Arraya Insights

by

By now we’ve all heard about ransomware and the massive financial implications it can have on business. While ransomware is an example of something coming in and infecting you, the converse can be a risk. With the ease of cloud accessed Software-as-a-Service (SaaS) applications, your data can be outside of IT’s control extremely easily. Two recent examples of disgruntled employees illustrate just how important IT’s management of SaaS applications can be.

Recently, a for-profit college in the Midwest was held hostage by a newly-terminated employee. For some unfathomable reason, this single employee had just enough access to bring the school to its knees by locking it out of its access to a SaaS based education application. The employee made financial and job-related demands and claimed the school caused the service lockout, not malicious actions.

Regardless of who is at fault in this instance, for the school, the primary concern was for the services impacted and the real financial implications of being offline and locked out of its cloud application.

Direct financial implications and service loss are a couple of ways for individuals to impact a company. Another way is to attack the brand over social media – using the company’s own accounts! One infamous event had an employee tweeting from the company’s account to their 63,000 followers while in the middle of mass layoffs. This person still had the ability to take this action, even during their own termination, due to the lack of IT control. Given the number of cloud-based applications most employees use on a day to day basis, it is easy to see how some could slip through the cracks in IT.

There are two main issues that need to be covered in the scenarios above. The first issue is identifying and securing access to critical applications. The second is controlling access to those applications. Despite these two different instances, you can build a cohesive solution to address both with Microsoft.

Let’s start by finding out what cloud applications are in use. An easy way is with Cloud App Discovery, a component of Azure Active Directory Premium. This tool provides a way to discover what cloud-based SaaS applications are in use on your network, who is using them, and help prioritize which applications the IT department should begin managing. This method does require an agent, but offers much more in-depth information about what your users are doing with the SaaS apps.

To take discovery to the next level and layer on control, Microsoft offers Cloud App Security. This component of Enterprise Management + Security provides the tools necessary to both discover and manage cloud-based SaaS apps. With Cloud App Security, you can first discover which SaaS apps are in use on your network without deploying any client agents. Then, using the information gathered, you can determine which apps IT should be managing access to (and which ones you may want to block altogether). Cloud App Security allows IT to create policies around how different SaaS apps are used in the enterprise, including methods for Data Loss Prevention (DLP) for these apps.

Once you know which SaaS applications are in use, you need to control access to them. Azure Active Directory also includes a Single-Sign-On (SSO) component for most popular cloud apps. Using SSO, access to third-party apps is granted or terminated in a single effort, by configuring a user’s Active Directory account. In some cases, such as the Twitter example above, the end-user doesn’t even know the password to the corporate Twitter account. Once their Active Directory account is disabled (which should have happened as soon as that person entered the room) the user can no longer access Twitter. If they are the only one responsible for the account at the company, it is a simple process to add another user to the application, and the company maintains control of their social media. The same concepts apply to the college example, as well.

If these examples or the solutions discussed hit close to home for you, or have you wondering how SaaS applications are being managed in your organization, reach out to Arraya’s Microsoft team today to discuss our Enterprise Mobility + Security Pilot, which includes Azure Active Directory Premium SSO, at mssales@arrayasolutions.com.

They can also be reached through Arraya’s social media accounts: Twitter, LinkedIn, and Facebook.

by

What are your plans for the next 6-9 months? If your business is looking at Windows 10, you might already have your answer. That’s how long IT should spend preparing for a Windows 10 migration according to a White Paper from Gartner. The research firm concluded doing so would save time and resources during the migration – and reduce errors and rework after the fact.

That time frame may not sound so bad to IT pros who endured the slog from Windows XP to Windows 7. That move often required anywhere from 12-18 months of testing and remediation to sort out the resulting compatibility issues. This isn’t the case with moving from Windows 7 to Windows 10. Newer hardware shouldn’t pose an issue outside of the need for some possible stray firmware updates. The same goes for tools and processes recently updated to work with the outgoing Windows 7.

There is a way to take that 6-9 month time frame Gartner recommends and condense it to an even more manageable level.

Experience faster ROI from your Windows 10 migration

Arraya Solutions’ Microsoft and Cloud Practice has devised a four-pillared approach to deploying Windows 10 capable of reducing rollout times intelligently and securely. How much time it can save is dependent upon many factors, including the size and state of the existing environment. Still, considering your other job doesn’t stop during a project such as this one, any opportunity to reduce the time you need to invest in deploying Windows 10 – and shorten time to value – is worth exploring.

Here are the four pillars:

  • Pillar #1: Discovery & Education – The first pillar is devoted to working with you to get a better idea of what’s driving your move to Windows 10, the features you’re most interested in, etc. Our Microsoft team members can offer guidance or advice on the deployment options best suited to your needs and objectives. From there, our team will perform discovery around your organization’s hardware and software to ensure harmony with Windows 10. Existing components are checked against Microsoft’s recommendations and its catalog of compatible solutions to uncover instances where upgrades or additional purchases are needed to avoid issues later.
  • Pillar #2: Application Compatibility – Next, our team will investigate the Windows 10-readiness of applications that have become part of employees’ daily routines. This effort looks specifically at high-risk apps, such as those built in-house or by specialized third party vendors. Our team can provide guidance on determining temporary fixes for incompatible apps and on modernizing them long term. If a short term fix isn’t an option, our engineers can explore alternative application delivery methods, such as virtualization with remote desktop services or Horizon View, to keep apps available to those who need them.
  • Pillar #3: Image & Deployment Design – During this phase, your organization’s new operating system comes to life. Our team will leverage SCCM or MDT to build the image and deployment model for you. Engineers can deliver customized deployments to include things like branding or a deployment wizard to allow you to decide what software you want to deploy with an image. These images are then tested across the hardware we explored during the first pillar of this methodology to confirm performance.
  • Pillar #4: Migration & Support – The last pillar involves rolling out Windows 10. Our Microsoft team can oversee a methodical pilot program to ensure everything is functioning as expected. And when we’re ready to roll out to the rest of your organization, our Managed Services Practice is available to field any increase in call volume from users getting used to the new computing environment.

By addressing each of the above pillars, the Arraya team can deliver on its promise to save time and ensure faster return on Windows 10 investments.

The expert support you need, wherever you stand

Has your organization already finished off that first pillar? Are you and your team up to your ears in the Application Compatibility phase? Wherever you are on this journey, Arraya’s team can help. Our Microsoft experts and our Managed Services team can jump in and provide the support businesses need to shorten the time between the decision to move to Windows 10 and the day it begins generating real value.

Want to start a conversation around Windows 10? Email our Microsoft team at mssales@arrayasolutions.com to learn more. You can also reach the members of our team through our social media presence: LinkedIn, Twitter, and Facebook. Follow us to stay up to date with our latest blog posts, special events, and more.

by

Take a minute to imagine your ideal data center. Now compare that to the one your organization currently relies on. How are they alike? How do they differ? More importantly: What’s keeping you from turning that fantasy into reality?

For many of the organizations our Data Management team talks to, it comes down to two things: resources and budget. Fantasy data centers don’t come cheap, and if the budget isn’t there, that’s the end of that dream. It’s still possible to fully optimize what you already have, however, staffers often lack either the specialized expertise or the time needed to make that happen.

Depending on your environment, there is help. While this solution won’t transform your data center overnight, it can move you closer to that optimized, ideal data center you imagine. This solution may be available to you right now, at no cost. All your admins need to do is activate it.

Better understand and manage Dell EMC’s Unity

The tool is CloudIQ from Dell EMC. Organizations who have Dell EMC’s Unity – in its either all-flash or hybrid configuration (also Unity VSA) – already have access to CloudIQ as it is a standard part of the package. CloudIQ is a SaaS-based cloud appliance that can ensure greater returns on storage investments.

Dell EMC’s CloudIQ provides:

  • A bird’s-eye view of Unity deployments. CloudIQ makes managing a storage environment easier by collecting data in real time concerning the health and performance of – and risks facing – a Unity deployment. It drops this data into a user-friendly dashboard, giving storage admins insight into how they’re using Unity. This empowers them to feel more confident about decisions relating to their deployments.
  • Early warning about potential disruptions. CloudIQ brings possible trouble spots and dangers front and center. Using predictive modeling and intelligent analytics, CloudIQ can help organizations spot trends that present immediate and long-term threats to the storage environment. This encourages proactive self-service, giving admins the tools and knowledge they need to get out in front of hazards instead of playing catch up.
  • Regular, painless updates. New solutions mean new responsibilities for the IT teams tasked with managing them. This can leave IT breaking even in terms of workloads added and lost. CloudIQ adds minimal new work for IT. Set up can be completed in minutes and updates are delivered automatically and non-disruptively to the solution at regular intervals.
  • Access from anywhere, anytime. Technical issues don’t care about things like lunch breaks or normal business hours. CloudIQ understands this and addresses it by allowing IT to manage their storage environments from anywhere, at any time. All they need to do is log in through their favorite browser and they’ll be able to check on their Unity deployments, increasing productivity and reducing the threat of downtime.
  • Deep data reserves. Quality is important to data collection, but so is quantity. This separates the trends from the flash-in-the-pan events. As such, CloudIQ hangs on to up to two years of statistics detailing Unity’s performance and capacity. Aggregating this much data ensures admins have a deep well from which they can draw knowledge before they act.

Take steps toward data center optimization

As it lives in the cloud, CloudIQ minimizes concerns surrounding routine maintenance. At the same time, it gives IT admins access to better (and more) information about the storage piece of their data center in a format that is easy to use. This increases understanding of Unity-based storage environments, while enabling faster and – again – better decisions.

Want to talk more about Dell EMC’s CloudIQ?  Interested in bringing Unity to your data center, either in an all-flash or hybrid configuration? Arraya’s Data Management Practice is ready to help. Our team has decades of experience supporting data centers of all sizes, for businesses in all industries. They can help you plan for a move to Unity or work with you to make sure you’re getting the most from the data center solutions you have.

Want to leave us a comment? You can do so by visiting: https://www.arrayasolutions.com//contact-us/.

You can also reach us through social media: LinkedIn, Twitter, and Facebook. Connect with us to stay updated on our latest company news, special events, and more.

by

Some Managed Services providers will try to sell you on the value of scope boundaries. They’ll hand you a piece of paper with a list of service descriptions and say “Here’s what we do.” The idea is that your business should squeeze itself into one of their service tiers, and they promise you won’t need anything else beyond that. They see standard service options as a path to efficiency. The more streamlined their offerings, the more predictable their operating costs will be (and the larger their profits over time). It’s neat and tidy, but in reality, how often can you say either of those things about life in IT?

If a problem comes up with a deployment not on that list, your organization could be out of luck. Besides that, business goals are constantly changing and so too are the technologies needed to realize them. In this way, a pre-built service offering may only work for a short time before the business changes course and IT must follow suit.

Again, nothing that moves as fast as IT does stays neat and that tidy for long.

Looking beyond the Managed Services bucket

Arraya Solutions’ Managed Services are built on the idea that efficiency doesn’t have to be achieved through exclusion. Our team operates under the mantra of “Your Goals Are Our Goals.” This means we acknowledge your objectives are going to change and our services will evolve alongside them. Even if this approach means more work on our end, we’re confident in the team we’ve assembled and in their ability to meet that challenge head on.

Here is a comparison to illustrate the Arraya difference. Imagine you need help managing your data center. What option sounds more valuable?

  • Your provider focuses exclusively on managing specific pieces of your environment. They patch equipment with limited notice, execute changes according to their own change control and troubleshoot alerts and issues reactively. When you ask for help, they refer you to your service agreement. It’s a nuts-and-bolts approach designed to keep the lights on in your data center.
  • Your provider works with onsite IT to identify issues early, execute changes according to your processes and propose changes to improve your environment. They take a collaborative approach that incorporates your organization’s strategic goals, compliance needs and organizational culture. The service agreement provides guidelines for engagement, not a hard line in the sand. That is Arraya’s Managed Services.

You don’t have to face today’s IT landscape alone

Fluidity is the status quo in business today. As IT organizations are being asked to evolve, they need the support of a Managed Services provider whose services can grow with them. That provider must also be able to function as a trusted advisor, one who can help IT adjust to and succeed in an ever-changing landscape.

Want to discuss how Arraya’s Managed Services – a member of CRN’s MSP Elite 150 for three years running – can benefit your organization? Reach out to us today at www.arrayasolutions.com/contact-us/. Our team is also available through social media: LinkedIn, Twitter, and Facebook. Be sure to follow us to stay on top of our latest industry insights, special events, and more.

 

by

Picture having greater insight into your data protection environment. Imagine getting that insight without adding to the workloads of those managing said environment. Now imagine that – and forgive the paraphrase of a popular horror movie trope – the tool that would allow you to do those things is already in your data center.

Data Protection Advisor (DPA) from Dell EMC is that tool. There’s no mystery behind how it ended up in your data center. DPA comes standard in most versions of the Dell EMC Data Protection Suite. If your organization has a Data Protection Suite license, then you most likely have DPA. Whether you’re using it or not is a different story.

If you own DPA and it’s not implemented, you’re missing out. DPA makes it easier to access data and analytics to more effectively monitor and manage your backup environment. Should something go wrong with a scheduled backup, DPA can help you get to the root cause. If a planned change could cause issues with existing processes or regulations, DPA can automatically alert you and your team, allowing for adjustments.  If a server is running out of space, DPA can alert you based on utilization thresholds before your app goes offline.

What can you learn about your backups from DPA?

DPA presents information to admins by funneling key infrastructure data into an easy-to-navigate and customizable dashboard. It also features a library of ready-made yet editable reports. Permissions can be set and automated for the dashboard and the reports to ensure people only see the data most pertinent to their role.

While both features certainly make DPA worth activating, the reports in particular stand out to Arraya’s Data Center team. We asked our team which reports they find most valuable, and they gave us their top five:

  • Backup Report Card

 

    https://portal.demoemc.com/manuals/labguides/500001192/manual.html

What the Backup Report Card lacks in flash it makes up for in function. It’s a foundational report that uses a modified traffic light scale to keep admins informed about the backup status of each client reporting to DPA during a predetermined period. Green means backups were successful, red means unsuccessful, a combination means some went through while others didn’t, and white means no backups took place. This report lets admins easily spot and correct missed backups.

  • Chargeback System Templates

 

             https://portal.demoemc.com/manuals/labguides/500001192/manual.html

What is your organization spending on backups? What are the individual cost centers within your organization spending on backups? With the proper intelligence built in by admins, DPA’s Chargeback reports can shed light on these issues. Chargeback reports look at the overall size of backups and data transfers and assign them a per client cost. IT can tie host(s) to specific departments, helping produce internal bills and invoices.

  • Backup Failed Clients

 

https://portal.demoemc.com/manuals/labguides/500001192/manual.html

Any investigation into the reason a backup failed should take an early turn through the Backup Failed Clients report. This report provides an abundance of details on clients for which backups failed. Included are: Job ID, Server, Domain Name, Backup Code, and other details that make investigations run more smoothly.

  • Three Strikes Failed Clients

 

https://portal.demoemc.com/manuals/labguides/500001192/manual.html

As the name implies, three missed backups in a row will land a client in this report. The Three Strikes Failed Clients report helps admins uncover repeat failures occurring in a specific timeframe. The report includes status checks on the offending clients covering anywhere from one to three days. This adds further context for admins delving into negative trends in their data protection environment.

  • Exposure Details Report

 

                 https://portal.demoemc.com/manuals/labguides/500001192/manual.html

The Exposure Details Report looks at fallout. This report gives admins an idea of what they stand to lose data-wise in the event that backups aren’t executing as they should. The Exposure Details Report runs against a backup client to determine how long an application has been exposed to data loss, how long it could take to recover, and how those things relate to recovery time objectives, recovery point objectives, and more.

Rest easier knowing your business’ data is safe

Our Data Center team’s advice? Businesses using DPA add these five reports to their repertoire – if they’re not already there. Businesses not using DPA should consider these reports just the tip of the iceberg in terms of the solution’s analytical power.

Are you interested in exploring DPA (and the rest of Dell EMC’s Data Protection Suite) in more depth? Does your business already own DPA, but you’d like help spinning it up? Arraya’s Data Center team is ready to help. The members of our team have spent decades deploying and managing backup and recovery technologies for businesses in all industries. They can work with you to find and hone the tools you need to keep your data safe, secure, and there when you need it.

Visit https://www.arrayasolutions.com//contact-us/ to start a conversation with our experts today. Also, feel free to reach out to us via social media: LinkedIn, Twitter, and Facebook. Follow us to keep up with the latest company news, blog posts, and exclusive learning opportunities.

by

News came out recently that Yahoo agreed to a $350M cut on its sale price to Verizon following the disclosure of two massive security breaches. Yahoo is also on the hook for 50% of any future costs. Some experts are estimating the security breaches will end up costing Yahoo around $1.5B. The Identity Theft Resource Center also recently released a report of confirmed data breaches for 2017. In total, they identify 144 breaches that exposed over 1 million personal records. The incidents they reference span across multiple industries and companies.

No company wants to be on the news due to a breach, but the reality of the situation is, if you’re using technology, you’re going to be attacked at some point. Unfortunately, too many organizations wait until after an incident occurs before developing an incident response plan and by then it’s too late.

The keys to building an effective incident response capability are planning early and practicing often. Below are some tips to consider when putting together your incident response plan.

Prepare Before the Incident

Start with identifying the risk. Understand how an attack could have a negative effect on you. For example, is the primary risk financial loss? Perhaps there is a legal or regulatory risk that if you were to disclose customer data you could be fined or have business suspended. In many cases, the risk is reputational – e.g., will your customers or partners stop doing business with you because of what happened. In other cases, the risk stems from theft of intellectual property or loss of competitive advantage. For manufacturing or other industrial control systems, there could be a personal safety risk to operators and customers. Whatever the risk, identify it and understand what you’re protecting.

Once the risk is identified, assemble the team. Yes, there will probably be a group of technical personnel on the incident response team. You have to think broader than that, though. Consider who to involve from the leadership, legal, human resources, public relations, accounting and operations teams. Understand that the organization may have to spend some money, talk to the media, interact with auditors, calm down customers, etc. The IT team probably shouldn’t be carrying out these types of functions, and if they are it means technical tasks may be going untouched.

When you have the risks identified and the team established, it’s time to document and educate everyone on the plan. Make sure everyone is aware of his or her responsibilities and ready to assemble when the time comes. The plan should include technical capabilities, notification thresholds, and the names of those with decision-making authority.

Detect and Analyze Malicious Behavior

You need to be sure your systems are logging properly and analyzing those logs regularly to understand what normal behavior looks like. If you don’t know what constitutes “normal,” it’s impossible to know what “malicious” looks like. Centralized logging makes this task much easier but, even if you can’t centrally log, at least dedicate some time to understanding what your individual systems are telling you. The worst way to find out there’s a problem is when someone else tells you. By the time that happens you’re probably already in too deep. If you can identify and detect anomalies or malicious behavior before it gets out of hand, your chances of limiting the damage increase dramatically. Don’t just look at this from a network and server perspective, either.  Understand the users and the applications. For example, if your CFO is on vacation with no access to technology but you still see checks being signed, there’s probably something shady going on.

Contain, Eradicate and Recover

If you have the team in place and you can detect malicious behavior, recovery becomes much easier. The first task is to prevent the incident from spreading. That may involve shutting down certain systems or isolating them so they can no longer talk to unaffected systems. It is at this phase that the leadership and other non-technical team members become so important. You’ll have to start weighing the pros and cons of disrupting business operations to contain the threat. The sooner you contain the threat, the easier eradication and recovery become. You don’t want to resume normal operations only to find out that the threat is still spreading to areas you didn’t know about. Once the threat is isolated, you can start eliminating it and getting back to normal.

Post-Incident Reporting

Even though the incident may be over, the team’s job is not finished. Now it’s time to look at what happened and start identifying ways to prevent similar events in the future. At this point, right after an incident is completed, you’ll have executive leadership’s attention for resources. Now’s the time to ask for that security incident and event management system or extra security analysts.  If an employee clicks a link and nothing bad happens, leadership doesn’t care. If they click a link and it leads to five days of downtime then leadership will certainly care, see the tangible effects, and be willing to act. I recommend a post-incident report. Document concerns and needs and report them to the leadership team. It’s important to document each incident and trend the smaller incidents so the leadership team is aware of what’s happening. It’s also a great way to see if you’re trending toward a larger level incident and feed into the detection process.

Put A Cyber Security Plan Into Action

Need a hand documenting or executing a company-wide security plan? Arraya Solutions’ Cyber Security Practice can help. Our team has experience working with all levels and departments within an organization to ensure sensitive data stays out of the wrong hands.

Start a dialogue today by visiting us at www.arrayasolutions.com/contact-us/ or contacting us through social media: LinkedIn, Twitter, or Facebook. While there, be sure to follow us to stay updated on our latest industry insights, special events, and more.

 

by

If hyperconverged infrastructure has yet to make its presence felt in your data center, it may not be far off. Gartner analysts foresee that, within two years, hyperconverged infrastructure – the tightly integrated union of compute, storage, networking, and virtualization capabilities – will enter the “mainstream.” That prediction lines up with statements from Forrester concerning it becoming part of IT’s new “norm.”

Moving to hyperconverged promises gains in performance and scalability while also netting adopters significant cost-savings. Arraya’s Enterprise Infrastructure team has seen these benefits play out in real world deployments. They also understand no two companies have the same data center needs. That’s why, rather than pushing one path to hyperconverged, Arraya supports several, one of which is Cisco’s HyperFlex.

Regardless of the path a business chooses, as hyperconverged is more tightly ingrained into the fabric of IT, the biggest risk could be standing still.

Choosing the best hyperconverged solution for you

HyperFlex is one of the newer hyperconverged solutions around, having made its debut at last year’s Cisco Partner Summit. Far from being late to the game, Cisco sees this as a benefit, as it enabled them to gain a better understanding of the needs of the customer.

If you’re unfamiliar with what HyperFlex can do, consider this your crash course.

  • Take a look under the hood. HyperFlex has a reputation as an end-to-end hyperconverged platform. That reputation, like HyperFlex itself, is built on a solid base of solutions, including:
    • Cisco Unified Computing System (UCS) servers providing simplicity through automation and policy-driven management.
    • Cisco HyperFlex HX Data Platform Software enabling software-defined, enterprise-grade storage via a distributed file system.
    • VMware ESXi, an industry-leading, built-in hypervisor allowing for faster, pain-free deployments.
  • Flexible enough to meet any needs. Whatever you need from HyperFlex, there’s likely a deployment option to meet it. Options include:
  • Around-the-clock data optimization. HyperFlex guarantees your business is always getting the most out of its resources. It does this through:
    • Data deduplication that is always on, across all storage devices connected to the system, e.g. SSD, HDD. Memory efficiency is optimized by storing frequently used data in tiers where it can be quickly called up when needed.
    • Inline compression – Like many in the hyperconverged space, HyperFlex leverages inline compression to preserve valuable disk space. However, unlike many of its peers, HyperFlex utilizes the HX Data Platform as a gatekeeper, ensuring minimal negative impact on performance.

Want to learn more about HyperFlex? Here’s how:

That’s a fly-by of just some of what HyperFlex can do. Look for more posts in the coming weeks as we dive further into this solution and the positive impact moving to hyperconverged can have on businesses in all industries.

Want to learn more about HyperFlex? Join us on April 12 for a free Cisco HyperFlex Gold Lab presented by the members of our Cisco and IoT practice area. This event will be held at the Cisco Offices in Malvern, PA. Click here to register.

Have a question you want answered before the event? You can reach our team any time at www.arrayasolutions.com/contact-us/ or through our social media presence: LinkedIn, Twitter, and Facebook.

by

Cisco’s 2017 Annual Cybersecurity Report marks the 10th anniversary of the yearly rundown of challenges facing those tasked with ensuring their employers’ digital wellbeing. This year’s report collects the insights of roughly 3,000 Chief Security Officers and security operations leaders from around the world. Surprisingly, amongst the talk of rapidly-evolving, high-tech threats, are a few re-emerging, “old school” headaches.

Let’s review the 2017 Annual Cybersecurity Report – and dig in to eight stubborn security questions it answers.

  • What is the business impact of a data breach? When cyber security fails, the rest of the business will feel it. As such, cyber security belongs under the umbrella of organizational concerns as opposed to an IT-only issue.

By the numbers:

– 22% of those who have dealt with a cyber attack say it cost them customers

– 29% of those who have suffered a cyber attack say they lost revenue due to it

– 23% of business who have suffered an attack have lost opportunities as a result

  • How seamless are other organizations’ security environments? The answer here appears to be “not very.” Many organizations have taken a patchwork approach to cyber security. For all of the benefits of having the expertise of multiple vendors, more connections means more potential gaps and integration issues, which cyber crooks will be only too happy to exploit.

By the numbers:

– 65% of organizations have security environments that contain more than five products

– 10% of organizations utilize solutions from more than 21 different vendors

– Roughly 55% of organizations have security environments built on solutions from more than five vendors

  • Is spam up or is it just me? It’s not just you. Cisco’s threat researchers have observed spam levels hitting highs not seen in almost a decade. Cyber crooks have also gotten good at diversifying their tactics to better their odds of escaping filters and reaching inboxes, putting an even greater emphasis on end user awareness training.

By the numbers:     

– Almost two-thirds of email sent is spam

– Between 8% and 10% of spam messages are classifiable as malicious, according to Cisco’s team

– Two popular techniques employed by cyber crooks trafficking in the spam area are:

Hailstorms – In these attacks, attackers send out a tremendous flurry of DNS queries in a very condensed time frame in an effort to catch anti-spam systems unaware.

Snowshoes – This style is more sustained, taking place over weeks, while the number of DNS queries are kept low enough to avoid detection.

  • I want a more secure environment. How can I get it? The best answer? Best-of-breed solutions blended with executive buy-in and regular end user training. Standing between security pros and that ideal? Frequent sore spots, including talent and budget shortfalls, as well as compatibility issues.

By the numbers:

– 35% of security pros point to budget constraints as their biggest obstacle. This could hint at a need to explore more budget-friendly cloud migrations moving forward.

– 28% put the blame on compatibility issues. Of course, this is something that can be overcome by streamlining those increasingly-complex security environments we covered earlier.

– 25% blame talent shortages. To solve this challenge, businesses may want to explore options such as automation or collaborating with a Managed Services provider.

  • I’m not investigating 100% of alerts. Should I be worried? Wayne Gretzky once said, “You miss 100% of the shots you don’t take.” If he was a cyber security guy, he might have said something like “You miss 100% of the threats you don’t investigate.” Either way, many organizations lack the modern tools or the manpower to investigate every red flag, possibly further necessitating an exploration of the above remedies.

By the numbers:

– Organizations are, on average, only able to investigate 56% of the security alerts they receive each day

– Of the red flags investigated, 28% are legitimate threats

– Less than half (46%) of legitimate alerts are corrected

  • What function can I least afford to lose due to a breach? Cisco’s Annual Cybersecurity Report can’t answer this question. Instead, it’s up to security pros and the businesses they support to answer it. However, Cisco’s report does provide some insight into the functions most likely to feel the sting of a breach.

By the numbers:

– 36% of respondents said Operations is the function most likely to be affected by a public breach

– 30% said that honor goes to Finance

– 26% felt Brand Reputation would be most affected

  • How long can I afford to be without my network? Here’s another question raised by the report but best left to security pros and the organization as a whole to answer. If pressed, we’d guess most businesses would be of the mindset that the sooner their network is running after a breach, the better. Both this question and the one above regarding functions are worth discussing as part of any security strategy.

By the numbers: 

– 45% of outages last in the 1 to 8 hour range

– 20% last between 17 hours or longer

– In 39% of breaches, 31% or more of network systems are impacted

  • Should I be more concerned about Adware? Malware and ransomware may grab all the headlines, but there is another “ware” IT pros should keep an eye on: Adware. Cyber crooks have found ways to hijack legitimate advertising initiatives, instead using them to spread malicious applications. Not only should IT be aware, but team members must educate end users about the risks, as well.

By the numbers:

– Adware infections plague 75% of the businesses surveyed

– More than 40% of Adware incidents involve ad injectors, making this the most popular method

– Slightly under 40% of Adware incidents involve downloaders, making this the second most popular method

Where to turn for Cyber Security help

These are just some of the questions raised and answered by Cisco’s 2017 Annual Cybersecurity Report. Want to talk more about the report? Have a question about your business’ cyber security needs? Arraya is ready to help. Our Cisco and Cyber Security teams have the skills and experience necessary to foster conversations and look into each of the above questions – and more – and find/implement the answers businesses need to stay safe.

Visit: www.arrayasolutions.com/contact-us/ to start a dialogue with our team today.

Arraya is also reachable via social media: LinkedIn, Twitter, and Facebook. Be sure to follow us to stay updated on our latest company news, industry insights, and the latest exclusive learning opportunities we have on our calendar.

by

Securing data typically isn’t the primary strategic objective for most companies. Security can be expensive, time-consuming, and – to some people – even boring. Instead, the driving force behind
many security investments is compliance. In some cases, it’s a law or an industry regulation compelling a business to act. Other times, it’s a potential partner or customer who, as a prerequisite of doing business, necessitates a security investment. In either instance, compliance is the “stick” behind security. While any investment in security is better than no investment, compliance-based motivation can leave open dangerous gaps.

What Compliance Really Is

I’m a firm believer in a strong security compliance program. To stay in business, you have to follow the law. However – and this might make me unpopular with my auditor friends – I do not believe meeting all regulatory requirements mandated by law necessarily correlates to “being secure.”  To me, being “compliant” means you’re doing all of the things the government or another regulator requires you to do and nothing more. Does that strengthen your security posture? Maybe it does and maybe it doesn’t.  You can meet every single checkbox requirement for a typical cyber security audit and still be completely susceptible to a breach.

A recent cyber security law that came out from the NY Department of Financial Services is a perfect example. This law stipulates that covered entities must “provide regular cyber security awareness training for all personnel.” That sounds straightforward and well intentioned in theory. In practice, I can comply with that requirement simply by having each employee read and sign a one-page document on what they should and should not be doing. Did I comply with the law? Absolutely. Did I actually provide any additional protection? Not at all, but I checked the box and the auditor is happy. So, it’s entirely possible to follow the rules without actually providing any additional protection.

What Security Really Is

To me, security is all the things you do that actually protect data, and no all-encompassing regulation is going to cover that. If you reconsider my last example around training, you can see how forcing every employee to read and sign a document complies with the law but provides no protection. What if, instead, the training program included simulated phishing attacks, interactive questions on real and fake links, social engineering exercises, and an actual administrative enforcement arm that holds offenders accountable? Now you’ve got a control with some teeth.

You can apply this line of thinking to just about any regulation. Compliance means your network devices write to a log file. Security means you actually have a method of triggering alerts on those logs and responding when the activity level is suspicious. Organizations focused solely on compliance will delegate ownership of the annual audit to someone as an additional duty. Organizations focused on security have dedicated individuals assigned to manage the program and integrates them into business operations. Neither is wrong per se based on a company’s strategy, but it’s important to understand the difference.

Harmonizing Security and Compliance

The terms may be different, but, the good news is, you can do both! I find the best approach is to use compliance as the justification to executive leadership for investing in real security. If you can tie a critical control to a regulation, you’re more likely to get it funded. For example, identifying malicious activity on the network is one of the most important aspects of an effective incident response plan and good security housekeeping. Most executives won’t spend the money on software and tools for centralized logging and event correlation based only on the fact that it’s more secure. Instead, you can pitch that solution under the umbrella of how it complies with the NY DFS Cyber Security Law Section 500.15 that requires a covered entity have “internal processes for responding to a Cybersecurity Event.” That project has a much better likelihood of approval when it’s marketed as a compliance need because everyone wins. Executives feel justified that they’re not throwing money away and IT feels like their voices are being heard. The key is to approach security and compliance as complementary functions.

Embracing security and compliance go hand-in-hand

Arraya’s Cyber Security Practice has the real world experience necessary to help business implement security and compliance solutions and initiatives that have teeth. Open up a dialogue today by reaching out to our team at: www.arrayasolutions.com/contact-us/. They can also be contacted through any of our social media pages: LinkedIn, Twitter, and Facebook.

by

I’d like to start this blog entry with a disclaimer – I am certainly not advocating that you are going to stop all malware threats by installing antivirus software. I’m not even suggesting that traditional signature based antivirus software will block 50% of the malware out there. What I’m saying is that, when used correctly, endpoint protection software can significantly reduce the likelihood of compromise. Typically antivirus software is installed in “set it and forget it” mode which is why it’s so ineffective.  Listed below are 5 ways endpoint protection software is often misused and how to better utilize it: 

1. You’re Not Looking at the Logs

While antivirus software may not catch everything, it will catch a lot and it’s important that you’re looking at the threats it’s stopping. Are the same people getting flagged all the time? Is it the same malware all the time? Can you see a pattern where malware is suddenly appearing on multiple machines? These alerts tell a story and it’s usually tied to user behavior. Logs can point you toward whether the bad stuff identified is getting in via email, web browsing, or both. These types of investigations can also lead to other security concerns the antivirus didn’t catch. You can use the data to determine who the high-risk users are and address the problem at the source. If you’re ignoring the logs though, you’ll never be able to take preventative action.

2. You’re Not Blocking Removable Media

Walk around your facility. How many people are charging their phones via USB on their work computer? Every time you go to a trade show or conference, there are tables of USB drives that anyone can pick up for free. The typical users aren’t thinking about the threat these devices pose to the overall network. Blocking these devices from connecting to PCs reduces the threat footprint. The logs also tell a story about who the troublemakers are. You can then whitelist the USB drives that are authorized and log when they are used. This data can be critical in identifying who may or may not have used removable media to steal data from your systems.

3. The Host-Based Firewall is Disabled

Managing a host-based firewall for PCs can be difficult, particularly because you never know what ports, protocols, or software updates each computer or application needs in order to operate normally. In that instance, for the most part, default settings are acceptable. On servers, however, you should know exactly what the communication requirements are and block everything else. For example let’s assume someone does gain a foothold into the network and starts trying to run discovery scans to identify live resources. In many cases, a host-based firewall can block those requests so an attacker can’t find them. These controls serve as a critical layer of additional protection in the event someone gets past the first layer of controls, and can provide data around what’s trying to connect to a machine that shouldn’t be.

4. Application Whitelisting is Turned Off

In fairness to most administrators, application whitelisting can be a nightmare to implement. It involves hashing all of the files on a company’s standard image and only allowing those files to run on the computer. From a security perspective, this can be hard to crack because you’re only allowing what you know to be authorized to execute on the machine. An executable file trying to run that wasn’t on the initial secured imaged would be blocked. Furthermore, each time you patch the PC you will need to update the application whitelist for each patch, on each piece of hardware. Get this process right and you have a valuable way to protect PCs and get data on what’s trying to execute that shouldn’t be.

5. Communication is Ineffective

Think about what happens when your endpoint protection system does stop malware. Typically, the default settings on the software message will trigger a pop up box that reads “Device DellPro-2341 has detected exploit CVE-123-2017 and quarantined the file. Click here for more info.” Or, in some cases, nothing at all will pop up. That messaging doesn’t really strike fear into the hearts of your users. Contrast that with a message that reads “Hey buddy! That email attachment you opened infected our network with malware – we’re subtracting $100 from your next paycheck!” You may not be able to use that exact language, but at least take advantage of the teachable moment. Even better, have someone call them as soon as it happens. When system users know they are being watched and will be held accountable for their actions, they are less likely to plug in that iPhone or click on that YouTube video.

Where to turn for an endpoint security assist

Need a hand better securing your endpoints against today’s cyber threats? Have a different cyber security issue on your mind? Arraya Solutions’ Cyber Security Practice is here to help. They can be reached at www.arrayasolutions.com/contact-us/. Or, feel free to get in touch with Arraya directly trough our social media presence: LinkedIn, Twitter, and Facebook.