threat – Sprint Networks

Sep 26

The Most Wanted Cyber Security Tools for Your Medical Practice

By Steve Percy Network Security, Superfast IT Networks, Titan No Comments

How Vulnerable are Medical Practices in Australia?

Medical practices in Australia are increasingly reliant on technology to store and share patient information. This reliance has made them a target for cybercriminals, who have attempted to access patient data through malware and ransomware attacks. Cyber security is therefore an important consideration for any medical practice, in order to protect the confidentiality of patient information.

The criticality of services delivered by the health sector is of high importance and any disruption of service could be catastrophic. Therefore, more the reason for medical practices to adopt sound security solutions to keep themselves always online and protected.

Covid-19 has further changed the landscape of the medical industry. Patients have increased the use of telehealth facilities, which require a stable and secure connection. Any vulnerabilities, in the network, could be utilized by a potential attacker. Changes to social and working environments, such as working from home, have made the public vulnerable to cyber attacks.

The Current Threats Facing Australian Medical Practices

Malware downloaded from malicious emails or websites is the most common type of security incident that medical practices are experiencing. Many medical practices are seeing a wide variety of other attacks, as well, including:

Unauthorized access and hacking incidents.
Theft of customer data, including credit card information.
Ransomware attacks.
Theft of critical business data and electronic files by external parties and insiders.

How you can Keep your Practice Safe from Cyber Attacks?

We recommend Six (6) security capabilities for Healthcare and medical practices to deal with the ever-expanding threat landscape:

Zero-Trust Network Access (ZTNA) – No one is trusted with your patient data unless they are verified and authenticated by this tool. Here, you get to decide who has access and who does not.
Secure Web Gateway (SWG)- Protecting all devices at your practice from malware and other threats by preventing users from accessing malicious website traffic on the internet.
Remote Browser Isolation (RBI)- Providing your practice with risk-free Internet access 24/7. This keeps untrusted browser activity as far away as possible from the PCs and Laptops used at your practice. This will help protect your practice against data loss, theft or misuse.
Next-Generation Firewall (NGFW)- will protect your most valuable assets from cyber attacks. This is a must-have for medical practices in Australia as they are your best line of defence against hackers and cyber threats.

How we can help your Medical Practice?

Secure and uninterrupted Internet connectivity for you medical practice
Protection from cyber threats, malware and viruses so that your patient data is always safe and secure
Better application performance for your critical medical applications at all times
Secure access to your important medical data from anywhere
Periodic backup of patient data and records to a secure platform
Secure and reliable connectivity between multiple medical branches if you own more than one

Reach out to us at- info@sprintnetworks.com and we can provide your medical practice with the best solution to address all your Internet and cybersecurity woes.

Jul 30

Twenty Things For Ransomware Protection

By Sprint Networks Network Security No Comments

We are at an especially vulnerable moment in our transition to a digital economy. As mentioned in the last blog, Australia government has an announcement on cybersecurity issues recently happened. It points out an interesting point that the biggest problem is the human factor, especially when it comes to ransomware. It becomes very critical that each organization needs to take steps to protect the network or network attached elements.

While each corporation has its own network environment, without talking about too much details, here are 20 things from Fortinet experts that any organisation can begin to implement today to reduce their risk from ransomware and other advanced threats.

1. Wherever possible, patch and update operating systems, devices, and software. Make this a priority for your remote workers – especially those using personal devices to connect to the corporate network.

2. For devices that can’t be patched, ensure that appropriate proximity controls and alerts are in place.

3. Make sure that all endpoint devices have advanced security installed, such as anti-exploit and EDR solutions.

4. Also make sure that access controls, such as multifactor authentication and even Network Access Control solutions are in place

5. Use NAC to inspect and block bring-your-own-devices that do not meet security policy

6. Segment your network into security zones to prevent the spread of infection and tie access controls to dynamic segmentation.

7. Use inventory tools and IOC lists to prioritize which of your assets are at the most risk.

8. Update your network IPS signatures, as well as device antivirus and anti-malware tools.

9. Back-up systems and then store those backups offline – along with any devices and software you may need in the event of a network recovery.

10. Make sure that ransomware recovery is part of your BCDR, Identify your recovery team, run drills, and pre-assign responsibilities so systems can be restored quickly in the event of a successful breach.

11. Update your email and web security gateways to check and filter out email attachments, websites, and files for malware.

12. Make sure that CDR (content disarm and recovery) solutions are in place to deactivate malicious attachments.

13. Use a sandbox to discover, execute, and analyze new or unrecognized files, documents, or programs in a safe environment.

14. Block advertisements and social media sites that have no business relevance

15. Use zero-trust network access that includes virus assessments so users can’t infect business-critical applications, data, or services

16. Use application whitelisting to prevent unauthorized applications from being downloaded or run.

17. Prevent unauthorized SaaS applications with a CASB solution.

18. Use forensic analysis tools to identify where an infection came from, how long it has been in your environment, ensure you have removed all of it from every device, and ensure it doesn’t come back

19. Plan around the weakest link in your security system – the people who use your devices and applications. Training is essential but limited. Proper tools, such as secure email gateways, for example, can eliminate most if not all phishing emails and malicious attachments.

20. Leverage people, technology, and processes to quickly gather threat intelligence about active attacks on your networks and act on it, using automation where possible. This is crucial to stopping an advanced attack in its tracks.

Make your network intelligent against threats with Sprint Networks. We aim to secure Australian businesses and institutions from all malicious activities that can take advantage of network vulnerabilities.

Contact Us now for an industry-leading security solution.

If you have questions, please drop us an e-mail at info@sprintnetworks.com

Jul 23

Implementation Of Network Access Control

By Sprint Networks Network Security No Comments

The current perimeter solution could bring a lot of value to your organisation by defending threats and attacks at the perimeter. However, with todays sophistication of attackers, systems tend to be cracked from the internal network. Hence, a Network Access Control (NAC) tool can be useful inorder to connect the end users with the right authentication. It can be tempting to purchase a off the shelf NAC product and install it on your hardware. This could be catastropic to your network security as the solution is not catered to your network as well as its intended use. Implementing an appropriate NAC will save the organisation the trouble of spending valuable time and money in recovering and detection of threats by taking the steps necessary to plug any vaunarabilities in the network. This article aims to give a step by step guideline to any network security professional to design and plan an entire NAC solution.

Steps to Implement a NAC Solution

1. Survey your network

It is recommended to perform a survey of all the endpoints within your network. That should include, but not limited to, all your server, network devices, user PCs, and piece of equipment that has a leg into your network and is able to access your digital resources. Without this kind of information, NAC would struggle to protect the entire organization, and the system admins will need to spend lots of their time and energy to implement and troubleshoot.

2. User Identities

It is a must to have a solid plan about how you will manage user credentials and identities within the organisation. You internal directory system should be able to verify user identities. All users should be manageable and have their account information details. After setting up all the account details and understanding the role of each user, then, you can move to the next step to determine how the permission or roles be allocated.

3. Designing policies

Creating permission policies by using Principle of Least Privilage (PoLP) rules. It means you should only grant access at the mandatory level required for the individual users to perform their daily duties. This is one of the most critical steps as you do not want to open your systems up to attack through small security gaps that you are not even aware of. Having all teams together and making a concrete structure in which everyone would be able to access the network securely.

4. Apply Permissions

Once the permissions determined, you can have the permission policies ready by integrating your existing directory system or importing your permission policies directly. All valid users will be registered to the NAC system, and all activities can be recorded and tracked. Illegitimate access will be blocked at the edge of your network.

5. Maintaining policies

Managing network access controls is not a one-off activity. As there would be staff and network changes constantly, network admin must constantly monitor security operations and adjust policies based on business requirements and network evolvement.

How to choose a Network Access Control solution

As discussed earlier, today’s NAC products aim to cover a wide range of use cases to boost the overall security of your enterprise. That can make it challenging to find the right solution for your company, especially if you don’t know what your internal security weaknesses are.

Make your network intelligent against threats with Sprint Networks. We aim to secure Australian businesses and institutions from all malicious activities that can take advantage of network vulnerabilities.

Contact Us now for a industry-leading NAC solution.

If you have questions, please drop us an e-mail at info@sprintnetworks.com

Jul 21

Network Access Control

By Sprint Networks Network Security No Comments

What is NAC?

Given the current businesses reliance on tech on a daily basis, many organisations feel the need like to tackle the cyber issue from various angles. Traditional ways are to procure a simple antivirus solution, perimeter firewalls, and use a separate system for managing access permissions. However, with the heavily use of Wi-Fi and mobile devices, the trend has shifted to embrace the NAC, Network Access Control.

What is Network Access Control, NAC?

Network Access Control is the act of keeping unauthorized users and devices out of a private network. Organisations that give certain devices or users from outside of the organization occasional access to the network can use network access control to ensure that these devices meet corporate security compliance regulations.

NAC solutions are designed to help network admin to boost the overall security level for internal users. That would guarantee the right person would get the right permissions with right authentication methods.

What are common use cases for network access control?

If an organization is under any of the following circumstances, they need to think cautiously about network access control to secure the enterprise network:

Bring Your Own Device (BYOD):

Any organization that allows employees to use their own devices to connect to the corporate network or take the corporate devices home should think about when those devices connect back to the company sensitive network. Each device could be or create a vulnerability that which will encourage the cyber criminal to bypass the traditional security controls.

Network access for non-employees:

Some organizations need to grant access to people or devices that are outside of the organization with many reasons, like conferences, contractors or visitors. But, those access with different purposes should not be subject to the same security controls. Especially for contractors, they might need the access to the corporate network from time to time, and you will not want to grant the same level of access which you employees have for a short time project. That should be under the monitor and with proper level of authentication.

Network access without Port Security:

Traditional network access will require the end users to connect to the floor switched to gain the access to the network. But, some of the access are not under port security policies. That means anyone can access the network when they plug into the same port without necessary authentication to fake the employee permissions. For those ports which are exposed and hard to manage as constant changes happened, it is necessary to use NAC to grant the right authorization to the person no matter where they connect.

IoT devices:

The Internet of Things, as known as IoT, has given rise to a proliferation of devices that may fly under the radar of traditional security controls. They could locate outside of your physical buildings, but they still be able to connect to your network through some forms of transmission media. As a non-standardized industry, Cyber criminals can easily exploit these overlooked devices to find their own ways into your network without getting any kinds of permissions. Network access controls plays a important role in your edge security.

Make your network intelligent against threats with Sprint Networks. We aim to secure Australian businesses and institutions from all malicious activities that can take advantage of network vulnerabilities.

If you think you are at risk!

If you have questions, please drop us an e-mail at info@sprintnetworks.com

Jul 06

Cyber Threat Intelligence

By Sprint Networks Network Security, Superfast IT Networks No Comments

What should be expected from your threat intelligence?

Threat intelligence has been widely used right now, and it plays a crucial role in your security posture. If you are a cybersecurity professional, you must be familiar with the concept even though you might not fully understand how it works. It could be much more important to your various domains of cybersecurity, especially for those who are dealing with Security Information and Event Management tools or work within the incident response teams.

But, what you should be expecting when using a threat intelligence feed, especially when they need to collaborate with other security elements, such as NGFW, Email Services, WAF. Sprint Networks is partner with the leading security threat intelligence provider, Fortinet. What you should be expecting from the threat intelligence:

1. Antivirus:

Threat intelligence should deliver automated updates that protect against the latest viruses, spyware, and other content-level threats. It uses industry-leading advanced detection engines to prevent both new and evolving threats from gaining a foothold inside your network and accessing its invaluable content.

2. Intrusion Prevention (IPS):

Threat intelligence automated IPS updates provide latest defenses against network intrusions by detecting and blocking threats before they reach your network devices. You get the latest defenses against stealthy network-level threat, a comprehensive IPS Library with thousands of signatures, flexible policies that enable full control of attack detection methods to suit complex security applications, resistance to evasion techniques proved by NSS Labs and IPS signature lookup service.

3. Application Control:

Improve security and meet compliance with easy enforcement of your acceptable use policy through unmatched, real-time visibility into the applications your users are running. With FortiGuard Application Control, you can quickly create policies to allow, deny, or restrict access to applications or entire categories of applications. The sophisticated detection signatures identify Apps, DB applications, web applications and protocols; both blacklist and white list approaches can allow or deny traffic. Traffic shaping can be used to prioritize applications and flexible policies enable full control of attack detection methods.

4. Security Rating Service:

The Security Rating Service is helps guide customers to design, implement and continually maintain the target Security Fabric security posture suited for their organization. By running Security Rating Service audit checks, security teams will be able to identify critical vulnerabilities and configuration weaknesses in their Security Fabric setup, and implement best practice recommendations.

5. IoT Service:

The IoT service helps customers significantly reduce their attack surface by enabling the Fortinet Security Fabric to automatically discover and segment IoT devices based on FortiGuard intelligence, and enforce appropriate policies against them. With the service, FortiGates can query FortiGuard servers to obtain information about unknown devices and then act accordingly based on policy

6. Indicators of Compromise (IOC) :

The IOC service is an automated breach defense system that continuously monitors your network for attacks, vulnerabilities, and persistent threats. It provides protection against legitimate threats, guarding customer data and defending against fraudulent access, malware, and breaches. It also helps businesses detect and prevent fraud from compromised devices or accounts

7. Vulnerability Scan

Vulnerability scan network assets for security weaknesses, with on demand or scheduled scans. Comprehensive reports on the security to benefit from and access the intelligence, expertise, and protection delivered by FortiGuard Labs, customers simply need to add the desired security subscriptions to their Fortinet Security Fabric deployment. FortiGuard security services are designed to optimize performance and maximize protection across the Fortinet Security Fabric and are available as both individual and bundled subscriptions. Our subscriptions cover every aspect of the attack surface and includes IP reputation updates, intrusion prevention, web filtering, antivirus/anti-spyware, anti-spam, database security, virus outbreak protection service, content disarm & reconstruction, security rating services and network and web application control capabilities. Subscribe to FortiGuard to stay protected against the latest threat across all threat vectors and attack surfaces today! DATA SHEET | Fortinet Transceivers 3 FortiGuard Subscription Bundles posture of your critical assets and automated scanning of remote location FortiGates.

8. Web Application Firewall (WAF):

Automated WAF signature updates that protect against SQL injection, cross-site scripting, and various other attacks, hundreds of vulnerability scan signatures, data-type and web robot patterns, and suspicious URLs. Supports PCI DSS compliance by protecting against OWASP top 10 vulnerabilities and using WAF technology to block attacks.

9. Web Filtering:

Block and monitor web activities to assist customers with government regulations and enforcement of corporate internet usage policies. FortiGuard’s massive web content rating databases power one of the industry’s most accurate web filtering services. Granular blocking and filtering provide web categories to allow, log, or block. Comprehensive URL database provides rapid and comprehensive protection. And, Credential Stuffing Defense identifies login attempts using credentials that have been compromised using an always up-to-date feed of stolen credentials.

10. Industrial Control Systems Security:

The FortiGuard Industrial Security Service continuously updates signatures to identify and police most of the common ICS/SCADA (supervisory control and data acquisition) protocols for granular visibility and control. Additional vulnerability protection is provided for applications and devices from the major ICS manufacturers.

11. Antispam:

FortiGuard Antispam provides a comprehensive and multi-layered approach to detect and filter spam processed by organizations. Dualpass detection technology can dramatically reduce spam volume at the perimeter, giving you unmatched control of email attacks and infections. Advanced anti-spam detection capabilities provide greater protection than standard real-time blacklists.

12. Cloud Sandbox:

FortiCloud Sandbox Service is an advanced threat detection solution that performs dynamic analysis to identify previously unknown malware. Actionable intelligence generated by FortiCloud Sandbox is fed back into preventive controls within your network—disarming the threat. FortiSandbox is NSS Labs Recommended for breach detection and breach prevention, and ICSA Labs certified for advanced threat defense.

Make your network intelligent against threats with Sprint Networks. We aim to secure Australian businesses and institutions from all malicious activities that can take advantage of network vulnerabilities.

If you think you are at risk!

If you have questions, please drop us an e-mail at info@sprintnetworks.com

Jun 25

Taking Action To Protect Your Infrastructure Against Cyber-Attack

By Sprint Networks Network Security No Comments

Copy-Paste Compromise

In this month, Australia Cyber Security Center has announced the statement on malicious cyber activity against Australian institutions, including hospitals and state-owned utilities.

The attacker has been identified leveraging a number of POC, proof-of-concept, exploit code, shells, and other various tools from open source. These actions are primarily through the use of remote code execution vulnerabilities in unpatched versions of Telerik UI and other Microsoft IIS and Citrix vulnerabilities.

The attacker has shown the capability to find and quickly leverage exploitable public vulnerabilities and regularly conducts reconnaissance of target networks looking for vulnerable services. The attacker might potentially maintain a list of public-facing services to quickly locating the vulnerable services after future vulnerability releases.

How Is The Attack Happening

The attacker has shown the capability to find and quickly leverage exploitable public vulnerabilities and regularly conducts reconnaissance of target networks looking for vulnerable services. The attacker might potentially maintain a list of public-facing services to quickly locating the vulnerable services after future vulnerability releases.
If your company does not host any public-facing services, it does not mean your network would be one of the victims in this action. The ACSC has identified that the attack is also utilising various phishing techniques. The ACSC has advised the phishing has taken the form of:

links to credential harvesting websites
emails with links to malicious files, or with the malicious file directly attached
links prompting users to grant Office 365 OAuth tokens to the actor
use of email tracking services to identify the email opening and lure click-through events.

Sprint Networks Solution

Sprint Networks has an experienced team with comprehensive solutions to support your evolving security requirements. We have a strong partnership with leading technology providers to secure and maintain your security today and into the future.

Sprint Networks is offering Managed Email and DNS Security to strengthen your security defences with better control over all aspects of inbound, outbound emails, and suspicious traffic. To avoid becoming a victim in this attack, relying on people to keep your business safe should not be part of your options.

We are providing cloud -based Email Security solution filters all malicious email before it even hits your network components. Even though your employment received the malformed web address from other sources, we will block the requests before it even sends out from your network. The attacker will not be able to get any responses from the victims.

Protect your business from Cyber Threats with Sprint Networks. We aim to secure Australian businesses and institutions from all malicious activities that can take advantage of network vulnerabilities.