Arraya Insights

by

Ransomware isn’t Going Away - Make it Less of a Threat with Dell EMC PowerProtect Cyber Recovery

If there’s one technology topic most of us probably would have liked to leave back in 2020, it’s ransomware. Given how lucrative the technology has become, it’s doubtful cyber criminals will be open to the idea of letting it fade from headlines anytime soon. Whether they’re able to keep up last year’s pace, in which a ransomware attack occurred every 11 seconds, remains to be seen. However, it does seem a safe bet to assume ransomware tactics and tools will continue to evolve in some fashion, putting pressure on security pros and the organizations they represent to do the same.  

An alert and informed user base is the most basic defense any organization can have against malware. Ensuring users at all levels know how to spot and respond to common cyber security flags will go a long way toward thwarting criminals. Even the savviest of users can still fall victim to a well-constructed or hidden scam. As such, organizations must invest in technologies that can help minimize the immediate and lasting fallout from human error.   

One technology organizations should take a look at as we begin moving through 2021 is Dell EMC’s PowerProtect Cyber Recovery solution. While not new, this solution has undergone its own evolution in recent years, to further enable it to keep mission critical data out of cyber criminals’ reach.

4 ways PowerProtect Cyber Recovery can thwart ransomware attackers

Here are four features Dell EMC’s PowerProtect Cyber Recovery solution uses to make life as hard as possible for cyber criminals:

  • tamper-proof backups for backups. Dell EMC PowerProtect Cyber Recovery starts by making a third copy of designated organizational data sets, one that is separate from both production files and initial backups. These files are then locked to prevent tampering – or, in the event of a ransomware attack, unauthorized encryption.
  • a hardened, air-gapped data vault. Next, the solution transfers those data sets into what is essentially a bank vault for data. Dell EMC PowerProtect Cyber Recovery sequesters its copies away from the most heavily trafficked parts of an organization’s network, isolating them behind a unique set of security credentials, backed with multifactor authentication. The solution goes further by air-gapping the vault off from the rest of the environment. This architecture prevents access to the vault outside of authorized, automated data syncs or recovery scenarios.
  • intelligent, responsive network monitoring. Dell EMC PowerProtect Cyber Recovery is more than simply a hardened yet passive data repository. It can, by leveraging CyberSense, also intelligently – and automatically – seek out signs of possible ransomware corruption to ensure the purity of the files housed within its vault. Using statistically-driven machine learning and full content indexing, Dell EMC PowerProtect Cyber Recovery can shine a spotlight on a threat and set the stage for remediation efforts to take place.   
  • hands-free restore and recovery. The final feature we want to call out is the “recovery” in the name Dell EMC PowerProtect Cyber Recovery. This solution can, when integrated with Dell EMC technologies such as PowerProtect Data Manager and Networker Cyber Recovery, as well as existing in-house procedures, execute fully-automated, right from the vault data recovery. By reducing recovery windows, Dell EMC’s PowerProtect Cyber Recovery solution can help make ransomware less of a catastrophic threat.

Next Steps: Plan for ransomware to be part of your 2021 and (sadly) beyond

Want to learn more about how Dell EMC PowerProtect Cyber Recovery can help your organization fight back against the ongoing threat posed by ransomware? Arraya can help. Our team of data center and cyber security experts can help you assess your existing environment as well as your threat exposure in order to help you build out a security strategy and architecture tuned to handle today’s advanced, persistent threats.

Reach out now to get the conversation started!

Visit https://www.arrayasolutions.com//contact-us/ to connect with our team now.

Comment on this and all of our posts on: LinkedInTwitter, and Facebook.

Follow us to stay up to date on our industry insights and unique IT learning opportunities.

by

Microsoft’s Software Assurance Program Revamp: Where Things Stand and What’s Next

Back in the fall of 2019, Microsoft laid out its timeline for overhauling its Software Assurance program. While that may feel like eons ago, only some of those changes have come to fruition. Others will go into effect this year and even beyond it. Organizations will need to make sure they’re ready to pivot accordingly as these modifications are implemented in order to ensure they continue maximizing the ROI on their Microsoft investments.

First, let’s consider what’s due up next. As of this upcoming February, Microsoft plans to retire the accrual of both planning days and training vouchers for all of its customers. Following not too closely on the heels of that deadline is the next. Come July 2021, customers will no longer be able to create new planning day engagements or training vouchers. The final dates worth noting on Microsoft’s current Software Assurance road map won’t hit until 2022. In January of that year, Microsoft will eliminate customers’ ability to redeem planning services and training vouchers. Also at this time, any customers leveraging Software Assurance for incident support will need to convert to a Unified support model from Microsoft. Then, in February 2022, Microsoft will retire accrual of 24/7 support incidents and instead provide as-needed support to qualifying Software Assurance customers under Microsoft’s Unified support label.

That’s a lot to take in. Essentially, these pending changes all fit in to one of three buckets: Deployment Planning Services, Training Vouchers or Support. Microsoft has stepped up investment in each of these areas, offering customers new benefits in place of those on their way out the door. Here’s what organizations can expect:

  • Deployment Planning Services: Microsoft is bolstering its FastTrack program to help organizations plan and further their digital transformation and cloud journeys.
  • Training Vouchers: Microsoft is working to create and build out new options for training and certification, including Microsoft Learn, to help others grow their skills and competencies with the company’s solutions.   
  • Support: Microsoft is adjusting support to be as-needed instead of incident-based for qualifying organizations while seeking to lower the barrier of entry for those seeking to utilize its Unified support model.  

How Microsoft’s Software Assurance program has already changed

As we mentioned, Microsoft’s renovation of its Software Assurance program is already underway. In February 2020, which itself feels quite a ways away, Microsoft:

  • removed cloud services from its planning services catalog
  • eliminated the Azure training voucher
  • stopped the conversion of training vouchers to planning services days

It’s likely your organization has already adjusted to life without the above services. However, given everything that has happened since February, it’s entirely possible one or more of these changes slipped through the cracks in favor of far more pressing concerns. As more services start to go offline over the coming months, it could make it harder for organizations to continue realizing full value from their Microsoft environment.

Next Steps: Keep up with Microsoft’s changing support and training options  

Need a hand keeping up with the changing face of Software Assurance? Arraya Solutions can help. As a FastTrack Partner Ready-certified Microsoft provider, Arraya can help organizations of all shapes and sizes make the adjustments they need to see immediate and ongoing value from their digital transformation efforts. Through this program, our team can help stand up and optimize Microsoft solutions, boost user adoption, and map out future cloud endeavors as needed. If you’d like to learn more about FastTrack, or any of the ways Microsoft has evolved or will continue to evolve its Software Assurance program, reach out to Arraya today.

Visit https://www.arrayasolutions.com//contact-us/ to connect with our team now.

Comment on this and all of our posts on: LinkedInTwitter, and Facebook.

Follow us to stay up to date on our industry insights and unique IT learning opportunities.

by

Arraya Solutions Architect Kirk Freeman stops by to break down the new features and capabilities included in vSAN 7.0 Update 1.

by

How to Secure Cisco Expressways

Given the current pandemic situation, the remote work culture has become our new normal. Companies that previously considered Work from Home (WFH) a perk, offered only to certain individuals, have had to open it up to a wide range of employees. Aside from the obvious upsides, this poses a few security concerns as well. So, it is strongly recommended that companies keep up with regular security audits & follow accepted best practices. In this blog post, we’ll look at one such best practice and how to accomplish it.

Specifically, this applies to Cisco shops running VCS/Expressways at the collaboration edge. Best practice is to make sure you have upgraded your TLS Versions with highly secure Cipher suites.

Need help doing so? Don’t worry, you are in the right spot.

Starting with version X8.10, Expressway defaults to TLS Version 1.2 when establishing secure connections for the following services:

  • HTTPS
  • SIP
  • XMPP
  • UC server discovery
  • Reverse proxy

However, on upgrade, the previous behavior and defaults persist so you won’t be defaulted to TLS version 1.2. New installations will use the new defaults. So, for new installations you should check that all browsers and other equipment/applications that must connect to the Expressway supports TLS version 1.2.

Cipher Suites:

You can configure the cipher suite and minimum supported TLS version for each service on the Expressway. These services and cipher suites are shown in the table below. (The cipher strings are in OpenSSL format.)

For services where the Expressway can act as a client, for example HTTPS, the same minimum TLS version and Cipher suites will be negotiated.

Configuration:

  • Login to the Expressway(s) with admin credentials.
  • Go to Maintenance > Security > Ciphers.
  • Configure the minimum TLS versions & supported Cipher Suites (refer table above) as required.
  • Save & restart the Expressway(s) for the changes to take effect.
  • Note that these changes must be completed in both C & E expressways.
  • In a clustered environment, the changes can be completed only in the primary configuration node & it propagates to all the cluster nodes.

Here is a video reference: https://video.cisco.com/video/5858449075001.

If you need any help with the above steps, don’t hesitate to reach out to the Arraya team! We’ll be happy to share our insights and expertise. Do so by visiting: https://www.arrayasolutions.com//contact-us/!

by

Arraya Inside Sales Engineer Matt Rush shares his unique insights into Meraki per-device licensing.

by

“Episode 2: The Technologies that Defined 2020 (and What’s to Come in 2021)”

On this episode of the Arraya Insights Vodcast, we look back at some of the technologies that helped shape a year like no other. Then, we look ahead to the next crop of solutions and advances heading our way in 2021.

Meet Our Panel:

  • Top Left: Chris Bovasso, Director, Application Services
  • Top Right: Chuck Kiessling, Senior Director, PreSales Solutions
  • Bottom Right: Top Right: Ron Longley, Director, Data Center Practice
  • Bottom Left: Scott Brion, Director, Cyber Security

Prefer an audio format? Subscribe to our Arraya Insights Radio feed in your Apple or Android podcast catcher for an audio-only version of our vodcast. Or, you can use the player below.

Arraya Insights Radio · Arraya Insights Vodcast: Episode 2

Have a topic for our panel? Share it with us at https://www.arrayasolutions.com//contact-us/ or on social media: LinkedInTwitter, and Facebook.

by

John Salmons, Jr., one of Arraya’s Inside Sales Engineers, closes out 2020 by covering some of the most recent updates to come to Teams, including a revised launch dashboard, noise cancellation and Apple Car Play compatibility.

by

Sunburst/Solorigate Aftermath: 4 Lessons Learned from the SolarWinds Breach

Organizations everywhere are only just beginning to come to terms with the Sunburst/Solorigate compromise. Even at this stage, it’s clear the backdoor into SolarWinds’ Orion network monitoring and management platform represents one of the most substantial cyber security breaches in recent memory. SolarWinds’ client list reads like a who’s who of the public and private sectors, including Fortune 500 companies, telecommunications and cyber security giants, and core government agencies. While it may come as little consolation to those impacted, there are lessons to be learned from this incident that can help all organizations better their own security efforts.  

Before we get into the takeaways from this breach, first let’s go over what exactly took place. State-sponsored hackers (believed to be APT29, aka Cozy Bear, of Russian intelligence fame) were able to gain access to a server used to build updates for the Orion platform, likely back in March of this year. The origins of this access are still being investigated, however, there’s some evidence a suspect security culture may be prevalent within SolarWinds. Last year, a security researcher discovered an especially weak administrative password (solarwinds123) made weaker still by the fact that it was inadvertently made public in a Github repository.

Once inside, attackers pushed out a malicious update that would grant them widespread visibility into the network of any organization that downloaded the update. All told, it is believed roughly 18,000 of the more than 300,000 organizations that leverage Orion implemented the fraudulent update. Looking for some good news? Here it is: Using a “Death Star”-like display of power, Microsoft was able to disable the malware, bringing the attack, mercifully, to an end.

So, what have we learned? Let’s go down the list:

  • Patch your systems! This point is especially critical given how this attack went down. In this case, organizations that promptly downloaded and implemented the update, a security best practice, were burned and those that waited were spared. It’s important to note that, most of the time, it’s the other way around. Those who wait are the ones leaving themselves open to attack. The SolarWinds incident shouldn’t scare you away from doing the things that, more often than not, will keep you safe from cyber criminals.
  • Embrace the principle of least privilege. Zero trust, least privilege, whatever you want to call it, this idea should be reflected in your approach to technology and vendors. Newly implemented (and existing) solutions should only be given the rights and access they need to function and nothing more. The same goes for vendors, technology partners, service providers, etc. It’s tempting (and time-saving) to grant newcomers broad access, particularly if it involves a trusted industry leader, like SolarWinds. The above scenario shows the risk of that approach. By compromising SolarWinds tech attackers were able to gain, in some cases, almost unfettered access to organizational networks down the supply chain – access that Orion didn’t necessarily require to operate.        
  • Be careful with your passwords. It’s as elementary a tip as there is, and has been for years, but it is still worth repeating. Use strong, complex passwords (not the name of your company followed by 1-2-3) unique to every account. Use a password manager to help keep track of these otherwise-impossible-to-remember sequences of upper and lower case letter, special characters and numbers. Don’t share passwords with others. Turn on MFA wherever possible. If you suspect a credential has been compromised, don’t wait, change it immediately. Passwords, for better or worse remain a key part of our increasingly digital lives. Until this is no longer the case, the best we can do is make passwords as secure and private as possible.       
  • Leverage data loss prevention (DLP) capabilities wherever they exist. No matter their primary industry, nearly all organizations these days are also in the data moving business. With all of the data being shuffled to and fro, it’s no wonder sensitive information sometimes finds itself in the public eye. With SolarWinds, it just so happened to allegedly be a password exposed on Github. However, it could just as easily have been a credit card number sent in an email or social security numbers posted to an unencrypted database. DLP functionality, like that built into Microsoft 365, should be utilized wherever possible to automatically scan postings for secure data and raise the appropriate red flags should it find anything.

Next Steps: Put your security under a microscope

Every organization, regardless of size, industry stature, or budget is at risk for a cyberattack. That’s not to sound hopeless. Instead, it should be seen as a call to action. Continuous improvement is the name of the game in security. There are always ways to get better and there is always more that can be done to keep the bad guys out. Security, to use the cliché, is a journey not a destination.

The Arraya Cyber Team (ACT) can help you along on your own security journey. They can do so by guiding you through “table top” scenarios where you take on a fictionalized version of your cyber security worst nightmare. Or they can put your environment to the test through pen testing or gap analysis. Reach out to the ACT to learn more.

Visit https://www.arrayasolutions.com//contact-us/ to connect with our team now.

Comment on this and all of our posts on: LinkedInTwitter, and Facebook.

Follow us to stay up to date on our industry insights and unique IT learning opportunities.

by

2 Ways Attackers Have Tweaked Ransomware to Make it Even More Effective

The ransomware playbook used to be fairly straightforward. Attackers would gain access to an organization’s data, lock it down, make their demands, and then wait to see if the bitcoin would roll in. And roll in it did. Ransomware has become a multi-billion dollar industry, one with an alarmingly low barrier to entry thanks to widespread proliferation of highly user-friendly malware. Not content to rest on their laurels, cyber criminals have added a few new wrinkles to their winning playbook, hoping to make their campaigns more effective for them and more expensive for their victims.

One such change is the rise of data exfiltration tied to ransomware infections. One team of researchers analyzed more than 100,000 attacks and linked more than 1-in-10 incidents to groups known to practice data exfiltration as part of their ransomware campaigns. It’s worthy acknowledging that number could actually be higher as not all groups looking to steal data do so overtly.

What happens to the data sets these groups nab? That depends. Sometimes criminals will use the threat of leaking data to encourage victims to pay up. Such a threat can be particularly persuasive among organizations that traffic in large volumes of highly sensitive data, including those in legal, healthcare and finance. Publicly losing data could land these organizations in hot water with both regulators and with their customers, clients, patients, etc. In other cases, attackers may covertly exfiltrate data and then simply sell it off to bolster their profit margins. Whatever the motivation, cyber security experts believe exfiltration has become part of the “new normal” for ransomware.

Another recent evolution of ransomware involves backups. Maintaining regular backups has long been viewed as key to mitigating the fallout of a ransomware attack. After all, why pay up when all you need to do is restore from backups? Attackers, likely tired of being thwarted by good backup practices, have responded by redesigning ransomware to target backups first. Some strands of malware will alter or encrypt backups, rendering then unavailable. Others take a “seek and destroy” approach. Both will then move on to production files. The goal is to leave organizations without their safety net, making them more willing to listen to and comply with attackers’ demands.

Defending against the next generation of ransomware

You can find a deep dive into ransomware best practices from both the admin and user level in our blog post “Ransomware Attacks Spike Against Healthcare Facilities: How to Keep Yours Safe.” While that post is ultimately geared toward those in healthcare, the defensive strategies suggested can be leveraged by organizations in any industry. However, we can recommend a few additional steps here to short-circuit the advanced attacks methods outlined above. Organizations are advised to:

  • encrypt data, both at rest and in transit. Doing so ensures that, even if attackers manage to get their hands on and steal any data, it will be unreadable and therefore of no value to them.
  • be vigilant of workload behavior, looking for any unusual patterns that could be a sign of an attack. Organizations must be ready to address and, if necessary, remediate anomalous activities, like unexpected movements of data, quickly, through the use of powerful, intelligent automation.
  • keep back-ups offline or use microsegmentation to keep them distanced from production files. Without the appropriate separation, backups will provide little security against a rapidly-spreading ransomware infection.     

Next Steps: Practice for your organization’s worst case scenario

Need help preparing your organization for the evolving realities of today’s ransomware environment? Arraya Solutions can help. Our cyber security experts can help you design and walk through a fully customizable worst-case scenario. These exercises can stress test the security response mechanisms you have in place for when attackers are knocking on your door – or when they’re already inside your network. They can help you discover and close procedural or technological gaps that allow attackers greater opportunities to succeed. Reach out to the Arraya Cyber Team (ACT) to learn more.

Visit https://www.arrayasolutions.com//contact-us/ to connect with our team now.

Comment on this and all of our posts on: LinkedInTwitter, and Facebook.

Follow us to stay up to date on our industry insights and unique IT learning opportunities.

by

Episode 1: “The New Normal and the Hybrid Cloud”

In this debut episode of the Arraya Insights Vodcast, our team of subject matter experts talk about the impact of COVID-19 from an IT perspective. They also analyze the role the cloud has played – and can continue to play – in mitigating the pandemic’s impact operationally-speaking.

Meet Our Panel:

  • Top Middle: Chuck Kiessling, Senior Director, PreSales Solutions and Vodcast Host Extraordinaire
  • Top Right: Gary Funt, Senior Cloud Solutions Architect and Baby Cloud Baby Sitter
  • Bottom Right: Matt Amato, Cloud Solutions Architect and User Experience Guru
  • Bottom Left: Kirk Freeman, Solutions Architect and Creator of the #MyKirk Bot
  • Top Left: Ron Longley, Director, Data Center Practice and Data Phycisist

Prefer an audio format? Subscribe to our Arraya Insights Radio feed in your Apple or Android podcast catcher for an audio-only version of our vodcast. Or, you can use the player below.

Arraya Insights Radio · Arraya Insights Vodcast: Episode 1

Have a topic for our panel? Share it with us at https://www.arrayasolutions.com//contact-us/ or on social media: LinkedInTwitter, and Facebook.