Network engineers and CIOs agree that cybersecurity issues represent the biggest risk for organisations that fail to put networks at the heart of digital-transformation plans. According to research commissioned by Opengear a Digi International company (NASDAQ, DGII) 53% of network engineers and 52% of CIOs polled in the U.S., U.K., France, Germany, and Australia rank cybersecurity among the list of their biggest risks.
The concerns are fueled by an escalating number cyberattacks. In fact, 61% of CIOs report an increase in cybersecurity attacks/breaches from 2020-21 compared to the preceding two years. For digital transformation of networking, 70% of network engineers say security is the most important focus area, and 31% say network security is their biggest networking priority.
CIOs also understand the importance of the issues. More than half (51%) of network engineers say their CIOs have consulted them on investments to deliver digital transformation plans, the highest priority in the survey. What’s more, 41% of CIOs rank cybersecurity among their organisation’s most important investment priorities over the next year, with 35% stating it is among the biggest over the next five years. In both cases, cybersecurity ranks higher than any other factor.
“Through the pandemic, we have seen the importance of cybersecurity skyrocket for businesses as employees switch to working remotely and cyber-criminals ramp up their activity,” said Gary Marks, President of Opengear. “Forward-thinking businesses understand these challenges and the importance of investing more in security and ensuring it is woven more closely into the fabric of their networks and digital transformation efforts.”
About Opengear
Opengear, a Digi International company, delivers secure, resilient access and automation to critical IT infrastructure, even when the network is down. Provisioning, orchestration, and remote management of network devices, through innovative software and appliances, enable global organisations to manage data centers and remote network locations across financial, digital communications, retail, and manufacturing industries. Opengear was acquired by Digi International in 2019, bringing together two organisations with a deep commitment to providing the best products, software, and services that meet the demands of mission-critical networks. Both companies continue to build and support strong customer relationships.
About Digi International
Digi International (NASDAQ: DGII) is a leading global provider of IoT connectivity products, services, and solutions. It helps companies create next-generation connected products and deploy and manage critical communications infrastructures in demanding environments with high levels of security and reliability. Founded in 1985, Digi has helped customers connect more than 100 million things and counting.
Stockholm, Sweden and Dublin, Ireland May 24, 2022 Enea the world leader in mobile network security, today announced that Digicel Group has deployed Enea AdaptiveMobile Security’s comprehensive signaling security solution to protect mobile networks and subscribers in 26 markets across the Caribbean and Central American region. Using the Enea AdaptiveMobile Security SS7 and Diameter signaling security platform, together with unique threat intelligence services, Digicel ensures unrivalled protection for its networks and subscribers in each country.
Bad actors and fraudsters exploit technical vulnerabilities to breach subscriber privacy, to deny access to services and to directly defraud both mobile operators and subscribers. Enea AdaptiveMobile Security’s award-winning signaling security firewall and threat intelligence solutions protect networks using signaling protocols such as SS7 and Diameter from continuous attack. This offers domestic and roaming subscribers protection from new and emerging cybersecurity threats.
“We are an operator group that places our commitment to security at the core of our operation, adopting a zero-trust interconnection strategy,” said Krishna Phillipps, Group CTO, Digicel. “After a thorough evaluation of the best possible partners to help us deliver on this vision, we selected Enea AdaptiveMobile Security’s security platform and threat intelligence services to continue protecting our networks against today’s threats and those we’ll face tomorrow.”
“Threat actors are well versed in penetrating unprotected mobile networks. As a result, it is critical that mobile operators work to actively secure vulnerable network infrastructure and maintain a managed defense. This level of security will be a clear differentiator for Digicel across all its markets”, said Brian Collins, SVP, Security, Enea AdaptiveMobile Security. “Our signaling security platform is enhanced by our unique signaling threat intelligence; we are continuously detecting and protecting against new threats and techniques used by sophisticated bad actors manipulating multiple network protocols. Our intelligence is extracted from over 50 billion signaling events globally every day. We are delighted to be working with Digicel to help secure their networks and subscribers.”
ETELM, the radio communications infrastructure specialist, has entered the second phase of its work with the BroadPort consortium in developing a pan-European interoperable mobile broadband system for Public Protection & Disaster Relief (PPDR) users. The BroadPort consortium is among three consortia awarded the prototype project based on the successful technical concept developed in Phase 1 of BroadWay, an innovative European Pre-Commercial Procurement project.
The BroadWay initiative was created by the public safety agencies from 11 European countries and is operating under the framework of Horizon 2020, a flagship EU research and innovation programme. Collectively, these agencies provide mobile communication services to around 1.4 million responders and deal with an array of crimes and disasters that are not limited to fixed geographical borders.
Where currently each country possesses its own separate system to handle mission-critical communications, the objective of BroadWay is to develop a unified solution that will allow European first responders to communicate, share and access information regardless of the country in which they intervene. This will provide operational mobility for public safety responders across Europe by linking national mission-critical mobile broadband networks to act as one.
By developing a pan-European broadband mobile network for PPDR, public emergency and security services across Europe can achieve seamless interoperability and operational mobility. In turn, this will enable agencies to keep populations safe by allowing them to collaboratively respond to cross-border crimes, natural disasters and public safety incidents more efficiently and with the highest possible levels of continuity and security.
Nicolas Hauswald, CEO of ETELM, said: “We are truly inspired by the ambition of this great project to connect public safety organisations across the continent and create one of the world’s most advanced and secure mission-critical communications networks.
“Our experience in delivering professional radio communications infrastructure over the last 40 years has taught us that a reliable communications system is the key to handle complex transmissions and remove any barriers that could delay a response. We’re delighted to be able to contribute this expertise as part of the BroadPort team that are working towards the removal of ‘barriers’ in pan-European mission-critical communications by leading with innovation.”
He continued: “By offering greater bandwidth and flexibility when it comes to data-rich applications and video, LTE networks enable emergency services, first responders and critical national infrastructure operators to integrate data seamlessly with their voice communications.
“Our agility when responding to fast-developing emergency situations in this way can mean the difference between life and death, so this is a project of immeasurable significance. There’s a great challenge ahead, and we are looking forward to getting stuck in.”
The BroadWay solution prototypes will be tested and evaluated in Spring 2021. After which a subsequent competition will be held where two remaining consortia will be tasked with deploying final pilot systems by Spring 2022 for Phase 3 of the BroadWay project (Pilot Phase).
The full BroadPort consortium, led by Frequentis, consists of the following partners: ETELM, Crosscall, Halys, Municipality of Málaga, Nemergent Solutions SL, and Universidad de Málaga. The subcontractors are Arico Technologies, Eutelsat SA, PrioCom B.V., Telefónica I+D, T-Mobile Netherlands B.V., and Virtual Fort Knox AG.
Park Place Technologies, a leading global provider of data centre hardware maintenance, has been awarded status as the sole supplier on Scotland’s Server and Infrastructure Maintenance Framework.
The framework is administered by the Scottish Government and provides services to Scotland’s public sector. The deal is believed to be worth around £5m over a 2-year period with an option to extend for a further two years, and had 5 other companies alongside Park Place Technologies in the running.
The framework is live and will support local government, education, national government and other public bodies while offering core IT support and infrastructure services. These services to be procured on the framework can include but not limited to; server hardware maintenance, identification of hardware failure, warranty management, and the installation of replacement hardware and components.
Commenting on the news Chris Adams, CEO, Park Place Technologies, said;
“We are deeply honoured to be awarded sole supplier status. It’s a role we are looking forward to immensely as it will give us the opportunity to improve public sector experiences in the region and support some of the most nimble and forward-thinking organisations Scotland has to offer.”
By awarding the contract to Park Place Technologies, public sector organisations are likely to receive multiple benefits including 24/7 availability to a dedicated team of specialist technology experts. All services will be delivered from a local Scottish office, based in Glasgow, which will provide local knowledge and insight, as well as helping to reduce costs by having all the necessary expertise close by. Local support teams will also have access to Park Place Technologies multinational services too.
“The point of this framework is that Scottish public sector bodies no longer need to worry about procurement when it comes to server and IT maintenance. Park Place Technologies was appointed following a comprehensive tender exercise, under EU public procurement regulations, which means quality and consistency is assured – something businesses of any size should feel good about”, said Adams
More information on the Server Maintenance framework can be found on the Scottish Procurement’s website.
EMEA is a global hotspot for brute force access attacks, according to research from F5 Labs.
The analysis forms part of the Application Protection Report 2019, which explores the fact that most applications are attacked at the access tier, circumventing legitimate processes of authentication and authorisation. Brute force attacks are typically defined as either ten or more successive failed attempts to log in in less than a minute, or 100 or more failed attempts in a 24-hour period.
EMEA hit hardest
In 2018, the F5 Security Incident Response Team (SIRT) reported that brute force attacks against F5 customers1 constituted 18% of all attacks and 19% of addressed incidents.
Of all SIRT-logged attacks taking place in EMEA last year, 43,5% were brute force. Canada was a close second (41,7% of recorded attacks), followed by the USA (33,3%) and APAC (9,5%). The public services sector was most affected, with 50% of all incidents taking the form of brute force attacks, followed by financial services (47,8%) and the healthcare industry (41,7%). Education (27,3%) and service providers (25%) were also in the firing line.
“Depending on how robust your monitoring capabilities are, brute force attacks can appear innocuous, like a legitimate login with correct username and password,” said Ray Pompon, Principal Threat Research Evangelist, F5 Networks. “Attacks of this nature can be hard to spot because, as far as the system is concerned, the attacker appears to be the rightful user.”
Any application that requires authentication is a potential venue for a brute force attack, but F5 Labs mostly recorded attacks focusing on:
HTTP form-based authentication brute force (29% of logged attacks globally). Attacks against web authentication forms in the browser. Most of the traditional logins on the web take this form.
Outlook web access (17,5%), Office 365 (12%) ADFS (17,5%) brute force. Attacks against authentication protocols for Exchange servers, Microsoft Active Directory and Federated Services. Since these services are not accessed through a browser, users authenticate to them through separate prompts. Due to the single sign-on capabilities of AD and federation, successful access attacks of these protocols encompass mail, as well as entire intranets and significant amounts of sensitive information.
SSH/SFTP brute force (18%). SSH and SFTP access attacks are among the most prevalent, partly because successful SSH authentication is often a quick path to administrator privileges. Brute forcing SSH is hugely attractive to cyber criminals as many systems still rely on default credentials ease of use.
S-FTP brute force (6%). S-FTP brute force is dangerous as it is a method to drop malware, which presents a wide range of disruptive options, including escalation of privilege, keylogging or other forms of surveillance and network traversal.
Overall, email is the most targeted service when it comes to brute force attacks. For organisations that do not rely heavily on ecommerce, the most valuable assets are often stored far from the perimeter, behind multiple layers of controls. In this case, email is often a powerful staging ground to steal data and gain access to the tools needed to wreak widespread havoc.
Breach data also pegged email as a primary target; it was involved in the top two subcategories of access breaches, representing 39% of access breaches and 34.6% of all breach causes. Email is directly attributed as a factor in over a third of all breach reports.
Staying safe
According to the Application Protection Report 2019, safeguarding against access tier attacks is still a major challenge for many organisations. Multi-factor authentication can be hard to implement and not always feasible in the required timeframe. Worryingly, while passwords are typically inadequate forms of protection, F5’s Application Protection Report 2018 found that 75% of organisations still use simple username/password credentials for critical web applications.
“While access attack tactics will certainly change as defensive technologies become more advanced, the core principles to stay safe will remain significant for the foreseeable future,” said Pompon.
“To start, make sure your system can at least detect brute force attacks. One of the main challenges is that confidentiality and integrity can sometimes find themselves at odds with availability. It is important to establish reset mechanisms that work for both the organisation and its users. It is not enough to set up some firewall alarms on brute force attempts and take a nap. You have to test monitoring and response controls, run incident response scenario tests, and develop incident response playbooks so that you can react quickly and reliably.”
Anthony Webb, EMEA Vice President at A10 Networks, discusses how businesses can achieve the best results from their investment in cloud applications and technology.
In environments that span from on-premises to public, private and hybrid clouds, application delivery, security and visibility can become complex and inefficient. With 84 percent of enterprises now using a multi-cloud strategy, according to the RightScale 2019 State of the Cloud Report from Flexera, this issue is more pressing than ever before.
Growing Industry Trends
Today, all companies are undergoing digital transformation in some form. Regardless of industry and focus, technology is now at the centre of how enterprises are run. Here are some of the trends that have risen to prominence as a result.
Applications Are Changing
Widespread use of mobile devices has put applications at our fingertips. Apps are an integral part of every company and they are expected to be updated, delivered and deployed as quickly as possible. This shift can be observed in the microservices movement. As monolithic architectures have been replaced with microservices architectures, applications are no longer delivered as a single, self-contained program.
Instead, applications are now divided into smaller components that must be delivered in concert. Oftentimes, those components are managed through container platforms like Docker and Kubernetes, as illustrated below:
Deployment Models Are Changing
Applications aren’t all that is changing. Deployment models have also undergone a dramatic transformation. Thanks to global demand for application availability and agility, apps are no longer bound to the data centre. Rather, applications are deployed across multiple data centres and in a multi-cloud environment.
Today, we see not only the traditional application delivery services but cloud-native application delivery, which provides conventional load balancing but is designed to meet the agility and flexibility requirements of multi-cloud and hybrid-cloud environments.
Current infrastructures are not disappearing. Rather, companies must find a way to make their existing data centres work in tandem with microservices and cloud-based infrastructures.
This creates a degree of complexity that can present significant obstacles to companies of all kinds.
Key Challenges We’re Facing
As these trends converge, businesses are up against a specific set of challenges. Here are the four primary challenges we see and their technology-driven solutions:
Driving agility: To meet more aggressive time to market (TTM) deadlines, companies need agility. That means automation and self-service wherever possible.
Supporting multiple environments: From traditional data centres to public and private clouds, enterprises must figure out how to support a variety of applications across multiple environments. This demand streamlined management solutions that are quick, easy to use and able to efficiently migrate applications from one environment to another.
Increasing efficiency: Managing applications and providing consistent security requires complete visibility and operational intelligence. Detailed analytics can do this and are vital to quick troubleshooting. And as environments continue to diversify, this is becoming more essential.
Security: In the past, enterprises only had to worry about securing east-west traffic, or traffic that occurs within the data centre. Now, they also need to secure north-south traffic, or traffic that moves in and out of the data centre. This includes traffic flowing to and from the cloud, as well as traffic flowing between microservices.
And now you have challenges specific to microservices architecture.
Since 90 percent of enterprises are using or planning to use microservices, as detailed in LightStep’s 2018 Global Microservices Trend Report, the vast majority of companies must now consider:
Micro-segmentation with auto encryption: Enterprises must ensure that when traffic flows between micro-segments, it’s automatically encrypted for security purposes.
Auto service discovery: The reason microservices work is that when one microservice instance goes down, the orchestration system will create a new one. So, companies need to map that process and efficiently direct traffic to the new instance.
Complete visibility: Companies need to see what’s going on between the microservices as well as within the applications themselves.
How to Resolve Those Challenges
Ultimately, the objective is to deliver a consistent, user-friendly experience when deploying applications.
The truth is, users don’t care about where your applications reside or what kind of architecture you use. They only care about their experience, and to make that experience great, enterprises need to resolve the challenges through automation, management, and visibility and control.
Automation
Businesses require faster and more frequent application delivery. This means that infrastructure and IT teams need to be able to deliver agility to support those demands. Businesses need intelligent automation that is API-driven so that businesses can become more efficient.
Management
Automation on its own isn’t enough. Companies also need a centralized management solution that increases operational efficiency and agility by enabling the IT teams and application teams to work together to centrally configure and manage all applications and policies across any environment.
Keep in mind that only a dedicated central management solution will be able to deliver those results across multiple environments. Unless all a company’s applications are in a single cloud, built-in cloud management solutions will be inadequate.
Visibility and Control
Visibility is now more crucial than ever before. That’s because it’s not only about dashboards that allow companies to simply monitor and watch. It’s about per-application visibility, which makes efficient troubleshooting possible.
What Companies Can Do Today
Companies can now implement best practices for application delivery, security and visibility across multiple environments by putting a centralised controller in place. A comprehensive central controller converts raw data into actionable insights. This ability can result in a dramatic efficiency gain of 92 percent.
With the right central controller in place, enterprises can deliver the following:
Deliver consistent application policy control wherever apps reside, whether they’re on-premises or in the cloud
Provide integrated security and compliance across multiple environments
Manage distributed and complex application environments with automation
Gain visibility and deep insights into application traffic for lightning-fast troubleshooting
Written by Anthony Webb, EMEA Vice President at A10 Networks
Four out of five enterprises are now running containers, and 83% are running them in production. Given that only 67% were doing so in 2017, it’s clear that containers are more than a fad.
With containers’ newfound popularity, some companies are struggling to establish an efficient traffic flow and effectively implement security policies within Kubernetes, one of the most popular container-orchestration platforms.
As a container orchestrator and cluster manager, Kubernetes focuses on providing fantastic infrastructure, and has been adopted by countless companies as a result. Companies that use a microservices architecture (MSA) for developing applications, tend to find that Kubernetes offers a number of advantages when it comes time to deploy those applications.
For all those reasons, it’s essential that organisations understand the unique traffic flow and security requirements that Kubernetes entails.
What Is Kubernetes?
Kubernetes is an open-source container-orchestration system. It’s a portable and extensible program for managing containerised workloads and services and provides a container-centric management environment.
Kubernetes has one master node and two worker nodes. The master node functions by telling the worker nodes what to do, and the worker nodes function to carry out the instructions provided to them. Additional Kubernetes worker nodes can be added to scale out the infrastructure.
Another primary function of Kubernetes is to package up information into what are known as “pods,” multiples of which can run inside the same node. This way, if an application consists of several containers, those containers can be grouped into one pod that starts and stops as one.
Challenges in Kubernetes Environment
Like all other container-orchestration systems, Kubernetes comes with its own set of obstacles.
The networking of Kubernetes is unconventional in that, despite the use of an overlay network, the internal and external networks are distinct from one another.
Plus, Kubernetes intentionally isolates malfunctioning or failing nodes or pods in order to keep them from bringing down the entire application. This can result in frequently changing IP addresses between nodes. Services that rely on knowing a pod or container’s IP address then have to figure out what the new IP addresses are.
When it comes to access control between microservices, it’s important for companies to realise that traffic flowing between Kubernetes nodes are also capable of flowing to an external physical box or VM. This can both eat up resources and weaken security.
Kubernetes and Cloud Security Requirements
There are many requirements of Kubernetes and cloud security:
Advanced Application Delivery Controller
Companies already use advanced Application Delivery Controller for other areas of their infrastructure, it’s necessary to deploy one for Kubernetes as well. This allows administrators to do more advanced load balancing than what’s available with Kubernetes by default.
Kubernetes is equipped with a network proxy called kube-proxy. It’s designed to provide simple usage and works by adjusting iptables rules in Layer Three. However, it’s very basic and is different than what most enterprises are used to.
Many people will place an ADC or load balancer above their cloud. This provides the ability to create a virtual IP that’s static and available to everyone and configure everything dynamically.
As pods and containers start up, the ADCs can be dynamically configured to provide access to the new application, while implementing network security policies and, enforcing business data rules. This is usually accomplished through the use of an “Ingress controller” that sees the new pods and containers start up, and either configures an ADC to provide access to the new application or informs another “Kubernetes controller” node about the change.
Keep the Load Balancer Configuration in Sync With the Infrastructure
Since everything can be constantly shifting within the Kubernetes cloud, there is no practical way for the box that’s sitting above it to keep track of everything. Unless, however, you have something like the purple box, generally referred to as an Ingress controller. When a container starts or stops, that creates an event within Kubernetes. The Ingress controller identifies that event and responds to it accordingly.
This takes a great burden off of administrators and is significantly more efficient than manual management.
Security for North-South Traffic
North-south and east-west are both general terms to describe the direction of traffic flow. In the case of north-south traffic, traffic is flowing in and out of the Kubernetes cloud.
As mentioned before, companies need traffic management above the Kubernetes cloud to watch and catch malicious traffic.
If there’s traffic that needs to go to specific places, this is the ideal place to do that. If enterprises can automate this kind of functionality with a unified solution, they can achieve simplified operations, better application performance, point-of-control, back-end changes without front-end disruption and automated security policies.
Central Controller for Large Deployments
Scaling out is something else that enterprises need to take into account, especially in terms of security.
The Ingress controller is still there, but this time it’s handling multiple Kubernetes nodes and is observing the entire Kubernetes cluster. Above the Ingress controller would be the A10 Networks Harmony Controller. Such a controller allows for efficient load distribution and can quickly send information to the appropriate location.
With a central controller like this, it’s imperative to choose one that can handle scaling in and scaling out with little to no additional configuration on existing solutions.
Access Control Between Microservices
East-west traffic flows between Kubernetes nodes. When traffic flows between Kubernetes nodes, this traffic can be sent over physical networks, virtual or overlay networks, or both. Keeping tabs on how traffic flows from one pod or container to another can become quite complex without some way of monitoring those east-west traffic flows.
Plus, it can also present a serious security risk: attackers who gain access to one container can gain access to the entire internal network.
Luckily, companies can implement something called a “service mesh” like the A10 Secure Service Mesh. This can secure east-west traffic by acting as a proxy between containers to implement security rules, and is also able to help with scaling, load balancing and service monitoring.
With this type of solution, companies like financial institutions can easily keep information where it should be without compromising security.
Encryption for East-West Traffic
Without proper encryption, unencrypted information can flow from one physical Kubernetes node to another. This presents a serious problem, especially for enterprises that handle particularly sensitive information.
When evaluating a cloud security product, it’s important for enterprises to select one that encrypts traffic when it leaves a node and unencrypts it when it enters.
Application Traffic Analytics
Lastly, it’s of vital importance that enterprises understand the details of traffic at the application layer.
With controllers in place to monitor both directions of traffic, there are already two ideal points to collect traffic information.
Doing so can aid in both application optimisation and security and allows for several different functions. Organised from the simplest to the most advanced, those functions can allow for:
Performance monitoring via descriptive analytics. Most vendors provide this.
Faster troubleshooting via diagnostic analytics. A smaller number of vendors provide this.
Insights via predictive analytics generated by machine learning systems. Even fewer vendors provide this.
Adaptive controls via prescriptive analytics generated by truly intuitive AI. Only the best and most advanced vendors provide this.
So, when companies are talking to vendors, it’s essential that they determine which of those benefits their products can offer.
Additional Considerations for Dev and Ops Simplicity
Companies should be looking for a simple architecture with a unified solution, central management and control for easy analytics and troubleshooting, common configuration formats, no change in application code or configuration to implement security and gather analytic information and automated application of security policies. If companies prioritise those items, enterprises can enjoy streamlined, automated and secure traffic flow within Kubernetes.
