Arraya Insights

by

It’s true whether you’re building a house or securing IT: a tool is only as effective as the person or people behind it. Admittedly we don’t have a ton of expertise in construction. However, IT portrait of two businessmen and two businesswomensecurity tools are another story.

The topic of security has been on our minds quite a bit. So much so that we’ve dedicated a number of blog posts to the topic, including one series on Cisco’s Sourcefire and one on its ISE offering. Our goal in these posts is to lay out the features that set those tools apart and show how they can provide IT with some much-needed peace of mind. Despite our current focus on the tools themselves, we still acknowledge the person(s) using the tool must be a critically important consideration.

In our eyes, there are two main obstacles most organizations run into in this area. For some, it comes down to skill sets. They may not have someone on staff with the necessary experience to manage today’s security solutions and get the most value from them. Getting up to speed on these solutions takes time, all the while an organization could be left vulnerable.

It may also be a question of resource availability. IT has a lot on its plate already and security workloads are likely only going to keep requiring more and more attention. Supporting a growing best-of-breed solution could pull onsite IT away from other, also pressing assignments.

Whatever the case, if IT doesn’t have resources capable of supporting those deployments, then even the most cutting-edge tools may fail to meet expectations. To overcome those obstacles, it helps to have a partner in your corner who not only knows the latest security solutions inside and out, but who also understands your company’s unique needs. This is where Arraya’s Managed Services for Network Security shines.

A hybrid approach to network security 

As part of this service, you’ll gain access to our knowledgeable and experienced security experts. Our team is able to shoulder the workload associated with supporting an organization’s security effort, including by providing guidance and insight on how to best prepare for and defend against attacks.

In all of our Managed Services engagements – covering areas such as infrastructure, storage, help desk and more – our team functions as an extension of onsite IT, supplementing and expanding upon the skills of the IT pros already on staff. Whether a task is outside of the expertise of on-site IT or merely consuming too much of its time, our team can handle it.

In the case of Managed Services for Network Security, Arraya will:

  • Manage (security) zones, networks and locations
  • Inspect, block and alter malicious traffic (using intrusion detection policies)
  • Handle early detection, reputation-based blacklisting
  • Add or edit access control policies and rules
  • Provide 24×7 monitoring and alert response
  • Detect, analyze and track files (and protect against malware)
  • Generate reports for hosts, users, attacks, malware threats and overall network status

Pairing a Managed Services for Network Security agreement with an industry-leading solution like Cisco’s Sourcefire increases security without increasing the demand placed on today’s already time-strapped IT pros. This “hybrid” approach allows budget and security-conscious organizations to take advantage of an enterprise-grade technology backed by a leading team of support engineers. It’s also scalable, so it’s better positioned to address technology needs, both in the here-and-now and in the future.

Ready to learn more about the latest security offerings from Cisco or a Managed Services for Network Security partnership? Visit us at www.ArrayaSolutions.com. There you’ll find a wealth of resources highlighting the strengths of our Cisco practice as well as our Managed Services team. If you have more questions or are interested in opening up a dialogue with one of our Account Executives, go to www.ArrayaSolutions.com/contact-us.

Be sure to follow Arraya on Twitter, @ArrayaSolutions, for all the latest news, opinions and special offers.

by

How many of the calls to your help desk typically involve end user password resets? 20%? 40%? More? If you took a poll of your Help Desk, the answer would probably be a short and sweet, “Too frustrated businesswomanmany.” In our experience, password resets consume a huge chunk of the Help Desk’s time each day. Time which could be better spent on performing trending analysis and uncovering areas where IT might need to shore up its investments or focus its efforts.

The Help Desk staff aren’t the only ones feeling the pinch of the password. With periodic password expirations and complexity requirements, end users are frustrated with corporate policies. They just want to log in and get on with their day as quickly as possible. The sooner they do, the sooner they too can get back to delivering real value to the business.

Putting self-service password resets in the hands of end users is a great way to increase Help Desk and user efficiency. If you’re using Microsoft Azure’s Active Directory Premium as part of the Enterprise Mobility Suite, you can enable this self-service quickly and easily.

Four password reset options

Instead of having to put a ticket in with the help desk, end users can go to your company’s Office 365 page (https://portal.office.com) or the Access Panel (https://myapps.microsoft.com) from any modern web browser and correct the problem on their own. Once they’ve accessed the site, they’ll have four different ways (depending on what’s been enabled by IT) to prove they are who they say they are before they can perform a reset. These options are:

  • Phone Call – Users can receive an automated call directly to the number listed on their account as their work number. They’ll then need to validate via a prompt on their phone to reset their password in the browser.
  • Text Message – If users aren’t at their desk or simply prefer to handle things through their handheld device, they can choose to receive a PIN verification via text message. The PIN is used on the web browser to validate their identity.
  • Alternate email address – If users have a personal or secondary email listed on their account, they can choose to have their reset info sent to that address.
  • Security questions – Users can set their own security questions/answers which will allow them back into their account should they forget their password.

One password to rule them all

The benefits of Azure Directory Premium go beyond making the password reset process itself easier. It can also reduce the number of instances where an end user may need to perform a password reset in the first place. The result of this? Happier, more productive end users, which in turn makes for a happier, more productive company.

Azure Directory Premium does this through its Access Panel feature. This is a website users can go to and, with one username and password, access to all of the cloud-based applications they need to do their jobs. This includes SaaS apps like Workday, Salesforce, Marketo, etc. Rather than having to log in to each of those accounts individually, users only need to sign in to Access Panel. This saves the user from having to remember an endless amount of username/password combinations.

By consolidating all of these applications into the Access Panel and enabling self-service password reset, the footprint of password management has been significantly reduced. There are fewer passwords to keep track of and fewer steps – and touch points – needed to reset it.

Interested in learning more about the impact an Azure deployment can have at your facility? Arraya Solutions is a two-time winner (2014 & 2015) of the Microsoft Rising Star Award for the Mid-Atlantic region. Our team has the skill and experience to deliver a smooth Azure deployment and ensure full value is achieved throughout the life of the solution.

Want to strike up a conversation with one of our Account Executives about Azure or one of the range of other services and solutions we offer? Visit us at http://www.arrayasolutions.com/contact-us/.

Also, be sure to follow us on Twitter, @ArrayaSolutions, to stay on top of the latest industry and company news and special offers.

by

It’s no surprise given the analytical, security and mobility advantages offered by migrating to the Cloud that so many in extended care are planning to embrace it in one form or another. Cloud cloud handinfrastructure reduces costs, requires less maintenance and allows for the scalability needed to keep up with fluid organizational needs and industry regulations. There’s no doubt the returns can be plentiful, however, the path to the Cloud is rife with potential snares. Organizations who fall victim to those snares can pay the price – both in terms of the budget and the project timeline.

That’s the situation according to a study conducted by INetU and THINKstrategies on the Cloud migration experience. Specifically, it found:

  • 70% of organizations had to adjust their Cloud design in mid-migration
  • 52% had to make changes within the first six months
  • 49% said their project necessitated a budget increase within six months
  • 43% said their Cloud deployments failed or stalled

What can go wrong with the Cloud

It’s usually up to the already-swamped folks in IT to work closely with the chosen Cloud-provider to craft a comprehensive Cloud strategy, covering every part of the implementation process and after. If something goes wrong, it can result in delays and inflating budgets, two surefire ways to turn the tide of organizational support against a project and cast IT in a less-than-positive light. Also, deployment issues could compromise security down the road, possibly exposing the facility to hefty HIPAA-fines.

Where do facilities most often trip up when migrating to the Cloud? Here’s a look at six of the more common Cloud mistakes organizations make:

  • Going it alone. From the outside, getting to the Cloud can look pretty straightforward. Once facilities actually get into the process, many realize they’re out of their depth. It helps to have an advisor who’s been through the Cloud journey many times before. This resource knows where the issues are and what can be done to mitigate them. Even more importantly, in a heavily-regulated field such as extended care, it is hugely beneficial to have someone with a working knowledge of the rules and regs of the industry to avoid compliance disputes.
  • Too much, too soon. Not every bit of data needs to live in the Cloud. Even if it should end up in the Cloud, it doesn’t need to be there right off the bat. Despite that, extended care sites can get caught up in the allure of the Cloud and end up trying to do too much. That’s another aspect where having a partner with experience can make the difference. Starting small allows facilities to gain valuable in-house experience and familiarity with the Cloud before they advance to the next level.
  • Getting caught up in the here and now. Today’s needs are important, but in evolving industries like extended care, it’s critical to plan for tomorrow and beyond. Even though the Cloud is inherently scalable, it’s good to account for future growth at the start. This not only helps when it comes to choosing a service model, but it’s essential to figuring out a long-term cost structure.
  • Thinking IT first. More and more, all departments in extended care are gaining the ability to leverage traditional IT services with just the swipe of a credit card – with or without bringing IT itself into the mix. This can create a number of problems for IT, not the least of which is that, should IT roll out a Cloud tool another part of the organization doesn’t like, there’s a good chance that other department will ignore it and find one it does. The Cloud isn’t an IT-only solution. The reverberations are felt throughout the structure of an extended care facility. While gaining a consensus from finance, medical, HR and more can be tricky, it ensures organizational consistency.
  • Missing out on the voice of the user. It’s not just specific departments which can fall out of step with a solution. If users don’t like a solution, backsliding into old methods is almost inevitable. It’s important to consult with end users as well as department heads to help find a Cloud solution that checks off as many boxes as possible on wish lists. This confirms the tool IT invests in will actually be used.
  • Overlooking a disaster planning exercise. No one likes to think of the worst case scenario right out of the gate with a new purchase, but doing so can keep resident data safe and facilities out of hot water later. Determine what data needs to be backed up and where it should be housed. Taking the extra time at the start of a deployment can save plenty more down the road.

A partner who knows how to help

Altered project plans, stalled deployments, inflated budgets. Those are problems few extended care facilities can afford. The good news is, they can be eradicated by a well-rounded Cloud strategy. Crafting and sticking to a plan like that can require the help of a partner like Arraya Solutions. Arraya has a long history of addressing the IT needs of leaders in the extended care field. We’ve worked with organizations of all sizes, supporting their infrastructures and applications, whether those technologies exist on-site or in the Cloud.

The value Arraya offers goes well beyond the purchase and design phase. All of our solutions can be covered under our Managed Services. These services are designed to extend and complement the abilities of onsite IT, providing facilities with continuing access to our skilled and knowledgeable Managed Services team members. They support the entirety of the Cloud lifecycle, from enablement, planning and deployment through management.

Ready to learn more about how Arraya can help your organization reach its Cloud goals and how our Managed Services can deliver long term success? Visit us at www.ArrayaSolutions.com to access more information and to connect with an Arraya Account Executive.

In the meantime, be sure to follow us on Twitter, @ArrayaSolutions, to keep up with all of the latest company news, special offers and more.

by

For all the benefits of embracing the Cloud or virtualization – and there are plenty – doing so can open an organization up to a number of new challenges. Not enough to make Cloud or virtualization solutions worth avoiding, but challenges nonetheless. The improvements these solutions offer will likely always make them appealing to organizations. Operating those solutions Cloud Computing Key Shows Internet Data Securitysafely and effectively simply requires IT to take an amended approach to security.

Here are three common security challenges faced by organizations seeking to utilize the Cloud or virtualization:

Challenge #1: Strict regulations against public Cloud use

Many organizations are subject to stringent privacy regulations which preempt them from making use of the public Cloud. These restrictions apply even if that usage is part of a security regiment. So, take a solution like Cisco Advanced Malware Protection (AMP), which extends past “point-in-time detection” and is instead suited to take on the entirety of the attack continuum: before, during and after an attack. Some of AMP’s capabilities, such as big data and advanced analytics, are most effective when they’re delivered via the Cloud.

It seems like those regulations will keep organizations from enjoying the benefits of AMP, right? Actually, that’s not the case thanks to Cisco’s AMP Private Cloud Virtual Appliance. This appliance performs many of the same functions as a standard deployment. The main difference? Its big data analytics, policies, detections, etc. are all stored on premises.

Should an unknown threat strike, the AMP Private Cloud Virtual Appliance is able to securely connect to Cisco’s public security intelligence network to accurately identify what it’s up against. This line of communication is highly secure and anonymized to ensure the solution doesn’t fall out of compliance with public Cloud restrictions.

In addition, AMP Private Cloud Virtual Appliances are designed to grow along with the needs of the organization. Multiple appliances can be added to the environment and each supports up 10,000 connectors, allowing organizations to easily add on as needed.

Challenge #2: Inadequate post-virtualization visibility  

Part of the reason why organizations pursue virtualization in the first place is to be able to quickly make changes to their deployments based on need. However, the flexibility of virtualization solutions can make for problems. Management blind spots can be created by rapid changes to the environment’s layout or its configuration. If one of these changes is executed incorrectly by a staffer – and system management tools don’t notice the error – the organization’s network can be put at serious risk.

Cisco’s Next Generation Intrusion Protection System for VMware (NGIPSv) blends industry-respected threat protection and smart security automation with increased visibility into the virtual environment. Should a change be made to the network which results in a policy violation or a risky corporate exposure, NGIPSv can alert IT about the misconfiguration. This ensures any possible exposures are caught by IT and not an outsider who is looking to cause problems.

Since it is software-based, NGIPSv can also perform a number of tasks which a physical appliance couldn’t manage. These include:

  • being deployed in existing hardware and immediately beginning the process of monitoring traffic
  • monitoring locations which lack IT security resources
  • supervising portions of the network where it would be unfeasible to deploy physical appliances

Challenge #3: Juggling physical and virtual security

Consistency is a critical component of security. If a security approach isn’t unified across both virtual and physical environments, it makes more work for IT and could result in gaps which could turn organizations into prey for hackers.

There’s no such concern with Cisco’s Adaptive Security Virtual Appliance (ASAv). This solution brings Cisco’s renowned firewall capabilities to virtual environments. It runs off of the same software as Cisco’s physical Adaptive Security Appliance (ASA), delivering a unified, dependable approach to network security. As security needs evolve, it’s possible to grow, minimize, or relocate workloads protected by ASAv to cover both physical and virtual infrastructures.

Thanks to their shared software, ASAv is able to support many of the same features found on ASA. The exceptions in this case are clustering and multiple contexts, which can’t be handled by ASAv. It is however equipped to manage:

  • site-to-site VPN
  • remote-access VPN
  • clientless VPN functionalities

Special offer: Free security consultation 

Ready to tap in to Arraya Solutions’ long history of working with Cisco’s industry-leading technologies? Click here to set up a completely free consultation (virtual or in-person) with one of our knowledgeable and talented Cisco consultants. As our way of saying “Thanks,” all registrants will also receive an additional free gift!

To learn more about the full scope of what Arraya Solutions can do, visit us at www.ArrayaSolutions.com and follow us on Twitter, @ArrayaSolutions. Doing so guarantees you won’t miss the latest industry updates, company news and special offers.

 

by

Sometimes technology evolves gradually, other times it takes dramatic leaps that change the landscape of the industry. Examples of recent revolutionary technology leaps would be the Apple iPhone, VMware ESX, YouTube and Facebook. This year at VMworld I believe I saw several technologies that will be game-changing technology leaps.

Project Enzo

Having attended a roadmap session on Project Enzo, I can say that Enzo is going to be a game-changer for a few different reasons. It ties together a set of technologies that IDC already ranks as the top virtual desktop platform, namely the pieces found in Horizon Enterprise, as well as some new features to make deploying desktops faster and easier to manage.

 

enzp pic vmworld

Enzo will significantly reduce the high upfront effort required to plan and architect a virtual desktop environment. It also makes ongoing infrastructure maintenance, such as patches and upgrading an effortless automatic task. I predict that in several years, most environments currently running Horizon will be migrating to an Enzo environment, probably based on host and storage hardware refresh cycles. Enzo could even become the preferred deployment model for Windows 10 in the majority of business environments. More information about Project Enzo is available here: http://vmware.com/go/ProjectEnzo

Arraya plans to offer managed services and management of Enzo-based desktops and end-user help desk support similar to our existing offerings for VMware Horizon desktop environments.

Project Skyscraper

Moving to “the cloud” can be a painful and lengthy process. Some cloud providers can have SLA limitations that require you to re-architect your app for high availability, and migrating a VM to the cloud can result in a large amount of downtime. You might have to reconfigure applications to support a different IP address scheme, and your apps might break as the VM undergoes a format conversion.

Enter Project Skyscraper. Your migration to the cloud now involves a vMotion migration. Your app doesn’t go down, you don’t have to reconfigure anything, nothing breaks. This is first hybrid cloud that takes “hybrid” to a real technology and not a marketing buzzword.

unified hybrid cloud

Public cloud environments have great adoption for newly-built cloud native apps, but many IT departments are hesitant to move existing production workloads into cloud environments because of the limitations and challenges. By eliminating these limitations and challenges, the floodgates will open to wider scale cloud adoption in use cases where it just wasn’t previously feasible.

More information about Project Skyscraper is available here: http://www.virtualizationteam.com/cloud/vmware-cross-cloud-vmotion-is-another-major-milestone-on-vmware-seemless-hybrid-cloud-vision.html

Arraya can help you plan and execute your seamless cloud migration and provide ongoing managed support for both your public and private cloud environments. Contact your Arraya account rep if you are interested in having a high-level discussion or a deep dive into any of these technologies.

For a full list of technology highlights at VMWorld 2015, see http://www.vmware.com/radius/vmworld-2015-us-its-a-wrap/

by

Larger budgets and the need for better teamwork among employees are going to make Unified Communications & Collaboration (UC&C) solutions a hot topic over the course of the next three collaboration techyears. Despite the upsides and the fact that the corporate purse strings have been loosened, there are still obstacles IT will need to overcome before those conversations morph into action items.

Roughly 61% of organizations polled in the “2015 Unified Communications & Collaboration” study by IDG Enterprise said they plan to implement or upgrade UC&C solutions such as web, audio and video conferencing services and IP telephony during that three-year window. These projections aren’t dependent on organizational size as both enterprise-sized businesses and SMBs are expected to invest in UC&C in the coming years. The growth will be more significant among SMBs as 66% expect to launch a UC&C project within the next three years compared to 56% of those on the enterprise level.

As we mentioned, part of this growth will be driven by increasing budgets. About 33% of organizations in the survey expect to see their UC&C budget trend upwards. The increases won’t be overly dramatic but, on average, organizations will have an additional 9% to spend on solving their communication and collaboration challenges.

The other driving force is the gains organizations believe they will make as a result of focusing more closely on UC&C. These include:

  • Improved employee collaboration (43% of firms)
  • Increased productivity (42%)
  • Increased flexibility for employees/a more mobile workforce (33%)

Dealing with UC&C headaches 

Of course, no implementation comes without its share of issues. In the UC&C sphere, the biggest one, despite the budget increases, will still be cost/funding. About 41% of organizations named it as their top challenge. This goes to show that even though they’ll have more funds at their disposal, organizations are still going to be conscientious about spend. Rounding out the top three concerns were security and privacy (36%) and the ability to integrate a new solution with an existing infrastructure (33%).

That can be a lot for an organization to undertake on its own, however, a partnership with Arraya can help alleviate the risks, ensuring a much smoother road to achieving full business value from a UC&C deployment.

Arraya works with multiple industry-leading providers of communication and collaboration tools. We are able to use this collected knowledge and know-how to pair a customer with the solution which makes the most sense for its needs. Our team also has experience working with budgets and customers of all sizes. The result is customers get the right solution at the right price.

Those security and implementation concerns are another element which can be lessened through a partnership with Arraya. Our Managed Services function as an extension of the onsite IT team, covering areas in which it may not have the right resources or expertise. The Managed Services team has compiled years of experience working with communication & collaboration solutions and stands ready to step in and take the lead on the initial deployment of a UC&C solution. This saves customers from having to deal with the anxiety that comes with trying to get a new UC&C solution to play nicely with their pre-existing IT environment.

Our Managed Services team will also work tirelessly to ensure a customer’s UC&C solution is updated and fully-secured against external attack. Unpatched or outdated technology can give cyber crooks an unlocked back door into a network. By ensuring systems stay current, Arraya can help lay the groundwork to keep those who are up to no good at bay.

Interested in learning more about Managed Services? Visit us at http://www.arrayasolutions.com/service/managed-services/ to access case studies and data sheets detailing the extent of our Managed Services capabilities. Then, click on the Contact Us link to schedule a meeting with one of our Account Executives to start a conversation.

Also, follow us on Twitter, @ArrayaSolutions to gain access to company news, special offers and the latest industry updates.

by

Securing today’s mobile workforce is a tough job and it keeps getting tougher. As more workers push for new BYOD policies, for more mobility and for more choices in terms of the technology they Chains Joint On Smartphone Shows Secure Link And Strengthuse to do their jobs, it falls on IT to deliver on all of those wants without exposing the company to additional dangers.

One way to do so is through Network Access Control (NAC) technology. These tools provide visibility into who’s accessing the corporate network, from where and with what, while also allowing IT to ensure the right people have access to the right info. In order to mitigate the growing number of enterprise mobility risks while emphasizing the rewards, it helps to have NAC tools at your disposal that have been hailed as leaders in their area by customers and industry observers alike.

That’s exactly what you get should you decide to go with Identity Services Engine (ISE) from Cisco. ISE is a security policy management platform capable of automating and enforcing the policies and restrictions needed to protect your company’s network resources. It provides the visibility needed to defend access points and deliver the positive mobile experience users crave. ISE can also work with certain existing solutions in your environment to enhance their ability to spot and repel threats and also to repair any damage done.

ISE from Cisco doesn’t just look good on paper, it’s also won the praise of several industry-observers.

In Gartner’s Magic Quadrant for NAC, Cisco was named to the Industry Leader category. Based in part on the strength of its ISE solution, Cisco received excellent marks in both Ability to Execute and Completeness of Vision, putting it in very elite, limited company.

Gartner applauded Cisco for:

  • ISE’s ease of implementation. Some versions feature an optional onboarding module which reduces complications by eliminating the need for a third party certificate authority
  • how ISE leverages existing Cisco technology to maximize the benefit of the deployment to the organization, e.g., it can collect endpoint profiling data from Cisco switches and wireless controllers instead of needing to get that info from stand-alone profiling sensors
  • linking its security platform integration grid, pxGrid, with ISE, allowing partners to better respond to events and share contextual data (such as identity and location), all of which can be run through ISE
  • ISE’s highly customizable guest administration module

Award-winning NAC provider 

The accolades for Cisco’s NAC capabilities don’t stop there. Multi-faceted consulting firm Frost & Sullivan presented its Market Leadership Award to Cisco for its work in NAC. This award is given to companies based, among other elements, on excellence in: Brand Strength, Implementation Excellence, Product Quality and Price/Performance Value.

Cisco earned its place at the head of the NAC class, in the eyes of Frost & Sullivan, because it has:

  • been embraced by more than 7,000 customers (including half of Fortune 500 companies and 20 of the Fortune 25) who entrust the technology to manage over 32 million endpoints
  • “a generational advantage” in terms of the strategic side of network design and architecture
  • the highest likelihood to make the discoveries which improves NAC security or efficiency
  •  “a unique, institutional knowledge” in the tools that work with NAC

Tap into Arraya’s Cisco expertise

ISE from Cisco can relieve the headaches often brought on by enterprise mobility. It gives IT the ability to manage enterprise mobility efforts and secure them across the entire attack continuum (before, during and after an attack). This tool can also increase visibility, centralize network access policy management and provide a simple yet secure entry point for guests on your network.

Arraya’s Cisco team has spent years working with and implementing Cisco technologies and has developed a deep knowledge of the full slate of its products – including enterprise mobility and security offerings. Our team can use this wealth of experience to help guide you on the journey to find the right solution for your environment. Then, they can walk you through the roll out process and even help support your deployment throughout its lifecycle. Interested in setting up a free technical security briefing? Visit us at www.ArrayaSolutions.com or reach out to an Arraya Account Executive today.

Also, follow us on Twitter, @ArrayaSolutions, to keep up with the latest company and tech industry news and offerings.

by

Malware is everywhere. In fact, take the number of malware events from 2014 – roughly 170 million, according to the 2015 Data Breach Investigations Report by Verizonmalware pic – and divide that by the number of seconds in a year and the result is an average of five malware events per second.

Of course, as the study points out, while that makes for a scary figure, malware is rarely that simple. After digging in deeper to the data, the study offered a more thorough look at malware event frequency. It found half of organizations discovered malware events during 35 or fewer days during 2014.

On the surface, that’s a heck of a lot better than five malware events every single second. The irregularity of that second figure does present its own set of challenges. The biggest of which is, if companies aren’t being hit by malware on a regular basis, it’s easy for IT to lose focus on that area or let preparedness efforts start to dip.

Cisco has the high-tech solution

Today’s malware is already advanced and it’s getting more sophisticated all the time. Dealing with it requires a security system that is equally as advanced and which can handle the tough-to-predict nature of malware. In cases like those, Cisco’s line of Advanced Malware Protection (AMP) products can be the right tool for the job. AMP products are capable of defending corporate networks, endpoints, virtual environments and more. They can do so throughout the entire attack continuum:

  • Before an attack: AMP products leverage global threat intel to harden systems against known and up-and-coming malware hazards.
  • During an attack: If known malware or out-of-policy file types attempt to gain access to the corporate network, AMP products can immediately step in and deny them admittance.
  • After an attack: AMP products will continuously monitor network traffic for any signs of malware which may have snaked through the first line of defense. Anything that’s uncovered can be quickly analyzed, contained and remedied.

Cisco’s AMP offerings can secure the corporate network against threats – known and unknown.  They’re scalable enough to provide companies the ability to choose when, where and how to deploy them. Once they’re up and running, AMP solutions deliver unmatched visibility into and control of the malware detection and defense process.

AMP offerings include:

  • AMP for Endpoints
    • secures multiple endpoints (such as PCs, Macs, mobile devices and more) against advanced malware threats
    • protects endpoints whether they’re connected to the corporate network or the Internet
    • continuously analyzes systems for increased visibility
    • can be integrated with Cisco AMP for Networks to provide an even greater level of malware security
  • AMP for Networks
    • works hand-in-hand with Cisco FirePOWER appliances to offer protection against the day’s toughest malware threats
    • reduces the number of malware incidents through file and application controls, freeing IT to focus on other deliverables
    • extends protection to include favorite malware targets such as Adobe Acrobat, Java and Flash
    • automatically prioritizes high-risk incidents through assigned threat scores
  • AMP Threat Grid
    • offers near-real-time malware detection blended with context-heavy analytics
    • identifies threats by comparing suspicious activity in the corporate network against its warehouse of behavioral indicators and its comprehensive knowledge bank
    • deploys on-prem or in the Cloud to fit comfortably into the corporate IT infrastructure
    • can be fully-integrated with Cisco’s AMP for Endpoints

Up to the challenge 

Cisco’s line of AMP products are up to the challenge presented by today’s cutting-edge malware hazards. They provide the flexible, extensive protection needed to not only keep pace with, but to stay ahead of attackers.

Ready to learn more about AMP? Or are you ready to roll out innovative malware defense at your facility? Arraya’s Cisco team has the knowledge and experience to aid IT teams during each step of the process, from project planning all the way through purchase, implementation and support.

Visit www.arrayasolutions.com/contact-us/ to schedule a free technical security briefing today. Also, follow us on Twitter, @ArrayaSolutions, to keep up with all of the latest Arraya news, updates and exclusive offers.

by

IT has reported a rising number of cyberattacks over the past twelve months. While threats are on the upswing, IT has also gotten pretty good at repelling those attacks during that same period. Padlock Icon Computer Key Showing Safety Security Or ProtectedThat’s certainly good news, however, there’s still work to be done to ensure cybercriminals’ persistence doesn’t start to pay off any time soon.

Those are some of the findings included in a study conducted by Tripwire, Inc. at the Black Hat 2015 digital security conference held in Las Vegas, NV. Highlights from the study include the fact that 86% of those surveyed have seen an increase in the number of targeted threats directed at their employer’s network, leaving a mere 14% who reported no increase whatsoever.

As we mentioned, the volume of attacks may be mounting, but that doesn’t mean attackers’ success rates have followed suit. Participants in the survey were also asked whether their organizations had seen a significant increase in the number of successful cyberattacks over the past twelve months. The numbers were much closer here, but they did come out in IT’s favor as 59% said the number of successful attacks hadn’t increased while 41% said they had.

Stay secure with Cisco ASA with FirePOWER Services

That second set of numbers is encouraging, however, the last thing IT can afford to do is take its foot off the gas. Security efforts have been paying off, but if there’s one thing cyber crooks are really good at, it’s adapting and changing their method of attack. This forces IT and security pros to always be on the ready.

It helps to have an industry-leading security solution on their side, one which addresses the entirety of the attack continuum – before an attack begins, during the attack and during the clean up once the attack has ended. That’s exactly what Cisco ASA with FirePOWER Services can do. By blending industry-recognized ASA firewall technology with an advanced malware protection framework, Cisco ASA with FirePOWER Services provides users with a security solution ready to take on today’s threats as well as whatever the next generation may have in store.

Here’s a closer look at five of the top capabilities which make Cisco ASA with FirePOWER Services such an attractive option in today’s security climate:

  1. FireSIGHT analytics and automation – These advanced features of the FireSIGHT Management Center work together to provide greater insight and faster response times. Analytics include trends and high-level statistics all detailing the state of IT security. As a result, IT will have increased awareness into the wellbeing of physical and virtual hosts, OSes, apps, network behavior and more. In terms of automation, policies can be automatically tuned to defend against new threats and threats are assessed and prioritized based on relevance and impact – without the need for IT to step in. Automation can also enable real-time threat response.
  2. Next-gen, proven ASA firewall – ASA with FirePOWER Services’ next-generation firewall delivers an industry first: a threat-focused NGFW. It combines advanced threat protection, breach detection and remediation with proven ASA firewall capabilities, all in a single solution. Those proven capabilities of ASA firewalls include: rich routing, dynamic clustering for improved performance and secure and reliable access through the Cisco AnyConnect VPN.
  3. URL Filtering – Some URLs are passageways to clear risks yet users just can’t keep away from them. URL filtering allows IT to, in a sense, protect users from themselves by keeping them away from suspected trouble spots. These restrictions can be adjusted and amended to account for users and admins who, for whatever reason, may need broader, more open access to the Web than their co-workers.
  4. Advanced Malware Protection (AMP) – AMP solutions are capable of defending corporate networks, endpoints, virtual environments and beyond against today’s highly-advanced, known and unknown malware threats. AMP for Endpoints secures PCs, Macs, mobile devices, etc., whether they’re connected to the corporate network or the Internet. AMP for Networks extends anti-malware capabilities to some of hackers’ favorite targets, namely Adobe Acrobat, Flash and more. Another service, AMP Threat Grid, is able to spot threats by comparing suspicious activity against red flags logged in its knowledge bank.
  5. Remote access and site-to-site VPNs – At home, on the go, it doesn’t matter where they are, workers need to be able to count on having a secure access point to the corporate network in order to keep producing high-level results. Cisco’s remote access VPN broadens network access to include employees’ personal mobile devices no matter where they’re located. In addition, site-to-site VPN protects traffic, such as VoIP and client-server application data, throughout the enterprise, including across branch locations.

Bring industry-leading security to your enterprise

The rising tide of cyberattacks likely won’t reverse itself anytime soon. There’s too much value to be had for hackers and cyber crooks to simply give up and go away. They’re more apt to keep poking and prodding until they find a way in.

Cisco ASA with FirePOWER Services excels at keeping the wrong people out of the corporate network. It monitors emerging threats so that it can be truly equipped to cover the entirety of the attack continuum – before, during and after. It’s secure and it’s hardened, yet it doesn’t restrict employee mobility and it’s scalable enough to meet an organization’s rapidly changing requirements.

Want to learn more about Cisco ASA with FirePOWER Services? Arraya Solutions can help. Our team of experts is well-versed in ASA as well as the full complement of Cisco solutions. The team recognizes no two companies are exactly the same and will work with you to find the deployment and solutions which work best for your unique situation. Also, the partnership doesn’t have to end there, as our team is fully-prepared to help deploy the solutions and fine-tune them to ensure the fastest possible time-to-value. Click here to sign up for a free technical security briefing with one of our solutions architects.

Visit us at www.arrayasolutions.com/contact-us/ today to start the conversation. Also, be sure to follow us on Twitter @ArrayaSolutions to stay on top of the latest company news, insights and offers.

by

Envelope And Key Showing Safe And Secure EmailI’ve been writing a lot on LinkedIn lately about personal email communication. For me, it’s been on the decline and turned into something more functional around my consumer lifecycle. I don’t use it for emailing my friends anymore. Instead, it is just used for bill paying and finding sales for sites I frequent.

Something has emerged lately around personal email accounts related to business though, and it is proving to be a complex issue for compliance officers. Personal email accounts seem to be on the rise for conducting work in the shadows. Let’s take a look at two high profile cases.

When Hillary Clinton was Secretary of State, she chose to use her own personal email server for communications. Now, I’m going to stay away from political bombs and focus on the real risk here. Her own email server wasn’t subject to the same security, monitoring and retention policies as a system that was designed for sensitive emails.

In another case, the Chancellor of the University of Illinois was caught using her own personal email to hide scathing and disparaging emails. The University had a request subject to the Freedom of Information Act that would have appeared had she been using University email, but also she apparently seemed to admit what she was up to in a discovered email.

This risk of data loss or personal email use are real threats that companies have a hard time mitigating. There’s not too much you can do to protect against someone intentionally trying to hide what they’re doing, but you can take some steps beyond end user education to try and prevent it.

A great place to start that’s been around forever in Exchange, is auto-forwarding. Outlook allows users to configure rules that will auto-forward every message to another account. Turn this feature off. Sure, they can still manually forward messages, but you’ve just made it a little harder for them to manage it.

Design a good records management policy around specific content types and outline the repositories for certain types of data and where they can reside. Supplement the policy with a rights management solution, like Azure Rights Management. This allows IT to automatically protect content conditionally and also gives the end users the power to protect data themselves. Here’s an example:

Mark needs to email a spreadsheet of potential salary adjustments to managers. He can protect the data with an Azure Rights Management template so that only the managers can view the spreadsheet and the content expires on the day the salary adjustments go live.

Using this records management policy, you could also use Exchange Online’s archiving feature to automatically archive the entire mailbox or just certain emails that meet a specific criteria. Users won’t even see what you’re doing, but you can ensure the data that legally needs to be kept is kept. Did I not mention yet that you should check with legal on all this? It is probably a good idea.

To further protect your content through Exchange, you can layer on a Data Loss Prevention strategy that looks for certain patterns of data, and takes an action. For example, you can put a policy in place that no emails can be sent externally with Social Security numbers in it. Best of all, there are reporting tools you can use to see who is trying to take such actions.

One particular challenge is having multiple email accounts on a mobile device. With ActiveSync, you can copy and paste between email programs. You can supplement what ActiveSync does though with Mobile Device Management through Windows Intune. With the right policies in place, you can allow your corporate data to be segregated from personal data on a device. This means no more copy and paste between corporate apps and personal apps.

All in all, there are technologies to help you mitigate the risk of data loss and compliance issues. It’s probably best to take steps to implement user education and a strict policy against using personal emails for work. As is evident by the recent news articles, personal email can become a thorn in your side and a well-defined strategy will keep your business protected.

Visit www.ArrayaSolutions.com to find out more about the solutions your organization can use to ensure the security of its email environment or to reach out to one of our Account Executives. Remember to follow Arraya on Twitter @ArrayaSolutions to keep on top of the latest company news and insights.