Network security is of paramount concern for all businesses in 2021 and beyond, one facet of network security that should be at the forefront of most organizations is Configuration and Compliance Management.

Creating and enforcing configuration and compliance management ensures that all your network devices are configured to meet your organisation’s standards and requirements. It also encapsulates all connected devices and helps identify potential risks.

The average cost of a cybercrime attack on an Australian business is $276,323. It then takes a company an average of 23 days to recover from an attack, this stresses the importance of having configuration and compliance in place. Simple processes for opConfig involve backing up all configuration data of your network devices, comparing configuration between your devices, and creating events when configuration changes. When it comes to recuperating from an attack or fixing the problem caused by a breach, heavy losses of time and money are a continual variable amongst many businesses, these are reduced by using opConfig if they occur at all.

Unauthorised devices, installing non-compliant software, or user errors are just a few ways of how systems can be compromised. From Open-AudIT to monitor new devices on a network or non-authorised software installation to using opConfig to monitor default passwords enabled, these risks can be reduced.

Early warnings are paramount to network security

Early warnings are essential for network security. If you can detect a security or compliance breach early, it’s easier to stop and prevent damage. But most companies don’t have the tools they need to do this effectively. Despite this, Opmantek senior engineer Mark Henry said many IT systems were running with low-scale early warning solutions.

“Generally speaking, a lot of the customers that we talked to, who haven’t adopted NMIS (Network Management Information System) as their network monitoring solution, are sitting down around the level zero or level one area (Gartner’s IT Service Management Maturity Model). That’s also the same for many kinds of low end, off-the-shelf, free or open-source monitoring solutions,” he said.

The truth is that most companies don’t have the time or resources to monitor their networks 24/7. Using NMIS, a reliable and robust monitoring system, means you don’t have to.

The benefits of an integrated network management information system

Network Management Information System (NMIS) is an open-source network management system that provides real-time monitoring, configuration, and troubleshooting capabilities. It’s used by many companies worldwide who are looking for ways to manage their networks efficiently, integrating this with other modules that Opmantek offer will help build an efficient and effective strategy to help mitigate network security risk.

Open-AudIT can be installed onto Linux, Windows, or Virtual machines and once installed, needs only credentials and a subnet to discover all the devices attached to that network. Integrating Open-AudIT and NMIS is incredibly easy, Open-AudIT will discover all the devices on your network and with a click of a button, they will all be managed by NMIS, read more here. Integrating opConfig into this is a matter of importing the nodes from NMIS and then creating/applying a credential set for that node, detailed here. From here, we have a system in place that will discover any devices on your network, monitor all software installations, monitor the status/availability of devices, and report on any configuration changes.

To test this out on a lab network, download Opmantek’s virtual machine, with everyone installed and ready to go, and see how easy it is to get ahead of network issues.

This excerpt comes from a blog originally posted on MSP Insights

Murphy’s Law states: “Anything that can go wrong will go wrong.” Equipment always breaks when you’re on vacation, often when the on-call engineer is as far away as possible, and with little useful information from the network management software (NMS).

It’s critical for a network to be available 100% of the time and always performing at 100%. Network management is a core component of IT infrastructure that is put in place to minimize disruptions, ensure high performance, and help businesses avoid security issues. Network architectures and networking products handle the brunt of the work, but management tools and technologies are essential for picking up the slack and allowing the shift from reactive to proactive strategies.

Network automation can automate repetitive tasks to improve efficiency and ensure consistency in network teams. Ultimately, automation will improve the meantime time to resolve (MTTR) and drive down the total cost of ownership (TCO). Network automation enables staff to gain process and configuration agility while maintaining compliance standards. It will help simplify your network and lower maintenance costs.

Save Time And Money With Automation

According to Gartner, “The undisputed number one cause of network outages is human error.” As humans, we all make mistakes, which is why businesses must have comprehensive automation in place. Automation can reduce the likelihood of issues being missed by ensuring consistency and reducing the need for tedious manual configuration. It also can save time, money and improve productivity. The following are four steps organizations can take to build a reliable and agile network through automation.

1. Implement Operation Process Automation (OPA)

OPA is about getting the right systems in place to automate repetitive operational tasks to improve efficiency and ensure consistency in operations teams. OPA delivers process automation specifically to IT and network operations teams. As well as emulating actions that network engineers take within a network management system, OPA also can perform advanced maintenance tasks, assist in the interpretation of network data, and communicate effectively with other digital systems to categorize, resolve, and escalate potential network issues. Ultimately, OPA is about improving the MTTR and decreasing the cost of operations.

2. Improve Configuration Management

When considering automation solutions to scale your business, a critical variable to consider is time saved through automation compared to the amount of time tasks take if performed manually. A significant amount of administration time is consumed managing configurations and firmware updates, which could be better spent on proactive tasks. Organizations looking to become more efficient should consider an automated network management tool that integrates configuration management to reduce the risk of human errors and enable easier implementation of network-wide changes. This concept is not new, and it is the fundamental basis of making impactful decisions on how your organization can scale.

3. Single View Multi-Vendor Support

Most networks are composed of elements from multiple manufacturers. This can create challenges when overseeing the elements of each management system. A better, more efficient approach is to find and deploy management tools that offer true multi-vendor support. This will reduce the number of tools needed for day-to-day tasks and eliminate the need for learning and maintaining multiple management tools, which will improve operational responsiveness and efficiency.

4. Policy-Based Management Systems

Many common network administration activities should be handled by the network management system automatically. These systems should not require repeated configuration but be configured through a policy that captures the business rules and ensures that devices are handled consistently. Automated device discovery and classification is another important aspect, automatically determining what the device is, what to monitor, and what type of alerts and events will be generated, all without human intervention.

Combining People And Process Automation

According to Forrester, 56% of global infrastructure technology decision-makers have implemented/are implementing or are expanding/upgrading their implementation of automation software. It’s important to note that automation does not mean the replacement of individuals. Instead, it can benefit IT workers, by transferring routine and tedious elements of managing networks to machine learning models that can reduce the noise from the vast number of alerts and notifications. For organizations that are looking to scale, a combination of people and process automation will yield the best results book a demo from our experts to learn more.

There has been a significant growth in ransomware attacks in Australia and even other countries where hackers are especially leveraging the Covid-19 outbreak to dupe netizens. According to a report by Cybersecurity Ventures, by 2021, one business entity will succumb to ransomware attacks every 11 seconds, up from every 14 seconds in 2019.

Ransomware, defined in the simplest terms, is malicious software that secretly seeps into your computer or data center and encrypts some/all data using a unique key that can only be decrypted and accessed using the same key. Attackers then demand a ransom to let you gain access to your data. According to Datto, American cybersecurity and data backup company, ransomware costs businesses more than $75 billion per year.

Some common types of ransomware attacks include:

• Crypto malware gains unauthorized access to IT systems and encrypts valuable data and files, disrupting IT operations. The hacker demands payment to hand over decryption keys.
• Lockers block users and administrators from logging into their systems, blocking access to files and applications. The attacker demands a ransom to grant access and restore systems to normalcy.
• Doxware, also known as extortionware, obtains sensitive information and threatens to publish it online, putting confidential, mission-critical business data at risk. As businesses are responsible for protecting their user data, this situation can disrupt legal compliance.

Most of the ransomware attacks start with a phishing email. A simple click with a link to download a malicious attachment can be the gateway to a successful attack. With the ongoing stress and uncertainty of the coronavirus pandemic, people are more vulnerable to fall victim to carefully designed phishing attacks.

Amidst rising Coronavirus cases, there has been a significant increase in the ransomware attacks on hospitals and healthcare institutions. However, this doesn’t mean others businesses are safe. Many companies are succumbing to these attacks as many of their employees are working remotely in insecure networks. The coronavirus crisis is impacting business revenues and cash flows already, and a  successful ransomware attack on top of it will impact business continuity drastically.

Use-cases of Toll Group and Epiq Global, among others
Ransomware and related attacks worth about $241 million were reported in Australia alone in 2019, according to a new report. The attacks have continued in 2020, with the Australian logistics company, Toll Group, being hit by a ransomware attack on 31 Jan 2020. The company, with over 40,000 workers, had to shut down, disable and isolate its systems and resort to manual processing of the massive amount of data it deals with daily. On 26 Feb 2020, a ransomware attack impacted Talman Software, which serves 75% of the Australian wool industry. As a result, the whole wool buying and selling system went offline across Australia and New Zealand.

Globally, organizations are focusing on digital transformation initiatives—making them primary targets of ransomware attacks. On 29 Feb 2020, a ransomware attack on legal services giant Epiq Global had quickly spread and affected all computers across their 80 global locations. On 2 Mar 2020, Visser Precision LLC, US-based aerospace, automotive, and industrial parts manufacturer, fell victim to a ransomware attack by the DoppelPaymer group. It affected industrial giants Lockheed Martin, General Dynamics, Boeing, Tesla, and SpaceX, among other companies who subcontracted work to Visser Precision LLC.

Paying the ransom doesn’t guarantee recovery, especially if hackers are amateurs. They buy ransomware on the dark web without having the technical proficiency to infect networks, thereby failing to decrypt data.

Mitigating the Risk of Ransomware Attacks
The approaches to mitigation vary from business to business. Some conventional approaches to reducing the risk are:

• Backup business-critical and sensitive data periodically on local machines, removable hard risks, and the cloud
• Segregate your networks and systems so that a successful attack on one subsystem doesn’t transmit to others and mitigates that impact
• Perform necessary software and OS updates to ensure software is up to date and secure enough to mitigate the vulnerabilities
• Review your existing endpoint security solution for its readiness and capability to protect against ransomware attacks. If it’s inadequate, upgrade to a suitable alternative solution.
• Deploy modern security solutions for email and web security.

Secure remote working with web and endpoint security
The coronavirus crisis has been an opportunistic moment for cybercriminals. The workforce across the globe is working remotely, either from home or any other location; and many employees are using personal devices for work—accessing corporate data using their home networks. Home networks are not as secure as office networks and result in compromised security, offering a gateway to cybercriminals.

How do you strengthen the security posture of your remote workers? Securing endpoints and web access is the key! Endpoint security secures laptops, mobile phones, tablets, and other device connections that tap into corporate networks.

At FirstWave, our solution provides comprehensive, state of the art endpoint security—protecting devices like PCs, Macs, and mobile phones and letting remote workers access corporate applications securely. Moreover, it provides web security to prevent data leaks and protects from malicious web content; and employs cognitive threat analytics for enhanced security.

We all hope that the disruption to people’s lives and work from Covid-19 will end soon and we pray for everyone’s well-being. However, even when we get over Covid-19, remote working will be the new norm across many companies. Don’t forget to secure remote working with FirstWave Cloud as business continuity is more important than ever before!

Introduction

So you have this great discovery and auditing tool called Open-AudIT and you also have an amazing monitoring tool called NMIS. How can you automatically take your discovered devices and have NMIS monitor them…and why would you want to?

With version 4.2.0 of Open-AudIT, we have re-implemented Integrations in an extremely easy-to-use yet extremely configurable way.

Why?

Discovery provides network transparency. Monitoring provides network visibility. Both are essential to good network management and go hand-in-hand with diagnosing network performance issues and device management and lifecycle.

You cannot manage something if you don’t know it exists, and you cannot plan for the future if you don’t know the current performance of your devices – be they desktops, servers, switches, or routers.

Why wouldn’t you want the ability to automatically monitor select device types (for example) as they come online? You can set up a scheduled Integration and automatically include all discovered routers and switches.

Let that sink in for a moment.

Automatically monitor devices without having to set them up individually in your monitoring solution. From discovery to monitoring automatically, on your terms.

Less time spent entering details.

More accurate information with zero possibility of spelling mistakes mistyped credentials, etc.

No double handling of information between systems is required.

It just works.

Discover it in Open-AudIT, monitor it in NMIS – seamlessly.

How does it work?

Integrations take a list of devices from NMIS and a list of devices from Open-AudIT. They match the devices based on selected attributes, combine their attributes according to which system (NMIS or Open-AudIT) should be the point of truth, and update both systems based on any changes.

The list of devices may actually be empty on either side. We can restrict the device list on either side based on device attributes. We can select attributes to be stored – even if they don’t exist in Open-AudIT. NMIS and Open-AudIT don’t even need to be on the same server. There is so much flexibility!

But with great flexibility, comes (potentially) great complexity. This is an area we are particularly proud of. We’ve kept the creation of an Integration as easy as possible. At its most simple level, if NMIS and Open-AudIT are installed on the same server, you can click a ‘create’ button and everything is automatically done for you. You don’t need to supply any information. We’ve chosen sensible defaults and the Integration just works.

On the other end of the scale, you might have NMIS running on Debian and Open-AudIT running on Windows. You might wish to only integrate devices that are routers. You might even have some fields in NMIS that don’t exist in Open-AudIT, – but you wish to track and be able to edit them in Open-AudIT which then updates NMIS. It’s all completely achievable with just a few clicks.

More than the simple integration above, – but still very easy to accomplish.

No code to write, just a simple-to-use web interface. Oh, – and there is also the JSON RESTful based Open-AudIT API as well.

Questions

Now let’s back up a little bit and set the scene. You’ve been using Open-AudIT for a while and have discovered some devices on your network. You have working credentials for these devices and can see their configuration. You may have computers, switches, printers, routers, firewalls, etc.

How can we easily send some of these devices to NMIS for monitoring?
When you create an Integration in Open-AudIT, by default we include all discovered devices that have working SNMP credentials. However,  you might not want every device integrated with NMIS. Some of your servers, for example, may use SNMP – but you don’t need NMIS monitoring them. Integration has a section to select which devices to include from Open-AudIT. Every device is defaulted to have its “manage_in_nmis” attribute set to “y”. There is also a rule in Open-AudIT that sets this attribute if we talk to the device using SNMP.

But in this example, we don’t want every SNMP talking device, we only want our routers in NMIS.

In this instance, we can simply change the used attribute to “type” (instead of “manage_in_nmis”) and the value of that attribute to “router” (instead of “y”) – then we’re done!

What if I want the SNMP Community string to be defined in NMIS, not Open-AudIT?
An Integration contains a list of the fields used by both systems (NMIS and Open-AudIT). Each field has a flag that defines its ‘priority’. This can be set to either NMIS or Open-AudIT (actually stored as external or internal). Just select NMIS for the priority for the NMIS → configuration. community field and if this value is changed in NMIS, the next time the Integration is run Open-AudIT will be updated.

How can I automatically run the Integration?
Integrations can be scheduled within Open-AudIT just like discoveries, queries, baselines, et al. You can choose to run an Integration on whatever time frame you choose.

What if I’m an NMIS user, have just installed Open-AudIT, and don’t have any devices in it?
Simply run the default Integration. Your NMIS devices will be sent to Open-AudIT and discovered automatically. Open-AudIT stores more information about the make-up of a device, as opposed to NMIS’s performance data. When you run an Integration; Open-AudIT has the device’s IP and the device’s credentials.  You can then run a discovery and retrieve everything Open-AudIT can.

Again – this is configurable. You might not wish to run a discovery on the device – that’s up to you! To enable or disable a discovery is a single attribute. Click, done!

Making it Happen
As usual, the Open-AudIT wiki has all the technical details you should need. Check the Integrations page and if you still have questions, please do ask in the Community Forums.

Between suffering from uncertainty to naturally flourishing, the ability to adapt out of dead market space will have made all the difference for your business in the past year. Whether you are in a country that is on track for normality or being hit by a new wave of infections – All businesses have needed to evolve.

For those of us operating in the tech industry, we have experienced several significant economic events – especially the .com crash of 2000 and the 2008 Global Financial Crisis. We know what happens during an economic slowdown while there are some unique factors at play in relation to COVID-19; here is what we have learned.

Innovation should not be put off

Undergoing a 3-year change progression in a mere month was and continues to be a reality for many businesses across the globe. On countless occasions funds have been pulled from investments, particularly those in technology; deemed as a costly non-essential to cut in order to keep the boat floating. However, innovation needs to be cultivated and fed, without businesses prioritising technology their future fitness will remain grim. Opmantek’s automated network management tools were built on the premise of empowering companies. These tools give users the flexibility to operate in diverse environments with speed and scale at a fraction of the cost so you can keep innovating.

Having healthy finances is necessary

In the IT industry, an error caused by a triggered event in your network could cost a wave of rippling expenses. During periods of economic uncertainty what you don’t know can hurt you. Utilising technology such as one of Opmantek’s opEvents will reduce the impact of network faults and failures using proactive event management. Adding tools such as these to your arsenal allows you to gleam intelligent insights to make educated data and cost-effective driven decisions.

Optimising your data is the way forward

Your market no matter which side of it you are on has changed, so your business needs to change with it. More data, more data, more data, let’s face it cultivating and finding quality data is a superpower. So how is it possible to see it all? How can it be automatically configured and how can you keep up with it when it changes? Most organizations cannot give accurate location data of their assets, Open-AudIT gives you this information in seconds. Reduce the degree of uncertainty and make data-driven decisions, simply by running tools such as Open-AudIT to develop meaningful reports and resources. Optimising your data is the way forward, to learn how you can audit everything on your network with Open-AudIT book a demo session with our experts here.

Continual agility across all facets of business will be imperative to navigate through the next phase of this economic climate. Those that are familiar with nimble project management within the software development world – use similar methods in your financials too –be very conscious that your ability to plan twelve months is now a lot lower than it used to be and you need to undertake agile planning and forecasting. This will be a time of continual change however by; continually pushing innovation and utilising tools that give you the best possible view of your data to drive decision-making process, the path forward will be a lot clearer to navigate.

With 4.5 Billion internet subscribers, globally leveraging the web to perform various activities/transactions, it has become more vulnerable than ever before. In fact, according to the International Monetary Fund, the number of cyberattacks has tripled over the last decade. The constantly increasing, large scale breaches confirms that not only cybersecurity attacks are going up but they are increasing in severity, as well.

A report published by McAfee, The Hidden Cost of Cybercrime stated that – “We estimated the monetary loss from cybercrime at approximately $945 billion. Added to this was global spending on cybersecurity, which was expected to exceed $145 billion in 2020. Today, this is a $1 trillion dollar drag on the global economy.” These facts clearly signify the drastic increase in cybercrime and the importance of  cybersecurity for businesses & individuals across the world. As, besides having their reputations at stake, companies are risking their crucial/sensitive data, financial information, cash flow, tech infrastructure, customer trust & much more.

Rising Business Email Compromise (BEC) Attacks
The first half of 2020 was quite challenging for many organizations, as there was a global shift to a remote working culture while making data security a critical concern. Remote working & increasing internet transactions opened up new ways for cybercriminals to target both individuals and organizations. Business Email Compromise (BEC) is amongst the most common types of data breaches that we have witnessed throughout 2020.

Outlined below are some interesting stats that echo the fact: 

• Coronavirus-related phishing attacks and business email compromise (BEC) scams skyrocketed 3,000% from mid-March through early June, according to mid-year analysis from the Agari Cyber-intelligence Division (ACID)
• Barracuda Networks identified 6,170 malicious accounts since January that use Gmail, AOL, and other email services that were responsible for more than 100,000 Business Email Compromise (BEC) attacks on nearly 6,600 organizations around the world.
• According to a recent report, The Geography BEC released in 2020 by Agari Cyber-Intelligence Division (ACID) – BEC is now responsible for 40% of all cybercrime losses—more than $26 billion in losses, since June 2016—and has victimized organizations in at least 177 countries.
• Business Email Compromise (BEC) was solely responsible for over 40% of the total cyber crime losses in 2019, at least according to the latest FBI IC3 report.

If you ignore BEC prevention now, it can cost you millions of dollars later!

Companies using cloud-based email services are lucrative targets to cybercriminals who conduct business email compromise (BEC) scams. Cybercriminals leverage technical threats & sophisticated social engineering methods to win the employee trust & conduct fraudulent activities. The need for security against such attacks is crucial as the no. of BEC scams is growing in volume and no organization is immune to the fallibility of human nature since these emails look very real & are harder for employees to identify immediately.

5 Ways Organizations Can Prevent Business Email Compromise (BEC)

1. Email Authorization with SPF: Sender Policy Framework (SPF) is an email authentication technique used against email spoofing. Spammers can forge your domain to send fake messages that appear to come from your organization. Such spoofed messages can be used to communicate false information, send out harmful software, or trick people into giving out sensitive information. Sender Policy Framework identifies if the mail sent from your domain is actually from your organization/mail server authorized by you or it’s a BEC attack.
2. Multi-factor Authentication: To avoid the breach of email accounts, organizations can implement measures to enhance authentication such as: encouraging a strong password set up policy, prohibiting reuse of passwords, and implementing multi-factor authentication. Multi-factor authentication allows successful access only after the user provides various kinds of information including, but not limited to, a password and a dynamic pin, code, or biometric. This method makes it more difficult for a cybercriminal to hack an employee’s email & launch a BEC attack.
3. Establishment of an internal control system: Companies can establish an internal control system & escalation rules for responding to confirmed or suspected cases of BEC. They can establish a system for verification that facilitates collaboration between the accounting department which requests financial institutions to make money transfers, IT department which is responsible for e-mail and system operation, legal department which responds when a case involves legal issues, and the sales department which undertakes negotiations with outside business partners. In case of high valued transactions, multiple independent signatures from different departments can also be used.
4. Implementation of security protocols & staff training: Organizations can create & roll out policies to use office devices such as laptops, protocols for email passwords, and other relevant security measures to avoid BEC attacks. To counter social engineering, awareness training programs can be organized to identify breaches that get through the layers of defense. Also, whenever new strategies or attacks come to light in other organizations, such incidents should be shared with employees to increase awareness.
5. Implementation of Security Solutions: Email security solutions offer a pre-delivery protection mechanism by blocking various email-based threats like viruses, malware, ransomware, phishing, spoofing, etc. before they reach a mail server. FirstCloud™ Email Security solution offers a reliable, scalable, and feature-rich email security service that protects businesses against such BEC attacks.

Combat BEC Attacks with CyberCision Email Security!
Considering how vital it is for companies to protect their sensitive data and financial integrity, CyberCision Email Security offers an affordable inbound & outbound email security solution that can be customized for businesses of any size with unique layered protection, assured disaster recovery, and 32 days trace replay.

It uses innovative cloud content security and analytics capabilities to protect inbound emails from malware, ransomware, phishing, viruses & spam, and also detects advanced persistent threats such as spear phishing, whaling, typo domain, and spoofing attacks.

The technology is powered by FirstWave Cloud Technology’s ESP™ email software technology, Cisco-based ESA/IronPort, and Advanced Malware Protection (AMP) technologies.

Moving towards a more secure future!
As we move towards a technologically advanced future, cybersecurity risk is also bound to soar, since hackers are also quickly adapting to the technological changes and are becoming more skilled in finding loopholes in the security systems. According to the Cybersecurity Market Revenues Worldwide report by Statista, the global cybersecurity market size is forecasted to grow to 248.26 billion U.S. dollars by 2023. But let’s not forget that cyber-attacks are not unavoidable. Security solutions are providing effective protection against such threats and are constantly evolving with the changing global needs.