Do you have 100% faith in your employees to not click on a phishing mail?

Do you have 100% faith in your employees to not click on a phishing mail?

How does phishing mail work and what impact does it have on businesses?

Consider this scenario: It is the end of the week on a Friday, John has several projects he is juggling, and he receives an email from Microsoft to update his software. Under the time constraint of the busy day, he opens the email as knee-jerk behaviour to a regular task and downloads a virus. He exposes the confidential information of all his customers which in turn costs the company millions of dollars and long-term damage to their brand.

In the era of the technological boom, phishing scams are no longer badly formatted emails, but precisely targeted attacks (Spear Phishing) backed with the analysis of human behaviour in getting people to click. Fraudsters have taken cyberattacks to new levels of success, fooling even the savviest of employees. With the widespread phenomenon of automated click behaviour, it becomes hard for staff to police every email increasing the chances of a security breach. Employee errors are the #1 gateway to ransomware disasters, leading top tier businesses to adopt Endpoint Detection and Response to solidify their security posture.

“Phishing, the most common threat vector, is involved in 36% of data breaches.”

According to Verizon’s 2021 Data Breach Investigations report.

What is EDR and why is it the best?

Endpoint Detection and Response (EDR) is a term that was coined by Anton Chuvakin as “records and stores endpoint-system-level behaviours, uses various data analytics techniques to detect suspicious system behaviour, provides contextual information, blocks malicious activity, and provides remediation suggestions to restore affected systems.”

EDR is an integrated solution that records real-time activities and events taking place on endpoints and all workloads with rule-based automated response and analysis capabilities. This provides the security teams with in-depth visibility they need to uncover incidents that may not otherwise been detected. An EDR solution provides continuous and comprehensive visibility into what is happening on endpoints in real time.

Modern EDR architecture tightly integrates with mail gateway solutions and firewall systems to detect, analyse, and block advanced threats before they reach employee inboxes. This in turn provides unified platform experience, including ransomware and other email viruses and URL’s. Organisations can detect malicious behaviour across all vectors and rapidly eliminate threats with autonomous response capabilities across enterprise attack surfaces.

The sophistication of modern malware is evolving at an increasing speed to which the traditional Antivirus (AV) signature-based detection is no longer effective. AV solution relies on the coded database of “bad” files to which they try match the recognised threat. However, due to the unique and everchanging malware infrastructure that is being pushed by scammers, these files can bypass antivirus undetectably. EDR on the other hand incorporates AV and other endpoint functionalities and can detect trends and other indicators of a successful incursion.

Companies have less than 30 minutes after employee error to prevent malicious ransomware moving laterally and infecting other devices.  EDR has a quick response capability and can create an alert within a short time frame. For example, if an end user opens a spear phishing email and inputs their credentials to a seemingly legitimate website, the EDR solution will be able to monitor, alert the security team and prevent the attacker from logging into the endpoint- even under the guise of a legitimate sign in.

What should you look for in EDR solutions?

A powerful EDR solution should have:

  1. Endpoint Visibility: Real-time visibility across all your endpoints allows you to view adversary activities, even as they attempt to breach your environment, and stop them immediately.
  2. Threat Database: Effective EDR requires massive amounts of telemetry collected from endpoints and enriched with context so it can be mined for signs of attack with a variety of analytic techniques.
  3. Behavioural Protection: Relying solely on signature-based methods or indicators of compromise (IOCs) lead to the “silent failure” that allows data breaches to occur. Effective endpoint detection and response requires behavioural approaches that search for indicators of attack (IOAs), so you are alerted of suspicious activities before a compromise can occur.
  4. Insight and Intelligence: An endpoint detection and response solution that integrates threat intelligence can provide context, including details on the attributed adversary that is attacking you or other information about the attack.
  5. Fast Response: EDR that enables a fast and accurate response to incidents can stop an attack before it becomes a breach and allow your organization to get back to business quickly.
  6. Cloud-based Solution: Having a cloud-based endpoint detection and response solution is the only way to ensure zero impact on endpoints, while making sure capabilities such as search, analysis and investigation can be done accurately and in real time.

To take your EDR a step further SentinelOne’s ActiveEDR  provides analysts with real-time, actionable correlation and context and lets security analysts understand the full story of what happened in their environment. Storyline automatically links all related events and activities together an attack storyline with a unique identifier. This allows security teams to see the full context of what occurred within seconds rather than needing to spend hours, days, or weeks correlating logs and linking events manually. It is the most talked about solution in the cybersecurity world due to being the first EDR that is truly active.

ActiveEDR constantly draws stories of what is happening on the endpoint. Once it detects harm, it is capable of mitigating not only malicious files and operations but the entire ‘storyline’. ActiveEDR knows the full story, so it will mitigate this at run time, before encryption begins. It works by giving each of the elements in the story the same TrueContext ID. These stories are then sent to the management console, allowing visibility and easy threat hunting for security analysts and IT administrators.

Who can help me improve my security posture with EDR?

At Oreta, we believe that Security should be proactive than reactive. Majority of the time companies establish a full-spectrum security solution only after a severe breach. We believe in solidifying your security posture against the constantly evolving malware so you can always be sure that your data is safe.

Partnered with wide spectrum of security experts Oreta provides you with a catered solution aligned with your business requirements and holistic vision. We do not consider ourselves a separate entity but an extension of your business with hand in hand guidance into the world of security.

Contact us now to find the perfect EDR solution for you.

Cisco HyperFlex – Revolutionising the Data Center

Cisco HyperFlex – Revolutionising the Data Center

Many innovators come up with their ‘Aha’ moment from seeing what their competitors are doing and going that one step further to meet the market’s needs better. Let’s take Apple, for instance; the iPhone is a result of looking at how other smartphones developed by competitors like Nokia, Microsoft and Blackberry were meeting the needs of their users, identifying and addressing gaps and successfully rolling out a more superior product.

Cisco is doing something very similar to Apple with its new HyperFlex. The hyperconvergence product is not just about created to outsmart its competition; it is designed on what the real customer needs are and adapting to the shifting demands in the market – a product that offers increased flexibility and scalability – to achieve a unified solution.

With HyperFlex, Cisco has adopted a ‘customer-centric approach and aims to help organisations match their workloads to the right architecture and, in the long term, have an edge over their competitors as the business world experiences significant digital transformation. All while technology in the data centre.

As Cisco was developing HyperFlex, numerous conversations were taking place with various organisations to hear ‘what’ and ‘how’ they wanted their data centre to operate in the future. There was universal agreement that they wanted a modern data centre that was automated, orchestrated and open, with the ability to move workloads into the cloud. They wanted the flexibility to run business-critical apps on-premise to the public cloud while having the same operational capabilities.

Cisco listened and delivered with HyperFlex, providing a product that increases operational efficiency, faster delivery of IT services, and greater IT agility.

HyperFlex is paving the way for many different industries to improve their operational efficiencies. The health care industry is one particular example of the need for this hyperconverged technology. Health care providers are competing in a fast-paced, rapidly evolving business. Their current technology is outdated and not keeping up with the growing IT demands. Many are in dire need of transformation.  

The providers are fully aware that they need to address this problem if they want to succeed. As such, larger organisations are investing in Hyperflex to improve the ease of use, flexibility and scalability of their health care delivery systems. Many are also seeing the advantages of Hyperflex, including protecting its critical business applications and data.

Cisco HyperFlex is galvanising how customers think about their technology in many ways. They are now thinking virtually rather than physically. For example, organisations can deploy new applications can in minutes, not hours or days. Gone are the days of manually putting in orders and waiting for the IT specialists to add storage or servers. With its seamless, on-demand response, HyperFlex cuts the process down dramatically and enables your IT team to do it in-house.

Another big advantage organisations are experiencing is its simplicity and ability to build on a UCS base and integrate into existing converged database architecture. HyperFlex can be used in many different ways, from virtual desktops (VDI), app dev/testing to operating in a private cloud.

Cisco HyperFlex is helping transform organisations in line with the new digital era. It isn’t just an appliance box. It’s designed to be an integral part of an organisation’s IT infrastructure. Integrated DC infrastructure, cloud suite, and application-centric infrastructure (ACI) are all building blocks creating the new digital data centre, spanning hardware and software – providing access to any application, from any cloud, anywhere.  

Cisco has introduced innovation to the data centre: IP Telephony Virtualisation, Application Economic, Hybrid Cloud, and Hyperconvergence with HyperFlex. Cisco is renowned for driving industry transformation, then taking a large percentage of the enterprise market. HyperFlex is creating a platform for the Next-Gen digital data centre. It is a vast advancement in consolidating the Data Centre as one, bringing computer, storage and network together, and creating tomorrow’s digital platform today.

                                                                                                                                               

HyperFlex gives you the right tools to modernise the present and simplify the future. No wonder it has been recognised as a leader in both the Gartner Magic Quadrant and Forrester Wave for multiple years, and most recently was named HCI product of the year in 2020 by CRN. If you are responsible for managing your business’s critical applications and would to discuss whether Cisco HyperFlex is right for your business contact us today.

Cisco HyperFlex – Simplifying Hypercovergence

Cisco HyperFlex – Simplifying Hypercovergence

Cisco HyperFlex Anywhere extends the simplicity of hyperconvergence from core to the edge and multicloud, putting IT at the centre of rapid innovation in a world where data is everywhere. 

Today, many organisations face new challenges with computing requirements that go beyond their core data centres to clouds and edge environments – driven by the rise of IoT and AI/ML-powered applications.

 The latest innovations in Cisco HyperFlex 4.0 with Cisco Intersight, introduces new edge scaling options and cloud management for multisite edge deployments, engineered to meet the unique requirements for deploying hyperconverged infrastructure at the edge at a global scale thus enabling new IoT and intelligent services at the edge

HyperFlex and Intersight allow customers to extend the simplicity and efficiency of HCI from their core data centres to the edges of their operations with consistent policy enforcement and cloud-powered systems management. 

HyperFlex makes it straightforward to expand an organisation’s computing environment across the modern, distributed data centre. Each node ships with fully integrated hardware, software, and networking, making HyperFlex solutions ready to deploy in minutes and bringing the power to deliver HCI anywhere while delivering a seamless experience from edge to core. 

Organisations that invest in Cisco HyperFlex are experiencing many unique benefits, including: 

  • Broad workload support: The HyperFlex 4.0 release delivers core-to-edge enhancements to the platform. At the edge, new capabilities for HyperFlex Edge and Cisco Intersight provide an enterprise-class platform to aid in simplifying the deployment of branch and edge applications and enable new IoT and intelligence services while performance, security, and container enhancements broaden the support capabilities of mission-critical applications in the core. 
  • Simpler multisite deployment and management: Cisco Intersight lets organisations automate the deployment and ongoing operation of HyperFlex systems across hundreds or thousands of remote locations from a single point of control. The unique cloud-powered management, enabled through Intersight, delivers consistent policy and security enforcement, true full-stack upgrades, and proactive contact with the Cisco Technical Assistance Center (TAC)—redefining operational simplicity at the edge. 
  • Workload flexibility and configuration: Meet aggressive cost envelopes for computing at branch locations in retail and other consumer industries, with efficient management at a massively distributed scale. Organisations can enjoy flexibility from a choice of fully configurable 2-node up to 4-node hybrid or all[1]flash cluster sizes, with the ability to use 1 or 10 Gigabit Ethernet connectivity that can operate over the existing network infrastructure. No other HCI appliance on the market offers the range of configuration options available with HyperFlex.

If you are responsible for managing your business’s critical applications, discuss whether Cisco HyperFlex is right for your company to contact us today.

Oreta advances hyperconvergence capability with HyperFlex Specialisation.

Oreta advances hyperconvergence capability with HyperFlex Specialisation.

More and more organisations are recognising the need for multi-site distributed computing to meet the growing requirements in a branch office, remote sites, the Internet of Things (IoT), and other intelligent services at the edge. In a technology-dependent world having infrastructure ready for any application, any cloud and ready to be deployed anywhere is vital to an organisation’s success. Oreta knows this. That’s why we are proud to have recently advanced our expertise in the cloud domain and accomplished a HyperFlex specialisation with Cisco.

HyperFlex is Cisco’s solution for simplifying today’s multi-cloud installations, making them highly scalable and resilient within a hybrid IT environment. With the specialisation, Oreta can build its capability to deliver HyperFlex solutions and strengthen its brand as a trusted Cisco Authorised Partner and advisor to our customers within the HCI market.

Oreta achieved the HyperFlex specialisation and became qualified to install, design, manage and troubleshoot HyperFlex solutions by completing a formal authorisation process and having our technical specialists complete prescribed learning pathways, including a rigorous examination.

Several of our customers are already reaping the benefits of our HyperFlex specialisation. They are seeing the high-performance gain and cost reduction with the ease of putting their entire IT environment in the cloud with great speed. They are also experiencing more effective management of critical applications, coupled with high availability and performance.

We will continue to advance our expertise in HCI technology by having exclusive access to learning maps and training, which will ensure we provide a consistent service to our customers.

Suppose you are considering shifting to a multi-cloud environment and are keen to augment your mission-critical applications? Then, consider Cisco HyperFlex as the right solution for you. Our technical experts are available to talk to you about the benefits of Cisco HyperFlex today.

SD-WAN; Battle of the Titans

SD-WAN; Battle of the Titans

Awareness of Software-Define Wide Area Networking (SD-WAN) is growing. More and more companies are looking toward the next generation of WAN technology. And, the battle between the geniuses of SD-WAN technology, Cisco and VMware, is heating up.

In this article, we compare SD-WAN solutions, discuss the benefits of each, and outline which solution may be best for your business depending on your requirements.

SD-WAN – Biggest Trend In Enterprise Networking Today 

For those of you who are still fresh to the game, let’s quickly explain what SD-WAN is and why more and more companies are investing in it.

SD-WAN is the most significant trend in enterprise networking today. Demand is accelerating as companies look to increase agility, achieve high performance, and secure connections to cloud applications. SD-WAN uses software to control the connectivity, management, and services between data centres and remote branches.

The five main features of SD-WAN include the ability to;

  • combine multiple connection types, from MPLS to broadband to LTE, serving one location into a single pool of capacity available for all applications and services,
  • centrally define and manage policies and network traffic without requiring manual configuration at each device,
  • set up a simple interface for managing WAN which supports zero-touch provisioning at a branch or site,
  • support VPNs and other third-party services, such as WAN optimisation controllers, firewalls, and web gateways,
  • customise bandwidth and connectivity to meet the needs of specific network services, locations, or users.

As a Gartner report recently mentioned, SDWAN is a key technology helping enterprises transform their networks from “fragile to agile”. SD-WAN can help companies overcome many of the challenges they experience with legacy WAN, empowering their IT to work smarter, faster, and at a lower cost through network automation, traffic programming, and policy development.

Cisco SD-WAN vs VMware’s Velocloud

Now that we’ve defined what SD-WAN is let’s look at the differences between the two top contenders in the market; Cisco SD-WAN and Velocloud by VMware.   

Before we start, we would like to emphasise that there is no definite answer to which vendor offers the best SD-WAN solution for your business. There are many variables you need to consider before you decide what is the best solution for your business. You need to take the time to understand each of their strengths and whether they complement your business objectives. In this article, we aim to help you make a more informed procurement decision.

What is Cisco SD-WAN?

In summary, Cisco SD-WAN is a highly adaptable solution allowing each site to have different control policies at a control plane level or data plane level.

What is Velocloud by VMware?

Velocloud offers out-of-the-box configurations making deployment fast and simple. Whilst SD-WAN components can also be customised, the solution is designed to allow DIY management with pre-configured policies. It is a critical component of the Virtual Cloud Network. 

What Are The Eight Main Differences?

Difference 1 – Dynamic Path Selection 

SD-WAN can select the most appropriate path or channel the network traffic will use, enabling cloud applications to leverage various options. By choosing the best approach, SD-WAN can maximise the use of circuits such as 4G/5G, Broadband, and Ethernet, thus increasing uptime and bandwidth.

Cisco SD-WAN Dynamic Path Selection – Cisco SD-WAN can help direct route traffic to the best-performing link by establishing route prefixes, metrics, link-state information, and route removals.

Based on SLA requirements, network traffic is recognised, and a policy is chartered to the traffic application. Identifying specific traffic applications requires the use of layers within the packets (e.g. ports, protocols). These packets, otherwise known as Viptela BFD’s (Bidirectional Forwarding Protocol), are used to screen the path’s characteristics and detect whether other paths need to be used due to possible latency.

Velocloud Dynamic Path Selection – Velocloud offers a Dynamic Multipath Optimisation feature that is very similar to Cisco SD-WAN’s BFD in the way that it can sense application characteristics. The feature includes link checking and detection of a specific provider. It allows automatic configuration deployment based on link properties, routing, and quality of service.

Difference 2 – Quality of Service (QoS)

SD-WAN makes QoS much more effective than MPLS. It removes the end-to-end benefit of an MPLS VPN and replaces it with a host of link preferences, out-of-the-box configuration templates, and pre-classification of link characteristics.

Cisco SD-WAN Quality of Service is similar to MPLS without the end-to-end characteristics of private network traffic flow. The Viptela capability allows ingress and egress interface direction toward vEdge routers in the network. With SD-WAN, Cisco SD-WAN can determine which links to use and applies a QoS capability depending on their characteristics.

Velocloud Quality of Service provides application traffic WAN settings across approximately 2,500 traffic sources. The advantage is an out-of-the-box ability to automate QoS and assist any one of those particular sources. SD-WAN builds application profile awareness, making it easier to outline QoS and bandwidth allocations.

Difference 3 – Link Steering and Remediation

Link Steering and Remediation occurs either per session or per packet. It is one of the key benefits of SD-WAN. It enables connections to link to traverse over WAN links, adjust link preferences, and create robust failover.

Cisco SD-wAN Link Steering and Remediation (Cloud OnRamp for SaaS) enables applications to choose their preferred connection, depending on the destination or if it is a Cloud application. If applications experience packet loss, increased latency, or complete outage, links can be steered to a new destination. Link performance is calculated by ranking, from 0 – 10, how well an application’s requirements are being met. A cloud interface manages the configuration and continuous changes to the Viptela platform.

VeloCloud Link Steering and Remediation – Velocloud’s SD-WAN solution can dynamically monitor traffic by censoring both the WAN edge and cloud application performance. With SD-WAN, a standard branch has two or more connections that require dynamic per packet switching for path optimisation.

Detecting traffic performance issues is done with link analysis. From here, the results provide information as to whether link switching is required and packets automatically routed.

Difference 4 – Application Performance Monitoring 

Application Performance Monitoring is one of the critical deliverables of any SD-WAN solution. It provides network management engineers and IT teams the ability to observe issues and trends over time, which, in turn, helps them make strategic decisions regarding their network.

Cisco SD-WAN Application Performance Monitoring – The network’s performance, individual circuits, carriers, tunnel and individual application data points are assessed using a single dashboard, known as Viptela VAnalytics. For example, Network managers can instantly detect which applications are using the most bandwidth, as well as any unusual behaviour that requires immediate attention.

Velocloud Application Performance Monitoring –  Velocloud provides insight into the performance across voice, video, and mission-critical data applications by calculating a WAN quality score. The monitoring tool provides a thorough assessment of application behaviour on single links and indicates where enhancements and changes are required.

Difference 5 – Security 

Security – SD-WAN vendors often need a different device to ensure security is factored in. Whether or not your SD-WAN service supports Next-Gen firewall functionality depends on your vendor’s offering and your internal security strategy.

Cisco SD-WAN Security – Cisco SD-WAN provides stateful firewall capability, which in some ways is like the customary world of standard Firewalls (e.g. not Next-Gen firewalls).

Velocloud Security –  Velocloud provides in-built context-aware (e.g., application, device, user) with Next-Gen Firewall. With SD-WAN, data can be micro-managed and mico-applications can be directed with proximate security.

Difference 6 – Network Function Virtualisation (NFV)

Network Function Virtualisation (NFV) segregates network functions from hardware to design a virtualised machine that operates on cloud-based commands, resulting in a flexible, cost-effective infrastructure. 

Cisco SD-WAN Network Function – Cisco SD-WAN’s VEdge Cloud virtualises the technology from a physical VEdge capability and creates a Virtualised Machine (VM). With VEdge Cloud, a Virtual Network Function can create a Virtual CPE (vCPE) deployment within a company’s head office or branch location.

Velocloud Network Function – VMware Edge hardware supports Velocloud’s capability to virtualise. The technology is listed as VMware SD-WAN Gateway and is available with service chaining support which is seamlessly delivered by partners such as Zscaler and Websense.

Difference 7 – Zero-Touch Deployment 

A major benefit of SD-WAN is fast deployment. It can quickly start an internet connection without fundamentally having to physically connect to any hardware.

Cisco SD-WAN Zero-Touch Deployment – Any Viptela device with internet connectivity is efficient at ‘zero provisionings’. Cisco SD-WAN needs a DHCP address from the network to get public DNS information. When booting, the vEdge router will connect to ztp.viptela.com.

Velocloud Zero-Touch Deployment – When connecting to the internet, Velocloud devices will auto-connect, authenticate and receive the appropriate configuration. The benefits of Velocloud’s Zero-Touch include deployment simplification and network migration.

Difference 8 – Automation and Orchestration 

SD-WAN service providers need Software WAN orchestration to control, manage and deliver the end customer service. It often requires an SDN controller with virtualisation software that can automate the provisioning process. 

Cisco SD-WAN Automation and Orchestration – Cisco SD-WAN provides a robust and true orchestration of SD-WAN services via its initial point of authentication. Distribution lists of their components, including VSmarts and VManage, are all supported across the deployment. The vBond Orchestrator delivers the SD-WAN capability by authenticating and authorising the Cisco SD-WAN elements into the network. Cisco vBond Orchestrator endorses the data points (i.e. Cisco VSmart Controllers and vEdge routers) in the network and coordinates how they will connect.

Velocloud Automation & Orchestration – Velocloud Orchestrator delivers Velocloud configuration across all aspects of the network. When devices connect to the internet and zero-touch deployment is active, VMware SD-WAN Edge appliances can auto-connect by following customised configuration instructions. Integration with existing networks can also be achieved, including support for the OSPF routing protocol.

Here’s a summary of the main differences between the SD-WAN solutions;

Cisco SD-WAN

VMware – Velocloud

An open solution is known for its flexibility and ease of deployment Fast deployment
Functions on-premises or in the cloud Three versions: internet only, hybrid SD-WAN, and on-premises
“Zero Touch” deployment “Zero Touch” deployment
Policy provisioning via vSmart controller Policy provisioning via VeloCloud Orchestrator
Number of applications supported: 3,000 Number of applications supported: 2,200
Unidirectional measurement and steering – No Unidirectional measurement and steering – Yes
Network Performance Measurement: (passive) Proprietary Network Performance Measurement: (active) BFD
Forward Error Control (for packet loss): No Forward Error Control (for packet loss): Yes
Data Encryption: Yes Data Encryption: Yes

 

What Else Do You Need To Know About VMware’s VeloCloud?

With Velocloud by VMware, it does not matter whether companies use MPLS or not; they can leverage wireless broadband internet or wired broadband internet. The solution has a performance indicator called VeloCloud Quality Score, which gives IT managers visibility regarding how the solution is operating.  

Velocloud provides a robust Cloud Gateway-centric approach to SD-WAN, providing a continuous solution that reaches into multi-cloud, data centres and other application hosting solutions. The approach is not only considered forward-thinking but cutting edge.  

What Else Do You Need To Know About Cisco SD-WAN?

Wich Cisco SD-WAN, companies can implement and manage this SD-WAN solution entirely within the cloud. Its open architecture makes it ideal for working in conjunction with IPFIX interfaces, Syslog, Netconf, SNMP, and REST APIs. SD-WAN forwarders work in sync with the central policy controller.

What Is The Right SD-WAN Solution For You?

IT departments are looking at more different ways to deliver secure and efficient cloud connectivity in the current business climate, a challenge that SD-WAN can solve. As a result, SD-WAN will be vital in managing networking, cloud connectivity and security in the future. 

The common consensus by IT and networking managers is that SD-WAN is making their lives easier. They are reaping the benefits of improved security capabilities, better bandwidth management, improved application performance in the cloud, improved network orchestration and automation and greater visibility into the network. 

                                                                                                                                                      

 About Oreta

At Oreta, we ensure that all our customers network right. We have deep skills in understanding and designing networks to advise your company on the right SD-WAN solution to meet your needs and continuously focus on adopting new technologies that will further enhance our customers’ outcomes.