Arraya Insights

by

Want more insight into the way people move throughout your facility? What about a way to increase the level of engagement between visitors and your organization? If either of those objectives passengers-motion_mkc1wjauare on your radar, then Cisco’s Connected Mobile Experiences (CMX) Cloud should be there as well. CMX Cloud makes use of the wireless infrastructure you already have to bring your organization and guests closer together.

CMX Cloud is the “as-a-service” version of Cisco’s CMX 10.2 software. This cloud-based solution automatically detects visitors by way of their wireless-enabled devices as they come within range of Cisco access points. Once it identifies a visitor, the access point pushes that data to CMX Cloud, which then translates it into a visual interface. From there, the organization can monitor visitors’ tendencies and reach out to them with personalized offers and information.

Still unsure whether CMX Cloud is something that could benefit your organization? Let’s dive in and explore it further.

Building stronger relationships with guests

CMX Cloud can be divided into three actions:

  • Detect – This is the first step in the process. As described above, it occurs as a visitor approaches a business’ site. If they’re carrying a device which emits a Wi-Fi or Bluetooth low energy signal, it will alert the Cisco access point to the user’s presence, moving things on to the next step.
  • Connect – Once a visitor has been detected, they will be offered the chance to connect to the business’ wireless network. Should they decide to connect, they can do so through a customized access portal. This portal can be adjusted to reflect the branding most relevant to a visitor’s location – helpful in the event of multiple tenants sharing a building. CMX Cloud’s drag and drop functionality makes it so no coding experience is needed to design the portal.
  • Engage – After a visitor has logged in through the portal, that’s when the real work of relationship-building can begin. Organizations are able to direct context-aware experiences to connected visitors. This can include things like special offers tailored to a visitor’s history or which are based on his or her location within a facility.

Running alongside (and in some case, powering) those three activities is one additional operation: CMX Cloud’s Analytics. This feature uses the customer’s device to determine who they are, where they are, where they go, and their history with an organization. It executes this in real time to shed light on visitor habits, allowing the organization to make adjustments to logistical features such as staffing or marketing to ensure peak efficiency.

A lone Cisco access point is all that’s required to take advantage of some of these features. However, gaining access to CMX Cloud’s full location tracking capabilities requires a wireless environment that was designed with that in mind. This includes access points located throughout the perimeter of the facility.

Free trial: See what CMX Cloud can do for you

Think the data and connectivity of CMX Cloud could benefit your business? Cisco is willing to let you try it free for 60 days to see its value live. Since it’s cloud-based, there are no onsite tools to deploy if you are running the current software. To start your trial, all you need to do is head to https://cmxcisco.com/ and follow the prompts. Once CMX Cloud has been downloaded, you’ll need to point your wireless controllers to the CMX Cloud server and you’ll be off and running.

If you’d like to learn more about CMX Cloud or wireless architecture in general, our Networking team is ready to help. Visit us at www.arrayasolutions.com/contact-us/ to start a conversation. Or, catch up with us on social media: Twitter, LinkedIn, and Facebook. Be sure to follow us to stay on top of our upcoming special events, as well as our latest blog posts and industry insights.

by

For the last several years, the trend in the networking space has been consolidation. A quick flyby of the landscape shows businesses are in search of greater mobility. As such, those organizations iot-cityhave begun to see wireless connectivity as a key piece of their business strategy. However, they’re not looking to cut the cord either. Factor in increasing customer interest in cohesion among their connectivity providers and that leads to the wave of consolidation we’ve seen among vendors who do one or the other.

The latest example of this industry-wide push to consolidation took place in late October as Extreme Networks finalized its purchase of Zebra Technologies’ wireless LAN business for $55 million. This comes after a deal in the Spring saw Brocade purchase wireless-provider Ruckus for $1.5 billion. Such deals have dotted the tech landscape over the last several years.

The benefits and risks of an industry in motion

Ultimately, it makes a ton of sense to go with a single-source, tightly-integrated wired/wireless LAN solution. While that’s the type of solution that can spring up as a result of these mergers, the instability of the environment does present some risk.

Here are four issues churned up during M&A scenarios that businesses should consider before committing to a wired/wireless vendor.

  • Covering the same ground. Overlapping portfolios lead to difficult decisions for companies as they go through the M&A process. Should two companies offer a similar product, the decision on which one to cut is bound to leave some customers in the lurch.
  • Lack of a migration roadmap. If a product your business uses is deemed expendable, what comes next? As that solution is ramped down, what’s the specific plan for moving customers who chose to stick around to the surviving offering? This includes accounting for the other solutions you use, which tie-in to the one that’s getting cut.
  • De-emphasis of former specialties. It’s certainly helpful to have a vendor who knows your industry, its rules, and its common care-abouts. All that can change if the acquiring company has a different vision in mind. If so, the resources who know the most about your industry may not factor into post-merger plans.
  • Failing to address pre-existing gaps. Mergers or acquisitions typically mean an influx of new talent or offerings into areas that were once deemed shortcomings. However, a lone merger may not address every such gap. This could be a clue that the vendor doesn’t place a high value on that area. Or, it could mean even more changes by way of mergers or acquisitions are coming.

Finding solid ground in the WLAN space

An integrated wired/wireless solution is valuable – but so is stability. Cisco offers both. Cisco was one of only two companies named to the “Leader” section of the 2016 Gartner Magic Quadrant for wired/wireless LAN access. Cisco’s vision and its ability to execute on that vision are wrapped in a level of stability uncommon to the space, even among its fellow Leaders. Cisco’s indoor/outdoor solutions offer the best of both wired and wireless connectivity, enhancing performance, security, and ease of use, mixed with a minimal total cost of ownership.

Ready to start a conversation about Cisco WLAN, or networking in general? Our award-winning Cisco Practice is ready to work with you to understand your goals and formulate the best strategy to help you achieve them. Simply reach out to Arraya at: www.arrayasolutions.com/contact-us/ to open up a dialogue.

Arraya can also be reached through our social media presence. If you haven’t already, be sure to follow us on Twitter, LinkedIn, and Facebook to keep up with our blogs, industry insights, and exclusive special events.

by

Two members of Arraya’s leadership team recently made the journey from our corporate HQ to San Francisco, CA for Cisco’s Partner Summit 2016. This yearly, invite-only event brings together man-with-a-headacheCisco partners from around the world to network, discuss strategies, and get a look at the new technologies waiting on the horizon. Upon their return, our leadership team members had plenty to share concerning digital transformation, new licensing models, and, of course, cybersecurity.

One cybersecurity update in particular from the Partner Summit that caught our attention was the AMP for Endpoints announcement. This news acknowledged many organizations are going about building malware defense strategies the wrong way. The way people connect to their business, their coworkers, and perform the basic functions of their job have all modernized while defense strategies haven’t always followed suit.

That’s how you end up with figures that indicate, on average, it takes organizations more than 100 days to detect a threat in their environment. Think of the amount of damage cybercriminals can inflict with a more than three-month-long head start.

How will deploying AMP for Endpoints pay off?

So how does AMP for Endpoints help alleviate this? Let’s go through four common endpoint security issues – and study how AMP is capable of solving them.

  • Solutions that only face outward. Obviously the ideal is to keep threats on the outside looking in. But what happens if a threat breaches a company’s outer defenses? Cue the flashback to that 100-day figure. AMP for Endpoints does both. It works to repel threats while also monitoring the interior, across endpoints, for suspicious activity in case something should get in.
  • Attackers outpace defenders. Cybercriminals are able to change tactics quickly, often leaving cybersecurity pros struggling to keep up. AMP for Endpoints is supported by Cisco’s Talos group, which uses global big data tactics to detect and catalogue threats as they emerge. That information is stored in a detailed history of malware types and behavior patterns which is then relayed to AMP for Endpoints in real time, effectively leveling the cybersecurity playing field.     
  • Limited endpoint coverage. End users aren’t connecting to the business in a uniform way. Everyone has their device type of choice and this has opened up a wide array of possible attack vectors for cybercriminals. AMP for Endpoints addresses this by covering devices running Windows, Mac OS, Android, and more, ensuring user flexibility without sacrificing security.
  • Security at the expense of performance. There are few better ways to undermine the credibility of a security solution than if employees start to see it as a hindrance rather than a help. If technology fails to perform at the same levels it did before a cybersecurity solution was deployed, their complaints could hit close to home. AMP for Endpoints is SaaS-based, meaning with the help of AMP’s lightweight connector, it performs checks in the cloud and not on devices themselves, resulting in no negative impact on performance.  

Cancel out cybercriminals’ head start

There’s no doubt 100 days is far too long for a threat to go unnoticed and unaddressed. AMP for Endpoints functions as part of Cisco’s larger cybersecurity architecture to shrink that time frame down to something much more acceptable. It does this by coordinating data across the Cisco cybersecurity solutions that make up that architecture, including, but not limited to, the entire AMP family. The result of this synchronized knowledge-sharing effort is a time to detection (TTD) rate that drops from more than three months to less than three minutes in almost 92% of cases.

Arraya’s award-winning Cisco Practice has helped businesses from all industries architect and deploy highly-secure, intelligent solutions. No matter where your business is on its cybersecurity journey, our team has the knowledge and experience to help.

Open a dialogue by visiting: www.arrayasolutions.com/contact-us/. Our team can also be reached through social media: Twitter, LinkedIn, and Facebook.

by

Lately it has been hard not to notice news about accounts being hacked. The number of major companies that have been hacked has grown extremely long. When an average person hears about Detail of a woman typing rapidly on a laptop keyboard.hacking, images of people hiding in the shadows with laptops, rapidly typing lines of code and fighting firewalls come to the front of their minds. As security professionals all know, most hacking attempts are started not with a full on assault, but with a simple email. That carefully designed email imitates some service a user might use and asks for something as simple as verifying an account. Once the user has fallen prey to that, it is all over. The user’s account is compromised. That first step establishes a foothold for hackers to make their way into an organization.

So how can you protect against this? Security training is a good place to start, but it can only be taken so far. By now you have probably heard the term multifactor authentication, and if you are using Azure AD and Office 365, you may have even turned it on for the cloud. For those who don’t know, multifactor authentication protects user accounts by requiring an additional form of identification before the user is granted access. The user is prompted not only for their password, but for a security token that is provided to them using a text message, phone call, or a mobile app. This ensures that even if a hacker obtains the password, they will not be able to login without the token.

With the flip of a switch, Office 365 can enable multifactor authentication for cloud. That’s great if you don’t have any on premise applications, but what about your VPN, your existing web applications, or your RDP gateway? Azure Multifactor Authentication Server has the answer.

Azure MFA Server is an on premise application that can be installed to bring the power of Azure AD to your data center. Users are added directly from Active Directory using a simple search query that can be set to automatically add new users. Users will then receive an email with details on how to register for MFA. Users can then setup exactly how they want to receive the token. They can choose between text messages, phone calls, or even mobile app authentication using the Microsoft Authenticator app. All of these choices can be tailored by the administrator to meet the needs of your organization. For example, given the recent news that NIST no longer considers SMS authentication as a secure form of identification, you can easily block your users from selecting that mode. The MFA server gives you access to customization options that allow you to form the perfect policy for your users.

Multifactor Protection can be added to multiple sources.

RADIUS Proxy

By setting an application to use RADIUS authentication using the MFA Server, any requests for authentication will be sent through the MFA Server. The user will be required to provide a second form of authentication before the login attempt can be processed.

IIS Web Applications

IIS servers can be added to MFA Server so that any existing websites running on that server will automatically have the security of multifactor authentication.

ADFS Farms

If you are currently using ADFS to authenticate users to applications other than Office 365, you can easily add multifactor authentication via a plugin to ADFS. You can then add protection to any application you want through the ADFS admin console. Users can do first time registration through ADFS rather than having to use the MFA portal.

LDAP Authentication

Any application that uses LDAP to authenticate can be pointed directly at the Azure MFA server to take advantage of all of the features.

Let us help you realize your cybersecurity vision

Whether your organization chooses to use Office 365 multifactor authentication to protect your cloud identities, or the powerful Azure Multifactor authentication server to protect your data center, any chance you have to make your business less appealing to cyber criminals is worth taking. Arraya Solutions’ award-winning Microsoft Practice is ready to help your business get started. Our team will work with you to analyze your environment, create a plan, and deploy the solution you need to achieve your cybersecurity goals.

Ready to start a conversation? Visit www.arrayasolutions.com/contact-us/ to get started. We’re also reachable through social media: Twitter, LinkedIn, and Facebook. While you’re there, be sure to follow our accounts to stay in the loop with all of our latest insights, news, and events.

by

Troubleshooting Cisco IP phone registration issues. The project sounded easy … at first. By the time I was finished, I realized things aren’t always as easy as they sound. Just allow me to narrate error_f1-ytsvdmy experiences for you.

I happened to engage with one of our customers for a new cluster installation and to migrate some of the phones. As usual, per the best practices, I built the cluster and set the enterprise parameter “Prepare Cluster for Rollback to pre 8.0” for a smooth migration. That way I wouldn’t have to fight the ITL, CTL certificate issue.

The plan was to get the TFTP IP Option 150 changed for the production cutover, so the phones would be migrated over to the new cluster without any complaints. As a test process, I had the alternate TFTP IP applied to the new cluster & registered an IP phone that was configured using the BAT tool. It was registered. Everything was hunky dory to that point, but it wouldn’t last.

Next, I picked up a 7962 phone from the existing production cluster and deleted it from there. Then I manually added that phone in the new CUCM and, just like that, the registration failed. I received an error that read “Registration Rejected” and the phone still showed the Unified CM addresses as the existing production cluster. It showed that even though the alternate TFTP server was set. Hence, for some reason, the phone didn’t clear the configs from the previous registration. I performed a factory reset and yet the issue remained. The initial log analysis and checking didn’t reveal any evidence and everything seemed fine from the first glance. My engineer mind told me to take a deep breath and then dive into the logs. While looking at the phone console logs, I noticed a weird message (shown below):

 

4004: NOT 06:58:26.583489 JVM: Startup Module Loader|cip.cfg.h:? – ====>123Config handleTftpResponse, status=20 for file=ram/SEPB000B4D9B628.cnf.xml

4005: WRN 06:58:26.584933 JVM: Startup Module Loader|cip.xml.au:parse – Encoding Updated to UTF-8

4006: WRN 06:58:26.586363 JVM: Startup Module Loader|cip.xml.au:  – XML Parser Warning: Unknown element ‘portalDefaultServer’ in element ‘/device’ (line=4)

4007: ERR 06:58:26.587867 JVM: Startup Module Loader|cip.xml.au:  – XML Parser Exception: null (line=6)

4008: ERR 06:58:26.589281 JVM: Startup Module Loader|cip.cfg.h:? – ERROR PARSING CONFIG file:ram/SEPB000B4D9B628.cnf.xml

4009: NOT 06:58:26.606517 JVM: Startup Module Loader|cip.cfg.h:? – Config processConfigNoError() result code=CONFIG_FILE_BAD_FORMAT

 

I then tried pulling the phone’s config file (below) from the CUCM TFTP server to check on line 6.

 

<device  xsi:type=”axl:XIPPhone” ctiid=”54″ uuid=”{ea3a8c84-9e44-7cdc-3bed-f09965ecdf0a}”>

<fullConfig>true</fullConfig>

<portalDefaultServer>CUCMTCS01.corp.com</portalDefaultServer>

<deviceProtocol>SCCP</deviceProtocol>

<sshUserId>administrator</sshUserId>

<sshPassword>???V??u?
</sshPassword>

 

This was the SSH password from the device configuration that’s being auto populated from the FireFox web browser used. It was also adding the IP phone from the Saved Logins for the CUCM Admin username & password.

When I tried from the Internet Explorer web browser and applied the config file with blank SSH User/Pass, the phone came up and registered.

That’s how my so-called simple IP phone registration issue ended up taking a fairly significant amount of time to solve. However, the important thing is, it did get solved!

Happy troubleshooting.

by

If you’re in the market for some practical experience with the latest in virtualization technology, look no further than VMware’s Hands-on Labs. These labs let you get your hands dirty working810-9234-563 with solutions in categories such as SDDC (software defined data center), hybrid cloud, and end user computing. As for cost, Hands-on Labs should fit easily into any IT budget as they’re completely free and open to anyone, whether they’re a current VMware customer, partner, or just an interested observer.

In order to attend, all you need to do is visit hol.vmware.com, pick the technology and the scenario you want to try, and then register for it. From there, you’ll enter the digital lab and get going.

Ideal Hands-on Lab attendees can wear a lot of different hats. They can be someone training for a VMware certification. They can be an admin just hoping to refresh his or her skills or learn about a new technology. Or maybe they represent a company trying to determine whether a proposed solution is the right fit. Whatever the motivation for participating, Hands-on Labs can provide a tremendous amount of value.

Getting acquainted with VMware’s Hands-on Labs

Here a few things you can expect from a Hands-on Lab:

  • A real environment – Demos presented as “hands-on” are often not as immersive as one might think. In some cases, these labs are little more than highlighted areas telling attendees where to click on a screen and when. VMware’s Hands-on Labs are the real thing. They drop attendees into an actual demo environment, allowing them to take control over their learning experience. This environment can even be “broken” should the attendee make a mistake. But never fear. That’s exactly what it’s meant to do. It’s a real, but safe, environment.
  • Contains the latest tech (and the classics) – VMware Hands-on Labs allow users to get acquainted with many of VMware’s newest offerings. However, older technologies are also available in the archives section. This is particularly helpful for someone looking to compare a new version against an older one. It’s also good for someone just being introduced to the topic and looking to build up his or her knowledge. Beyond the VMware tools, many of VMware’s partners are also represented there, giving participants access to an even wider range of educational topics.
  • Open but also guided – We’ve already covered how Hands-on Labs are real, open environments. However, attendees won’t just be plunged in without help. The labs have a guide located on the right-hand side of the screen. Users can follow along with these guides every step of the way, should they so choose. However, if they’re only looking to work on one piece of a process, for example: deploying a VDI environment, attendees can skip ahead to that section. They can also double back and explore an earlier section of the guide later. Again, in so many ways, the experience is up to the attendee.
  • The freedom to come and go – Hands-on Labs come with a pre-determined time limit, however, it’s flexible. Attendees are allowed to extend the limit up to 8 times in case they need more time to complete their objectives. Also, if something pressing comes up mid-Lab, attendees can leave and come back to it later. When they do return, they’ll find everything just how they left it, so they won’t have to start over.

Hands-on labs for the whole team

While typical Hands-on Labs are a solo endeavor, the option exists to make them a team effort. Instead of going it alone, attendees can partner with up to 19 others per lab with VMware’s HOL in a Box offering. The lab may be the same, but the experience is totally different.

One interesting way to use HOL in a Box would be to connect members of an organization’s team with a subject matter expert – like someone from Arraya’s Virtualization Practice. This situation becomes a truly interactive classroom session where the expert can guide attendees through the course, answering any questions that come up as they go. If you’d like to schedule an HOL in a Box with a member of our team, reach out to us at www.arrayasolutions.com/contact-us/.

Also, be sure to follow us on social media: Twitter, LinkedIn, and Facebook. This will keep you up-to-date on all of our latest blog posts, upcoming special events, and industry insights.

 

by

Five short months are all that remain until Exchange Server 2007 goes end of life. As the April 11, 2017 expiration date for Exchange extended support nears, businesses still using it face a fork in surprised-employeethe road. They can assume the risks of using outdated and unsupported technology and press on with Exchange 2007 (not recommended), or they can make the jump to a more modern, more secure email and scheduling solution.

Modernizing is the correct move and there are plenty of options open to businesses looking to do so while staying in the Exchange family. Although, not all of these options are equal. For example, something like Exchange Server 2013 is certainly a viable upgrade possibility. However, that solution is already three years into its life cycle, meaning it’s three years closer to its own end of support date.

Let’s take a closer look at another option, one which may make more sense for businesses looking to say goodbye to Exchange 2007 before next April.

Making the move to email by Office 365

Mobilize your workforce by giving them access to the Office applications they count on, no matter where employees are located – or what device they’re using. In addition to providing access to essentials such as Word, Excel, and PowerPoint, Office 365 also delivers email and calendar services via Exchange Online.

Businesses which elect to go with Office 365 (and Exchange Online), will gain access to the following capabilities:

  • Advanced Threat Protection secures end users against threats known and unknown lurking in their inboxes. It can be licensed specifically for higher-risk end users whose credentials and access might be highly-coveted by cyber criminals or it can be deployed across an organization. This tool will automatically quarantine emails as they come in and scan attachments for threats, while still allowing users to read and act on the text of the message.
  • Hands-free inbox management support through features like In-place archive and Clutter help protect users against email overload. In-place Archive feature complements the 50 GB of mailbox space built-in to Exchange Online by giving users an unlimited secondary or “archive” mailbox. Older messages are automatically archived, where they can be accessed by users on an as-needed basis. Meanwhile, Clutter applies machine-learning to inbox management, enforcing rules which support employee work habits.
  • A familiar user experience which comes through Exchange Online’s ability to connect with supported versions of Outlook. This is also true for users accessing their account through a web-client. This makes for a more user-friendly experience that enhances productivity. Exchange Online further delivers on this by providing an easy plug-in model for third party web apps. In addition, Exchange Online also lets users gain access through the Outlook app for iOS and Android devices.
  • Enhanced user collaboration which comes from the ability to save files directly to OneDrive for Business and then link to those files from within Outlook. Exchange Online also works with Office 365’s Groups feature, which ensures the right people are able to access and collaborate on shared files. Exchanged further enhances collaboration with its shared calendar feature, taking the hassle out of managing the logistics behind working as a group.    

The email solution and support your team needs

Office 365 isn’t the only option businesses have, but its multifaceted nature puts it near the top of the list of the most compelling. With the clock ticking on Exchange Server 2007, don’t hesitate to reach out to our award-winning Microsoft team to start talking about the future of your business’ approach to communication. Our team excels at working with businesses to find the method that best fits their needs. Once deployed, our Managed Services team can handle management, reducing the strain on your onsite IT team.

Visit www.arrayasolutions.com/contact-us/ to open up a dialogue today. Or, feel free to reach out to us through social media: Twitter, LinkedIn, and Facebook. While you’re there, follow us to keep up with our latest company news, special events, and learning opportunities.

by

National Cybersecurity Awareness Month, or as it’s also known, October, is typically a big deal here at Arraya. Sure, cybersecurity has really come to dominate the technology conversation year-chess-and-target-concept_fk1biswdround, however, there’s nothing wrong with giving it a little extra attention for 31 days. All month long, we’ve posted stories on our blog and on social media about topics we believe can further the overall cybersecurity conversation. As the National Cybersecurity Awareness Month festivities come to a close, we do have one last trick up our sleeve.

Today, we’re proud to release our 2016 Cybersecurity Tactics Snapshot. This white paper is the first of its kind from Arraya Solutions. It has its roots in the idea that one of the most effective ways to defend against cybercrime is to learn from the experiences of others. With that in mind, we put together a survey we hoped would shed some light on what works and what doesn’t when it comes to security for businesses.

We distributed this survey to attendees of our 2016 Tech Summit back in June. This day-long educational event brought together IT professionals from a wide sampling of different industries, including healthcare, manufacturing, higher education, and more. The diverse group of industries was appealing. So too was the idea of, in many cases, hearing from the folks positioned directly on the frontlines of their organization’s cybersecurity efforts.

Once we had our data, we began sorting through it to see what it told us about the state of cybersecurity. We crunched the numbers, analyzed the deeper meanings, and, when we were finished, we had a document we believe can prove very beneficial in today’s IT climate.

Some of the more interesting tidbits we uncovered are:

  • How confident organizations are overall in their ability to withstand a cybersecurity attack
  • How often organizations should review their cybersecurity policies in order to feel highly confident in their ability to bounce back following a security incident
  • The frequency in which organizations should review their cybersecurity policies with end users in order to feel highly confident in their ability to recovery quickly from a security incident
  • The effect that a data breach can have on a business’ cybersecurity strategy once the dust has settled
  • The percentage of organizations who say they have suffered a data breach or incident in the past 12 months – and the severity of that incident

Keeping cybersecurity goals top of mind

One of the main takeaways from our 2016 Cybersecurity Tactics Snapshot? A best-of-breed approach to cybersecurity doesn’t solely refer to deploying the latest and greatest technology solutions – although that is certainly part of it. That same energy must be applied to developing and adhering to internal policies, which keep cybersecurity top of mind for all facets of the business.

As we mentioned above, National Cybersecurity Awareness Month may be over, but that doesn’t mean the conversation has to end. Be sure to check out our full 2016 Cybersecurity Tactics Snapshot. Then, start a dialogue with our security team by visiting: www.arrayasolutions.com/contact-us. Our engineers are well-versed in helping organizations assess their existing cybersecurity environment, spotting weaknesses, and architecting solutions capable of going toe-to-toe with the methods favored by modern cybercriminals, including ransomware and malware.

Arraya – and our team – can also be reached through social media: Twitter, LinkedIn, and Facebook. Stop by, send us a message, and follow us to keep up with all of our latest blogs, special events, and industry insights.

by

Cybersecurity is complex and it’s only getting more so each day. This is true of the methods used by cybercriminals to break in to corporate networks and of the methods used by businesses to keepImage of laptop at workplace and businessman relaxing in office them out. While there may never be such a thing as highly-simple and highly-effective cybersecurity, there is a way to make talking about it less daunting – especially if the folks across the table aren’t techies.

Cisco SAFE provides a framework businesses can use to guide their cybersecurity efforts and conversations. For IT pros, this five-step approach can help them better understand how a company’s various internal elements work together. For those on the business side, they’ll be spared from exceedingly-technical cybersecurity discussions and can instead be pointed directly at the benefits. When taken together, these improvements can lead to better organizational decisions.

Let’s dig in to Cisco SAFE more deeply to determine why this structure is already being used by leading organizations to more thoroughly secure themselves against attacks:

Step 1: Identify organizational goals. It may sound 101, but it’s important to make sure everyone in the room has the same targets in mind. Only after a cybersecurity mission statement has been drawn up and agreed upon can the organization move ahead with full confidence.

Step 2: Chop the organizational network into pieces. Say one of the goals discussed above is something like “securing the corporate network.” That’s a big, nebulous concept. Cisco SAFE understands that and so the next step is breaking it into smaller, more manageable use cases. For example, providing secure onsite wireless for guests, securing the devices road warriors count on to do their jobs, etc.    

Step 3: Determine criteria for business success. Once the network has been subdivided in Step 2, the conversation must turn to which of those use cases is most critical to the success of the business. So, using our examples from above, while secure guest access likely isn’t a top priority, securing the mobile devices of frequent business travels might be.    

Step 4: Categorize risks, threats, and policies. Next on the agenda is making a list of the biggest threats to the organization succeeding with a cybersecurity goal – as well as its current policies. This can shed light on soft spots or even uncover possible conflicts between a proposed solution and existing policies. Combing these points with the criteria for business success creates a well-rounded picture of the organization’s cybersecurity environment.

Step 5: Building the security solution. With that picture of its cybersecurity environment in hand, it’s time for the organization to build its ideal security solution. Cisco’s SAFE method splits this step up into three distinct phases: Capability, Architecture, and Design.

– Capability Phase – During this phase, businesses must determine what, if any, security capabilities are needed to address the list of compiled concerns. This phase may determine new solutions are needed or the business may just need to re-purpose a solution it already utilizes.

– Architecture Phase – In this phase, those cybersecurity capabilities need to be laid out in a logical workflow. Each capability should be positioned to reflect where it would be if it were securing an actual process. This makes visualizing the makeup of a security environment easier.

– Design Phase – The final phase requires actually designing the security environment itself. This calls for including specific models, interfaces, etc. Even though this map will be more technical in nature, it’s traceable all the way back through the business cases discussed during earlier steps in the SAFE approach.

Cybersecurity made easier with SAFE

The Cisco SAFE model is an excellent way to get your organization thinking differently when it comes to today’s most-critical IT topic: cybersecurity. Also, it can be vendor agnostic. The Arraya team is well-versed in the latest cybersecurity solutions and can walk you through the SAFE process to find the options that fit your unique needs.

Ready to start a conversation around cybersecurity? Reach out to us at: www.arrayasolutions.com/contact-us/. We can also be reached through our social media presence: Twitter, LinkedIn, and Facebook. Be sure to follow us to keep up with our latest company news, special events, and industry insights.

Follow along with our month-long series celebrating National Cybersecurity Awareness Month.

by

Today we live in a post-information age. One where people and businesses are driven to a new way of communicating, working, and well… living. A large amount of the credit for this change can Identity targetbe attributed to the internet and apps, both web and mobile.

Convenience was a big driver for the success of these applications. It’s almost frightening to think about all of the things we had to do manually 10 years ago and how much time they ate up.

The way applications have transformed the banking industry and the way people interact with it is a perfect example. Paying bills and balancing a check book used to be a painful chore that took hours and issued a fair amount of paper cuts. Now it’s a few clicks and quick glance at last month’s transactions.  And that’s if you didn’t fully automate all of your bills. Does anyone remember deposit slips? Banks apparently still print them.

Banking is just one example.  Shopping, keeping in touch with old friends, finding new music, and even finding love. The list goes on and on for the use of applications and the time they save us. But what is the one thing that all of these applications have in common? Identity – via user accounts and passwords.

Each of us has a long list of applications that we access in both our personal and professional lives. Talk to any security professional and the recommendation is to have a different password for every single application. This advice is great in theory, but it really is not practical with the amount of applications we need to access. The majority of us have one password for all of our applications. This poses a huge security risk because the truth is that our entire lives are linked to these applications.

So how do we solve this problem as a business? Implement more complex password rules? That’s an approach that traditionally has encouraged more passwords being hand written on post-it notes. How about increasing password change frequency? This is nice but now your help desk’s call volume has increased with the amount of lockouts being generated because people can’t remember which password they are using in their rotation. News flash: A rotation of passwords is equally as bad as never changing your password!

These and other similar approaches are all centered around making the use of passwords more secure.  But in technology’s current progression, passwords are simply no longer as effective.

We are in a time where identity means everything to us. With this dependence on identity, comes malicious opportunity. Anything that has value to us, becomes a target for thieves. The news has been riddled with security breaches all based around stealing identities. High profile breaches such as Target, Sony, Home Depot, or Yahoo have all involved stealing identities. Security professionals in many industries are looking for new ways to secure identities as a result.

Take credit cards for example. You probably have been issued a new credit card in the last year or two that now has a chip inside it. Why is this? The traditional stripe technology is too easy to breach. Card readers are readily available that will read all the critical information associated with the credit card with a simple swipe. This allows a malicious waiter who takes your card at a restaurant to go back behind the bar and swipe it on their device. They can then use the information to actually duplicate your card. The new chips in cards encrypt this same information which makes it exceptionally more difficult to duplicate your card. In a few years, magnetic stripes will be completely phased out and we will all be safer for it.

Microsoft is taking a similar approach to enhancing the way we access our devices and applications with Windows 10.  With Windows Hello, Microsoft has made identity the new boundary for the network and is supporting solutions around it.

Windows Hello brings intelligent biometric verification to our devices. We can log on with a glance of our face or a swipe of our fingerprint. Some devices even support iris scanning. The old password stalwart is still on Windows 10 devices, but who knows for how long? With Microsoft opening up the Hello APIs to web applications, biometrics may take center stage more and more.

Another innovation around identities is Microsoft Passport for Work. This technology takes identity security a step further by tying credentials to the TPM chips inside your devices. Think of how smart cards work.  This technology is very similar to having smart card authentication.  Hello and Passport technologies coupled together effectively deliver a seamless two factor authentication for people to access corporate data and applications.  This method of authentication is leaps and bounds more secure than passwords alone while providing a non-intrusive end user experience.

The focus on identity doesn’t stop there either. These are just some of the great new features with Windows 10. There is even more Microsoft is doing to protect identities as more and more data moves to the cloud. Look for a blog on this subject later this month as our Microsoft National Cybersecurity Awareness Month series continues.

If you are interested in hearing more about Microsoft’s security story and learning why perimeter protection is no longer enough, please reach out to the Arraya Microsoft Practice at mssales@arrayasolutions.com.