Arraya Insights

by

October is Cyber Security Awareness Month and after all this talk of awareness, it’s time to focus on action.  

Even if you’ve been intentionally avoiding the bad news, it’s no secret that the cyber risks we face today are a problem for everyone. So now it’s time to break through the bad news bias and look to the positives. Yes, cyber risks are on the rise, but with a proactive security practice, your organization can significantly reduce its risk.  

Cybersecurity is everyone’s problem. We can all take an active role in combating these threats and making cybercrime a less lucrative and enticing operation.

Here are 5 tactics to focus on now to start building a proactive security practice:  

  1. MFA & PAM 

If you have to start somewhere in your security practice, this is the place. Today, MFA is essential. Any business looking to get a cyber insurance policy will likely find that MFA is one of the first of many prerequisites they’ll need to be considered. 

Multi-Factor Authentication (MFA) and Privileged Access Management (PAM) provide a multi-layered defense to protect your business.  

MFA is a security method in which two forms of credentials (or authentication) are required prior to being granted access to an account or system, rather than relying on a single password alone. PAM is a locally deployed software solution that is used to “secure, control, and monitor access to an organization’s critical information and resources.”  

Together, MFA & PAM will allow you to monitor what users are doing, verify that users are truly who they say they are, and identify anything that deviates from the norm so your organization can respond quickly. 

  1. Segmentation 

Network segmentation is a security technique that divides a network into smaller, distinct sub-networks in which unique security controls can be applied. This technique allows security teams to administer more specific controls to portions of your network that require higher security. 

Further, with segmentation, a malicious actor will only have access to the small portion of your network they infiltrated, rather than all of it. It can be expected that network segmentation will be a more common regulatory compliance requirement moving forward.  

Micro-segmentation takes this a step further to provide highly granular visibility and control over data flows within your system.  

  1. Secure Backups 

A business is only as good as its last backup. With today’s cyber climate, a secure and reliable backup is a necessity for when the inevitable strikes, which means not all backups are created equal.  

There are a number of questions your business can consider to harden your backups, including: 

  • Are you identifying and classifying your data?  

The process of data tagging means identifying your data as public, private, and confidential. Employees should be trained in both how to tag data and how to properly classify it. When a breach occurs, it can be a waste of time and resources to recover all your data. With a data classification system, you can quickly identify what data is critical and necessary to continue business operations.  

  • Are you conducting recovery testing and validating your most critical data?  

Critical data should be backed up more frequently. Regular recovery validation testing should be completed to ensure this data will be ready and available when it’s needed most.  

  • Should you consider backup immutability?  

As the threat of ransomware grows, some malicious actors are targeting data backups first. Backup immutability provides copies of your data that cannot be altered, encrypted, or deleted which makes it much more difficult for ransomware attackers to make a ransom demand.  

  • Where do your backups live? 

Backups stored offsite will take significantly longer to restore than backups housed within your network, however, they can also be more secure offsite. Each organization will have to weigh the pros and cons associated with the location options they have access to.  

  • What type of access controls do you have? 

Ideally, every business would have both Network Access Controls (NAC) and Role-Based Access Controls (RBAC) implemented to reduce the risk of unauthorized devices, networks, and individuals reaching data backups.   

  1. Assessments 

Security assessments are a common requirement for regulatory compliance. However, these hold much more value than simply checking a mandatory box.  

Conducting the right assessments in the appropriate order will provide useful insights in your organization’s security posture so you can identify vulnerabilities and address them before they’re exploited. There are several types of security assessments that provide different insights, depending on your needs: 

As these assessments represent a single point in time, they should be conducted regularly to check in, and see where your company stands.   

  1. Endpoint Detection & Response 

An endpoint detection and response (EDR) security solution detects threats across your environment and contains them within the endpoint so they can’t spread. This type of solution also investigates how the threat got in, where it’s been, what it did, and what to do about it now that it’s been identified.  

Next Steps: How to Balance Security with End User Experience 

It’s no secret that security methods and precautions can be a headache for end users. That extra step, like a second layer of authentication, can have a big impact on security but can also be a hassle to deal with on a regular basis.  

Leadership should keep an open line of communication with end users on the controls being rolled out. It’s important to track the metrics of the efficacy of those security controls against the impact they’re having. What burdens are they putting on users? What is realistic and what isn’t? 

Consistent training is key. This will keep employees up to date on the latest cyber threats and help them understand how these threats work, and why the security methods implemented are a necessity. Interactive training has proven to be the most effective in both areas.  

It’s time to reflect on your organization’s security, and determine what’s working, what isn’t, and what can be changed to make your security position stronger than ever for next year.  

To learn more about improving your security posture, contact one of our Arraya Cyber Team experts today.  

Visithttps://www.arrayasolutions.com//contact-us/ to connect with our team now. 

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.     

Follow us to stay up to date on our industry insights and unique IT learning opportunities.  

by

Microsoft’s annual conference, Microsoft Ignite, took place in mid-October. This event gathered industry experts, tech professionals, and enthusiasts for technical training, breakout sessions, keynotes, and more. The event was held both in person in Seattle, Washington, and virtually with more than 200,000 people tuning in.

Microsoft has compiled all the Microsoft Ignite 2022 news into one, useful resource: Microsoft Ignite Book of News. This year focused on the many ways Microsoft is aiming to help customers make the most of their technology investments.

For those of you looking for a quick debrief, this blog outlines all the Microsoft Ignite 2022 highlights we’re most excited about.

All Things Azure: Enhancing the Hybrid Work Experience

Several new updates, features, and more were announced, including:

Microsoft Intelligent Data Platform has added the Partner Ecosystem, which is a selection of complementary and integrated partner solutions to help customers accelerate their data integrations and value creation.

Azure Arc-enabled SQL Server will now allow customers to take advantage of a single sign-on experience that integrates with Azure Active Directory and improves security and monitoring with Microsoft Defender.

Azure Automanage is now available for Arc-enabled servers and new capabilities will further automate the configuration and management of servers, including:

  • Applying enhanced backup settings and different auditing modes for the Compute Server Baselines
  • Specifying custom Log Analytics Workspace and Azure tags to identify resources based on settings relevant to an organization
  • Support for Windows 10 VMs
  • Support for enabling Microsoft Antimalware

Azure Premium SSD Disk Storage is now generally available and will allow customers to improve their storage systems’ price performance. This offering is ideal for apps requiring high performance levels for mission-critical workloads without the need to increase storage capacity.

Azure Monitor has new capabilities and features, including:

  • Predictive auto scale for Virtual Machine Scale Sets which allow users to leverage machine learning to manage and scale Azure Virtual Machine Scale sets resources
  • Azure Monitor Log has been updated to enable cost optimization so users can ingest logs at a fifth of current ingestions costs and archive them for up to seven years
  • Azure Monitor Agent (AMA), which collects telemetry data and replaces Log Analytics, now has an agent migration tool to provide guidance and automation to support migration from the legacy Log Analytics agents to AMA

Azure Domain Name System (DNS) private resolver is a new feature in Azure Networking. This is a cloud-native, highly available, and DevOps-friendly service that resolves and conditionally forwards DNS queries from a virtual network, on-premises, and to other target DNS servers without the need to create and manage a custom DNS solution.

Azure Hybrid Benefit is being expanded to enable Software Assurance customers to reduce their costs by:

  • Running AKS on Windows Server and Azure Stack HCI at no additional cost with Windows SA and Cloud Solution Providers (CSP) subscriptions
  • Getting Azure Stack HCI at no additional cost with Windows Server Data SA
  • Windows admin center is now available within the Azure portal so users can configure, troubleshoot, and perform maintenance tasks with the familiar UI

A new price offering for is now being launched in late October, called Azure savings plan for compute. This will allow customers to save across select compute services globally by committing to spend a fixed hourly amount for 1-3 years.

Power Platform’s Power Automate Streamlines Busy Work

Power Platform can now use natural language to enable users to describe what they want to automate. AI will then build the flow for them and provide it as a suggestion. The user can then set the appropriate connectors, then finalize it.

Power Automate is also introducing new ways to deploy robotic process automation (RPA), including:

  • An automation Center of Excellence (CoE) starter kit
  • Power Automate expressions by example, which will allow users to provide an example of how they want their data returned to a flow  
  • Native Power Automate integration within Excel will provide access to the Automate menu and Excel-specific templates

Microsoft Defender for Cloud Focuses on Hybrid & Multi-Cloud Environments

Microsoft focused on new capabilities that allow businesses to take advantage of hybrid and multi-cloud environments without sacrificing security with new capabilities, including:

  • Microsoft Defender for DevOps: This new solution provides visibility across multiple DevOps environments to centrally manage DevOps security, strengthen cloud resource configurations in code, and help prioritize remediation of critical issues in code
  • Microsoft Defender Cloud Security Posture Management (CSPM): This will build on existing capabilities to deliver integrated insights across cloud resources, including DevOps, runtime infrastructure, and external attack surfaces to reduce recommendation noise
  • Microsoft cloud security benchmark: This comprehensive multi-cloud security framework maps best practices across clouds and industry frameworks, enabling security teams to drive compliance
  • Expanded workload protection capabilities: Defender for Servers will now support agentless scanning and an agent-based approach to virtual machines in Azure and AWS

Windows 365 Keeps Growing

Windows 365 has expanded with new products and updates, including:

  • Windows 365 Government has a new offering for Government Community Cloud and Government Cloud High organizations, allowing U.S. government contractors to securely stream their Windows apps, data, content, and settings from the cloud to any device
  • Windows 365 app: This will provide a direct path to Windows 365 from the taskbar or Start menu
  • Citrix HDX Plus for Windows 365: This helps IT teams deliver support for a broader range of endpoint devices and peripherals, advanced security, and policy controls

Microsoft 365 Enhances Collaboration

Microsoft Teams introduced new mesh avatars that will offer flexibility and choice in how users present themselves in Teams meetings without having to turn on their camera. Users can select from hundreds of customizable options to best represent themselves.

Cisco and Microsoft have teamed up to make Teams meetings available natively across Cisco meeting devices. These will be managed in the new Teams Rooms Pro Management Portal and Cisco will connect the devices to the Cisco Cloud Control Hub as an optional add-on.

Microsoft Places is helping to reimagine the hybrid workspace as a new app that will connect virtual and physical spaces to drive increased connections, engagement, and productivity. This app will provide a dashboard view of which days employees will be in the office, an indication of their location (in the office or remote), and the ability to see workspaces other users have booked.

Next Steps: Take Advantage of the Latest Hybrid Work Capabilities

This year, Microsoft focused on ways customers can do more with less, which is an important initiative for businesses in today’s climate. It’s all about working smarter and making your investments in your technology go the extra mile.

To take advantage of Microsoft’s latest offerings, contact an Arraya expert who can help you determine how to optimize your organization’s digital landscape and take advantage of the technology you’re already using.

Visit https://www.arrayasolutions.com//contact-us/ to connect with our team now.

Comment on this and all of our posts on: LinkedInTwitter and Facebook.    

Follow us to stay up to date on our industry insights and unique IT learning opportunities.  

by

Digital transformation is now an essential investment in the future of your organization. Those already taking advantage of the cloud, multi-cloud, and cloud-native applications are experiencing increased scalability, higher performance, and reduced costs.  

However, the cloud is complex. And while this is nothing new, the growing complexity of managing multi-cloud environments is getting more challenging. This was a reoccurring topic at this year’s VMware Explore.  

VMware has responded to the need for a more streamlined cloud management solution with VMware Aria. This blog will break down how this cloud management solution works and how it can impact your business.  

What is VMware Aria? 

VMware Aria is a unified management solution for cloud-native applications and multi-cloud, designed to address the operational challenges of cloud-native applications and public cloud environments. This provides a set of end-to-end solutions for managing the cost, performance, configuration, and delivery of infrastructure and applications.  

With VMware Aria, users can make multi-cloud complexity invisible.  

The core purpose of this solution is to scale reliably to meet the needs of even the largest and most demanding enterprises. VMware Aria will address managing the following across any cloud: 

  • Cloud spend 
  • Resource utilization 
  • Application performance 
  • Security  
  • Compliance  

For those already taking advantage of VMware’s vRealize Suite, your organization will be able to leverage everything you’ve built to date and add on from there.  

How Does VMware Aria Work? 

VMware Aria is a portfolio with multiple solutions that work together. These solutions are available via Aria Hub (formerly Project Ensemble), which is the app-centric, common data platform for cloud management that unites different personas into a single, collaborative user interface. This is the central management portal that allows you to oversee your entire team of applications. 

Powering Aria Hub is Aria Graph, which captures and maps the complexity of customers’ multi-cloud environments (applications, users, configurations, and associated dependencies) into a single view. This acts as the database for Aria Hub.  

Aria Graph contains key capabilities that are updated in real-time, making it highly scalable. It offers event-based collection, federated and modular architecture, and unified GraphQL API.  

Aria Graph is the anchor for all management solutions, including:  

  • Aria Cost: This uses a suite of machine learning algorithms; Anomaly Detection provides visibility into unusual or abnormal spending by analyzing cost spend patterns and utilizing historical data aligned with industry trends.  
  • Aria Operations: Formerly vRealize Operations, Aria Operations 8.10 will include Management Pack Builder, which is a no-code solution for expanding your operations visibility to anywhere you want to.  
  • Aria Automation: Formerly vRealize Automation, this latest version will further address Kubernetes Automation and Multi-Cloud Automation use cases. Aria Automation focuses on facilitating unified governance and consumption of VM and Kubernetes-based workloads while enhancing public cloud governance and policy management.  
  • Aria Guardrails: This cloud governance solution’s July 2022 release boasts Cloud Visibility, AWS Member Account View, and scheduling for desired state enforcements and account discovery.  
  • Aria Migration: This accelerates and simplifies the multi-cloud migration journey by identifying and migrating applications to the optimal cloud, based on the user’s specific goals for security, performance, cost, and time.  
  • Aria Business Insights: This is an intelligent event management capability that leverages AI/ML to automatically organize symptoms across apps and infrastructure to determine actionable business insights.  

As VMware continues its cloud-first approach with more SaaS-based solutions, they’ve committed to helping businesses and enterprises embrace a cloud-first strategy while cutting through the noise that comes along with cloud computing.  

Next Steps: Unify Your Cloud Management 

For businesses and enterprises taking advantage of a multi-cloud environment, it can sometimes feel like taking one step forward and two steps back. VMware Aria lets you take advantage of the many benefits of cloud computing without facing the added complexity.  

To learn more about adding Aria to your VMware solution portfolio, contact one of our Arraya experts today to start a conversation.  

Watch the full VMWare Explore session, which highlights VMware Aria, here: The Multi-Cloud Universe: Bold Innovations and Insights to Accelerate Your Business

Visithttps://www.arrayasolutions.com//contact-us/ to connect with our team now. 

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.     

Follow us to stay up to date on our industry insights and unique IT learning opportunities.    

by

The Microsoft Azure Well-Architected Framework is Microsoft’s set of guiding principles in maintaining and improving a customer’s workload quality in the Azure Cloud.

To ensure easy adoption of the framework, there exists what are called the “five pillars of architectural excellence.” These pillars consist of Reliability, Security, Cost Optimization, Operational Excellence, and Performance Efficiency.

If an Azure adopter is successful in implementing and maintaining their Azure resources within the framework of the five pillars, they will produce a high-quality, stable, and efficient cloud architecture. In this blog, we will provide you with brief descriptions of each pillar and examples of how you can implement it within your Azure architecture. 

Reliability 

Reliability, or high availability, in the cloud is closely related to ensuring reliability on-premises with the desire to have our applications remain available 24/7 without our clients noticing any downtime. This principle is still held dear in the cloud. However, failures are seen as an inevitable consequence of several factors of cloud-hosted applications such as the complexity of distributed systems, the use of commodity hardware, dependence on external services, and volume bottlenecks.

To combat these failures is to implement the pillar of Reliability in Azure Cloud by designing the architecture around two driving forces: business requirements and failure factors. By determining business requirement metrics such as Recovery Time Objectives, Recovery Point Objectives, and Service Level Agreements, we can design the architecture to include services that provide redundancy and recovery contingencies.  

Example: A mission-critical application hosted on IIS needs to remain up 99.95% of the time. By utilizing 2 or more VMs in an Availability Set, you can ensure that during VM maintenance windows, at least 1 VM is always operational.   

Security 

One could say that security and reliability go hand in hand. For an application or service to be highly available, we need to ensure that bad actors or even inadvertent changes by internal staff cannot bring down the application or service.

To design security into cloud architecture is to provide assurances against deliberate attacks and abuse on systems with the use of security layering. Microsoft’s security services are catered to the principle of Zero Trust, meaning that we must assume a breach has already happened. By designing security measures around factors such as Identity and Access Management, Threat Protection services, Information Governance policies, Threat Detection and Response policies, etc., we can mitigate and reduce the amount of damage.  

Example: A key service in Azure that can get your architecture into a stable state is Role-Based Access Control. Implementation of Privileged Identity Management and the use of the least-privileged principle will ensure legitimate identities cannot perform tasks outside of their scope. If that account is breached, the attacker can only perform the actions the identity is allowed to perform. 

Cost Optimization 

Adoption into the cloud is not only a technological and operational journey, but a budgetary journey. It is a shift from the classic paradigm of spending upfront infrastructure costs (Capital Expenditure) into the paradigm of metered costs (Operational Expenditure) on leased infrastructure.

As a public cloud, Microsoft Azure leases the infrastructure to its customers and charges its customers on resource usage. It is important to build a cost model which depicts departmental responsibilities, captures clear requirements, and considers any constraints or tradeoffs compared to the metered billing model of Azure resources. Additionally, implementation of cost optimization practices can ensure that proper consumption is exercised by deploying policies which restrict overprovisioning. This is typically the driving factor in runaway costs. Fortunately, there are many first- and third-party tools that provide customers with a user-friendly experience when analyzing their current resource costs.  

Example: CloudMonitor is a Financial Operations practitioner that specializes in developing software that aids its customers, across all departmental types, determines what is costing them in their Azure environment, and promotes recommendations not seen in the Azure Portal.   

Operational Excellence 

The pillar of operational excellence focuses on hardening operational processes that keep applications running in production. Deployments in Azure must be reliable and predictable to avoid the chances of orphaned resources or operational pitfalls caused by human error. Developing means of automation will provide fast and accurate deployments alongside providing the ability to quickly roll back or forward an update.

Key concepts in Operational Excellence include designing applications or processes for scalability and reliability, ensuring resources are properly monitored for anomalies, provisioning repeatable infrastructure through automation such as Infrastructure as Code, and ensuring proper testing platforms are developed with CI/CD in mind. 

Example: In Azure, tools such as Azure Policy can ensure best practice measures are audited and/or enforced during and after resource creation. Azure Policy can be applied at the Management group, Subscription, Resource Group, and Resource type levels. 

Performance Efficiency 

The pillar of performance efficiency focuses on ensuring workloads can meet the demands by scaling in an efficient manner. The conventional means of ensuring workloads, like servers, meet demand is by purchasing overprovisioned resources.

This way of thinking ensures the capacity for peak usage is supplied, but this can be costly in a cloud setting. Rather, this pillar supplies concepts that can assist in designing workloads for scalability, performance, and capacity by intertwining specific resources that can be dedicated to vertically or horizontally scaling the infrastructure to meet those peak usage demands. 

Example: In Azure, tools such as Virtual Machine Scale Sets can be used to host similarly configured VMs and during peak usage times based on metrics, can increase resource size such as CPU or memory to meet the demands. Alternatively, scale sets can deploy more VMs to distribute the load.

Next Steps: Reinforcing Your Cloud Home with a Strong Foundation 

Your cloud journey does not have to be a total manual effort or a hodge-podge of ad hoc changes to deal with immediate challenges. It can be a smoothly running vehicle to propel your business further by taking advantage of everything the cloud has to offer while maintaining a posture which promotes security, high availability, and a reduction of administrative overhead. 

Microsoft offers multiple tools such as Azure Advisor, Azure Score, as well as the Azure Well-Architected Review which can guide you through the evaluation and decision-making process in a simplified and easy way. However, having a certified partner providing professional experience in evaluating and implementing the recommended changes can take you even further.

To learn more about the well-architected framework, its principles, and how it can help reinforce your cloud journey, contact Arraya today. 

Visit https://www.arrayasolutions.com//contact-us/ to connect with our team now. 

Comment on this and all of our posts on: LinkedInTwitter and Facebook.     

Follow us to stay up to date on our industry insights and unique IT learning opportunities.   

by

The approach to security has changed over the years. Our relationship with technology has grown closer and cyber threats have evolved, becoming more frequent and severe. While we previously focused on a preventative approach to security, we’re now forced to take a more pragmatic, proactive approach.  

Today, as businesses continue their digital transformation, security should be top of mind at the very start of the process.  

Once businesses have started their journey to the cloud, application modernization is a significant part of the digital transformation process and it’s where many of the true benefits of cloud computing lie. As our approach to developing, building, and managing applications has changed, so should our approach to security.  

Part of the migration process is questioning how to continue your security posture, including your governance and compliance policies, in this new state. The application modernization process takes a more proactive approach to security with native, built-in security functions that are part of the development process from the very beginning.  

In this blog, we’ll break down everything you need to know about security throughout the application modernization process.  

The Security Benefits of Application Modernization  

Previously, monolithic applications were built on-premises. This involved manually building the code configurations and deploying the applications, which made them harder to manage and secure. Security was only factored in at the very last stage of development.  

Today, everything is broken into micro-service architecture with native, built-in security insights that are involved from the very beginning. Accelerated by automation and removing the human element, these applications are much easier to segment and secure.  

Security now takes a front seat in the application modernization process with six main goals:  

  1. Limiting exposure 

With the application modernization process, users can take advantage of a multi-account and multi-cloud infrastructure. Communication is more tightly controlled and native-built security controls log all changes, and alert and report on any events. Identities are purpose-built with least privileged access and policies can be put in place to enforce what an identity can access. 

  1. Containing threats  

Platform-level segmentation and micro-segmentation help contain threats. Should a cyber threat get into your network, it will be limited to only a small area, and unable to spread. With native detective controls, the application will react to any malicious detection automatically.  

  1. Detecting malicious activity 

With native activity logging and analysis through native services, like GuardDuty and Sentinel, organizations can collect, detect, and ship data and information to a location they designate. Rules and policies can be configured to address specific governance and compliance regulations.  

  1. Maximizing uptime  

Keeping your network secure means fewer interruptions overall and more time to focus on mission-critical initiatives. Organizations can also take advantage of scaling horizontally and vertically with ease, native load balancing, and strong IAM controls for backup and recovery of data.  

  1. Recovering from a disaster 

While the ideal objective would be to keep threats out, a more realistic approach is being prepared to recover from a successful cyber-attack. Through the application modernization process, businesses can eliminate a single point of failure, take advantage of platform-level controls, and rebuild via infrastructure as code.  

  1. Delivering an excellent experience  

The overall goal of application modernization is to deliver an excellent experience to users, customers, or both. With natively built security, organizations can achieve their goals without sacrificing security. This process alleviates management overhead, automates build processes, and provides the opportunity for rapid deployment, all with security baked in from the very beginning.  

Next Steps: Getting Started with Application Modernization 

Once you’ve started the journey to the cloud, you can begin planning the application modernization process.  

As always, preparation is key to ensure your project is successful: 

  1. Perform a readiness assessment: Where are you starting and where do you want to go? This stage should build a roadmap of your strategic path forward. 
  1. Establish greenfield v. brownfield: Are you building from scratch? Or re-platforming? This will have a large impact on your process.  
  1. Define your goals: Establish your success criteria with set objectives and build requirements. 
  1. Define your policies and baselines: Every business must establish its own policies, depending on the rules and regulations specific to its size and industry.  

It’s important to remember that these changes don’t have to happen overnight. This is an incremental process. It’s not just a technological change, but a cultural change overall as employees will be working more collaboratively, rather than in silos.  

To learn more, check out our previous blog: Breaking Down the Application Modernization Process.  

The application modernization process provides native, built-in security that will ensure you have the proper safety precautions factored in from the beginning. Contact one of our Arraya experts today to learn more about this proactive security approach.  

Visithttps://www.arrayasolutions.com//contact-us/ to connect with our team now. 

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.     

Follow us to stay up to date on our industry insights and unique IT learning opportunities.   

by

In this episode of the Arraya Insights Podcast, our panel kicks off Cyber Security Awareness Month with a roundtable on all things security. They touch on CISA’s theme for 2022: See Yourself in Cyber, and the guidance the organization is focusing on this year. The discussion covers the current threat landscape, data loss prevention, the challenges of balancing security with the user experience, and how the concepts of zero trust and proactive security are working, including top tactics organizations should focus on implementing now.

Hosted by Scott Brion, Director, Cyber Security, this episode’s panel includes Mike Piekarski, Enterprise Security Architect, and Keith Wood, Cyber Security Consultant.

Prefer an audio format? Subscribe to our Arraya Insights Radio feed in your Apple or Android podcast catcher for an audio-only version of our podcast. Or, you can use the player below.

by

Released earlier this year, the 2022 Verizon Data Breach Investigations Report (DBIR) collected and analyzed 914,547 incidents, 234,638 breaches, and 8.9 TBs of cybersecurity data. This is the 15th annual report, which was first published in 2008 (the same year the first iPhone was released, for context).  

As technology has changed drastically since that first report 15 years ago, our cyber exposure has too. While the amount of data and contributors to this report has grown significantly, the struggle to keep businesses and organizations safe from cyber threats has not.   

This report gives security experts around the world better insights into the cybersecurity trends and patterns taking shape across all industries.  

To help you get through this 107-page report a little faster, we’ve summed up the key takeaways that IT personnel and business leaders should know:  

  • Ransomware continued its uphill trend with an almost 13% increase. For context, this is as big as the last 5 years combined.   

System intrusion, which uses malware or hacking devices like ransomware, was a top pattern and 98% of these incidents were carried out by external parties. Ransomware operators don’t need to look for data of a specific value, they simply need to interrupt an organization’s critical functions by encrypting their data which can provide a substantially higher value, making this tactic enticing.  

40% of ransomware incidents involved the use of desktop sharing software and 35% involved email. These are mostly accessed using stolen credentials and phishing tactics.  

  • Human error has decreased and leveled out from a spike in 2019, but this vulnerability should continue to be a concern as 82% of breaches involved some type of human element.  

The human element could involve the use of stolen credentials, phishing (which dominates this category), misuse, or a simple error. While only 2.9% of employees actually click on phishing emails, this is still more than enough due to the sheer volume of phishing emails sent every day.  

Within this report’s breach data alone, there were 1,154,259,736 personal records breached. If we assumed those were mostly email accounts, that 2.9% of employees that clicked on a phishing attack would equate to more than 33 million accounts phished.  

  • Despite previous concerns, insider incidents aren’t as common as many think as 80% of incidents come from outside of the organization. 

However, the median size of records compromised in an insider breach is nearly 10x the amount of an external breach. While an insider breach is not as common, they can do more damage.   

  • While payment information used to be the main target of malicious actors, today the data they’re seeking is largely personal information and credentials, which can be more valuable. 

This type of data is useful for financial fraud, there’s a large market for its resale, and it allows criminal actors to masquerade as legitimate users within the system.  

  • While cybercrime against large organizations makes the news, small organizations are just as enticing to criminals, if not more so. Ransomware and the use of stolen credentials are the most used forms of attack against small businesses.  

While many small business owners may assume they’re not a target, that’s no longer the case. Cybercriminals know that small businesses don’t have the IT resources and budget that large enterprises have. While we hear about these large attacks on the news, the average malicious actor is aiming for the low-hanging fruit that is small business.  

Next Steps: The Right Security Tactics Will Reduce Your Cyber Exposure 

A large hurdle many businesses face is their lack of IT resources and knowledge. While most employees regularly work from a desktop, not everyone is well versed in technology, and most don’t understand functions that go beyond their everyday needs and tasks. This means it can be hard to identify when something is going wrong with your tech.  

The DBIR report had a simple and effective way of identifying cyber-attacks: “Think of your computer like a car – if it suddenly won’t start, runs slower, or makes a weird noise, it’s time to have an expert take a look.”   

While the unfortunate statistics around cybercrime show that businesses shouldn’t be letting their guard down anytime soon, there are effective ways to protect your organization. 

For ransomware, there are four key pathways that threats take that lead to your data estate. Protecting these key pathways can effectively block these attacks from getting through: 

Credentials 

  • Use 2FA 
  • Do not reuse or share passwords 
  • Use a password keeper/generator app 

Phishing

  • Do not click on anything in an unsolicited email or text message  
  • Set up a method for verifying unusual requests for data or payments 

Exploiting vulnerabilities

  • Ensure you install software updates promptly so any vulnerabilities can be patched 
  • Maintain a consistent backup schedule, which should include offline backups 

Botnets

  • Use antivirus software for all devices  
  • Ensure that the built-in firewall is switched to “on” for user devices as this may not be the default  

In general, there are a few positive trends noted within the industry. Overall, we’re patching more and we’re patching faster. This allows businesses to close and protect potential vulnerabilities before malicious actors can exploit them.  

We’re also getting better at detecting and reporting phishing. More people can accurately identify a phishing attempt and are NOT clicking on unusual, suspicious, or unsolicited emails.  

We’ve reached the era of cybersecurity in which facing the reality of the cyber landscape we’re all facing is key. A proactive cyber security practice that recognizes your very real risk will help you take steps that can make a true difference in your exposure.  

To learn more about achieving a proactive security practice, contact one of our Arraya Cyber Team experts today to start a conversation.  

Visithttps://www.arrayasolutions.com//contact-us/ to connect with our team now. 

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.     

Follow us to stay up to date on our industry insights and unique IT learning opportunities.   

by

Zero Trust Approach to Cyber Security

The world of technology revolves around change. As technology reaches new heights, our reliance on all things digital grows. Simultaneously, malicious actors are developing new ways to take advantage of the growing digital landscape and the damage surrounding cyber-attacks has hit record numbers.   

The industry’s cyber security approach has grown from preventative to reactive, all the way up to the proactive tactics we’re using today.  

In this blog, we’ll outline a brief history of cyber security, how Zero Trust became the industry standard, and how businesses can cultivate their own digital resilience.  

Preventative: An Unrealistic Approach to Preventing All Cyber Attacks 

While technology held a much more limited role at the time, cyber security dates back to the 1970s. During this period, a researcher created a computer program called Creeper, which could move across ARPANET’s network. In response, Ray Tomlinson, the inventor of email, created Reaper, which chased and deleted Creeper and is considered the first version of what we would now consider to be an antivirus software.  

In the 1980s, commercial antivirus was born but it wasn’t until the internet boom of the 1990s that the world went online, and organized crime began to take advantage of the value of data.  

Through the 1990s, 2000s, and early 2010s the focus was on the prevention of cyber-attacks.  

This unrealistic approach focused solely on stopping all attacks from infiltrating your system and didn’t account for mitigating the damages of successful attacks.  

Reactive: Assuming Breach & Ramping Up Our Responses  

As our relationship with technology expanded, cyber threats increased and became substantially more complex. While the original form of ransomware involved malware infected floppy disks being mailed to 20,000 conference attendees in 1989 (that’s a lot of postage), this concept has now developed into a trillion-dollar industry.    

Throughout this phase, it became clear that preventing cyber attacks would not be enough. No matter how robust your defenses, there was no way to stop every attack. Businesses and enterprises have to be prepared for the worst, assume breach, and be ready to respond to successful cyber-attacks.  

During this phase organizations amped up their incident response plans, end point detection and response tools, deception frameworks, Privileged Access Management, and network segmentation.  

Proactive: The Era of Zero Trust & Continuous Monitoring  

Following the start of the COVID-19 pandemic in March 2020, the digital landscape exploded.  

Organizations sped up their adoption of digital technologies to adapt to quarantine regulations and millions of workers logged in remotely for the first time. Simultaneously, malicious organizations ramped up their cyber attack efforts, taking advantage of hastily configured remote work capabilities and widespread fear and confusion.  

Today, cyber crime has reached new highs. IBM’s 2022 Cost of a Data Breach Report outlined that 83% of organizations have had more than one breach and the average cost of a breach is now $4.35 million. 

The staggering effects of cyber attacks has led to a new approach: Trust nothing and no one.  

As it’s unlikely that organizations will be able to prevent every attack in the near future, this is (unfortunately) a realistic position to take.  

The Zero Trust security model, which is centered around verifying explicitly, using the least privileged access, and always assuming breach, has become the industry standard.  

Today, an employee could simply click on the wrong PDF, setting off a catastrophic chain of events. This era is centered around harm reduction. It’s safe to assume there will always be a problem and your organization should seek to find and address those issues while they are still small enough to control.  

Next Steps: Stay Resilient Amid a Volatile Cyber Landscape 

Being proactive means continuous monitoring of your information security, vulnerabilities, and threats.  

Recognizing that your organization’s digital resilience is fragile will help you set up a pragmatic security approach that will support your business in your most vulnerable moments. As the stakes around cyber security continue to increase, securing your business’s network, applications, infrastructure, and data is vital to its success. 

Contact one of our Arraya Cyber Team experts today to learn more about how we can help you protect your business through your continuous cyber security journey.  

Visithttps://www.arrayasolutions.com//contact-us/ to connect with our team now.     

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.     

Follow us to stay up to date on our industry insights and unique IT learning opportunities.   

by

Microsoft CSP Licensing

Microsoft solutions and services are a staple of productivity for businesses of all sizes and industries. However, due to the broad scope of options available, Microsoft licensing has long been a complicated and convoluted affair.  

As a result, many businesses aren’t handling their licensing as efficiently as they could be and find themselves with a licensing portfolio that is radically out of step with their organizational needs and budget. 

As prices increase, overpaying for licensing is going to hurt more than ever before. Organizations need to take a closer look at how they are handling licensing to ensure they are not paying for services they don’t need with licenses going unused.  

As a Microsoft Cloud Solutions Provider (CSP), Arraya is fully equipped with a team of experts to break down Microsoft licensing in a way that is more easily digestible. An audit of your existing portfolio can help you pivot to better address your organization’s changing needs.  

As a start, here is a list of the frequently asked questions we receive around Microsoft CSP licensing:  

Frequently Asked Questions on CSP Licensing 

  1. What is CSP? 

CSP is short for Cloud Solution Provider, which is a licensing model and program that enables partners to directly manage Microsoft licensing cloud cycle for customers. This includes all of Microsoft’s most popular solutions and services, including Office 365, Microsoft 365, Azure, EMS, Windows OS, and Dynamics CRM.  

  1. What organizations are eligible for CSP licensing? 

CSP is available for any size business with no limits or minimum amount needed to purchase. Perpetual licensing is now available through CSP, including SQL, and Windows Server.  

  1. Why should I consider CSP licensing? 

CSP offers a number of benefits for customers. It provides flexibility so businesses can grow or downsize, as needed. Licensing can be added or substracted at any time, billed monthly or annually. Customers can bundle and personalize licensing to fit their specific needs and make instant purchases when needed.  

Further, this model allows partners to obtain a deeper understanding of their customers’ individual industry, business, and needs. This way, partners can offer industry-specific solutions that bundle with Microsoft products.  

  1. How do I determine which license is right for my organization?     

As you can see from this Microsoft 365 and Office 365 commercial plan comparison chart, there are many different licenses to choose from. This is where having a trusted partner comes into play. Most companies will not be able to determine successfully what type of licensing they need without the help of a professional.   

  1. How do I get the most value out of my CSP licensing? 

A CSP partner will be able to deliver first-rate insight into your licensing to see what licensing you are using, what licensing you’re not using, and determine what options would be the best fit for your business moving forward.  

Further, a CSP partner can help you locate features you are already paying for but may not be taking advantage of.  

  1. How do I choose a Microsoft Partner?  

Your Microsoft CSP Partner should provide great customer service through licensing experts to help you make the right decision for your business’s individual needs. They should be able to provide appropriate time and resources with strict attention to detail to make sure you are getting the maximum value out of your investments.  

CSP Licensing Changes & ESU Timeframes to Know 

Microsoft is shifting all licensing to a cloud model via the New Commerce Experience (NCE) and it’s time to start planning now. The NCE will deliver a simplified, consistent purchasing experience for both customers and partners. Open Business traditional on-premises perpetual licensing is no longer available.  

For those still running certain legacy Microsoft products, the Extended Security Update (ESU) program has a number of versions of Windows Server that are reaching end of extended support

Product Version Hosted ESU duration ESU end date 
Windows Server 2008 Windows Server 2008 R2 Azure* Four years January 9, 2024 
Windows Server 2008 Windows Server 2008 R2 Not in Azure Three years January 10, 2023 
Windows Server 2012 Windows Server 2012 R2 Azure* Three years October 13, 2026 
Windows Server 2012 Windows Server 2012 R2 Not in Azure Three years October 13, 2026 

As of the dates listed above, there will be no additional services for

  • Free security updates on-premises 
  • Non-security updates 
  • Free support options 
  • Online technical content updates 

It’s recommended that those who have servers on-premises that are reaching end of support move forward with migrating to Azure where they will get regular security updates, cloud services, and more. For those who upgrade to Azure, there will be three additional years of Critical and Important security updates at no additional charge, and they can modernize when ready. For environments other than Azure, it’s recommended that customers upgrade to the latest version before the deadline.  

Next Steps: Prepare for Microsoft’s Price Increase 

While the NCE aims to reduce the complexity of Microsoft licensing, these programs can still be convoluted. 

As a Microsoft Gold Partner and Cloud Solutions Provider, Arraya’s experts are available to modernize your Microsoft licensing approach to reduce complexity, save money, and provide you with strategic guidance and support.  

To get started, take advantage of our free Microsoft Licensing Optimization Assessment to get the most out of your investment and ensure your licensing is providing maximum value to your company.  

VisitContact Us – Arraya Solutions to connect with our team now.   

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.   

Follow us to stay up-to-date on our industry insights and unique IT learning opportunities.  

by

InfoSec conventions are a great way to learn about the latest in the cyber industry through workshops, presentations, and competitions, in addition to meeting and networking with like-minded people. However, summer is a busy time, and we know not everyone was able to make it to this year’s Black Hat and BSides conventions, which were both held in person in Las Vegas.   

Arraya’s Mike Piekarski, Enterprise Security Architect, and Scott Brion, Director of Cyber Security, attended both conventions and rounded up a summary of the most notable sessions and news to keep you in the loop.  

As you work on your morning coffee, here are key topics you may have missed from this summer’s Black Hat & BSides conventions:  

Black Hat US 2022

Harm Reduction: A Framework for Effective & Compassionate Security Guidance 

Rather than taking an unrealistic all-or-nothing approach to your cyber security, harm reduction focuses on decreasing the negative consequences of high-risk behaviors without requiring abstinence.  

As fully eradicating risk-taking behavior is not possible, this session focused on harm reduction strategies that offer a more pragmatic approach to security that will ultimately be more effective.  

You can review the presentation slides here

In Need of ‘Pair’ Review: Vulnerable Code Contributions by GitHub Copilot 

GitHub’s tool, Copilot, is an AI-based Pair Programmer. As most of the code for Copilot was written by humans, there are several bugs, outdated coding practices, and insecurities that make the code suggestions it generates questionable.  

This discussion broke down the various ways in which GitHub Copilot is susceptible to writing vulnerabilities. You can take a look at the presentation slides or the whitepaper here.  

The Cyber Safety Review Board: Studying Incidents to Drive Systemic Change 

This session discussed the Cyber Safety Review Board’s analysis of the Log4j vulnerability and how industries and government can implement the latest recommendations on addressing this vulnerability.  

Among the key recommendations that came out of the CSRB report was the need for Software Bill of Materials (SBOM) which would give organizations a better understanding of their IT assets. With Log4j, it was difficult for organizations to locate the risks within their own environment.  

Smishmash – Text-Based 2fa Spoofing Using OSINT, Phishing Techniques, and a Burner Phone 

Due to the recent increase in attacks circumventing text based 2fa, this session focused on how attackers can gather data from public sources and connect phone numbers used for 2fa to other leaked credentials. Presenters simulated an attack and showed real methods threat actors are using.  

You can view the slides from the presentation here.  

Backdooring and Hijacking Azure AD Accounts by Abusing External Identities 

Azure Active Directory’s external identities give external or guest users access to certain resources for collaboration within the organization.  

This discussion went over how external identities work, how these identities can be exploited, and how to harden against these types of attacks.  

The presentation’s slide material is available here or you can read more about this session in this recent article.   

BSides 2022

So You Wanta Build a C2? 

iDigitalFlame took attendees through the process of building their own C2 framework XMT. This session covered how to build your own networking protocol and defensive evasion with the latest techniques, along with a demo of it in action.  

You can watch the entire session here on YouTube.  

Next Steps: Stay at the Forefront of the Cyber Industry 

The cyber industry moves fast, and staying on top of the latest trends, technologies, and techniques isn’t always easy. However, InfoSec or hacking conventions are a great place to share ideas and learn from some of the brightest in the industry.  

To learn more about InfoSec conventions in general, check out our previous blogs: 

To learn more about the Arraya Cyber Team and our cyber security solutions, contact one of our experts today.  

Visithttps://www.arrayasolutions.com//contact-us/ to connect with our team now.     

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.     

Follow us to stay up to date on our industry insights and unique IT learning opportunities.