” This would be that tool. Everything from deploying devices, testing the performance of networked devices and network paths, understanding the path devices are taking to communicate with each other, testing QoS, testing 10G, capturing packets at up to 10G , checking documentation and trouble tickets, making configuration to networked devices, troubleshooting wireless and trending wireless performance over time to help with troublesome intermittent issues. It’s all possible with the Etherscope nXG

Stats at a glance:

Native 4×4 Wi-Fi (802.11 a/b/g/n/ac wave 2)

10/100/1000 Mbps to 2.5/5/10G

90W PoE loaded verification

Problem detection includes duplicate IP, congested switch ports, oversubscribed Wi-Fi channels/SSID’s, security issues such as unknown switches and Aps with open auth and unencrypted.

Path Analysis to show switch/router path to connected devices

4 stream load testing of IP traffic via Ethernet port at line rate 10G testing for packet loss, jitter, delay.

Execute multiple AutoTest profiles to shorten test times verifying multiple VLANs and Wi-Fi SSID’s.

Packet capture on wired and wireless to PCAP file.

You can purchase the NetAlly Etherscope nXG on our eShop here:

Collaboration & Documentation.

An extra plus point is that ALL of the above tools integrate with Link-Live which is a complimentary cloud service. The Link-Live cloud service enables collaboration and centralised report keeping across all tools. Link-Live is excellent for asset management, so you can see device serial numbers, where they are connected to etc and also enables users to attach photos or comments to reports quickly and easily.

Should you wish to learn more about these products, or to arrange demo’s or trials please contact us.

Proactive Wi-Fi Experience Monitoring

09/06/202001/02/2020 by Anthony Barrow

HOW TO BE PROACTIVE AT MEASURING YOUR END USER PERFORMANCE OVER DISTRIBUTED & WI-FI NETWORKS..

Let’s roll the clock back a few years, back to when wireless networking was seen as something handy to use in areas where you didn’t have any cable runs or was a temporary fix for an ad-hoc connection. Back to the days where a user was so ecstatic for their new found freedom of mobility that the odd drop of connection, or slightly slower page speed loading really wasn’t an issue. It was after all a luxury that they felt lucky to have…

Now, lets get back to the real world, back to 2018 and how do things compare.

More and more applications are being deployed for core services, what was once recreational traffic can now be seen as an enabler for business, studies have suggested that staff moral and productivity is increased by allowing recreational surfing, social media browsing and more. Wireless has become prolific, no longer a nice to have – many see it as the primary connection media and are adopting wireless first initiatives and businesses depend on it to run. No longer are your end users content with mediocre connectivity, the slightest glitch and ‘the Wi-Fi is down’ calls start flooding the helpdesk. Sorry to bring you back to earth with a bump.

Reactive or Proactive?

I’m not here to beat up any train of thought, there is a use case for both reactive tools and proactive tools and we can certainly help with both elements. For the purpose of this particular blog, I will focus on ways which we have successfully helped our clients to be proactive about understanding network & application performance from how the user (or client) sees it. Solutions that might give you a different opinion when your core monitoring tools tell you everything is O.K, just as a client would when they pick up the phone and raise a case telling you so.

In absolutely no particular order I will introduce 3 solutions to address this. Solutions which bring proactive monitoring of both Wifi experience and underlying network experience for both hosted and cloud applications.

Ixia Hawkeye

Ixia Hawkeye enables you to conduct wireless network assessments by deploying wireless enabled endpoints in different distributed locations; or between different sites with software endpoints deployed on Android. iOS, Windows or Linux.

With the agents deployed, you can now conduct network assessments and run real world traffic over your Wi-Fi (and supporting core) network, emulating typical applications and measure end user experience. Hawkeye measures experience metrics like voice MoS score, or application response time over time and per location. It can be permanently deployed or deployed on an ad-hoc method due to the flexible nature of the way it is licensed.

“By running Hawkeye continuous Wi-Fi assessments on my campus, I am able to monitor the quality of access to critical services like Lync and SAP from different buildings and floors and be very reactive when I detect degradation, quickly identifying where to diagnose and solve issues”

There are 2 type of test, the Node to Node, or the Real Service Test.

In Node to Node, one endpoint generates application traffic and sends to another endpoint over the live network. The receiving node is in turn able to relay the information and statistics back to the management interface.

In Real Service Tests, endpoints generate application traffic and send to network devices such as servers and sends its metrics back to the management interface.

Ixia have a long standing history in the network test market and it would come as no surprise that they have the largest application test library in the industry. This enables you to create real world synthetic tests specific to your needs.

With the application library, you are able to:

Ensure Quality of Experience (QoE) of end users using service such as Voice, Skype for Business or video conferencing.

Ensure that users can access business critical cloud applications such as Office365, YouTube, Dropbox and more.

Qualify and maintain network SLAs with diagnostic tools for IP Transport testing – Assess layer 3 network performance indicators (loss, jitter, delay)

Validate core services such as DNS and traceroute.

Qualify and quantify the real capacity of your network circuits Test TCP and UDP at speeds up to line rate.

NETSCOUT enGenius Pulse

NETSCOUT’s enGenius Pulse is architected in a similar way to that of Ixia, where as you have a centralised monitoring service dashboard and distributed endpoints. The endpoints come either as a dedicated small footprint PoE powered micro appliance or one that can be added as a lightweight piece of software on a laptop or PC for example.

Once the endpoint is deployed you can immediately begin testing proactively. The devices will behave like a client, obtaining IP addresses, DNS and then communicating the services under test be it core back in the datacenter, or cloud applications, or even VoIP between sites; the micro appliances will call each other and report back the status of the calls – which is a really nice feature.

NETSCOUT’s enGenius Pulse will enable you to track actions through an application, so for example when you have to traverse log-in screens for applications such as SalesForce, or Office365 helping you to understand the tru application and not just its front page load.

Integration with NETSCOUT enGeniusONE

It goes without saying that there is a very slick integration with the NETSCOUT enGeniusONE service assurance platform, meaning that when you combine Pulse with enGenuisONE you have a full core-to-edge solution giving a enterprise wide visibility of your critical infrastructure and application performance.

Distributed Wi-Fi End User Experience monitoring

Aruba User Experience Insight (Cape)

Another fantastic way to look at end user performance over the wireless network is by using HPE Aruba Service Assurance which was formerly known as Cape. So how is this different?

Cape sensors look similar to a small wireless access point and are deployed where your end users would be, and from where you really want to monitor your end user experience. The only other component is a cloud subscription, to where the sensors communicate and report all of their findings.

In answer to ‘how is this different?’ a good place to start is right at the dashboard. Cape’s dashboard utilises a very easy to read traffic light system of service availability and takes a detailed understanding of service availability to a different audience, with as much technicality as you would need for a 2/3rd line tech.

In the dashboard you configure what you want to test, cloud services and business apps, remote servers back in the datacentres and the test profiles are executed from the sensors with full detailed analysis being sent back to the dash for analysis and long term trending.

The Cape sensors connect in to the network just like a client would, and communicate with the selected applications, report back all transaction statistics over time whilst recording all of the wireless statistics to correlate at the same time.

7Signal Distributed Wireless Network Monitoring

7Signal is an overlay distributed monitoring platform that employs sensors within your environment that are used to connect in to your network and run a number of synthetic transactions to test the performance of real world applications, whilst recording both active and passive statistics.

What 7SIGNAL monitors:

- - Connection rates and quality
  - Client throughput and data rates
  - Packet latency
  - Voice quality (MOS)
  - Utilization
  - Signal strength
  - RF interference

7SIGNAL benefits:

- - 100% SaaS delivery
  - Enterprise-wide visibility of Wi-Fi performance from any browser
  - Modular deployment to fit needs
  - Find and fix WLAN issues before users notice or complain
  - Boost productivity by improving the Wi-Fi user experience for all
  - Track WLAN performance as the devices mix and usage evolves
  - Verify the true impact of WLAN configuration changes
  - Reduces the TCO of operating business-critical WLANs
  - Rapid SaaS deployment model

A additional great feature of the 7Signal solution is the Mobile Eye app, which runs on a mobile device and enables crowdsourcing of your mobile device connectivity with all results being shared to the EyeQ platform.

Wi-Fi KPI & SLA Measurement/Monitoring

Something extra that we really like here, is the way that 7Signal have a really unique way of getting to the specifics that matter – in the way that they measure and report against pre-determined SLA/KPI targets so that you are kept abreast of how close (or far) you are from meeting your objectives.