The February 2024 Edition

A leap year edition!

1. Statistic of the Month??

Recent research shows that 78% of respondents report experiencing an increase in vulnerability volume over the past 12 months with almost a quarter experiencing a breach due to unaddressed vulnerabilities.

Half of respondents (51%) reported having a moderate level of visibility into vulnerabilities in their environments. Of that number, 26% have detected more than 100 new vulnerabilities every month.?

Additionally, while continuous vulnerability scanning is employed by 35% of respondents, 11% deploy patches the same day they become available and 47% take more than a week. Furthermore, 65% of organisations prioritise vulnerabilities based on?risk.?

In order to tackle vulnerabilities, the NCSE has released Guidance on Vulnerability Management.?Many organisations are still approaching Vulnerability Management with a reactive scan-and-patch approach, which often proves ineffective. The NCSC addresses the challenges faced by vulnerability management teams and provides practical advice.??

?Check out this helpful checklist from Patrick Garrity ?????? & VulnCheck which summarises the findings of the NCSE guidance:

2. Tip of the Month?

New Product Update: HPE Aruba EdgeConnect?10xxx Series ?

Exciting news for network enthusiasts! HPE Aruba has launched its latest additions to the EdgeConnect SD-WAN hardware family: the EC-10106 and EC-10108 appliances.

These compact yet powerful platforms are tailored for branch deployments, boasting 6 native data-plane interfaces and compatibility with the versatile Aruba USB LTE modem. They offer a comprehensive suite of features including PoE, Fiber Support, Secure SD-WAN, Advanced Routing, Fine-grained Segmentation, Built-in NGFW, IDS/IPS, DDoS defense, WAN Optimization, and Best-of-breed SASE integration.

Stay ahead of the curve with HPE Aruba's EdgeConnect 10xxx Series, delivering high performance and unified functionality for your networking needs!

3. Quote of the Month? ?

If 2023 was the year of cybersecurity, 2024 is the year for cyber resilience.??

Organisations need to?need to switch their mindset from “what if” to “what now”, turning the question from “what if we are attacked?” to “what now that we’ve been breached?”?

Cyber resilience is to cyber security what disaster recovery is to data backup. In each case, the first term is a holistic and strategic approach, while the latter is a tactical component.?And cyber resilience is, in itself, a very important element in any business continuity strategy.?

?Quoting Climb Channel Solutions Ireland 's CTO Francis O'Haire above as he outlines why cyber resilience is key to cybersecurity strategies in 2024.

At Edge7 Networks, we are having more and more of these conversations as businesses are beginning to shift from an "if it happens" to a "when it happens" mindset...? ?

It's not just about locking the doors, it's about being ready for when someone tries to break in ?? ?

4. Article of the Month

HPE is currently in the process of acquiring Juniper, in a $14 billion deal that won’t close for many more months. Executives from both HPE and Juniper have downplayed the risk of overlap across the respective portfolios, but what’s the actual situation when it comes to security and?secure access service edge (SASE).? What do each of these vendors actually have today??

SDX Central puts the two vendors side-by-side to compare their offerings to look at where they overlap or fill in the gaps with this new acquisition.

?5. Video of the Month?

This month's video, brought to you by?John Spiegel and Jaye Tillson?discuss what you need to know about the (not so hidden) risks of Ivanti Pulse Secure and what it means for ZTNA. ?

A rough year for VPNs, Ivanti in particular have disclosed a fifth major VPN vulnerability in a month.?? ?

For years, traditional?VPNs have served as the primary means for remote access and secure communication. However, cloud-based applications and evolving cyber threats has underscored the need for transitioning to a zero-trust network access (ZTNA) solution. Legacy VPNs pose challenges in management and administration, provide users with unrestricted network access, and leave vulnerabilities exposed to internet-based attacks, all while offering a subpar user experience. As a result, migrating to ZTNA has become imperative for modern security frameworks. Read more about migrating from a legacy VPN to ZTNA here in this article from?Jaye Tillson.??

This 20ish minute session is well worth a watch from Spiegel and Tillson:?? https://www.dhirubhai.net/events/7164359866340290560/comments/?

?

6. Downloadable of the Month??

The NCSE has released NIST Cybersecurity Framework 2.0 this week, it's first major update since creation in 2014.??

• NIST’s cybersecurity framework (CSF) now explicitly aims to help all organizations — not just those in critical infrastructure, its original target audience — to manage and reduce risks.?
• NIST has updated the CSF’s core guidance and created a suite of resources to help all organizations achieve their cybersecurity goals, with added emphasis on governance as well as supply chains.?
• This update is the outcome of a multiyear process of discussions and public comments aimed at making the framework more effective.? ?

Check out the full press release here?

The framework has gone from 5 Core Functions to 6:?Identify, Protect, Detect, Respond, Recover, and the newly added Govern function.??

To learn more about the NIST framework, check out our recent blog:

?

Access the full framework, guides and resources here:??

?

7. Event of the Month??

Next week, we are excited to host a session with HPE Aruba Networking in their London HQ for a jam-packed day of sessions. From SASE and?EdgeConnect SD-WAN to diving into the Aruba WAN/LAN portfolio, the Edge7 Networks & Aruba Networking team will share insights and roadmaps into what makes these technologies worth a look. Limited spaces are still available for those interested, get in touch with us to secure one of the final spaces for an unmissable day.??

8. Feature of the Month ?

Given this newsletter is a leap year edition; we have added an extra segment 'Feature of the Month' simply because we wanted to share the latest iboss?ChatGPT Risk Module....!

AI is still the buzzword around town, but as it becomes more mainstream, organisations are looking at how it can help their employees be more productive. The questions of whether ChatGPT should be blocked, restricted or allowed have been the topic of many an IT department conversation.

With the iboss ChatGPT Risk Module, you can monitor ChatGPT usage, with full transcript logging, data loss prevention, real-time alerts, and powerful reporting, safeguarding against data breaches and ensuring your sensitive information stays protected.

• Log and Monitor ChatGPT Interactions
• Prevent ChatGPT Data Loss: Block Risky Requests and Queries in ChatGPT Interactions??
• Control ChatGPT Access: Allow authorised users to engage with ChatGPT while preventing unapproved users from accessing the tool altogether?
• Strengthen Regulatory Compliance and Real-time Alerts
• Generate AI Risk reports either on-demand or on a scheduled basis

?Take a look at the latest feature below & get in touch with the Edge7 Networks team to schedule a demo:

That's all for this month folks, thanks for reading!