Arraya Insights

by

New details have emerged concerning one company’s efforts to recover from last summer’s NotPetya attacks and they definitely call to mind that old cliché about an ounce of prevention equaling a pound of cure. Maersk, the world’s largest shipping company, was one of many organizations that fell victim to the outbreak, which initially appeared to be ransomware, but was soon discovered to be far worse. Rather than hold data hostage, NotPetya destroyed it regardless of whether victims agreed to pay up. Faced with a decimated technology environment and the prospect of roughly one-fifth of the world’s shipping containers sitting in limbo, Maersk’s IT team went to work, launching a recovery effort that has been dubbed “heroic” – and that may have also been entirely avoidable.

While speaking as part of a cyber security panel in Davos, Switzerland, Jim Hagemann Snabe, Maersk’s Chairman, admitted his company essentially needed to reinstall an “entire infrastructure” in the aftermath of NotPeya. For Maersk, this meant something like 4,000 servers, 45,000 PCs, and 2,500 applications – or about six months’ worth of work for IT. Instead, Maersk’s IT initiated an almost superhuman response, rebooting its entire environment in just ten days.

As IT was undoubtedly burning the candle at every possible end, the rest of Maersk’s team fell back on manual methods to keep the company’s shipments moving and minimize the impact of the attack on the firm’s customers. All told, Maersk estimates it was able to cover about 80% of its shipping volume during the time spent recovering its infrastructure.

These efforts, from both IT and the operational staff, are certainly commendable; a testament to the organization’s ability to absorb what could have been a devastating blow. They were also a monumental undertaking that few organizations beyond a global giant such as Maersk could have mustered. Furthermore, it’s worth noting that the team’s recovery heroics would not have even been necessary had NotPetya been kept at bay in the first place.

An ounce of prevention, a pound of cure

Ultimately, the NotPetya-inflicted hardships that befell Maersk and others should never have come to pass. Back in June, as NotPetya was laying waste to IT infrastructures, Tom Clerici, Arraya’s Cyber Security Practice Director said of the malware: “Just like WannaCry, if all your systems are patched, you’re protected. It’s really that simple.” Of course, when IT’s to-do list begins to overflow, basic duties like patching are often one of the first things set aside. This leaves the door open for cyber criminals and the inevitable pound of cure their activities summon.

Organizations can simply no longer afford to treat patching and basic security hygiene as an afterthought. This rings even more true in light of another piece of NotPetya news that came out last month. The CIA has pinned blame for NotPetya on hackers linked to the Russian military, believing it to be another battle in the ongoing conflict between Russia and the Ukraine. With hackers now serving as the foot soldiers of geopolitical digital warfare, the risk is simply too great for businesses to do anything less than everything possible to keep from getting swept up in the fight.

Is your organization struggling to stay up to date with patching and other Security 101 tasks? Arraya’s Managed Security Services can help. As part of these services, Arraya’s personnel function as an extension of onsite IT, providing 24/7/365 network monitoring and alerts, valuable employee training, and additional bandwidth capable of ensuring an organization’s IT infrastructure is patched and ready for what today’s cyber criminals have in store. Arraya’s Managed Security Services can ensure organizations never have to choose between the basic security hygiene businesses need and the innovations they rely on for a competitive edge.

Learn more about Arraya Managed Security Services by visiting us at https://www.arrayasolutions.com//contact-us/. Also, feel free to leave any questions or comments you have regarding this or any of our blogs on our social media pages: LinkedIn, Twitter, and Facebook. While you’re there, follow us to stay in the loop with our latest industry insights, unique learning opportunities, and company news.

by

Data breaches, cyber attacks, ransomware – these things undoubtedly weigh heavily on the minds of modern day CISOs, but not as heavily as one might think. All three of those perennial hot button issues fell short of the top spot in a recent study by The Ponemon Institute of the biggest concerns security and technology executives have for 2018. Instead, the thing they’re most worried about is already in the house, to borrow a classic horror movie trope.

An overwhelming 70% of CISOs surveyed admitted to being concerned about a lack of competent in-house staffers. Those doubts about the security capabilities of the members of their teams rear their head time and again on this survey. Rounding out the rest of the top five in terms of CISO concerns are:

  • Data Breaches (66%)
  • Cyber Attacks (59%)
  • Inability to Reduce Employee Negligence (54%)
  • Ransomware (48%)

Elsewhere in the study, CISOs were asked to predict how their employers’ 2018 would play out. Once again, pessimism regarding staffers reared its head. Nearly two-thirds (65%) said: “A careless employee falls for a phishing scam that results in credential theft.” That answer came up more often than “A significant disruption to business processes caused by malware” (61%) and “significant downtime” caused by cyber attacks (59%).

Business takes a turn for the less secure

Perhaps the most troubling thing in all of this is that security pros seem to feel the business is moving in the wrong direction. Ponemon’s research also found that more than two-thirds (67%) of CISOs believe their organizations are more likely to be victimized by a data breach or cyber attack in 2018 than they were previously.

Among those organizations who feel more likely to be breached, the finger was once again pointed at staffers. Nearly two-thirds (65%) of those surveyed felt their business’ lack of “in-house expertise” is what would come back to bite them in the form of a 2018 data breach. Interestingly enough, further down that same list of potential data breach causes, was an answer that might also shed light on a possible reason for that lack of in-house expertise. Roughly 36% of leaders said their employer isn’t “providing enough training to prevent negligent behavior such as falling for a phishing scam or sharing passwords.”

These findings correlate with Arraya’s own research on the topic. At our Open House last year, we polled IT professionals from across the Mid-Atlantic region about their most painful security challenges. Any guess as to what took the top spot? Once again it was employees. Just under half of our respondents in our poll (46%) said their top challenge was “Protecting my employees from themselves while maintaining productivity and innovation.”

Next Steps: Overcoming security pessimism

It’s easy to come away from Ponemon’s survey – and our own – feeling pessimistic about the state of cyber security today. However, that negativity doesn’t have to be the reality CISOs and their employers contend with this year.

Arraya’s Cyber Security Practice can help position businesses for the cyber security realities of this year and beyond. We can provide training and awareness programs to transform staffers from a security liability into a reliable first line of defense. In addition, through our Managed Services team, we can supplement those staffers with additional hands-on cyber security expertise. Our team can manage and monitor every part of a business environment, alerting organizations to threats, deploying patches, and identifying trouble spots before they can do damage.

To learn more about how Arraya’s Cyber Security team can help your business plan, protect, and prevail against evolving threats, visit: https://www.arrayasolutions.com//contact-us/. We can also be found on social media: LinkedInTwitter, or Facebook. Feel free find and follow us on any or all of those sites so you can comment on our blog posts. You’ll also be the first to know about our latest industry insights, exclusive educational opportunities, and more.

by

With the cloud, often times the issue isn’t the will, it’s the way. Many businesses have long sought the benefits associated with migrating workloads to the cloud, outcomes such as increased resource flexibility and greater budgetary efficiency. In fact, interest in these solutions rose to such a degree last year that some analysts called 2017 the year the cloud became the “new normal” for enterprise IT. The downside of all of that interest is that it’s created a bottleneck for businesses. There may not be a shortage of enthusiasm about the cloud, but there is a scarcity of the skills needed to complete the journey.

Cloud skills are at an all-time premium and many firms are struggling to find the help they need to plan or execute their migration. This obstacle popped up in several studies and articles our team has come across recently, including:

  • an article from Computer Weekly citing a Microsoft report that said 38% of technology leaders looking for candidates with cloud skills are struggling to find them.
  • a second data point, from the same article, which said half of leaders believe this problem could take as long as two years to work itself out, while 30% don’t see it getting any better in that timeframe.
  • a study from RightScale that listed expertise in a three way tie for the biggest challenge businesses face with the cloud. It, along with security and cost, each took 25% of the vote.
  • a LogicMonitor study in which staff members’ lack of cloud experience was cited by 58% of respondents as one of the top hurdles presented by public cloud.

Without proper guidance, cloud initiatives can stall or simply fail to live up to their full potential. That’s a sizeable investment from the business gone, to some degree, to waste. Even if an organization does find the cloud talent they need to avoid those results, the likelihood is that expertise isn’t going to come cheap in such a competitive market. Of course, doubling back to that earlier cliché, where there’s a will to reach the cloud and maximize its ROI, there’s a way.

Connect with cost effective cloud know-how

Arraya’s Digital Advisor – Cloud Strategy service is an ongoing engagement that connects businesses directly to our team of subject matter experts, allowing them to bypass the cloud talent bottleneck. It’s a cost effective way for businesses to ensure they have regular access to a wealth of practical, real world cloud expertise.

As part of this service, among other duties, Arraya’s team can:

  • Serve as an executive-level resource capable of offering advice on cloud concerns and potential initiatives, all tailored to an organization’s unique needs
  • Audit pre-existing cloud infrastructure and deployments and address any roadblocks that are uncovered
  • Help organizations plan for the long-term health and efficacy of their cloud journey by providing informed cost estimates and introducing them to emerging technologies
  • Facilitate the creation of executive-level documentation and collateral pertaining to organizational cloud initiatives

If you’d like to learn more about Arraya’s Digital Advisor – Cloud Strategy service, or any of our other solutions and services designed to help your business evolve beyond legacy borders, visit us at https://www.arrayasolutions.com//contact-us/.

Leave us a comment on this or any of our blogs by checking us out on social media. We can be found on LinkedInTwitter, and Facebook. While you’re there, in addition to letting us know what you think of the post, remember to follow us so you can stay up to date on our latest industry insights as well as be the first to know about exclusive opportunities to advance your IT knowledge.

by

A few weeks ago, the world was first introduced to Meltdown and Spectre and these hardware security vulnerabilities have been a constant source of IT headaches ever since. If you haven’t read it yet, Tom Clerici, Arraya’s Cyber Security Practice Director, has put together a plain English explanation of how Meltdown and Spectre operate and, more importantly, what businesses can do to protect themselves. However, the news hasn’t stopped coming and so we thought we would take this opportunity to rundown some of the more recent Meltdown and Spectre developments and go over what they could mean for you.

Keeping Meltdown and Spectre out of cloud collaboration

The cloud may not be immune to Meltdown and Spectre, but that doesn’t necessarily mean you need to be worried about your cloud collaboration environment. That’s the takeaway from a blog by Cisco that sought to ease the fears of those who rely on its solutions to work shoulder-to-shoulder with their peers – wherever those peers may physically be located. In particular, this post, entitled Meltdown, Spectre, and Cisco Cloud Collaboration Security, focused on setting the record straight regarding a number of tools, including WebEx and Cisco Spark.

In terms of WebEx, Cisco broke down how its infrastructure – a mix of Cisco-owned hardware in Cisco data centers and isolated servers in non-Cisco-owned colocation sites – makes external attacks via Meltdown or Spectre impossible. Before such an attack could be launched, an attacker would first have to gain access to the dedicated hardware that forms WebEx’s foundation. Cisco’s team stands ready to patch that foundation against these types of attacks as the necessary updates are released.

Meanwhile, looking at Spark, work has already begun to upgrade its Care, Message and Meet, and Call services against assault. Additionally, the data contained as part of those services is protected by end-to-end encryption, meaning customer data is secured wherever it may be leveraged within Spark. This way, even if an attacker was able to access this data, it would prove useless without the decryption key, which is stored separately, necessitating a more coordinated, complex attack.

This is just one instance where moving systems to the cloud clearly shifts a burden off onsite IT teams. In this case, that burden involves patching collaboration solutions.

Why some businesses are being asked not to patch

Timely installation of patches and upgrades is a core philosophy of Cyber Security 101. However, manufacturers and others who operate industrial systems were urged recently to stand pat with Meltdown and Spectre fixes. Why? Well, because doing so could have rendered their factory equipment unstable.

Industrial system manufacturers from Rockwell to Siemens reported seeing errors with their technology following the application of Microsoft’s Meltdown and Spectre patches. In the case of Rockwell, roughly a dozen errors have been identified, including security server access complications. These organizations are working closely to sort out the issues so users may resume patching with confidence.

For the businesses who kept to best practices and implemented Meltdown and Spectre fixes early only to see problems arise in their systems, this is a perfect example of the value of working with a security partner. Organizations such as Arraya can validate patches and updates prior to deployment, ensuring that when they are rolled out, they perform as expected.

Do you know where that patch has been?

Anytime cyber security threats start making headlines, inspiring widespread fear and anxiety among those inside IT and out, you can bet other malicious actors will step up and try to capitalize off that notoriety. This is already taking place with Meltdown and Spectre as at least one promised fix for the vulnerabilities has proven to be anything but helpful.

Germany’s Federal Office for Information Security (BSI) recently issued an alert regarding a phishing campaign that purported to offer Meltdown and Spectre patches but actually connected unsuspecting users with a treasure trove of malware. Complicating matters is the fact that the messages sent as part of this campaign presented themselves as coming directly from the BSI itself. Even worse, the website they linked to appeared equally legitimate, even sporting an “https:” address.

This is yet another reason why working with a security partner can keep businesses on the right path. Instead of going out and looking for critical patches or updates, businesses with a trusted security advisor can rest easy knowing their partner has the situation covered and the answers they need are on their way.

Next Steps: Follow up with a partner who can help

Ready to continue the conversation around protecting yourself against not only the Meltdowns and Spectres of the world, but against whatever the next headline-grabbing security threat happens to be? Our team of security experts can be reached by visiting https://www.arrayasolutions.com//contact-us/. We can also be found on social media, on LinkedInTwitter, and Facebook. Feel free to use those accounts to leave us a comment on this or any of our blogs and remember to follow us so you can stay up to date on all of our latest industry insights, unique learning opportunities, and more.

by

More time to innovate. While it may not lend itself to wrapping paper and bows, it’s a gift IT teams would appreciate just the same. As it stands, many IT teams are finding themselves bogged down by support tasks. Processes like onboarding new laptops and desktops must be completed, but they consume a great many of IT’s cycles each day. In between installing the necessary apps, permissions, etc. on new devices, there’s little time remaining for IT to explore the concepts and technologies that drive the business forward.

Sticking to the topic of device onboarding, previously, the best alternative to performing this in-house was to work with a third party, typically your hardware provider, and let their people handle it. This may have saved time delivering systems to your end users but you are still responsible for maintaining the complexities of a corporate device configuration profile or system image as we call it in the industry.

Even though the season of giving may have come and gone, it’s not too late for IT teams to receive the gift of more time for innovation – and that’s a gift that can certainly pay off for the organizations they support.

Reducing the complexity of Windows 10 device rollouts

Following Microsoft Ignite last fall, Arraya talked at length (in both blog and podcast form) about Redmond’s newfound openness to collaborating with companies once considered its rivals, including VMware. Among the joint projects these two tech giants have embarked on recently is the union of VMware’s Workspace ONE and Microsoft’s AutoPilot. This union could be exactly the solution for which time-strapped technologists have been searching.

Autopilot has its origins in Microsoft’s efforts to provide Windows 10 end users with an “out of box experience.” The idea was to allow users to get up and running on a brand new Windows 10-enabled device within minutes of taking it out of the box. VMware took that foundation and layered it into Workspace ONE, its unified endpoint management platform. The result of this intersection is a way to inject flexibility back into the workdays of modern IT pros.

Here’s a closer look at how this union works – and the benefits it offers:

  • Auto-enrollment into Workspace ONE – Once users log in to a Windows 10 device using their verified corporate credentials, it can be automatically on boarded into Workspace ONE as well as Azure Active Directory. This is done without any involvement from the IT team, providing the no-touch basis upon which the rest of the “out-of-box” process is built.
  • Dynamic configurations and installations – Employees need access to a host of different Windows applications, many of which are specific to their role within the organization. AutoPilot by way of Workspace ONE handles provisioning all of these apps for IT, automatically deploying the tools end users need over the air in minutes. Furthermore, it can also implement any applicable security policies and settings as defined, again, based on the user’s role.
  • Device space optimization – Not everything contained on a new Windows 10 device is going to be applicable to a user in a given position. Workspace ONE and AutoPilot can automatically filter out large, and ultimately unnecessary, pieces of built-in software from initial deployments. This allows users to hit the ground running with the most nimble and agile version of their new device.

Next steps: How to give IT the gift of innovation

Want to learn more about the impact of the partnership between Microsoft and VMware, as well as how Workspace ONE and AutoPilot can simplify managing, securing, and deploying Windows-powered devices? We’ll dive further into each of those topics in blogs to come. However, for more immediate insight and guidance, visit https://www.arrayasolutions.com//contact-us/ to get the conversation started with our team of data center and Microsoft experts today.

If you’d like to leave us a comment on this or any of our blogs, please check us out on social media – LinkedInTwitter, and Facebook. In addition to letting us know what you think, remember to follow us so you can stay up to date on all of our latest industry insights, unique special events, and company updates.

by

It’s not uncommon for news agencies to sensationalize stories around major cyber security vulnerabilities and potential hacks that could occur. The latest craze is around Meltdown and Spectre.  Heck the names even sound cool and dangerous. The complexities and mystique around what hackers are doing can often times worry those that don’t necessarily have a background in technology. In many cases, organizations without a dedicated security team worry when they see these stories since they don’t know what it all means for them. Lots of technical jargon gets thrown around leaving many bewildered about what to do. Sales teams then try to quickly capitalize by selling you a really expensive security solution to make you feel better. In all honesty, that is rarely the best approach. Let’s take a look at these vulnerabilities and the common sense mitigation strategies you can take to be sure you’re minimizing the risk.

Meltdown and Spectre in Common Terms

There is a great deal of technical information out there about page tables, kernel memory, and code execution. I’m going to skip all of that because at that end of the day that’s not very actionable for most administrators. To keep it simple, both of these vulnerabilities exist within the hardware of the machine, and when exploited, permit applications to gain access to data in physical memory that you probably don’t want them accessing. It is also possible that both of these vulnerabilities could be exploited remotely. Since the problem is ultimately at the physical chip level within the device, unless you are going to walk around and manually replace chips, you have to find other workarounds.

Identify Your Risk

You can’t begin mitigation until you understand where the exposure could be. To successfully exploit either Meltdown or Spectre, an attacker has to be able to run crafted code on the device. Therefore, your network infrastructure (routers, switches, firewalls) is probably not at risk. While they may have the vulnerable chip installed, these are really “closed” systems, so with the exception of some extreme cases, an attacker can’t really install code on those devices. As long as you have the basic security hygiene on network devices in place, I wouldn’t worry too much about those systems.

If you’re running applications on the major cloud hosting providers (Microsoft Azure, Amazon Web Services), you can rest easy as well. Most of these organizations were notified and patched the vulnerability before it was publicly released. On the other hand, if you’re using a smaller host provider, that maybe didn’t get the memo before it went public, you should check with them to see what their remediation status is.

That brings us to your on-premise servers, workstations, and mobile devices and this is where it gets a little tricky.

Consider Your Patching Options

Like most publicly disclosed vulnerabilities, many providers have made patches available that remediate this issue at the software layer. Microsoft released patches on Jan 3rd. Patches are also available for Linux, Android, Firefox, and other applications. So patching is an option, however there are some unintended consequences. According to a recent blog by Techspot.com, your systems could take a pretty significant performance hit if you install them. Linux systems appear to be taking the biggest hit.

While you may be protecting yourself by patching, if your system is already running at 85-90%, you may be better off keeping a system unpatched and compensating in other ways rather than make the application unusable because it’s too slow. Additionally, some malware protection solutions aren’t compatible with these patches. You may patch the system thinking you’re in good shape only to find that your antivirus is keeping you vulnerable. ZDNet.com has released an article that shows you exactly which AV solutions are blocking the AV patch and which are not.

Leverage Compensating Controls

As is usually the case with security, there is no silver bullet. A holistic, depth in defense approach with multiple safeguards and continuous monitoring can give you the ability to minimize the risk without going into a panic attack. Attackers have to find a way onto your system before they can exploit the vulnerability. If you’re preventing standard users from installing software, whitelisting approved websites, blocking unauthorized removable media, securing remote access via multifactor authentication, and protecting email, then your risk at the user workstation layer diminishes significantly. If you are segmenting the network, managing privileged access, and otherwise controlling your data center appropriately, the likelihood of anything spreading to application and infrastructure servers decreases substantially as well.  Finally, if you have a way of monitoring and responding to events as they occur, even if an attacker does find a way to exploit this vulnerability, you can quickly detect, isolate, eradicate and recover from an incident quickly before it becomes a major problem.

It’s important to understand how these vulnerabilities could impact you, but for those organizations that have already implemented a robust security program most of this should be academic. Unfortunately, too many organizations wait until it’s too late and look for a silver bullet to save the day. If you don’t have any of those compensating controls in place already, I’d say you probably have bigger vulnerabilities to worry about than Meltdown and Spectre. Start investing in the basic building blocks of security rather than making a knee-jerk decision and buying an expensive tool quickly in the hopes it will save the day. Just like Wannacry has long been forgotten by most, soon Meltdown and Spectre will be in our rearview mirrors as we encounter the next big public cyber security story. You want to be in a position where you can respond fluidly as threats evolve, not go into panic mode each time a new story is released.

Find a Partner Who Can Help

Arraya’s Cyber Security Services have solutions and personnel to partner with you to implement effective security strategy and controls. Our advisory services, architecture and tools, and managed services can be leveraged to offload day-to-day security blocking and tackling tasks so you can focus on moving your business forward. To start a conversation, contact us at https://www.arrayasolutions.com//contact-us/.

by

Want a sneak peek at what’s in store for cloud, cyber security, data management, and the rest of IT’s top care-abouts come 2018? There’s no better place to turn than Arraya’s team of experts. What this group lacks in psychic abilities, they more than make up for in technical knowledge and experience. And, when it comes to making predictions about what the IT landscape will look like in 2018, we’re of the opinion that expertise beats psychic powers any day.

Ryan Benner, Vice President, Enterprise Infrastructure

I think we’re going to see three specific things happen in 2018, technology-wise:

-There’s going to be a continued focus on security from the government, including new/strengthened regulations specific to detection and response.

– BI and analytics are going to get easier to use and more widely adopted come the New Year.

– Leading edge companies are going to begin adopting AI and VR/AR technologies into their everyday operations.

Harry Chen, Director, Staffing Services

The gig economy will only get stronger in 2018 as technology continues to connect the world. Organizations will continue to leverage cloud solutions, managed solutions, and “On-Demand” consultants to become more nimble.  With automation around every corner, and data analytics driving business decisions, traditional technologists will have to evolve with the business to remain marketable. Also, in what is seemingly becoming a weekly event, security breaches will create a frenzy for top security professionals, and the gap of unfilled security roles will continue to expand.

Halim Chtourou, Enterprise Solutions Architect

In 2018, we’re going to see the desire for greater security driving even more customers to application segmentation – regardless of what firewall platform they choose to implement it on. Security needs will also push customers to modern unified endpoint management, including managing Windows 10, as well as non-Windows devices, all through a single platform.

We’re also going to see adoption of new virtual desktop deployments take place more in the cloud than on premises. Upfront capital costs are often one of the biggest barriers to any large scale desktop virtualization initiative, even with the promise of lower operating costs. Cloud-based desktop and application virtualization eliminates this barrier to entry and can significantly speed up deployment time.

Tom Clerici, Director, Cyber Security Practice  

At a “macro” level, I expect to see increased focus and discussion around stricter laws and regulations that pertain to protecting sensitive data. This is primarily going to be a result of the Equifax breach.  It’s just too big of an opportunity for lawmakers and they’ve already started to pounce. At the “micro” level, I think we’ll be zeroing in with our customers on how to better understand and see what’s happening within their systems. We’ll still provide traditional security products like next generation firewall, endpoint protection, and other similar tools, but I think most of our customers will want to get to the next level of looking at what’s actually happening, identifying malicious behavior, and using behavioral analytics to predict what’s coming before a threat strikes.

Doug Guth, Director, Cisco and IoT Practice

I expect topics such as security, software defined, simplification/automation, SaaS, cloud and intent-based solutions, and IoT are going to be at the center of many conversations in 2018.

Jason Kline, Microsoft Cloud Solutions Architect

Cloud discussions picked up tremendously in 2017 as people began to understand that cloud can be a highly secure platform. In 2018, I expect many organizations to take the first steps toward building out new services and solutions on a cloud based model. In relation to that, organizations will be looking to partners who understand these platforms and are able to help them tame the beast, so to speak. Cost control, optimization, and best practice design will be front of mind for everyone beginning this journey.

Mark Nixon, Team Lead, Data Center

Security is always a big deal, but taking into account the rise of cryptocurrencies and quantum computing, I believe it will become an even bigger concern in 2018 and beyond. With cryptocurrencies providing the motivation and quantum computing potentially giving attackers access to tools of almost unimaginable power, the way we think of security is going to have to change.

Matt Sekol, Director, Cloud and Microsoft Practice

I expect customers will continue trending towards advisory services for big concept technologies – security, productivity, end user compute and cloud.

Rajasekar Shanmugam, Team Lead, Network Services

I predict Artificial Intelligence (AI) will be big in 2018, as I see lot of developments happening around that area.

What else is on deck for IT in 2018?

Have any questions about our 2018 predictions? Have a few of your own you’d like to share? Our team can be reached at www.arrayasolutions.com/contact-us/. They can also be reached through our social media presence: TwitterLinkedIn, and Facebook. Be sure to follow us for all of our latest blogs as well as alerts about upcoming special events.

by

I hear organizations say it every year – “This is the year we’re going to get serious about security.”  They usually mean it, too. Unfortunately, whether it’s due to the day-to-day drudgery of “keeping the lights on” or the pressure to innovate elsewhere in the business, they often fail to execute on those good intentions.

Security initiatives are easy to put off because you don’t see the return on investment right away. In fact, you may never see it, unless you happen to be specifically looking for it following an incident. If that’s the case, then suddenly security initiatives take center stage.

Well, we’re starting a new year and so there’s no better time to focus on the security items potentially left lagging in 2017. Below are five of the easiest ways to get your security game back on track quickly and effectively.

1. Patch Your Systems

Many of us know how easy it is to get behind on patching. Every month, we can count on Microsoft to release their latest set of patches in addition to everything else that needs regular updating. Miss a month or two and you can start feeling very behind. At a certain point, you get so behind that you figure why even bother.

However, I could argue failing to install the latest security patches on systems is the #1 reason companies get into trouble, making it the perfect place to start with getting your program on track for the new year. Consider just this one example from 2017.  According to the Washington Times, failure to patch cost Equifax $140M in 2017 and most of their executives their annual bonus due to what many are calling the most impactful data breach in history. When all is said and done, this incident could end up costing Equifax billions according to The Wall Street Journal. All of that from missed patches.

When I say “patch your systems,” I’m not talking about just Windows, either. Network devices, Linux/Unix servers, third-party applications, and anti-malware clients all need to be updated. It’s a simple way to ensure you don’t get burned by an exploit that was first discovered months or even years earlier.

2. Upgrade Outdated Systems

It’s not all that different from patching but it’s just as important. Still running Exchange on a Windows 2003 server? Or perhaps you have a handful of executives running Windows XP because they don’t have time to learn a new system? Now is the time to pull those systems into 2018. Outdated systems that can no longer be patched provide the bad guys with a treasure trove of ways to gain unauthorized access into your network.

If you’ve been thinking of moving to the cloud, these are the best systems to start with because you can use security as the business case for upgrading them and leverage cloud solutions as an alternative solution.

3. Secure Remote Access with Multifactor Authentication (MFA)

This is particularly important if you’ve migrated to the cloud. You know how you wanted to let your employees log in from their home computers? Well, when you did that you also gave the bad guys the ability to do the same thing if they get that user’s credentials (usually via phishing). Same goes for VPN and mobile devices (especially if you’re not using an MDM solution).  Most MFA solutions will give you the ability to put MFA on multiple systems using the same token, typically an app installed on a mobile phone. If you’re allowing your employees to access your systems directly from the Internet, it’s critical they be safeguarded with MFA.

4. Get Some Visibility

This one can become expensive, but it’s well worth it. Prevention is important but, at some point, unauthorized activity is going to occur and when it does you’ll want to be able to detect it or go back and find out what happened. There are two parts to ensuring you’re getting all the information you need. The first is to enable logging on your devices. At a minimum, ensure logging is enabled and properly configured on critical network infrastructure (firewalls, routers, core switches, wireless controllers), servers (domain controllers, DNS, DHCP) and major applications. Once you know you’re capturing the right data at the device level, I recommend centralizing the monitoring by sending all the logs to a Security Incident and Event Management (SIEM) system.

Now that you’ve got all the logs in one place, you can start creating automated alerting when bad things happen. Changes to network devices, additions to sensitive Active Directory security groups, and malware notifications from your antivirus system are a great place to start. As you continue digging into the logs and seeing normal behavior, you can better define what abnormal behavior looks like and alert on it. Without this visibility, you’re essentially blind to what’s happening right under your nose.

5. Review and Enhance Your Email and Web Security Solutions

The bad guys typically gain a foothold into your systems via email and Internet links so it makes sense that you would want to secure and monitor those systems very closely. These are also the systems we’re inclined to open up for our users (especially the executives). Start by reviewing your whitelists and make sure that everything on there still has a business case for opening access. Also, be sure to look at your data loss prevention (DLP) rules so that they’re up to date with all the changes that went on during 2017. Specific to email, I’d recommend looking at everyone in the organization’s auto forwarding rules and to make sure there’s nothing suspicious. You can usually do this quickly with PowerShell or some other scripting tool. As for the Internet, tighten up your web blocking rules. The bad guys love getting users to click on malicious links and blocking unnecessary sites is the best way to protect your users from themselves.

What’s next: Find a partner who can help

Arraya’s Cyber Security Services have solutions and personnel to partner with you to implement effective security strategy and controls. Our advisory services, architecture and tools, and managed services can be leveraged to offload day-to-day security blocking and tackling tasks so you can focus on moving your business forward. To start a conversation, contact us at https://www.arrayasolutions.com//contact-us/.

by

Arraya Insights Radio

Episode 4: How Digital Transformation is Reshaping Work, Wellness & the Happiest Place on Earth

The Arraya Insights Radio team cap off 2017 with a deep dive into the subject of Digital Transformation, including its impact on organizational processes and entire industries. Later, our crew explores an iconic Digital Transformation success story to show how even our vacations aren’t immune to its influence.

Host: Thomas York (Director, Quality and Operational Excellence)

Guests: Ryan Benner (Vice President, Enterprise Infrastructure) and Matt Sekol (Director, Microsoft and Cloud Practice)

Further Reading:

Theme Music: “I Don’t Remember (Yesterday)” by Hygh Risque

 

by

Before we officially send 2017 to that big data center in the sky, we thought we should take a look back at the year in technology news – and what a year it was! During the last 12 months, cyber attacks seemingly grew larger and more vicious, capturing the full attention of those inside IT and out. The news wasn’t all bad as devices grew smarter, people became more connected and companies continued to reimagine and reinvent longstanding processes and approaches. All year long the Arraya team was there, participating in and guiding those transformations – and blogging/podcasting about them when schedules allowed! So, we reached out to the members of our team and asked them about the biggest technology story they encountered in 2017. Here’s what they had to say:

Ryan Benner, Vice President, Enterprise Infrastructure

From the C-suite to frontline engineers, I think you’d be hard-pressed to find a bigger technology story this year than what we’re seeing with cyber security.

Harry Chen, Director, Staffing Services

The biggest trends I noticed this past year were that the unemployment rate is 4.1% (the lowest it has been in 17 years), the economy is booming (with the Dow Jones hitting record highs), and the gig economy is in full effect.  Due to all of this, it is getting increasingly difficult to identify talent, and businesses are leaning on more outsourcing and cloud solutions to accomplish their objectives.  I’ve seen more organizations open to leveraging consultants than ever before.

Halim Chtourou, Enterprise Solutions Architect

The biggest story from 2017 would probably be VMware selling vCloud Air and focusing on partnering with Amazon, IBM and Microsoft to position key technologies like NSX and vSphere in public cloud consumption models. Having the same platform architecture as your on-premises deployments, now in the cloud, makes it much easier to move legacy workloads to a public cloud.

Tom Clerici, Director, Cyber Security Practice  

In my opinion, WannaCry and its rapid global impact was THE game-changer for security in 2017. Equifax was newsworthy and significant, but by now, we’re all accustomed to hearing large organizations give fake apologies for their ineptitude. WannaCry was more significant because it extended the reach of cyber criminals beyond stealing personal data into actually shutting down physical capabilities, like emergency rooms in the UK. Traditionally, financial systems cared because of the personal data, healthcare worried about electronic medical records, and other regulated companies cared about auditors. Now, ALL industries have to worry about these kinds of attacks bringing their systems to a halt. That’s a sweeping culture change from a single event, making it, in my opinion, the biggest story of the year.

Doug Guth, Director, Cisco and IoT Practice

There were two trends I thought dominated my focus area in 2017. The first of these was the emergence of software defined as a prime time approach and the other was organizational transitions to more of a SaaS/software focus.

Jason Kline, Microsoft Cloud Solutions Architect

Sometime around the middle of the year, the shift in discussions around the cloud took a 180 degree turn from “we have major concerns about security in the cloud” to “we now recognize the cloud can be more secure than on premises solutions.” This shift in mentality paved the way for many cloud discussions. We have seen interest from multiple organizations that have stated they are ready to move as much infrastructure as possible to the cloud, with a few ambitious enough to drive toward a cloud-only model.

Mark Nixon, Team Lead, Data Center

I think the Dynamic Pools technology introduced in recent versions of Unity has the potential to be massive for Dell EMC, for customers and for partners like Arraya. If this technology plays out as it’s supposed to, it’s going to let organizations budget out storage upgrades based on how much capacity they actually need, without being bound by private RAID boundaries and performance concerns around non-standard RAID topologies. This should make it easier to plan necessary upgrades while also making sure customers are getting full value from their storage solutions.

Matt Sekol, Director, Cloud and Microsoft Practice

In my role, I’ve seen organizations trending toward advisory services for big concept technologies – security, productivity, end user compute and cloud.

Rajasekar Shanmugam, Team Lead, Network Services

The biggest story or development in 2017 from my focus area was collaboration cloud. I believe these solutions stepped more into the spotlight last year.

Have any questions about our biggest stories from 2017? Have a few of your own you’d like to share? Our team can be reached at www.arrayasolutions.com/contact-us/. They can also be contacted through our social media presence: TwitterLinkedIn, and Facebook. Be sure to follow us for all of our latest blogs as well as alerts about upcoming special events.