CyberSecurity

SolarWinds Orion and What To Do About Cyber Security?

Headshot Awen.jpg

This post is the fourth and final in the series of blog posts written by Roy Seaman, our Percy Hobart Fellowship 2021 fellow from the Royal Marines. We’re calling the series “Posting Roy.” Opinions are personally by and of Roy only, and not necessarily of Awen Collective, the Royal Marines or UK MOD. Opinions are also temporal, and based on the information that could be found at the time.

As we embark on ‘secure’, integrated, easily accessible, and fast-flowing data on demand; the opportunity for exploitation of that data increases. The more accessible the data, the more at risk the data. 

December 2020, Microsoft and the cybersecurity firm FireEye reported around 18000 organisations had been hacked. Luckily it was not more, considering that they have many many more customers. To gain some perspective this includes 425 of the US Fortune 500, the top ten US telecommunications companies, the top five US accounting firms, all branches of the US Military, the Pentagon, the State Department, as well as hundreds of universities and colleges worldwide. The Pentagon of all places! I’m sure that they have cyber security solutions in place which are a bit more robust than the out-of-the-box virus software you get from purchasing a new PC or laptop down at the local store. 

How did it happen? 

The organisations had a relationship immediate or at reach to the SolarWinds Orion IT system management platform. Further, “[The] attacker has been able to add a malicious, unauthorised modification to SolarWinds Orion products which allows them to send administrator-level commands to any affected installation. This modification:

  • Causes the Orion products to connect to an attacker-controlled server to request instructions

  • Does not rely on the attacker being able to directly connect from the internet to the Orion server

There is evidence of the attacker using this capability in some cases to move from a single Orion server to other parts of the victim’s IT network.” (Dealing with the SolarWinds Orion compromise, 2021)

The attack was a prolonged and progressive APTAdvanced Persistent Threats (APT’s) refer to threats that break into a system, establish persistence and lurk around undetected for a period of time. In this case, attackers used malware called Sunburst, also known as Solorigate. Over several months, the attackers conducted probing small tests such as changing SolarWinds code and exploiting the relationship it had with its customers through its software updates. This, combined with loopholes in the supply chain, easy access through Single Sign-On Systems (SSO’s), and overtaking multi-factor authentication (MFA) systems allowed attackers to methodically implant malware without setting off alarms.

Loopholes in the Supply Chain

“Attackers gained access to the SolarWinds development process and injected malware, gaining access to the core network and the ability to launch multiple attacks. When SolarWinds customers received notifications of a software update sent by the company, they trusted it, which then allowed attackers to gain access to thousands of systems. As soon as the infected software was launched, a Command and Control (C2) channel was quickly established and became the launchpad for more attacks.” (Engle, 2021).

Something to consider for organisations when implementing staff cyber awareness training programs is the identification and origin of genuine emails and software updates etc. IT and Cyber departments could, for example, coordinate synchronised workforce updates as a simplified measure to assist in identifying legitimate updates. Zero trust security models not only on devices, but on account permissions could also be put in place. 

Easy access through Single Sign-On (SSO) Systems

SSO’s allow organisations to protect many systems with one username and password. “Once in the network, the intruder then uses the administrative permissions acquired through the on-premises compromise to gain access to the organization’s global administrator account and/or trusted SAML token signing certificate.  Anomalous logins using the SAML tokens can then be made against any on-premises resources (regardless of identity system or vendor) as well as to any cloud environment (regardless of vendor) because they have been configured to trust the certificate.” (Engle, 2021).

I find it challenging to come to a conclusion on the subject of SSO. On one hand the productivity, efficiency and convenience of logging in once and having access to all the relevant applications of an organisation. The negative is only one login needs to be defeated to give access to all applications.  On the other hand, given that today we have password managers to help us remember the thousands of login details for emails, banking details, subscriptions, software account details etc; means that a hacker only needs to target the password manager and defeat it, and they then have access to your entire life. I am sure that, as I write this, there are a number of people who I know which have lists of all their login details, such as: a diary with them all in, or a note on an iPhone, or a digital sticky note on their computer, or a physical sticky note on the underside of their workstation. The discipline required to avoid reusing passwords. The UK NCSC has provided guidance on password policy administration for system owners.

Overtaking Multifactor Authentication (MFA) System

“FireEye noticed that hackers gained access to the organization’s email servers with a username and password and they had bypassed the MFA system. FireEye shouldn’t have relied on just the MFA system to protect their email servers, but rather required proof of the user with biometrics.” (Engle, 2021).

What is interesting is that 2FA/MFA is widely used and considered secure. Hackers leveraged a vulnerability in the organisation’s Microsoft Exchange Control Panel and used a novel technique to bypass MFA from Cisco-owned Duo Security, and then accessed emails. Volexity, a U.S based cybersecurity company affected by the attack, were able to determine:

“Logs from the Exchange server showed that the attacker provided username and password authentication like normal but was not challenged for a second factor through Duo. The logs from the Duo authentication server further showed that no attempts had been made to log into the account in question. Volexity was able to confirm that session hijacking was not involved and, through a memory dump of the OWA [(Outlook Web App)] server, could also confirm that the attacker had presented a cookie tied to a Duo MFA session named duo-sid,” Volexity explained. “Volexity’s investigation into this incident determined the attacker had accessed the Duo integration secret key (akey) from the OWA server. This key then allowed the attacker to derive a pre-computed value to be set in the duo-sid cookie.

After successful password authentication, the server evaluated the duo-sid cookie and determined it to be valid. This allowed the attacker with knowledge of a user account and password to then completely bypass the MFA set on the account.

Volexity has clarified that the method did not involve exploitation of a vulnerability in the Duo product. The attack was possible due to the victim’s failure to change all secrets associated with key integrations after the breach was discovered. ” (Kovacs, 2020)

It shows that we need to consider how we structure our cybersecurity measures. Consider a layered login system that includes 2-factor authentication along with biometric and or cryptographic protection combinations - protective measures don’t always need to be of a digital/technical nature. 

  • Education is knowing that the threat exists, and is ultimately about creating awareness. 

  • Controlling access to information by ensuring staff only have access to the information relevant to their role.

  • Know your weaknesses - Dot is specifically designed for this from a technical perspective (specifically for Operational Technologies), and knowing which are your critical systems and ensuring the data is regularly backed-up (where possible) will allow a swift recovery or response if you are unfortunately attacked.

  • Ensure that you adopt governing policies on behaviour, access to the internet, use of data storage devices, email policies and connectivity. Make it a part of your staff roles and responsibility in order to create ownership.

  • Continually monitor and review your organisational behaviour and culture to cybersecurity.

This list is by no means comprehensive and shows that something can always be done.

How did it stay undetected?

“To avoid detection, attackers used temporary file replacement techniques to remotely execute their tools. This means they modified a legitimate utility on the targeted system with their malicious one, executed it, and then replaced it back with the legitimate one. A similar technique involved the temporary modification of system scheduled tasks by updating a legitimate task to execute a malicious tool and then reverting the task back to its original configuration. Defenders can examine logs for SMB sessions that show access to legitimate directories and follow a delete-create-execute-delete-create pattern in a short amount of time, the FireEye researchers said.” (Constantin, 2020)

Mitigation Strategies

Recognising this risk, the NCSC’s Exercise in the Box is an online tool which helps organisations test and practice their response to a cyber attack. For those with Operational Technology (OT) systems you could use Dot by Awen Collective for asset & vulnerability discovery and management! They do say prevention is better than cure!

Another initiative of the NCSC is the Cyber Information Sharing Partnership (CiSP), which is a joint industry and government partnership set up to allow UK organisations to share cyber threat information in a secure and confidential environment.

The Cyber Assessment Framework (CAF) and equally the EU Security of Networks & Information Systems Directive on Information Security (“NIS Directive”) is aimed at protecting important key systems such as our Critical National Infrastructure (CNI). To some the NIS and CAF may seem incomprehensible but Awen’s Profile software can not only help decipher it but understand and actively work with it to keep you within your obligations and make it a part of your organisations’ processes.  

The IEC 62443 (by the International Electrotechnical Commission) is a series of standards including technical reports on securing Industrial Automation and Control Systems (IACS). Despite progress being made in the right direction in the cyber domain; 2020 in the UK saw its largest increase in cyberattacks on record. Our critical systems, which keep our economies flowing, are still being frequently targeted and often attacked. Our industrial production sectors now have another topic on board room agendas, an agenda which is starting to fill up significant space in strategy and operational performance meeting time.

References 

Constantin, L., 2020. SolarWinds attack explained: And why it was so hard to detect. [online] CSO Online. Available at: <https://www.csoonline.com/article/3601508/solarwinds-supply-chain-attack-explained-why-organizations-were-not-prepared.html> [Accessed 16 April 2021].

Engle, M., 2021. Three Vulnerabilities Exposed During SolarWinds Attack & How It Could Have Been Prevented. [online] https://www.cpomagazine.com/. Available at: <https://www.cpomagazine.com/cyber-security/three-vulnerabilities-exposed-during-solarwinds-attack-how-it-could-have-been-prevented/> [Accessed 22 March 2021].

Kritzinger E., von Solms P.S. (2005) Five Non-Technical Pillars of Network Information Security Management. In: Chadwick D., Preneel B. (eds) Communications and Multimedia Security. IFIP — The International Federation for Information Processing, vol 175. Springer, Boston, MA. https://doi.org/10.1007/0-387-24486-7_21

Kovacs, E., 2020. Group Behind SolarWinds Hack Bypassed MFA to Access Emails at US Think Tank | SecurityWeek.Com. [online] https://Securityweek.com. Available at: <https://www.securityweek.com/group-behind-solarwinds-hack-bypassed-mfa-access-emails-us-think-tank> [Accessed 16 April 2021].

Ncsc.gov.uk. 2021. Dealing with the SolarWinds Orion compromise. [online] Available at: <https://www.ncsc.gov.uk/guidance/dealing-with-the-solarwinds-orion-compromise> [Accessed 14 April 2021].

Solarwinds.com. 2021. Government Cyber Security Solutions | SolarWinds. [online] Available at: <https://www.solarwinds.com/federal-government/solution/cyber-security> [Accessed 14 April 2021].

Cyber Security and its far-reaching shadow over our Manufacturing Sector

unsplash-image-QMjCzOGeglA.jpg
Headshot Awen.jpg

This post is the first in a series of blog posts written by Roy Seaman, our Percy Hobart Fellowship 2021 fellow from the Royal Marines. We’re calling the series “Posting Roy

The COVID pandemic will go down as one of those memorable moments in history that has made its mark on the working world. Forcing the working world to transform from a traditional working model to a remote working model and likely to form a hybrid model going forward into the future. It is fair to say the cyber criminal’s world has been made much easier to operate in if businesses fail to address the very real cyber threat that is out there. The unforeseen short disruptive transformation from a traditional working model to a remote model has meant that focus has switched to tech to maintain business operations. This has meant a reliance on bringing your own device (BYOD) which subsequently means an increase in vulnerable pathways that cyber-criminal activity has been able to exploit.

Bridewell Consulting commissioned the “CNI Cyber Report: Risk and Resilience” which found that 86% of CNI organisations have detected and experienced operational technology (OT) and industrial control systems (ICS) cyber attack over 2020. Ninety-three percent of organisations admit to at least one successful attempt and 24% more than 5 successful attacks. Given that only 42% of OT/ICS environments are not accessible from the internet and only 28% are confident their OT systems are protected the numbers aren’t all that surprising. Eighty-five percent of decision-makers have felt an increase in pressure to improve cybersecurity control for the OT/ICS environment over the last 12 months. The Enterprise Strategy Group research insight paper “Threat Detection and Response in Manufacturing, Current and Future Use Cases for Deception Technology” states that 49% of organisations claim that IT and OT are tightly integrated. The irony is 84% of CNI organisations predict a cybersecurity skills shortage within 3 -5 years, 32% reduced their cybersecurity budget over the COVID period and experienced a 50% increase in attacks during the pandemic. The knock-on effect on the manufacturing sector is huge. 

PriceWaterhouseCoopers (PwC) 2020 Annual Manufacturing Report identifies that 90% of consumer goods manufacturers prioritise digital transformation as a top 3 concern. Eighty-seven percent of manufacturers believe digital manufacturing technologies (smart factory technologies) will accelerate innovation and design development and 89% believe it will improve supply chain relationships. Seventy-one percent said they are already bringing OT and IT together to digitise their business. Cloud computing will be a big part of the digital transformation making data that is real-time use and disruptive technologies such as the Internet of things (IoT) to make a “new experience” for employees and customer experience. This means the challenge of maintaining secure cyber domains will be made even more complex and will become critical in all parts of business operations.  The cyber criminals ability to operate is growing and is currently faster at innovating according to the Nippon Telegraph and Telephone Corporation (NTT) 2020 Global Threat Intelligence Report.

Finally, if the UK manufacturing sector is going to transform and aspire to be world-leading innovators, it needs to embrace integrated smart factory technology and the cybersecurity risks that ensue. For success to occur businesses need to prioritise cybersecurity; to lead the way for following innovative technology. When you compare the two reports we can see attitudes towards cybersecurity need to improve and the pandemic has shone a light on weaknesses within the sector. The National Cyber Security Centres (NCSC) Cyber Security Information Sharing Partnership (CiSP)  has a good basis showing the UK government recognises the cyber threat needs to be tackled as a collaborative. Businesses need to ensure their organisations are doing their part and taking the necessary precautions to beat cyber criminals. 

Cyber doesn't go so swimmingly for Florida water company

What happened?

On Friday 5th February, a hacker tried to poison the water supply of Oldsmar, Florida, after gaining access to the water treatment control system. Through remote desktop software TeamViewer, the hacker took control of an employee’s computer at the water treatment plant and subsequently increased the amount of sodium hydroxide (lye) in the water to dangerous levels.

The consequences

The operator monitoring the system at the time of the cyber attack immediately noticed the increase of lye from 100 parts per million to 11,100 parts per million and reversed the change. This attack could have otherwise had very serious consequences to the population of Oldsmar. The treatment plant supplies water to around 15,000 residents as well as businesses in the area. Under normal circumstances, lye is a substance that is added to water to control the acidity. However, the substance is very corrosive, and can have serious health consequences if ingested. So thanks to the quick response of the keen-eyed operator at the treatment plant, the residents of Oldsmar, really did have a lucky escape!

How it happened

At the time of writing, no arrests have been made. Authorities cannot publicly describe if the attacker accessed TeamViewer using a zero-day vulnerability or by using a known one. It is unknown where the breach even originated or how many people were behind the attack: whether the attacker or attackers operated within the state of Florida, or from across the world. 

In the days following the intrusion, the treatment plant has uninstalled the software that enabled the hacker to gain access, and TeamViewer has asserted that there is no indication it was their platform that was compromised. It is suspected that the attacker took advantage of systems still using Windows 7, whose end-of-life date was early last year. This is plenty of time for vulnerabilities to be discovered, without any patches to be officially released for them. Still, whether the intrusion was carried out due to a weakness in TeamViewer, stolen credentials, a Windows 7 zero-day, or a combination of these factors, we must consider what steps to take to ensure all of these potential exposures are managed and reinforced.

How to prevent the incident from happening again, or happening to you

What prevented this intrusion from becoming life-threatening was the watchful eye and quick action of the operator. If the attacker had gotten their hands on the proper credentials, it's possible that the attack could have been carried out in the middle of the night. The use of remote software was already common in industrial plants before lockdowns to monitor performance, but with so many professionals working from home these days, it's especially imperative to (just one more time today) inspect what technology you use to enable remote work. Are your organisation's VPN servers hardened? Is multi-factor authentication enabled where possible? Is it really necessary to utilise screen-monitoring capabilities where you’re doing so? Are you and your colleagues running the latest versions of your communication platforms? What about the devices on your physical site? Do you even know what remote-access software is running on your systems, right now?

Asking such questions and being thorough in finding the answers is absolutely worth the cost, as any organisation that has been hit will tell you. Preventing yourself from being the next target and appearing on the news for all the wrong reasons is less painful and is cheaper than cleaning up the aftermath of an attack. Even then, it's not a one-time endeavour; no matter what sector you operate in, it is necessary to regularly perform audits, scan your network and hosts for any suspicious behaviour or vulnerabilities (provided that you know what would constitute as suspicious vs. normal in the first place), and so on and so forth. And if it turns out you need to, say, uninstall some remote desktop software, your pre-incident preparation will likely involve another round of security auditing if you have a rigorous change management plan. This is no small task.

The Industrial Cyber Security Ecosystem

There is no silver bullet for the problems related to the cyber security of Operational Technology (OT). There are some great solutions out there, and some which could be better. There are some amazing service providers out there who truly specialise in industrial cyber security, and others who are striving to become better in this emerging field.

We have an opportunity here to increase not only awareness but knowledge and skill. Cyber security experts, in general, have traditionally focused on IT-based cyber security. OT engineers, in general, have traditionally focused more on human safety, and not really touched cyber security.

Awen exists to reduce cyber risk and increase cyber resilience within the industrial sectors, giving value to both traditional IT-based cyber experts who are turning their attention to OT, and to OT engineers who are becoming concerned about their cyber security. Our two software products, Profile and Dot, are both about increasing awareness. Profile increases awareness about industry-focused cyber security policies and procedures. Dot increases awareness about the landscape of OT assets, and can deduce the vulnerabilities of those assets. This in turn, gives the organisation intelligence which is truly actionable. Both products are focused on the pre-incident space, and are useful in cyber risk assessments, cyber security audits, embedding security in the OT systems design and deployment stages, and more general OT change management. This is where our solutions fit in with the industrial cyber security ecosystem.

If this sounds great, and you would like to talk with us (guaranteed radical honesty, and no hard selling) then please contact us today.

This blog post was written by Awen industrial cyber software development specialists - Seren Corbett and Paige Pesigan.

Awen Collective is Cyber Essentials Plus Certified

 
cyberessentials_certification mark plus_colour.png
 

As of 26th January 2021 Awen Collective is officially Cyber Essentials Plus certified!

After completing the initial Cyber Essentials certification on 13th January 2021, the wonderful team at Wolfberry Cyber Security completed an audit of our systems under to confirm we comply with the requirements of the Cyber Essentials Plus scheme. Wolfberry are an IASME Cyber Essentials Certification body.

We see the Cyber Essentials and Cyber Essentials Plus schemes as a vital stepping stone to help UK-based SME’s engage with their cyber security and ensure a reasonable level of thought and attention has been paid to their ongoing protection from cyber attack.

As a cyber security software supplier, we hold ourselves to the highest standards of internal cyber security, both as a company, and within the security-first principles we build our products under. Cyber Essentials Plus certification marks our first steps into officially recognising those efforts, but by no means will be the last. Our products have previously, and will continue to, undergo testing and validation using external partners to ensure their safety and security, and we look forward to being able to bring you news on further cyber security certifications in the future.

Awen Collective would certainly encourage all organisations to consider the Cyber Essentials and Cyber Essentials Plus schemes as a foundation of their cyber security efforts, and we’d like to extend our thanks to Wolfberry Cyber Security, IASME and the NCSC for their support of both Awen Collective and the provision of this scheme.

Those in one of the UK Critical National Infrastructure (CNI) sectors, or servicing the CNI sectors, should not only look at Cyber Essentials but should consider the NCSC Cyber Assessment Framework (CAF) which is made much simpler to check and monitor using the Profile software system by Awen Collective.

When it comes to software - is it Location, Location, Location?

#AwenAsks

We will be releasing 5 pairs of questions on LinkedIn about a whole variety of things including cyber security, software, industry 4.0 and much more. We are tagging it with #AwenAsks, or you can view the questions directly via our Awen Collective LinkedIn company page. This post talks about the 2nd pair of questions.

2nd Pair of #AwenAsks Questions - Geopolitical Cyber Security

The second pair of #AwenAsks questions was:

  1. Does the geographic origin of software matter to you?

  2. How much do you think politics plays a role in cyber security?

The purpose of asking these two questions was to begin an open discussion on the geopolitics of cyber security.

Quite often geopolitics plays a role in offensive cyber security - for example, we quite often hear about “state-sponsored cyber attacks.”

However, geopolitics also plays a role in understanding defensive cyber security - for example, it’s important to national security to understand exactly where data is flowing to and from, and what other nations could have access to sensitive information and networks. One example is the debate over whether certain technology providers should be providing technology for building public 5G connectivity, as the worry is that other nations could then use that technology as a medium for spying or perhaps even to cause damage.

Both questions received significantly more attention than our first pair of questions, and we suspect that this is because everyone has an opinion when it comes to politics!

What were the results?

Does the geographic origin of software matter to you?

76% said “Yes” 

5% said “No”

19% said “Maybe”

0% said “I don’t know”

We also had some comments such as one from Ryan who says “Absolutely it does - geographic location determines the regulatory environment in which the company resides, the risk of hostile government snooping, etc.”

Nicola Lumb from Prosys Computing also shares the sentiment: “From a business perspective it impacts the decision. If I was reviewing similar options and one was from the UK, Wales or even better, local, then that would be preferred, particularly when it comes to time differences and accessing support.”

We also had a comment directly to us, who wishes to remain anonymous - “I honestly lately have become suspicious of some software depending on its country of origin, in particular China and Russia. It seems that these countries’ software gets considerably more attention in the media when it comes to cybersecurity (and privacy in general). TikTok is an example that comes to mind.”

However, one recent comment was sent to us which said that many organisations already use software from nations which we (at least) suspect engage in state-sponsored cyber attacks, and so it may not be an issue when considering purchasing other technologies from that same nation.

How much do you think politics plays a role in cyber security?

76% said “Significantly”

18% said “A little”

0% said “None”

6% said “Don’t know / Maybe”

That’s quite a significant lean towards people believing that politics plays a role in cyber security.

We can tell you that these were actually different people that answered (i.e. it wasn’t the same 76% that answered “yes” in question 1 that answered “significantly” in question 2).

We certainly know that politics influences cyber security. Here in the UK the UK Government shaped the National Cyber Security Strategy of 2016-2021, and there is a new strategy in development for release in 2021. This strategy is politically driven, led by the political party in charge, although understandably shaped by:

  • Political cross-party interest/working groups

  • Public sector experience, such as from the MOD, GCHQ, DCMS and BEIS.

  • Private sector experience, largely through influencers such as the techUK and ADS trade associations.

Politics also makes a decision in large scale infrastructure projects, such as the on-again-off-again relationship that many western governments have with Huawei and its connection with China.

We also have regulation in place, in the UK and EU we have regulations such as GDPR and the NIS Directive, which are incredibly important for the privacy, safety and security of our communities but are ultimately driven by political decisions.

Our second question can also be flipped on its head - does cyber security play a role in the shape of politics? While the UK government has focused on securing and defending our networks and data with the GDPR and NIS regulations, it was recently confirmed that the UK has also invested in a new organisation, the National Cyber Force, whose purpose is to "counter threats from terrorists, criminals and hostile states" [quote from a BBC news article] through offensive cyber operations. The fact that this organisation has been made public shows that the UK believes that cyber security or lack of, poses a serious threat to the country. 

From a slightly different angle, it is known that states and malicious organisations have used technology and social media platforms to interfere with election or referendum results, or spread misinformation on the platforms, which is becoming a growing problem in politics. This is a very effective and divisive tactic used to divide a country politically. It uses a concept called the "filter bubble" [from The Filter Bubble: What The Internet Is Hiding From You - Eli Pariser 2011]. This is the concept that social media algorithms turn user interactions from posts into recommendations for other similar posts. And the more the user interacts with similar posts the more similar posts they see. That is why it is possible to reinforce misinformation, so that people believe it is fact. For example, recently with news that Coronavirus vaccines have been successful in trials and are now being rolled out, anti-vaccination misinformation has been seen spreading across social media. This has also been used to spread misinformation about political candidates in elections. 

These events demonstrate that cyber security and politics are interdependent, meaning that they can affect each other, politics plays a role in cyber security and vice versa. This is why it is extremely important to strengthen cyber security and privacy mechanisms.

Clarification & Summary

We should clarify that as a business, as Awen Collective, we do our best to take a neutral position, and leave it up to the authorities in various parts of government to discover exactly what is going on in the international geopolitical sphere. Public opinion seems to strongly indicate that geopolitics does play a role in cyber security, and the decisions that organisations make when purchasing software (whether that is knowingly or unknowingly).

At Awen Collective we made the decision very early on to be understanding over geopolitical sensitivities. We decided to create our software ourselves (rather than outsource it), and so we understand what every line of code does. This provides us with a very in-depth understanding on the security of our own software from a “white-box” perspective, and this should help us to build a good trust relationship with our partners and clients. Our development team live and work in the United Kingdom, and our prime office is in Wales. 

We do not only see ourselves as investing in local, but we position ourselves as being globally relevant. We participate in programmes which are Wales focused, UK focused, Europe focused and International focused. Plus, we give flexibility to our partners and clients to use our software in a geopolitically sensitive manner - if you want to run Profile or Dot in a region such as the EU or ASEAN then that is fine, if you want to have a version in running on a server in your country then we can arrange that too, if you want to lock a version down on a hardened system on-premise then we can work with you on that too.

If this sounds interesting to you, and would like to continue the conversation please do feel free to contact us.

This blog post was assembled by Awen Team Members: Daniel Lewis, Seren Corbett and James Sandrone.

Awen goes to the USA

 
 

As part of the prestigious Tech Nation Cyber programme (1st cohort), Awen took the opportunity to visit the USA in the week commencing the 2nd of September 2019.

Our CTO, Jules Farrow, attended the trip, with various others from the Tech Nation Cyber cohort. The trip included:

It was a great week, where we built new business connections and further explored the possibilities afforded by expansion into the Americas.

If you’re local to South Wales too and would like to learn more about our experience with Tech Nation Cyber and our learnings on the US market, we’ll be recounting some tales at the South Wales Cyber Cluster September Meeting on Tuesday 17th, come and join us!