Arraya Insights

by

In the beginning there was the firewall . . .

Several years back, organizations did not even think about users signing up for their own applications. This is because each application required access to resources that were beyond their control. Storage, compute, and network configurations were all IT’s domain and so IT needed to be consulted before a new installation could take place.

Now? Users can simply enter their credit card number into an easy-to-use portal and almost instantly have a usable product. This may be a well-established application, one with security that surpasses your own data center. However, it could also be an application hosted in someone’s basement, a person who thinks “Security by Obscurity” is adequate protection.

Taken to the extreme, users could even spin up their own infrastructure to support nearly any in-house developed application!

Why do users feel the need to strike out on their own in search of applications?

  • IT can’t move fast enough due to legacy processes, software and hardware
  • A lack of comfort or training (or desired features) in terms of the solution IT offers
  • New users or users brought in under an acquisition might have their own products

As organizations grow, the number of applications that lurk in the shadows can balloon quickly. Traditional IT methods are not fast enough to keep up. Thankfully there is a solution that can light up the shadows and expose the risks that come with each application that is in use in your organization.

Bring technology back under IT’s control

Microsoft Cloud App Security integrates with your firewall to ingest and analyze communication between your users and their applications. It then processes that data against a library of over 14,000 known cloud apps to determine business, security, and compliance risks associated with the apps that have been detected.

 

Using this data, IT can quickly identify users and applications that are introducing risk into the organization. Applications can be evaluated against IT policies and approved for use if they stack up. If not, alternative applications, with better security controls, can be suggested.

The cloud app catalog can be used to find suitable replacements for applications that do not meet your requirements. You can apply filters for compliance, security risk, and general information such as headquarter location to select applications that you are comfortable with.

Now that you are in control, it is important to keep on top of it. Cloud App Security gives you the ability to define alerting rules that will notify you when new applications are discovered. You can also filter them so that only high risk applications are brought to the attention of the IT team. Now IT can concentrate on giving users the tools they need without allowing additional risk to creep in.

Gain a partner in the effort to prevent Shadow IT

It doesn’t stop there, Cloud App Security can be used for so much more, including data loss prevention, file management, sharing management, and in depth behavioral analysis. If you would like to see any of this in action, Arraya Solutions’ Microsoft and Cloud team is ready to guide your organization through a live demo or pilot.

To schedule some time with our team, or to learn more about this or any of our cloud and security solutions, visit: www.arrayasolutions.com/contact-us/. To leave us a comment or question based on this post, check us out on social media: LinkedIn, Twitter, and Facebook.

by

 

The evolution of networking is all about the DNA.

Cisco Live, the company’s yearly tech summer camp, wrapped up last Thursday amidst the sweltering summer heat of Las Vegas. Cisco used this opportunity to showcase the evolution of the security, scale, and simplicity inherent to the next generation network.

The key platform launched last week was the Digital Network Architecture for Software-Defined Access (SDA). SDA promises to address the time spent configuring, provisioning, and troubleshooting network devices by reducing the manual processes and automating policy and segmentation. Best of all, it is built upon proven Cisco technologies like Identity Services Engine and APIC-EM. The key components to the Digital Network Architecture – SDA will be:

  • DNA Center – A centralized management platform for designing, provisioning, defining policy, and performing network assurance. It’s one dashboard that houses all of the tools needed to reduce the time spent SSH’ing into individual switches or routers. It also provides the ability to verify the policies you put in place are secure and effective.
  • Network Data Platform and Assurance – Imagine telling your network what you want it to do, rather than telling it what to do and how to do it. NDP utilizes the vast amount of intelligence your network provides, empowering IT to make better networking decisions.
  • Encrypted Traffic Analytics – An explosion of encrypted traffic is a very real, very relevant problem for many network and information security professionals. Many organizations I talk to don’t have the time or money to decrypt, inspect, and reencrypt in bulk, which leaves them blind to malicious actors traversing their infrastructure and infecting endpoints and network devices. Feeding off the power of the latest generation Catalyst 9000 switches, Stealthwatch, Cognitive, and TALOS analyze the metadata of encrypted traffic to determine its intent. In rigorous real world testing, Cisco achieved 99% accuracy, with .01% false-positives.
  • Catalyst 9000 Portfolio – The next evolution of SDx, the Catalyst 9000 builds upon the success of the Catalyst 3850/3650, unlocking a whole new level of flexibility for the network of today and tomorrow. I found the real highlight of the platform is its ability to blend the overlay (or whatever the future overlay is) with the underlying hardware. This allows the Catalyst 9000 series to be the long-term enterprise campus platform for your infrastructure. Oh, and the UADP 2.0 ASIC has an astonishing 7.4 billion transistors!
  • Developer Center – A resource-packed community within Cisco’s DevNet to help with creating network-focused apps and resources to help with building API integrations.

In addition to the DNA launch, Cisco also announced – with the help of Apple’s Tim Cook – a new security platform for iOS devices called Cisco Security Connector. Combining the capabilities of Umbrella and AMP for Endpoints (now called Clarity), Security Connector enables organizations to set and maintain visibility, control, and privacy rules for enterprise-owned devices, regardless of where their users are in the world.

Prepare yourself for the future of networking

As Cisco rolls out the next evolution of secure, intent-based networks in the coming months, look for in-depth updates from your Arraya team on how these new platforms can positively impact your business.

Want to talk more about what the future holds from Cisco? Or, do you want to learn more about what took place during this year’s Cisco Live? Whichever conversation you want to have, our team is ready. Reach out to them today at: www.arrayasolutions.com/contact-us/. Leave us a comment on this blog via social media: LinkedIn, Twitter, and Facebook.

by

Names like “Sandworm” and “Hidden Cobra” may sound as though they were pulled from the pages of an epic sci-fi novel, however, the threats they pose are very real. These fantastical monikers actually refer to a pair of shadowy – and allegedly state-sponsored – global cybercrime initiatives. Upon closer inspection, the tactics and endgames employed by each can serve as a reminder of some important, but often overlooked, cyber security truths.

Getting to know ‘Sandworm’   

Sandworm is the Dune-inspired name given to a group of hackers believed to be supported by Russia. In recent years, the group has been busying itself by (allegedly) turning Ukraine into its own “test lab for cyber war,” as documented in a write up by Wired. So far, the group’s accomplishments have been as extensive as they have been painful. Sandworm is thought to have been behind attacks on Ukrainian media, financial institutions, transportation, and more. To date, the group has twice managed to successfully attack Ukraine’s power grid, resulting in widespread outages.

However, as US Secretary of State Rex Tillerson once pondered, “Why should US taxpayers be interested in Ukraine?” The answer, in the case of Sandworm is that the group’s attention hasn’t always been focused on Ukraine. Back in 2014, it’s believed that Sandworm attempted to execute a similar assault on American power and water utilities. Should they seek to apply the lessons they learned in Ukraine during a future attack on American soil, the implications could be severe.

What about individual businesses outside of the energy sector? While companies without ties to critical infrastructure or a global footprint may seem safely below Sandworm’s radar, the group’s tactics are worth analyzing. As complex as the group’s weapons are, the origins are something that should sound familiar to all businesses.

For example, the assault on Ukraine’s power grid began with a phishing email containing a malicious attachment. Once deployed, this attachment gave attackers a backdoor from which they could strike a damaging blow. Also, in an earlier attack on Ukraine’s StarLightMedia, Sandworm leveraged compromised admin credentials and lax access restrictions to break in to the company’s network, where it operated unnoticed for six months. Eventually, the group managed to take over two domain controllers and use them to remotely destroy more than a dozen employee devices. That was well short of its goal of 200 devices or more, but that’s a small consolation.

Coincidentally or not, Ukraine also recently found itself as the launching point for the massive Petya/ExPetr/NotPetya ransomware epidemic. While thousands of machines in businesses across the globe were affected, including American companies such as Merck, Ukraine was among the hardest hit, with Petya (etc.) infecting banks, telecom, and – of course, its energy sector.

This latest ransomware onslaught took advantage of the same Windows exploit WannaCry used last month, reaffirming the importance of dedicated patching. Unlike in traditional ransomware attacks, which are financially-motivated, the objectives of those behind Petya (etc.) (As of press time, there’s no official connection between this campaign and Sandworm’s activities) remain unclear. The email address used to collect payments is offline and some have theorized the objective of the attack was to destroy data, not encrypt it and hold it hostage.

One-on-one with ‘Hidden Cobra’

Hidden Cobra is the US government’s designation for the cyber maneuvers of another notorious state – North Korea. Hidden Cobra, or as it has been referred to in the media Lazarus Group or Guardians of Peace, was the subject of a recent Technical Alert (TA) released by the US Computer Emergency Readiness Team (US-CERT). This release details what North Korea has been up to, what to watch for, the repercussions of falling victim to Hidden Cobra, and more.

Hidden Cobra’s arsenal includes DDoS botnets, keyloggers, various types of malware, and others. Threat actors have utilized these tools against a range of targets, either to steal data or disrupt the target’s operations. As with any criminal organization, Hidden Cobra actors aren’t looking to work any harder than they have to for a win. Among their favorite targets to exploit are unsupported versions of Microsoft operating systems and unpatched Adobe Flash player vulnerabilities – attack vectors common among cyber crooks, state-sponsored or not.

Hidden Cobra manages its DDoS botnet using a malware variant called DeltaCharlie. This malware agent is capable of downloading executable files and altering its configuration, as well as launching and concluding denial-of-service attacks. In order to help organizations avoid becoming ensnared in North Korea’s botnet, included in the TA are IP addresses associated with DeltaCharlie. While some of the traffic using these IPs may prove to be legitimate, organizations should take immediate action to verify its authenticity. After further review, if the traffic is still suspected of malicious intent, it should be flagged, addressed, and reported to the DHS National Cybersecurity Communications and Integration Center (NCCIC) or to FBI’s Cyber Watch (CyWatch) group using the guidelines included in the TA.

Defending against threats (great and small)

All businesses, regardless of size or industry, need to devote themselves to routine patching, access controls, end user threat recognition training, and other forms of basic security hygiene. Unfortunately, these activities are the ones that often slip through the cracks or are purposefully pushed to the side in favor of fighting the daily fires that pop up. Shortcomings in these areas can attract cyber criminals who – regardless of support structure or county of origin – can inflict extensive damage.

Arraya Solutions’ Cyber Security Practice helps keep threats at bay by connecting organizations with the people, processes, and tools they need to forge an intelligent, reliable IT environment. Our team can provide bandwidth-strapped tech teams with the additional hands they need to address frequently overlooked routine tasks, such as patching or sun setting aging no longer used applications. In addition, they can analyze an organization’s existing environment, spot gaps, and provide valuable, actionable advice on how to remediate issues.

Start a conversation with Arraya’s Cyber Security team today by visiting: www.arrayasolutions.com/contact-us/. You can leave us a comment on this or any of our posts by visiting us on social media: LinkedIn, Twitter, and Facebook. Be sure to follow us to stay up-to-date on our industry insights, exclusive learning opportunities, and company news.

 

by

The dust hasn’t even settled on WannaCry and yet there’s already a new global ransomware epidemic making headlines. Just last week, Australian police discovered WannaCry, the malware strain that dominated tech coverage back in May, in some of their traffic cameras. This WannaCry aftershock was upstaged this week, however, by Petya (also known by several other aliases), the latest ransomware variant causing catastrophic damage to companies around the world.

Like WannaCry, Petya leverages malware allegedly developed by the NSA and released by the crime group known as the “Shadow Brokers.”  Also like WannaCry, Petya is easily defended against, yet we continue to see these types of attacks succeed.

World-Wide Impact

There were a couple big names listed as victims of the latest attacks, most notably the shipping company Maersk. Maersk manages approximately 15% of worldwide container shipments, but as of Tuesday morning, just about its entire operation was completely disabled because the company’s computer systems were locked up by ransomware.  According to Reuters, “The breakdown affected all business units at Maersk, including container shipping, port and tug boat operations, oil and gas production, drilling services, and oil tankers.”

Maersk wasn’t alone either.  This attack spread to 65 countries affected companies across all industries.  The Russian oil company Rosneft, US-based pharmaceutical giant Merck, and assorted banks, government offices, power plants, law firms and manufacturers were negatively affected.  While the ransom was generally cheap ($300), the speed with which the malware spread and the impact to infected systems was much higher.  Additionally, the email account connected to the ransomware went offline during the height of the attack, leading many experts to speculate that the malware infection wasn’t designed necessarily to generate profits, but rather to inflict devastation upon the systems it compromised.

Another Attack that Could’ve Been Avoided

I continue to be amazed at how simple some of these large scale attacks are to defend against.  While this malware had a slightly different method for locking up systems and spreading, the infection method was exactly the same as WannaCry.  Just like WannaCry, if all your systems are patched, you’re protected.  It’s really that simple.  I almost wish it was more complicated or sophisticated, but it’s really not.  Microsoft told the world that this vulnerability was out there and pushed a patch.  WannaCry showed the damage that could ensue if the door was left unlocked and many companies paid the price.  But despite all of those warning signs, organizations continue to ignore the foundational security hygiene that would prevent these types of results.

There are a lot of great tools out there.  I see new security solutions all the time around behavioral analytics, event correlation, real time alerting, machine learning and artificial intelligence.  The tools can do a lot of cool stuff and have some really great capabilities, but in my opinion they are useless if you’re not taking care of the basic blocking and tackling – patching, network segmentation, multifactor authentication, training, etc.  Those tasks aren’t sexy, but I bet the C-Suite for all of the companies impacted by Petya are now re-focusing their efforts on the basics.  Unfortunately, it took an event of this scale to drive those initiatives.

Arraya Cyber Security Services

Arraya is positioned to help companies that want to put protections in place now and not wait for a catastrophe to occur.  Our team is highly trained and can help organizations build customized solutions that align with business objectives.  Our advisory services, architecture and tools, and managed services provide defense in depth capabilities to defend against these types of attacks.

Contact Arraya today by visiting: www.arrayasolutions.com/contact-us/. Feel free to leave a comment on this post through social media: LinkedIn, Twitter, and Facebook.

by

IT has had a long and sordid history with patching. From servers to desktops, Windows to Linux, it is the fear and bane of the IT administrator’s existence. A delicate balance has been struck between the risk of not patching and using third party tools to address security issues, but as the recent WannaCry and Petya attacks prove, patching is no longer an option and hackers might not be using perimeter attacks to infiltrate your network anymore.

Patching is just a solid and basic strategy, but both IT and the business have been burned with outages and application issues. These issues aren’t insurmountable though. Let’s take a look at some reasons IT has stopped patching (or worse stopped staying up to date) and how this is indicative of a cultural problem that is preventing innovation.

In the beginning

Since computers have been connected to each other (or had the opportunity to connect – see War Games, 1983), security has been a concern. Not only did firewalls go up, but Microsoft started learning that patching was critical to having a PC on every desk. The operating system needed to be secure. Starting with Windows 98, Microsoft introduced Windows update to help distribute patches. By 2003, they started Patch Tuesday – the second Tuesday of the month when patches would be released.

Something happened between 1998 and 2003 though – namely Windows 2000 and Windows 2003 server was introduced. This period brought two types of back office software into businesses – vendor written software to run the business and custom code written to fill the gaps that the business needed. From 2005 through 2009, these niche software companies shut down and businesses decided to lay off developers.

Here’s where patching problems started.

My application isn’t working, what did you do?

As time went on, it became clear that patching was critical for not only security, but basic maintenance. Companies wanted to reduce the risk of getting hit with an exploit, but it went beyond that. In 2007, the US government changed Daylight Savings Time, requiring a very specific path (and order of patching) for Microsoft systems.

At this point, patching strategies were fragmented. Some were using WSUS, others using System Center, still others using third party patch management solutions. These were all great for pushing out patches, but left something to be desired because they didn’t solve the main problem, which wasn’t patch distribution. Companies didn’t build a good methodology for patching.

And so, patches went out shortly after Patch Tuesday, maybe they were tested, maybe not and then things started breaking. Both niche vendor software and in-house developed software broke.

After the users would complain about the software breaking, two responses were given by management – “that company is out of business” or “we fired the guy who wrote that.” Both responses were followed with, “just make it work!”

At this point, patching either fell away because IT couldn’t make the argument it was critical when it was taking users offline or IT did it, but very cautiously.

The saga continues with modernization

With the introduction of Internet Explorer 10 with Windows 8, another problem surfaced – legacy web applications. IT had to pause the rollout of patches AND entire operating systems now because these applications, without support still, were incompatible. Here is where modernization goes to die.

As time has gone on, Microsoft has attempted to integrate more and more security into the operating system and the browser, but companies have allowed legacy applications to linger. This has led to a worsening situation within IT to support newer hardware and more secure end user computing environments while attempting to balance legacy applications.

Many IT shops struggle with this issue. It is less expensive, in fact it saves money, to run your end user computing environment out as long as possible. The argument to update is a non-starter with executives.

Here is where we are today. Legacy applications holding modern operating systems hostage, but the story doesn’t end there. This is causing a much larger issue within your business that you might not be aware of – namely, all of this is impacting your ability to innovate!

Your ability to patch affects the ability to innovate

Believe it or not, your strategy around patching and operating system upgrades directly impacts your ability to innovate. In today’s cloud first, mobile first world, technology is intersecting with employees and customers in new ways. The legacy applications that have been holding you back from patching and upgrading are also holding you back from moving forward.

Consider your competition. They are likely checking out ways to leverage technology to reach out and give customers a unique experience or build additional revenue streams. You simply cannot do this without having the basic building blocks of a modern IT infrastructure and end user computing environment. From the keyboard to the internet, your IT needs to run efficiently and fast – speed, but with control.

As painful as it is, it is time to start to start modernizing those applications and get your IT humming again so they can focus on bringing innovation back to the business.

How Arraya can help!

Arraya can help in a number of ways. We can bring standardization and simplification to your IT operations, enabling you to build the foundation for innovation. If you are stuck on a legacy operating system, we can help upgrade and ensure those legacy applications work until you can migrate. Lastly, if you want to develop a patch strategy, implement a patching solution or even offload your patching, Arraya can take on all of those challenges.

Contact us at www.arrayasolutions.com/contact-us/ to learn more. We can also be reached through social media: LinkedIn, Twitter, and Facebook.

by

In IT, it’s possible to go from white hot to yesterday’s news in the blink of an eye. Digital transformation is one of the industry’s favorite pet topics at the moment, however, unlike many buzzwords that came before it, this one doesn’t appear to be going anywhere soon. Instead, research indicates that – if they haven’t yet – IT pros and the organizations they support should begin making adjustments that will allow them to keep up as connectivity continues to spread.

These are the findings of the most recent version of Cisco’s long-running Visual Networking Index (VNI). Over the course of the last decade-plus, the Cisco VNI has tracked the growth of the Internet while offering predictions for the future of tech. The latest VNI, covering 2016-2021, includes a number of metrics that seem to confirm anyone expecting digital transformation to fade away is destined for disappointment.

Here are five of the top takeaways from Cisco’s VNI:

  1. Global IP use to triple by 2021 – Last year, global IP traffic sat at 96 exabytes per month. By 2021, Cisco projects that number will roughly triple, hitting 278 exabytes per month. This growth will be spurred by increased adoption of personal devices and Internet of Things-driven machine-to-machine connectivity, among other factors. For its part, IT will want to consider the effect that more employee devices and the spread of the IoT could have on their environment in the coming years – and architect accordingly.
  2. Wi-Fi & mobile dominate connectivity – In 2016, Internet traffic looked like this: 52% went through Wi-Fi, 10% through cellular, and 38% via fixed sources. By 2021, Wi-Fi will remain at the front of the line (53%) however, changes are coming. Soon, cellular will account for 20%, while fixed sources will be responsible for 27% of traffic. This can provide a helpful guide for IT teams looking to re-architect their network to ensure bandwidth is available where it’s needed most.
  3. Users are living on the edge (more than they were) – Come 2021, the network core could start to become a little less overtaxed. Cisco’s VNI suggests that, by that point, more than one-third of Internet traffic will move closer to the edge, bypassing the network core. As we’ve discussed in previous blogs, this will mean organizations must adjust their security mindset, focusing greater effort on defending user identities, or as we’ve dubbed them, “the new security perimeter” – while still staying true to more traditional approaches.
  4. Growth coming to SD-WAN – Networking itself is also set to face some changes according to Cisco’s VNI. The study predicts SD-WAN traffic will achieve a compound annual growth rate of 44% compared to 5% for legacy WAN deployments. Organizations planning to incorporate SD-WAN in the coming years will want to check out our post on four features they must have on their SD-WAN wish lists for help choosing the best-of-breed solution that matches their needs.
  5. DDoS getting bigger and meaner – Distributed Denial of Service (DDoS) attacks are a favorite tactic of cyber criminals. This method – which knocks resources offline with a barrage of requests – is only going to become more of a thorn in the side of security professionals with the spread of digital transformation as DDoS attacks project to increase 2.5-fold by 2021. The peak size of DDoS attacks spiked 60% year-over-year, while average size increased 22%. IT pros will want to make sure they have a plan in place to respond to these attacks should they find their organization in the cross hairs.

Don’t let digital transformation leave you scrambling

Arraya Solutions offers a variety of services designed to help organizations ride the digital transformation wave. Our team can discover business strategies and initiatives, assess the suitability of enterprise and digital platforms, standardize and modernize enterprise architecture, and help design a road map to connect digital efforts to business objectives. We can also provide the security, cloud, and infrastructure solutions and guidance needed to ensure lasting success.

Want to start a conversation around digital transformation? Reach out to us today at https://www.arrayasolutions.com//contact-us/. Feel free to leave us a comment on this post by visiting us on social media: LinkedIn, Twitter, and Facebook. While you’re there, be sure to follow us to stay on top of our latest blogs, industry insights, and exclusive learning opportunities.

by

 

There are plenty of binary choices in life – but where your organization’s data lives in the cloud isn’t one of them. Rather than choose between housing data in either a public or a private cloud, many businesses are electing to go with a third option. They’re choosing a path that winds between public and private, collecting the best features of each option in one package.

IDC’s recent whitepaper, entitled The Power of Hybrid Cloud, revealed hybrid cloud – that intersection of public and private models – is rapidly becoming the norm. The white paper surveyed representatives from 1,000 mid-to-large-sized businesses from around the globe to gain insight into their cloud journeys. As it pertains to the hybrid option, the survey found:

  • nearly 80% of large organizations already have some form of hybrid cloud strategy in place
  • more than half (51%) of respondents are already leveraging a combination of public and private cloud infrastructure components
  • roughly 29% anticipate migrating to hybrid cloud infrastructure within the next year

Are you looking to join the ranks of the growing majority of businesses who’ve embraced the hybrid cloud? Or, do you want to refine your hybrid cloud model to bring results more in line with the objectives that inspired your initial migration? Two of tech’s heaviest hitters can help.

Dell EMC, Microsoft lead the way to hybrid

As a moniker, Dell EMC Cloud for Microsoft Azure Stack, leaves little mystery as to what the solution offers, at least at a high-level. To dig in more deeply, Dell EMC Cloud for Microsoft Azure Stack brings Dell EMC networking, PowerEdge servers and its cloud infrastructure expertise to Microsoft’s leading on-prem cloud platform. The result of this marriage is a solution that speeds cloud deployment, while streamlining management.

So, what does life look like with Dell EMC Cloud for Microsoft Azure Stack in your data center? Here are three ideas:

  1. Accelerated access to applications – Whether they’re native to the cloud or have more terrestrial origins, applications are at the heart of how organizations benefit from Dell EMC Cloud for Microsoft Azure Stack. This solution provides a consistent programming experience by connecting Azure and Azure Stack which lets app teams create and share their projects across a secure, reliable hybrid environment. This boosts development and deployment, putting apps in user hands faster.
  2. Performance backed by peace of mind – More speed is typically an attractive proposition in the application development world – unless that speed boost comes from sacrificing security. Organizations simply can’t afford to take cyber security lightly, and Dell EMC Cloud for Microsoft Azure Stack doesn’t ask that they do. Instead, it ports in Dell EMC’s renowned backup and encryption abilities to protect data wherever it calls home.
  3. Confident yet still hands-free – You don’t need to maintain a vice grip on IT’s proverbial wheel to keep confidence levels high. Dell EMC Cloud for Microsoft Azure Stack enables private and public cloud resource delivery to be automated, allowing IT to confidently switch gears and focus their attention on other deliverables. Automation can also be extended throughout the application lifecycle, providing consistency in terms of app deployment and performance.

Take the first step into the hybrid cloud

More and more cloud journeys are taking the hybrid route. While this approach does capture the best of both worlds, there are some obstacles to be overcome. Most notably, public and private cloud models may not always play nicely together, necessitating more work on IT’s part to sync them up. Dell EMC Cloud for Microsoft Azure Stack is a solution built to make the road to the hybrid cloud, to that best of both worlds end game, much easier to traverse.

Dell EMC Cloud for Microsoft Azure Stack will be available later this year. Want to learn more about it prior to its release? Arraya Solutions is here to help. Much like the solution itself, we too are able to successfully straddle the line between the technologies and innovators that are shaping IT. Our Data Management and Microsoft & Cloud practices stand ready to help your organization plot the right course into the cloud based on your unique needs and objectives.

Reach out to us today by visiting: https://www.arrayasolutions.com//contact-us/. We can also be contacted through social media. Feel free to leave us a comment or ask us a question on our LinkedIn, Twitter, and Facebook pages. While you’re there, follow us to stay on top of our industry insights, company news, and exclusive IT learning opportunities.

by

Do you know where your administrator credentials are? Hopefully, the answer to that is “With my administrators.” However, it may not be the only answer as per a recent warning issued by the federal government. The National Cybersecurity and Communications Integration Center (NCCIC) has uncovered what it calls an “emerging, sophisticated campaign,” one that uses an organization’s administrator credentials against it to, potentially, compromise its system. Manufacturing, energy, and healthcare are just some of the verticals targeted by this campaign during a crime spree that has – to date – lasted more than a year.

The attack methods leveraged during this campaign vary, however, in a typical event, attackers will compromise a legitimate set of administrator credentials and use them to gain access to an organization’s network. From there, attackers deploy malware implants to fly under the radar while gaining additional access to the victim’s systems. Malware families utilized as part of this campaign include: PLUGX/SOGU and REDLEAVES.

The NCCIC has designated this campaign with a threat level of yellow, meaning a mid-level threat that could affect “public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence.” When looked at on a more granular level, the possible impacts of this campaign become more familiar, if no less anxiety-inducing. Possible fallout includes, in the right conditions, things like loss of sensitive data, costly disruptions, costly recovery, and the negative PR that comes with data breaches.

5 ways to rest easier about data security

Industrial companies of any kind appear to be a big target of this campaign, however, all organizations, regardless of industry, would be wise to prepare for it. In their official rundown of this threat, the NCCIC includes a number of steps organizations can take to ensure they’re ready for the worst. Included in this list are five cyber security best practices that, if your organization isn’t following yet, they should do so ASAP, such as:

  • Hunt for vulnerabilities – The “if it ain’t broke, don’t fix it” mindset doesn’t apply in cyber security. All too often, something is broken; the problem just hasn’t revealed itself quite yet. Go looking for problems. Put a program in place that allows you to regularly search for weak points in your network, and – when you find them – take the necessary steps to remediate them. This keeps the security team from being stuck reacting to what’s going on around it.
  • Protect data in all states – Data isn’t only at risk when it’s on the move. Whether it’s resting peacefully in your data center, or in transit to the cloud or beyond, end-to-end data encryption is a must. Even if your perimeter defenses are strong, cyber criminals can still sometimes find their way in, as exemplified by this campaign, so the more layers of defensive depth you can add, the better.
  • Acknowledge all threats – In many cases, risk originates from outside your company – but not all the time. Be sure to have a program in place that allows you to monitor for and respond to malicious activity that has its origins much closer to home: your own employees. Whether it’s a mere accident or it truly is malicious, you’ll want to be ready to address suspicious activity just the same.
  • Remember security and compliance aren’t the same – As Arraya’s Cyber Security Practice Director Tom Clerici noted in a blog post from earlier this year: “You can meet every single checkbox requirement for a typical cyber security audit and still be completely susceptible to a breach.” Doing only what’s needed to hit the targets laid out by regulators may make you safer, but it may not. True security requires a deeper commitment, one only measurable in audits separate from those gauging compliance.
  • Check your logs – System logs – even those that, on the surface, aren’t connected to security – are a valuable resource far too many teams overlook. They’re a perfect way to catch potentially shady behavior taking place on your network and it’s data you are already able to access. Reviewing these logs should be a regular function for security team members and not a “when there’s time” task.

Don’t face cyber threats alone

Cyber security is a big job, but it’s one modern organizations can’t afford to take lightly. Whether you want to implement any or all of the above best practices, or go even further, Arraya Solutions’ Cyber Security Practice can help. Our team is ready to ensure your organization has the tools, knowledge, and team bandwidth to handle anything those occupying the wrong side of the law can throw at you.

To start a conversation, visit us at www.arrayasolutions.com/contact-us/. We can also be reached through social media: LinkedIn, Twitter, and Facebook.

 

by

 

Last Thursday, the mid-Atlantic region’s top IT professionals gathered for Arraya Solutions’ Tech Summit. For the third year running, attendees packed the halls and conference rooms of the Sheraton Valley Forge in King of Prussia, PA to explore the latest technology solutions and learn more about those that already make up their IT environments.

This year’s Tech Summit included more than two dozen unique sessions, covering the topics and technologies that most affect today’s IT professional. Arraya’s engineering team presented each of these sessions. By connecting attendees directly with Arraya engineers in this way, the Tech Summit delivers a by techs, for techs experience.

“If you know me, you know I’m passionate about technology,” David Bakker, Arraya’s CTO, reflected. “I’m not alone in that; it’s a feeling shared by the whole Arraya team. It’s what inspired the Tech Summit, an event where techs can learn something new right from other techs.”

Couldn’t make it to the Sheraton for this year’s Tech Summit? Here are four things you missed:

#1: The global view on IT today

A keynote address from IDC’s Sean Pike opened the day. As a worldwide leader in market research and analysis, IDC is uniquely positioned to provide a big picture view of the forces that are shaping the world of IT.

Pike, who serves as the organization’s Program Vice President for Security Products and eDiscovery & Information Governance, spoke on the intersection of two of IT’s favorite topics: digital transformation and cyber security. During his keynote, Pike emphasized that, as connectivity grows, so does the need for greater data integrity. Security pros – and the businesses they support – must be able to depend on the sources of their data, or the consequences could be steep.

#2: A complete ransomware strategy guide

Following Pike’s presentation, attendees divvied up among the day’s various breakout sessions, which ran concurrently throughout the Tech Summit. As one might expect given its seemingly permanent place in the headlines of both the mainstream and IT media, cyber security proved to be a popular topic. Ransomware, in particular, generated a great deal of interest.

One session, dubbed Anatomy of a Ransomware Attack: Exploring the Best (& Worst) Case Scenario, took attendees through a simulated attack. It demonstrated the difference between joining the ranks of those unfortunate companies who helped make ransomware a billion dollar business last year and coming out of an attack unscathed.

Following this session, Tom Clerici, Director of Arraya’s Cyber Security Practice – who co-presented with Dan Clarke, a Senior Solutions Architect on our Cisco and IoT team – voiced a reflection on their course that could apply to any of the day’s deep dives.

“I think the combination of traditional slide show information followed by technical demonstrations struck the right balance of theory and application, and that hit home with the attendees,” Clerici noted.

#3: Arraya’s take on how digital transformation has changed IT 

Outside of cyber security, another attention-grabbing talking point was digital transformation. Besides being the focus of Pike’s Tech Summit-opening keynote, it was also the central component of a session entitled Digital Transformation for the IT Professional. This course used real world examples to show how connectivity has changed the way today’s biggest businesses operate.

Matt Sekol, Director of Arraya’s Microsoft and Cloud Practice – who co-presented this session with Ryan Benner, Arraya’s Vice President of Enterprise Infrastructure – saw value in how all of the day’s sessions managed to be both approachable and technical.

“I was really impressed with the presentation skill of our technical staff and their ability to bring complex technical ideas to the Summit,” Sekol said. “I think there was an overall theme of having fun with the content and incorporating personal stories at a level that I haven’t seen at the Summit yet.”

#4: A chance to elevate IT – and the organization as a whole

IT is at the core of the modern enterprise so, when it takes a step forward, the business comes with it. There were plenty of opportunities for IT pros to further their knowledge and help their businesses advance during the Tech Summit. The day featured over two dozen unique sessions, devoted to a wide variety of subjects, including cloud, cyber security, communication & collaboration, networking, and more. Members of Arraya’s tech team designed and presented each session, ensuring a high-degree of technical content.

Among the day’s most popular sessions was DR/BC Solutions that Guarantee Faster Recovery and Peace of Mind, which was presented by Halim Chtourou, Jeremy Rupczyk, and Jeremy Klinger, all from Arraya’s Data Center team. During the session, the trio of presenters highlighted how IT pros can leverage industry-leading solutions to ensure their business’s data will be available whenever they may need it.

Another topic that garnered a good deal of interest was The Concepts and Technologies that Define the Modern Data Center. Ron Longley, Arraya’s Data Management Practice Manager, and Matt Haedo, a Solutions Engineer on Arraya’s Cisco team, presented this session, guiding attendees through complex topics such as hyperconverged, hybrid cloud, and more.

Also drawing in the crowds were sessions such as: BYOD: How to Make Employees Happy & Keep Data Secure, A Brief History of Data Storage: From the Early Days to All-Flash, ‘Dude Where’s My Data?’ Improving Data Governance Strategies with Office 365, and Steering Your Organization to Success in the Hybrid Cloud.

What comes next for the Tech Summit?

Bakker isn’t interested in sitting back on past successes with the Tech Summit. Even before Pike’s keynote began, Bakker was already brainstorming ways to evolve the event in the months and years ahead.

“I’m proud of how this event has grown in just three years and I’m excited about what the future holds for it.” Bakker said. “That passion I talked about? It’s not one-sided. Every single person who attended the Tech Summit feels the same way about technology. Ultimately, we want attendees to leave with knowledge and insights they can use to turn that passion into meaningful changes.”

Couldn’t attend our Tech Summit, but want to learn more about these and other presentations from the event? Or, were you in attendance, but a particular session filled up before you could get a spot? Reach out to Arraya today at www.arrayasolutions.com/contact-us/ and we’ll connect you with our team of experts.

by

I really hate going to the dentist.  It’s the worst.  I have to schedule time out of my week, sit endlessly in the waiting room (in reality it’s five minutes, but it feels like forever), and then the real pain begins when I start getting poked and prodded.  Overall, it’s awful, and for that reason it’s tempting to ignore.  However, if I don’t go for my basic checkup, everything gets worse over time until eventually I need surgery to repair the damage. Should I need oral surgery, you bet I want the best doctor in town.  I’ll shop around, read reviews, etc.  This is the opposite of my dentist, where the main goals are “cheap” and “close to home.”  The path of least resistance will do.

Does this sound like the way your security team was assembled?  Is it built with the best options or the most convenient? Is it staffed with people for whom security is an additional duty? Is security at the forefront of your organization or is it relegated to a back room until it’s needed?

Just Good Enough

Many organizations treat security like the dentist. They put it off and, when they do address it, it’s as an afterthought.  The security checklist often gets handed to someone with some free time.  Maybe a network engineer or system administrator is dubbed the new “security guy.”  He or she scrambles to meet the checklist’s requirements for the day with no real authority or alignment with the business.  They’re also probably going to take the fall when an incident occurs even though they were thrust into the job without the right level of expertise.

In my opinion, the security team should be treated with the same care as the surgeon.  Think about what’s potentially at stake.  What is the financial impact if your systems are taken down for weeks due to a denial of service attack?  What if all of your B2B partners are no longer willing to do business with you or if customers lose confidence in you?  In cases of a large-scale breach, you can anticipate lawsuits, recovery costs, and an army of auditors at your door.

What if personal safety is at risk, as is the case for manufacturers and health care providers? The WannaCry attack forced 16 medical facilities in the UK to turn away ER patients.  That’s a pretty far reaching impact. In any of these situations, you don’t want the team that was “just good enough” when you brought them on.  You need the best.

Finding Your A-Team

Finding quality security personnel is hard.  The skill set is so broad.  During an attack, the security team needs to understand networks, servers, desktops, applications, logs, security tools, personnel, and business operations.  It’s not all technical either.  When preparing for regulatory audits or vendor due diligence requests, the team needs to know where the critical assets are held, who can access them, how the controls are implemented, and the governance that directs how it all comes together.  Then there’s business level need.  They need to understand how to recover from a disaster, the business continuity plan, and the ramifications from implementing certain controls.  They also need the soft skills to budget correctly, report to senior level leadership, and provide other IT teams with the flexibility to adjust technical needs without compromising security.  There is no “one size fits all approach” and the cost can be very high.

Don’t forget the partners you’re leveraging either.  Are you buying hardware and software tools via the “whack a mole” approach where hopefully you’re buying the right tools?  Does your provider have expertise in security, or are they just selling you whatever products their manufacturers are peddling that week?  When it comes to security providers, it’s important that you choose a true partner and not just another vendor.  They need to be invested in learning how you operate and not just selling you the next top right solution in the Gartner quadrant.

It’s Worth It In The End

The cost and effort required to get the right team in place can be painstaking.  If you do it right though, you’ll gain more than just the ability to pass an audit.  These people, regardless of whether they are internally or externally staffed, can provide insight into what’s really happening and can streamline operations.  A finely tuned, highly controlled information system can limit changes, prevent unnecessary support costs, and reduce the likelihood of a compromise. Ultimately, that’s far less expensive than what could occur from a massive attack.

Going to the dentist is never fun, but it’s far better then the worst case scenarios conjured up by the alternative. If the worst does happen and everything is on the line, I want a board certified, proven expert who has been there before on my side.  The administrator who was handed an assignment because they’ve been with the company for a while isn’t the person I want operating on me.  Is that who is protecting your company?

To start a conversation today around securing your business, contact Arraya’s Cyber Security Practice at: https://www.arrayasolutions.com//contact-us/.