Arraya Insights

by

VMware Explore 2022 took place during the last week of August, offering new perspectives, experiences, and communities. Throughout the four-day conference, there were a number of important and exciting announcements made that highlighted breakthrough innovations that will help organizations better manage their workloads, no matter where they are running.  

In case you weren’t able to attend, we’ve rounded up the announcements you don’t want to miss

Here’s the latest from VMware Explore 2022: 

Run, Manage, and Secure Enterprise Apps More Efficiently with the Release of VMware vSphere 8 & vSAN 8 

VMware’s popular compute and storage solutions offer new innovations to further provide consistent infrastructure with value-added capabilities.   

  • Introducing vSphere 8  

vSphere is VMware’s enterprise workload platform. As multi-cloud becomes the dominant deployment model, many enterprises choose to run mission-critical workloads on-premises.  

This most recent version of vSphere 8 will: 

  • Supercharge workload performance 
  • Lower TCO 
  • Accelerate innovation for DevOps teams 
  • Improve operational efficiency & IT productivity 
  • Bring the benefits of the cloud to on-premises architecture  

With the introduction of vSphere 8, the newer classes of hardware accelerators, like DPUs, are being brought in to offload and accelerate infrastructure functions, freeing up CPU cycles to run workloads. This will result in: 

  • Up to 20% CPU cores saved while achieving similar or better performance 
  • Up to 36% higher transaction rate at 27% lower latency 

This will make the future of modern infrastructure accessible to all enterprises. vSphere on DPUs will unlock hardware innovation, helping customers meet the throughput and latency needs of modern distributed workloads. vSphere 8 will also drastically accelerate AI and machine learning and expand Kubernetes capabilities to include multi-availability zones for improved resilience.  

  • Introducing vSAN 8 

vSAN is VMware’s enterprise-class storage virtualization software that provides the easiest path to HCI and hybrid cloud.  

With the release of vSAN 8, customers can expect breakthrough performance and hyper-efficiency. This new release will showcase Express Storage Architecture (ESA) which will introduce a new log-structured file system, a write-optimized log-structured object manager, and a new object format. 

These changes will lead to enhanced:  

  • Performance  
  • Storage  
  • Efficiency  
  • Data protection 
  • Management  
  • Resilience 
  • Agility  

Customers can expect up to 40% lower TCO and enhanced data compression with up to 4x greater efficiency. This latest innovation will help customers take advantage of the benefits of the latest generation of hardware to run mission-critical workloads at the highest level of performance and efficiency.  

VMware Cloud Foundation+ Will Enable Greater Operation Efficiencies & Easier Management  

VMware’s Cloud Foundation efficiently manages VM and container-based workloads with VMware’s multi-cloud platform to deliver the benefits of the cloud to on-premises, full-stack HCI deployments.  

This newest version of the cloud-connected architecture is built on vSphere+ and vSAN+ and will enable customers to gain greater operational efficiencies through easy management of VM and container-based enterprise workloads across hybrid and multi-cloud deployments.  

This will streamline maintenance windows and provide immediate access to new features and cloud services.  

VMware Cloud for Hyperscalers Provides New Capabilities for VMware on AWS to Accelerate Cloud Transformation  

The new capabilities in the jointly engineered VMware Cloud on AWS service and the broad availability of VMware Cross-Cloud services on AWS Marketplace help customers accelerate moving VMware workloads to AWS where they can take advantage of a more modern and secure infrastructure.  

Once in the cloud, customers can expect significant savings by optimizing resource utilization, better workload availability, and better protection against today’s threats.  

These new capabilities will improve flexibility, performance, and ROI with 46% faster cloud migration and a 57% reduction in TCO. 

Next Steps: Catch Up on the Industry’s Go-To Event on All Things Multi-Cloud 

To dig even deeper into 2022’s VMware Explore event, there are a number of resources available. With the VMware Explore Video Library, viewers can dive into over 100 on-demand technical sessions and session recordings from this year’s event.  

To learn more about vSphere 8, vSAN 8, VMware’s Cloud Foundation, and more, contact an Arraya expert today to start a conversation.   

Visithttps://www.arrayasolutions.com//contact-us/ to connect with our team now.     

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.     

Follow us to stay up to date on our industry insights and unique IT learning opportunities.   

by

https://soundcloud.com/user-166960433-952960141/application-modernization-security-implications-and-considerations?si=993e5ab191d64d8cba864c02b924bae1&utm_source=clipboard&utm_medium=text&utm_campaign=social_sharing

Digital transformation has become an essential step for businesses looking to advance in their industry and remain competitive. For the many businesses who are considering or have already started their migration to the cloud, the journey doesn’t stop there. The next phase, the application modernization process, is where the true benefits of digital transformation lie.

A main consideration when embarking on the app modernization journey is security. Every business has a certain security model that will need to be enforced and often reported on for compliance, among other reasons. Without an OS, engineers need to reevaluate how to secure their applications.

In this episode of the Arraya Insights podcast, Chris Bovasso, Director of Application Services, and Mike Piekarski, Enterprise Security Architect, discuss the security implications and considerations of the application modernization process. They highlight that when it is done correctly, not only can businesses maintain their security posture, they can do so better and more efficiently.

Related Content:

On-Demand Access: Application Modernization Virtual Series

Contact:

Chris Bovasso, Director, Application Services: cbovasso@arrayasolutions.com

Mike Piekarski, Enterprise Security Architect: mpiekarski@arrayasolutions.com

by

Businesses face few risks today as dangerous as cybercrime. While cybercrime is nothing new, it’s reaching unprecedented levels of damage as businesses grapple with unrelenting attacks and the rising costs associated with them.  

IBM Security recently released its annual Cost of a Data Breach Report, which is conducted by the Ponemon Institute.

Now, the average cost of a data breach has reached $4.35 million.  

Several factors have been contributing to rising cybercrime. The start of the COVID-19 pandemic in March 2020 forced millions of workers to log-on from home for the first time, stretching the capacity of many businesses’ remote capabilities and security. This, coupled with the increased attacks that fed on fear and confusion, created the perfect storm that hasn’t slowed since.  

In this blog, we’ll highlight our key takeaways from this year’s Cost of a Data Breach Report, both the good and the bad.  

The Bad News: The Threat Landscape is Getting Worse 

It should be a surprise to no one that the cyber threat landscape is bleak. These attacks are now affecting everyone and evolving so rapidly it’s difficult to defend against them. While highlighting the bad news can be daunting, it’s important to discuss just how serious these threats have become. 

  • In the last two years, the average total cost of a cyber-attack increased 12.7%, up from the $3.86 million reported in 2020 to the current $4.35 million.  

As the frequency and severity of breaches grow, a number of industries are being hit the hardest. For the 12th year in a row, the healthcare industry was number one with an average cost of $10.10 million. After healthcare, the financial, pharmaceuticals, technology, and energy industries rounded out the top five with the highest average cost.  

The most common initial attack vector today is stolen or compromised credentials, making up 40% of all attacks.  

  • 83% of organizations studied have had more than one data breach.  

This has been dubbed the “haunting effect” as these victims are likely to be hit twice.  

  • 60% of organizations’ breaches led to increases in prices passed on to consumers. 

Cyber incidents are contributing to the rising costs of goods and services. 60% of businesses raised their prices due to a breach which only adds to the inflation and supply chain issues we’re all facing globally.  

  • 45% of breaches were cloud based.  

The cost of a breach that occurred in the cloud will vary, depending on the type of cloud. For hybrid cloud environments, the cost is the lowest at an average of $3.80 million. This is significantly less than the average cost in a private cloud, which is $4.24 million, and a public cloud, which is $5.02 million. Organizations with a hybrid cloud model also have a shorter breach lifecycle.  

  • 62% of organizations said they are not sufficiently staffed to handle their security needs. 

Security teams with a skills shortage faced higher-than-average costs of a data breach. The hot job market has made it increasingly hard to find and hold onto IT talent. This has forced employers to get creative and turn to on-demand IT resources to address their needs.  

  • 79% of critical infrastructure organizations didn’t deploy a zero trust architecture despite the recommendations made by the White House in 2021 

This includes financial services, industrial services, technology, energy, transportation, communication, healthcare, education, and public sector industries. As these industries are a prominent target for threats, attacks on critical infrastructure affect the various businesses and other industries that rely on them.  

The Good News: Security Methods Are Working 

The statistics surrounding the threat landscape can feel daunting. However, these should be used as motivation to act and protect your business. There are security methods that can better protect your organization and many of these will have a large impact on the outcome of a potential attack.  

  • Fully deployed security AI and automation saved an average of $3.05 million, versus those with no security AI and automation.  

This includes technologies that depend on AI, machine learning, analytics, and automated security orchestration. In addition, the number of organizations adopting these security technologies increased in 2022 by 5%. 

  • Organizations with XDR technologies identified and contained a breach 29 days faster than those without, resulting in lower-than-average data breach costs.  

44% of the organizations in the study have implemented XDR capabilities.  

  • The average time to identify and contain a data breach decreased by 10 days, falling from 287 in 2021 to 277 days, which ultimately results in lower costs.  
  • Organizations with an incident response plan that is regularly tested saved $2.66 million on average.  

73% of organizations have an IR plan in place and 63% reported their IR plan is regularly tested.  

  • The average breach cost for those with a mature Zero Trust approach is $1.51 million less than those with early adoption of Zero Trust.  

However, only 41% of organizations reported that they had deployed a Zero Trust architecture. 

  • Those with robust cloud security practices faced an average of $660k less in costs than those without sound cloud security practices.  

Further, those lacking security required an average of 108 more days to identify and contain a breach than those applying consistent security patches across their cloud environment. 

Next Steps: Get on the Offense of Your Cyber Security 

Yes, the cyber landscape may seem bleak. Cyber events are on the rise, costs are trickling down to every consumer, and it can be difficult to find the manpower to address security needs.  

However, the key takeaway here should be this: While cyber events remain a momentous concern, there is a way to fight back. There are many methods in which businesses can take their cyber security from good to great and these steps will have a direct impact on your organization’s ability to prevent and recover from an attack.  

Just as threats are consistently evolving, cyber best practices and the latest security tools are also difficult to keep up with. Cyber security isn’t something you can simply check off your list. It’s an ongoing journey. 

To learn more about improving your organization’s cyber security position, contact one of our Arraya experts today.  

Visithttps://www.arrayasolutions.com//contact-us/ to connect with our team now.     

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.     

Follow us to stay up to date on our industry insights and unique IT learning opportunities.  

by

The future of modern business is in the cloud. Cloud-based applications provide increased flexibility, scalability, and cost-savings. To take advantage of these benefits, many businesses and enterprises heavily rely on two of Cisco’s most popular offerings: Meraki, Cisco’s cloud-management network offering, and Catalyst, Cisco’s brand of access switches to manage their environment 

These two offerings have very different, but necessary use cases. Previously, IT administrators had to manage Meraki and Catalyst separately from two individual platforms, resulting in double the work.  

In Cisco’s continued efforts to bring the benefits of cloud managed networking to the masses, Meraki and Catalyst have now been integrated.  

Upon this integration, users will now be able to perform cloud management for Catalyst switches within their Meraki dashboard. This news will likely excite network engineers everywhere who are seeking to take advantage of a single pane of glass management tool. This integration will provide enhanced visibility and control without the need for additional manpower.  

The integration of Catalyst and Meraki is a big step forward in reducing the complexity of cloud computing.  

Additional Cisco Catalyst Integration Capabilities 

As Cisco continues its efforts to revolutionize the enterprise edge, there are additional Cisco Catalyst integration capabilities users can take advantage of.  

The Cisco Catalyst 9000 series offers the most widely deployed switches in enterprise campus and branches. These switches provide critical software innovations to address the Cisco customer’s growing requirements across security, mobility, IoT, and cloud services.  

In addition to Catalyst’s recent integration with Meraki that we outlined above, there have been three additional cloud integrations that provide reliable customer experiences at scale:  

  1. ThousandEyes 

This software provides a 360-degree view of your internet and WAN, browser synthetics, end-user monitoring, and internet insights. A system of intelligent agents are hosted on Catalyst 9000. These perform cloud-based monitoring of connectivity across the LAN and WAN.  

  1. Cisco DNA Spaces  

This cloud-based location services platform provides the vital link between the data available in your physical space and the insights that help you create a workplace that is safe, smart, and seamless.  

The integration of the DNA Spaces IoT gateway on Catalyst 9000 switches created the first unified wired and wireless indoor IoT platform.  

  1. Cloud Managed DDI with NS1 

This solution provides a software-based service that delivers DNS, DHCP, IPAM, and traffic steering. With NS1, applications connected with users and devices at the distributed edge to enable enhanced application performance. This solution delivers scalable network services on premises, at remote branch locations, in the data center, and across cloud platforms.  

NetOps and DevOps teams can easily integrate network services into their development and operations workflow.  

Next Steps: Build an Agile Networking Portfolio 

Cisco’s latest offerings continue to provide the unmatched power of the cloud while reducing complexity. Unifying Catalyst, the #1 offering in networking infrastructure, with Meraki, the #1 offering in cloud managed networks, provides users with the capability to manage the full spectrum of their operational models.    

With the right partner, you can confidently evolve your IT strategy to meet today’s changing demands. This will allow businesses to incorporate the many benefits of cloud computing without impacting the ability to deliver services to end users.  

To learn more about Cisco’s latest offerings, contact your Arraya account executive today.  

Visithttps://www.arrayasolutions.com//contact-us/ to connect with our team now.     

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.     

Follow us to stay up to date on our industry insights and unique IT learning opportunities.  

by

Despite inflation and growing fears of a potential recession, the U.S. job market hasn’t cooled off. As of June 2022, the U.S. Bureau of Labor Statistics reported that there were 10.7 million job openings and employers added 528,000 jobs in July alone.  

The competition for talent continues, particularly in the IT market, as workers benefit from the abundance of job openings. The demand for IT talent in particular is making it difficult for businesses to staff these critical roles and find the right skillsets to meet their needs.  

There are a number of ways employers can manage their IT workload amid this talent shortage. In this blog, we highlight Managed Security Service Providers (MSSPs) and how this type of partnership can help organizations fill skills gaps, manage cyber insurance, and stay secure.   

What Does Managed Security Provide? 

Not every business has the capacity and technical skills to address the changing exposure of its environment and compliance regulations. With the committed partnership of a MSSP, businesses have direct access to security experts who can support their security efforts.  

An MSSP partnership can provide: 

  • Vulnerability scanning: Vulnerabilities need to be proactively sought after and addressed before hackers can exploit them.  
  • Vulnerability remediation: Any discovered or known security weaknesses or flaws must be remediated immediately.  
  • Patching: The process of patching your toolset can be tedious and this is often required by various government regulations and industry standards. Further, it’s important that processes are in place to ensure that each patch is completed successfully.  
  • Managed defense tools: This proactive solution actively hunts for threats for immediate remediation to prevent threats from impacting your business.  
  • Monitoring and alerting: Install, configure, manage, and alert on endpoints, applications, and dependencies. Leverage customer thresholds or automated dynamic (learned) performance and anomaly detection.  
  • Optimization: Gather data on internal and cloud spend and understand optimizations to reduce reoccurring costs and improve ROI.  
  • Incident response: Even the most robust defenses may fail and mitigating the damages of a successful cyber attack means responding fast. A proactive incident response strategy can reduce the impact of an attack.  
  • Training & awareness: Human error continues to be a considerable weakness for businesses, especially as social engineering and ransomware attacks rise. Routine and thorough awareness campaigns and training sessions are critical in keeping your employees up to date.  

For businesses considering outside expertise to help better secure their environment, a Managed Security Service Provider can add significant value.  

Why You May Benefit from Working With a MSSP 

Cyber security is a challenge for businesses due to its ongoing nature. Threats are constantly evolving, cyber security tools are changing to respond to these threats, and there are always new compliance regulations that could affect your industry and business.  

Cyber security isn’t a single box to be checked but a round-the-clock effort.  

In addition to the talent shortage, here’s how a MSSP can help address some of the most pressing challenges that businesses are facing: 

  • Security tools are complex 

Security tools are constantly changing to keep up with the evolving threats they’re up against. These tools are often some of the most complex in the industry. The administrators of these tools need to both have the expertise to use them appropriately and have continuous, dedicated time to ensure the system is healthy and running appropriately.  

These two parts must work together: both the tool and the administrator of the tool, to ensure success.  

You may have the right tools in place, but without the right admin the investment in that tool could be wasted and you could still be at risk. Further, these tools can trigger a high volume of alerts. Your admin should be able to tune out the “noise” and appropriately prioritize and respond to these alerts.  

  • Cyber insurance costs are rising 

As cyber attacks increase, with ransomware specifically causing significant payouts, cyber insurers are tightening their belts. Insurance rates are rising, and the coverage limits are being reduced. Insurers are pushing businesses to harden their defenses. While there is no question that rates will continue to rise, businesses should aim to maintain their coverage limits where possible.  

Recent changes in cyber insurance procedures have made the process of both getting coverage or renewing coverage arduous. Insurers require additional documentation and that extensive questionnaires be answered throughout the process that many businesses may struggle to provide.  

In addition, this documentation could be audited in the future. If the documentation you provided is not correct or true (whether intentionally or unintentionally), your claim could be denied despite having an active insurance policy.  

If your business lacks foundational security principles such as MFA and backups, your business could be denied coverage altogether. When you have a third-party contractual agreement with a cyber insurer, your business now has contractual obligations that must be followed.  

Overall, your business must ensure you have the right skillsets available to protect your business and ensure you’re responding appropriately to any rules and regulations.  

Next Steps: Find the Right Expertise for Your Cyber Environment 

Today, cyber security goes beyond a firewall or antivirus software. Your cyber security practices affect your organization as whole on many different levels.  

At Arraya, our managed services team works closely with each customer to understand their industry and specific business needs. Our team members undergo a rigorous selection process to ensure every client receives the highest level of attention and service, which is why we’re named on the CRN MSP 500 list year after year.  

To learn more about our MSSP services, check out this recent episode of the Arraya Insights Podcast: Managing Cyber Security – When Does an MSSP Make Sense? 

Visithttps://www.arrayasolutions.com//contact-us/ to connect with our team now.     

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.     

Follow us to stay up to date on our industry insights and unique IT learning opportunities.    

by

Workloads are everywhere.  

Businesses today have workloads running in multiple clouds, both private or hosted by third parties, as well as on-premises, which can be spread out across different locations, data centers, or edge sites. These various locations create more work for IT teams as they must work in silos and lack total visibility. This makes software lifecycle management, day-to-day tasks, and security complicated.  

VMware recently announced Project Arctic which is the next step of vSphere’s evolution in the multi-cloud by introducing vSphere+ and vSAN+. As many vSphere users still have on-premises deployments, Project Arctic seeks to provide the benefits of the cloud while leveraging an existing on-prem environment and toolset.  

vSphere+ and vSAN+ will bring the benefits of the cloud to on-prem, without the need to make changes to existing workloads or hosts.  

With vSphere+ and vSAN+ IT admins and developers have the capability to build, run, manage, and secure traditional and next-gen applications to: 

  1. Increase productivity with admin services by enhancing operational efficiency through a central Cloud Console 
  1. Accelerate innovation with developer services by transforming existing virtual infrastructure into an enterprise-ready Kubernetes platform 
  1. Transform on-prem infrastructure with the benefits of cloud integration 

The Pros & Cons of an On-Prem Environment 

There are still many reasons to maintain an on-prem environment. The pros include locality, data privacy, data security, low latency, reliable performance, and predictable costs. 

It’s easy to see why many businesses continue to value their on-prem workloads. However, an on-premises or private infrastructure does have significant disadvantages as well, including: 

  • Inability to take advantage of innovations available in the cloud 
  • Difficulty managing workloads as they’re spread out across infrastructure siloes/multiple operating models 
  • A lack of toolsets necessary to enable developer velocity/modern applications for underlying infrastructure resources 

VMware’s new vSphere+ and vSAN+ bring together the best of both worlds by delivering the benefits of the cloud to your on-premises workloads through high-value cloud services for IT admins and developers.  

Introducing vSphere+ 

vSphere+ is a multi-cloud workload platform. This platform combines virtualization technology, a Kubernetes environment, and cloud services to transform existing on-premises deployments into SaaS-enabled infrastructure. vSphere+ helps organizations streamline managements, enhance productivity, and accelerate innovation.  

vSphere+ offers: 

  • High-value cloud services and innovations 
  • Centralized management 
  • Capacity to run for all workloads 
  • Runs on-premises 

As these new capabilities can be accessed through SaaS, this relieves maintenance burdens while fast tracking new enhancements. Developers can provision infrastructure easily, just as they can in the public cloud, and services can be consumed when needed and easily increased as demand increases.  

Introducing vSAN+  

vSAN+ is VMware’s new hyperconverged infrastructure (HCI) offering. This extends vSAN’s capabilities to deliver cloud-connected services to help IT admins centralize management and enhance the efficiency of their vSAN environment.  

vSAN+ builds on the benefits customers receive from vSphere+ and Project Arctic.  

This solution will: 

  • Run on any standard x86 server 
  • Pool SSDs/HDDs into a shared datastore 
  • Deliver enterprise-grade security, scale, and performance 
  • Manage through per-VM storage policies 
  • Connect to the cloud for enhanced IT productivity and cloud services 

vSAN+ can connect all vCenter instances to VMware Cloud so users can see their entire HCI estate for efficient management and increased security. In addition, vSAN+ customers will be able to access the rapidly expanding availability of cloud services.  

Next Steps: Streamline Your Application Management 

Through VMware, both the vSphere+ and vSAN+ solutions can be purchased through a flexible subscription plan which is helpful for those who have been adopting SaaS and subscription consumption.  

VMware continuously seeks to deliver the most complete set of solutions to build, run, manage, and secure your applications with consistency across on-premises, public clouds, and edge environments.  

To learn more about vSphere+, vSAN+, and VMware’s Cloud solutions in general, reach out to an Arraya expert today.  

Visithttps://www.arrayasolutions.com//contact-us/ to connect with our team now.     

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.     

Follow us to stay up to date on our industry insights and unique IT learning opportunities.  

by

At Cisco Live! 2022, the company announced WAN Insights, the newest innovation for the ThousandEyes platform which can provide network forecasts and SD-WAN recommendations to optimize user experience across enterprise sites. 

What is ThousandEyes? 

ThousandEyes is a network intelligence platform that was acquired by Cisco in May of 2020. The heart of the ThousandEyes platform is synthetic monitoring probes deployed in your environment (Network, Cloud, Internet) that report back to a SaaS-based cloud service. Common network tomographic points are analyzed such as loss, latency, BGP advertisements, and SNMP device polling to visualize your environments, digital experience, and performance.  

Figure 1 – ThousandEyes Network Visualization 

There’s an emphasis with the product on application performance. The probes that can be configured are not only at the network level but can also occur at application. These give you a 360-degree perspective on your organization’s quality of experience for business-critical applications.

You could take this further by extending ThousandEyes into AppDynamics, another Cisco owned division that specializes in full-stack application performance. This cross connect between Cisco’s different monitoring solutions has been dubbed “full stack observability,” which appears to be the trend moving forward in the industry.  

How Does WAN Insights Impact ThousandEyes? 

Utilizing Cisco’s AI/ML capabilities with predictive networks, WAN Insights is the logical extension to ThousandEyes, providing analytics, monitoring, and recommendations for WAN and SD-WAN deployments. The thought process is that with SD-WAN, policies for an ever-evolving WAN landscape (Private, Internet, and Cloud) are becoming increasingly complex.

As more sites, or application requirements get thrown into the barrel for decision making, there is a sudden need to make more reactive changes to the SD-WAN to accommodate. This can potentially risk the quality of experience for users. ThousandEyes WAN Insights addresses this by using predictive networks to analyze performance across an SD-WAN deployment to identify quality issues for a wide array of applications, even providing insights or recommendations before an issue can arise. 

Figure 2– WAN Insights Application Dashboard 

Again, the focus is on the application experience, not just the baseline of traditional network metrics (loss, latency). ThousandEyes gives an organization the ability to baseline and provide real-time metrics on the quality of experience around the applications their employees interact with daily. 

Figure 3– WAN Insights Site Summary 

With ThousandEyes WAN Insights, an organization has the ability to: 

  • Improve user experience by avoiding user degradation before it happens 
  • Verify and validate that implemented policies meet business requirements 
  • Create a perpetual improvement cycle to optimize network and application performance over time 
  • Utilize IT and operations personnel more efficiently and empower them to focus on strategic activities rather than reactive triage 
  • Develop a foundation for enabling intelligent network automation 

Next Steps: Don’t Let the Internet Be Your Blind Spot 

This innovation will help increase your visibility and security, so your business can offer better digital experiences overall.  

With WAN Insights, ThousandEyes can now forecast network conditions and provide recommendations to optimize SD-WAN performance, empowering network operators to proactively make improvements for end users. Overall, this drives productivity, resilience, and agility. 

To learn more about ThousandEyes WAN Insights and how it can benefit your organization, contact an Arraya expert to start a conversation today.  

Visithttps://www.arrayasolutions.com//contact-us/ to connect with our team now.     

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.     

Follow us to stay up to date on our industry insights and unique IT learning opportunities.   

by

Microsoft Defender for Endpoint has many available methods to deploy and manage onboarding and configurations using Microsoft Endpoint Manager (which includes Intune), and there is no shortage of capabilities surrounding the deployment methods. However, server capabilities for non-managed servers have been primarily deferred to resources outside of MEM. The options to manage servers using Microsoft Defender for Endpoint (MDE) have previously been limited to Group Policy management, Security Center group management, or manual approaches to onboarding a cloud-based Server class OS. 

To change this, Microsoft announced the release of Defender for Servers earlier this year. This is a consumption-based method that is enabled through your Azure subscription. This feature provides automatic enablement of threat protection and advanced defenses to your Windows Server and Linux machines that exist in Azure and multi-cloud environments managed within Azure Arc.  

Defender for Servers is offered in two plans. Plan 1 was made available in April 2022 and Plan 2 was just recently announced. In this blog, we’ll outline what each plan offers and answer the most frequently asked questions we see related to these new features.  

Comparing Defender for Servers: Plan 1 v Plan 2 

Both Defender for Server plans aim to align the integration experience between Microsoft Defender for Endpoint with Microsoft Defender for Cloud.  

With the added functionality for Microsoft Defender for Endpoint (MDE), Microsoft’s Defender for Server plans broaden your protection capabilities with more options to onboard Azure managed servers. While both plans include a selection of vulnerability discovery and management tools for your machines, we’ll outline what’s available in Plan 1, along with the extensive new features to expect in Plan 2.  

Microsoft Defender for Servers Plan 1 deploys Microsoft Defender for Endpoint to your servers, along with the following capabilities: 

  • Licenses are charged per hour instead of per seat, lowering costs for protecting virtual machines only when they are in use  
  • Deploys automatically to all cloud workloads so that you know they’re protected when they spin up  
  • Alerts and vulnerable data from Microsoft Defender for Endpoint is shown in Microsoft Defender for Cloud  

Microsoft Defender for Servers Plan 2 includes all the benefits of Plan 1, in addition to the following: 

  • Security policy and regulatory compliance 
  • Log-analytics: 500 MB are provided for free 
  • Vulnerability assessment using Qualys: Provides real-time identification of vulnerabilities in your Azure and hybrid virtual machines 
  • Threat detections: OS level, network layer, control plane 
  • Adaptive application controls: Provides an automated solution for defining allowlists of known-safe applications for your machines, including security alerts should an unsafe application run 
  • File integrity monitoring: Examines files and registries of operating systems, application software, and others for changes that may indicate an attack 
  • Just-in time VM access: Locks down the inbound traffic to your VMs to reduce exposure to attacks and provides easy access to connect with VMs when needed 
  • Adaptive network hardening: Provides recommendations to further harden the NSG rules using a machine learning algorithm to allow traffic only from specific IP and port tuples 

With Plan 2, Microsoft has aligned the integration experience between Microsoft Defender for Endpoint (MDE) and both Plan 1 and Plan 2 of the Microsoft Defender Servers Plans. In addition, this new MDE unified solution adds Tamper Protection, EDR in block mode, improved detection capabilities, and more.  

Frequently Asked Questions 

What servers can this capability manage?  

Windows Server 2012R2 and 2016 OS’s that are Azure VMs or Managed systems within Azure Arc, for multi-cloud, multi-platform support.  

How do I onboard devices that are non-managed?   

The use of this feature would require the Defender for Server Plan licensed in Azure, then it is automatically installed and enabled with base functionality.  

How does this feature enable server protection?   

To apply configurations to an unmanaged endpoint that needs a cloud dependency, the Server object will have to be in Azure AD as an Azure VM or managed within Azure Arc. The installation is automatic based on licensing.  

By default, Plan 2 is selected when you set the Defender for Servers plan to On. However, this can be changed at any point.  

Where do I enable this feature? 

It is enabled by default with the license activation. If the license was activated previously, you will see the following: 

It can be found under [Subscription Name]>>Security>>Environment Settings>> [Subscription Name]>>Enable unified solution . 

Note: An active subscription with the Defender for Server Plan feature previously licensed is required to view. If this button in not present, then the conditions are enabled by default when you activate the licensing after June 20, 2022 . 

Next Steps: Enable Your Enhanced Security Features  

Considering today’s volatile threat landscape, it’s time to broaden your protection capabilities. Taking advantage of Defender for Servers’ enhanced security features will offer threat detection and protect your machines.  

For pricing information, visit Microsoft’s pricing page where you can apply filters to explore customized options that fit your specific needs.  

To learn more about licensing, VM provisioning, or Defender for Endpoint, contact an Arraya expert to start a conversation.   

Visithttps://www.arrayasolutions.com//contact-us/ to connect with our team now.     

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.     

Follow us to stay up to date on our industry insights and unique IT learning opportunities.     

by

Who wouldn’t love a cyber security silver bullet? Something guaranteed to stop attackers in their tracks. Unfortunately, the reality on the ground is far more complex. What works for one organization may not work for another. This is true not only of the solutions needed to build out a cyber security posture, but of the people tasked with making sure those tools live up to the hype.

For some organizations, the best approach to the all-important people side of security is building a robust in-house team of cyber security experts. For others, it makes more sense to lean on outside expertise in the form of a managed services provider. Others may even decide the right solution is a combination of the two.

This episode of the Arraya Insights podcast covers the challenges and complexities of managing and running an effective cyber security program and how, for some organizations, a Managed Security Service Provider (MSSP) can provide significant value.

Hosted by Scott Brion, Director, Cyber Security, this episode’s panel includes Mike Piekarski, Enterprise Security Architect, and Dan Abbondi, Managed Services Practice Director.

Prefer an audio format? Subscribe to our Arraya Insights Radio feed in your Apple or Android podcast catcher for an audio-only version of our podcast. Or, you can use the player below.

https://soundcloud.com/user-166960433-952960141/managing-cyber-security-when-does-an-mssp-make-sense?utm_source=clipboard&utm_medium=text&utm_campaign=social_sharing

by

Providing convenient, remote access to employees is now considered status quo rather than a bonus. As the workplace continues to shift and the dust around the pandemic starts to (hopefully) settle, remote work is going to remain. 

Corporate IT environments have never been more complex, and the security landscape is more threatening than ever. Businesses must prioritize securing their environments and reducing their cyber risk as much as possible.  

As there is no single solution that can prevent all cyber attacks, a multi-layered defense strategy is the only approach that will significantly reduce risk. Two crucial layers of this strategy are multi-factor authentication (MFA) and privileged access management (PAM). 

It’s common that these two security solutions are confused for one another. In this blog, we’ll discuss what each of these security methods do, how they differ, and how they work together to provide layered protection for your business. 

Multi-Factor Authentication (MFA) 

Multi-Factor Authentication (MFA) is a security method in which two forms of credentials (or authentication) are required prior to being granted access to an account or system. Instead of relying on a password alone, MFA goes a step further.  

The second form of authentication can take multiple forms, including a:  

  • PIN number 
  • Physical key (like a badge or keycard) 
  • Authenticator application 
  • Biometric verification (such as fingerprints, voice, or facial recognition) 

This second form of authentication makes it more difficult for an unauthorized individual to gain access. In the event they’re able to bypass the first layer of authentication, it’s less likely that they’ll make it past the second. The MFA method provides your system with two layers of proof that the individual accessing the account is who they say they are.  

In addition to restricting access to certain accounts, MFA can also restrict certain activities during specific times. While an employee may be able to log into their account late at night, they could be barred from transferring funds after hours. Or a late-night log in could require an additional layer of authentication before certain activities can be completed.  

While MFA has been around almost as long as the internet, it’s still evolving. At Cisco Live! 2022, Cisco announced their strategic vision for Zero Trust moving forward. They outlined that trust is never permanent. Therefore, they will seek to make users continuously reauthenticate themselves while maintaining seamless processes. They’re calling this Continuous Trusted Access. This vision aims to consistently evaluate both the user and device’s trustworthiness behind the scenes and apply the appropriate access experience based on the current levels of risk.  

Privileged Access Management (PAM)  

Privileged Access Management (PAM) is a locally deployed software solution that is used to “secure, control, and monitor access to an organization’s critical information and resources.”  

While MFA authenticates users to the system or network, PAM manages user credentials and determines the user’s level of access to the system.  

There are multiple forms of PAM, including: 

  • Access password management 
  • Privileged session management 
  • Vendor privileged access management (VPAM) 
  • Application access management 

A PAM system provides an organization with a way to monitor their entire network and see which users have access to what data. This specifically applies to privilege user accounts that have elevated permissions, such as administrative accounts, Microsoft Active Directory accounts, and more.  

How do MFA & PAM Overlap? 

MFA is the first layer of security and PAM is the second. Users will connect to a PAM solution using their MFA credentials. These two solutions work together by first authenticating the user and then providing the privileged access the user was seeking.  

Next Steps: Reduce Your Risk with a Layered Approach to Security 

There is no such thing as total protection against cyber threats. However, using cyber security best practices, businesses can significantly reduce their risk with a multi-layered approach to make it as difficult as possible for malicious actors.  

Whether your environment is on-prem, in the cloud, or hybrid, your security should remain a top priority.  

To learn more about PAM, MFA, and securing your environment, contact an Arraya expert today.  

Visithttps://www.arrayasolutions.com//contact-us/ to connect with our team now. 

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.     

Follow us to stay up to date on our industry insights and unique IT learning opportunities.