Cyber Security – Fighting Back

Traditional cyber security defensive technologies are being developed with a more offensive capability.

Cyber security is maturing, both as an industry and a technology. In recent years, the headlines have been full of major attacks, breaches and compromised data integrity. The result is both a loss of public confidence and billions being lost to organisations both large and small.

The outbreak of cyber-crime, cyber terrorism and cyber warfare has been an unexpected and unwelcome consequence of the combination of many technologies. The ubiquity of high-speed global connectivity, coupled with increasing internet commerce and trade, sadly meant that it was inevitable that crime would follow.

Cyber-crime once distilled down to its most basic concept is actually a technical and technology challenge. Technology is being used inappropriately and therefore technology itself can be used to remediate the issue. Well, that’s the theory and technology vendors have been throwing their expertise into a raft of measures to stem the tide of this crime wave.

Their success in both technological defensive terms and raising awareness has been high. Yet still, in 2018 four in ten businesses in the UK and two in ten charities have experienced a cyber breach or attack.¹The criminals are still winning. But why?

The global cyber security industry is predicted to reach $164 billion² by 2024, and the vast majority of this will be set around defence. Obtaining early warning of potential attacks, securing networks, plugging software vulnerabilities, implementing strict access control and ever strong authentication methods are all going to be key to keeping the cyber criminals at bay, but if the recent history of cyber-crime teaches the collective IT industry anything, it is that the game of digital cat and mouse will continue.

But what if there was another approach? What if technology could go on the offensive and identify, in real time, the source of the attack. What if technology could pinpoint and reveal the geographical location of the individual, or groups of criminals who are fraudulently syphoning off vast quantities of money and data from the global economy, or trying to illegally disrupt democracy? This is where the leading edge of cyber security technology is headed, and it’s called cyber forensics.

The basic premise is that as an organisation comes under attack offensive technologies can divert that attack into an “electronic sinkhole” – so that the perpetrator believes their attack is working – whilst covert technology identifies in explicit detail who the criminals are, where they are operating from and the toolset and domains from which they are launching their attacks.

Cyber criminals have devised methods to hide their true identities when registering and managing the internet domains from which they launch their attacks. They do this using domain registrars who provide high levels of privacy controls. However, these sophisticated offensive forensic technologies have the ability to burrow through these domain registrars filters and obtain the true ownership of a privacy protected domains. This then allows for the name, email address and contact details of the true owner to be obtained. These details can be cross referenced against social media data and other public sources to build a body of evidence that can allow Law Enforcement agencies to take action.

Complementing this is also some of the world’s most granular IP geolocation tools, that can determine the physical location of the IP address that is being used to launch or sustain a cyber-attack. The resolution of this IP geolocation data can be accurate to 1m, allowing a firm estimation of the physical location of the equipment undertaking an attack to be obtained. Again, cross referencing this with widely available global mapping data, such as Google Earth and Google Street View, can assist in undertaking more traditional forms of surveillance and ultimately arrests and prosecutions.

Toolsets like these for real-time and post-event investigations have not been packaged and made available to the market before. In fact, the company behind these tools, HYAS, who partner with SCC in the UK, have received multiple security accolades including the highly prestigious FBI Directors Award of Excellence. This award was for the role of HYAS Founder, Chris Davis, in taking down one of the world’s largest botnets. Botnets can be used to perform distributed denial-of-service attacks (DDoS attack), steal data, send spam, and allow the attacker to access a device and its connection. He is one of only three civilians in the history of the FBI to be honoured in such a way.

If used in combination with Security Information Event and Management (SIEM) toolsets and services, cyber forensics fully builds out a comprehensive and multi-faceted cyber security methodology. It is destined to become the normal mode of operation for organisations that form part of the UK’s critical national infrastructure.

Cyber security is now at a tipping point, moving from the purely defensive technologies and techniques of today, into the realm of a more holistic combination of awareness, defensive and offensive technologies. The WannaCry ransomware outbreak, that cost the NHS £92m with over 19,000 appointments cancelled, allowed all public sector organisations to bear witness to the dramatic and damaging effects that a major cyber-attack can have, and therefore their obligations to ensure that they do everything in their power to prevent anything similar from affecting their own organisations. Cyber forensics can assist greatly with that requirement.

References

¹ Cyber Security Breaches Survey 2018 : Department For Digital, Culture, Media And Sport.

https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2018

² The Cybersecurity Market will be worth US$164 Billion by 2024.

https://www.prnewswire.com/news-releases/global-164-billion-cybersecurity-market-to-2024-300727984.html

SCC Innovation Group

The SCC Innovation Group is dedicated to the development of new products and services. We have a vision, a view of the market, an ability to see what others don’t; from new services to the very latest technologies. We add real business value to our customers and turn great ideas into reality.

Purchasing from SCC

SCC partners with all Tier 1 manufacturers to supply client devices

Our customers use a wide range of frameworks in addition to their own Terms and Conditions

We support hosted and traditional desktop solutions

We provide complementary services to support the entire lifecycle

Initial services include testing, building, image deployment and delivery

Support Services include enhanced break-fix maintenance and service desk

Secure disposal services delivered from our award winning recycling and remarketing facility

With competition to attract students ever intensifying, universities need to transform their offerings to students in order to differentiate themselves and drive alternative income streams. It is vital that universities evolve with student expectations to create this compelling ‘student experience’.

As the demand for student services becomes increasingly more diverse and complex, students want access to their information and applications instantly, wherever they are. This challenges universities to maintain skilled resources to not only manage but continuously improve their infrastructure. Simultaneously, universities also need to transform their operations to consistently deliver maximum value at a reduced cost.

Hosted Desktop as a Service

SCC’s hosted Desktop as a Service (DaaS) can help universities achieve their aspirations to provide a student-centric environment to offer flexible access to students’ data and applications, whenever and wherever that need it, whilst protecting the integrity of the institution’s infrastructure.

Our DaaS solution enables users to securely access their desktop, applications and data from any location, on any device whenever they need to. Hosted on SCC’s multi-tenant, secure and resilient cloud platform, DaaS allows universities to provision users rapidly and to offer students flexible device options. This allows students to balance their personal and educational lives, studying at a time to suit them, from their preferred device.

Our Hosted DaaS is delivered as a managed service with SCC maintaining and managing the desktop profiles and operating system, to ensure it is always up to date with vendor releases and refresh schedules. Universities benefit from 24/7 support, guaranteed service levels and predictable monthly costs. By eliminating the traditional capital expenditure associated with upgrades and refreshes, and replacing it with a simple consumption based model, universities can drive cost savings and significantly lower the total cost of ownership of their estate.

DaaS supports any Bring Your Own Device (BYOD) initiatives that universities are looking to deploy and allows students the freedom to use their own technology to access university applications. With diversity being a key driver in education, this environment also provides improved accessibility for fullt ime, part time, distance and disabled learners allowing them to access university applications, using whatever devices they need. This can lead to collaboration on a potentially international scale, with students being able to easily communicate and interact with academic peers anywhere, at any time.

The service is charged on a per user basis, providing the ability to scale up and down as institutional requirements change, ensuring they only pay for current active users. This is particularly valuable to cater for differing and multiple course commencement dates with the DaaS solution able to flexibly reflect this need. Increased clarity on what devices are actively being used across their campuses at any point in time, better enables universities to optimise their device estate and therefore drive cost savings by device and application rationalisation.

SCC’s Desktop as a service ensures the ongoing security, compliance and availability of educational institutions’ desktop services.

Purchasing from SCC

SCC partners with Lenovo, under the London Universities’ Purchasing Consortium National Desktop and Notebook Agreement (NDNA) to supply client devices which support hosted and traditional desktop solutions, including complementary services. We support all three lots of this framework agreement to support the entire lifecycle of client computing for our educational customers, from supply and configuration to support and finally disposal in our award winning recycling and remarketing facility.

Alternatively, if a University tenders under their own terms or a different framework, SCC can offer devices at a competitive price from all Tier 1 vendors including HPI. Utilising our strong partnerships with all Tier 1 vendors, we can provide universities access to fast and reliable client infrastructure which meets the increasing demands of students and the strategic transformation goals of higher education.

Benefits

SCC’s hosted DaaS offers a wealth of benefits to our university customers, including:

Universities can scale as required and only pay for what they need
Quicker and easier access to student applications
Streamlined deployment of appropriate applications
Consistent desktop and office software across all devices
Releasing IT resources to higher value activities
Cost savings by moving to a revenue model charged by consumption
Simplifying and enabling client ‘Bring Your Own Device’ initiatives.

Download Factsheet