Arraya Insights

by

Most of us are familiar with the common cyber attacks that are launched every day. We’re wary of unfamiliar emails and texts to avoid phishing attacks, and we keep our software up to date to prevent malware.  

Cyber crime is always evolving as bad actors seek new ways to trick users and overtake your email, identity, network, and more. There have a been several large-scale cyber attacks highlighted in the news recently. However, amid all the ransomware and phishing reports, many business owners may not be familiar with the recent uptick in watering hole attacks.  

A watering hole attack isn’t new, but this type of cyber event is a growing concern. It was recently reported that a software tool claiming it could remove the Ethereum mining limiter on Nvidia’s RTW 3000 graphics cards was really a vehicle for malware and a likely watering hole attack.   

Although these may be as well known as ransomware, Forbes listed watering hole attacks in their top security threats of 2022. While most cyber attacks rely on human error, these types of attacks begin with a simple visit to a legitimate website.  

Here’s what you need to know: 

What is a watering hole attack? 

In a watering hole attack, “the attacker compromises a site likely to be visited by a particular target group, rather than attacking the target group directly”. 

The name is just like the type of attack you’d seen in the animal kingdom. A crocodile will lurk below the surface of a watering hole where they know their prey will gather to drink and then attack when their prey is least expecting it.  

In a cyber watering hole attack, the bad actor will use a legitimate website where they know a certain crowd will congregate online. To carry out the attack, hackers “exploit software flaws on the victims’ devices, often a chain of vulnerabilities that begins with a browser bug. This gives the attackers the access they need to install spyware or other malicious software.” 

These types of attacks profile individuals to see what types of websites and applications they’re using. They may target a group of people with common interests, those who work within a certain industry, and even specifically target law enforcement forums.  

In these attacks, it’s not always necessary for the victim to interact with the website or click a link. Simply visiting a legitimate website can do the trick. This can be used to target and surveil a certain community by installing a surveillance implant on their device, including phones.  

How do you prevent a watering hole attack? 

While many people communicate online daily, it’s important to be mindful of what you’re talking about in social networks. These attacks establish trust within a community to gain sensitive information or convince members to take a particular action.  

You can help prevent these attacks by: 

  1. Remaining wary of all requests for information: Even if this comes from a group you trust, it’s always best to question any requests for information or any request that you take a certain action. Could there be an ulterior motive? This could come in the form of forum questions, online surveys, conversation starters, etc. This information could later be used for social engineering purposes or surveillance. 
  1. Completing all updates as soon as they’re available: This goes for both software and hardware updates. These updates address security holes that have been discovered and fix or remove any identified bugs.  
  1. Conducting regular security assessments: Security assessments, including business impact assessments, risk assessments, and penetration testing, offer a constructive look at your current security standings and provide critical data to help you better protect your business moving forward.  
  1. Enabling MFA across all network endpoints: This simple security enhancement requires that users present two forms of credentials to access their network, account, or device, rather than a single password. It’s been reported that this can help prevent 99.9% of attacks.  
  1. Implement a Zero Trust security model: This approach is based on the principle of “never trust, always verify.” This eliminates all implicit trust within your network and requires continuous validating at every step, no matter the user. 

Next Steps: Stay Vigilant Against the Latest Cyber Threats 

The best way to protect your business is to stay current on the latest cyber threats. With the pace in which these evolve, this is no easy feat.  

Cyber attacks have been increasing in volume and severity for several reasons recently and every business needs to be prepared. With the right security settings, tools, and practices, you can drastically reduce your exposure.  

To learn more about protecting your business, contact our Cyber Team today.  

Visithttps://www.arrayasolutions.com//contact-us/ to connect with our team now.     

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.     

Follow us to stay up to date on our industry insights and unique IT learning opportunities.     

by

Cyber security is a multi-layered practice. While your company may be strong in one area, weakness in another can leave you just as susceptible to a cyber attack.  

While we’ve discussed the benefits of endpoint visibility via Cisco Identity Services Engine (ISE), this type of segmentation differs from server-level micro-segmentation. A combination of both Cisco ISE and server-level micro-segmentation provides the highest level of security to ensure your company is ready to defend against an attack.   

What is Micro-Segmentation? 

Micro-segmentation divides an organization’s infrastructure at the system or network level. This provides highly granular visibility and control over data flows within your organization’s network, enabling the implementation of a Zero Trust security strategy. This is a security strategy that centers on the concept of eliminating trust from an organization’s network architecture and is now considered the industry standard.  

Micro-segmentation is often deployed using software-defined solutions, as these systems require deep visibility and control for routing purposes.  

There are multiple architectural models that can be implemented: 

  • Native model: This model uses inherent technologies and capabilities all from within existing platforms, such as AWS, GCP, Azure, VMware’s NSX, and Cisco’s Secure Workload manager. 
  • Third party models: This model is based on virtual firewalls.  
  • Overlay model: This model uses some form of an agent or software that resides on the systems that are being segmented.  
  • Hybrid model: This model combines two of the above models together. 

Micro-Segmentation Use Cases 

Micro-segmentation provides a simple answer to protect against exploits and threats, but there are multiple use cases, including: 

  1. Improved Security 

Without proper micro-segmentation, a bad actor who breaches your firewall can move about laterally within your network. While a firewall works to keep threats out, micro-segmentation focuses on understanding what’s going on within the network and prevents threat movement.  

Micro-segmentation ensures that users and devices only have access to the parts of the network that are necessary for them to do their job.  

  1.  Enhanced Visibility and Control 

 Micro-segmentation allows businesses to answer the following questions: 

  • Who or what is on the network? 
  • What are those on your network doing? 
  • Who are those on your network connecting with? 
  • How are the apps on your network behaving? 

This type of visibility allows businesses to monitor any suspicious activity in real time. 

  1. Regulatory Compliance 

Any company or business that processes credit cards faces strict regulatory and contractual compliance standards. This requires that all network traffic be segmented and kept independent of all other network traffic when payments are being processed. 

Today, you can use micro-segmentation to support this requirement. This way, even if you fall victim to a cyber attack, the attack is unable to move laterally and access private cardholder data.  

  1. Continued Digital Transformation 

When transitioning to the cloud, users can now migrate workloads into a cloud environment from their on-premises data center. However, it is important that their security posture follows that migration as well.  

As the need for a Zero Trust security model becomes more important, these use cases will continue to grow.  

Next Steps: Where to Start on Your Micro-Segmentation Journey 

Micro-segmentation cannot be achieved overnight. This process requires thoughtful preparation.  

Before beginning, you should contemplate your: 

  • Asset discovery: Know which apps are operating in your environment that you’re targeting for micro-segmentation.  
  • Business objectives: Define your end-goal so you have a benchmark to measure your success. Do you need a purpose-built network, a PCI network, or an OT network? 
  • Network services: Are there any specifics in your network that need to be considered before beginning the process? 
  • Application tiers: Is a policy of procedure necessary to maintain independent applications? 
  • Network traffic: Properly identify all north/south traffic and east/west traffic. 

It’s important to understand that micro-segmentation must be done in stages. This process has the highest rate of success when it’s well thought out and completed at an appropriate pace.  

To get the most value from your micro-segmentation, ensure you have alerts for security events enabled and you receive these notifications using multiple methods (email, syslog, or Kafka).  

If you’re looking to begin the micro-segmentation process, contact an Arraya expert for an assessment. We can investigate the traffic on your network and determine how much is north/south and may be protected by your firewall versus how traffic is much is east/west and remains unprotected.  

Ready to get started? Arraya can help you throughout the entire process of rolling out micro-segmentation within your environment. Whether you’re looking for assistance on a project basis, or you require on-going managed services, our team of experts are available to help you meet your business goals.  

Contact an Arraya expert today to get started.  

Visithttps://www.arrayasolutions.com//contact-us/ to connect with our team now.     

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.     

Follow us to stay up to date on our industry insights and unique IT learning opportunities.      

by

Keeping your technology current means always looking ahead. For Cisco customers, we’ve compiled a list of everything that businesses and IT teams need to know as they plan ahead.

Cisco Identity Services Engine (ISE) Release 3.0 Brings Licensing Changes 

Cisco ISE has numerous features that are mapped out to specific licenses and each business can select the licensing that fits their individual organizational needs.  

With the Cisco ISE Release 3.0, legacy licenses will no longer be supported, such as Base, Plus, and Apex licenses. Instead, licenses will be managed entirely through a centralized database called the Cisco Smart Software Manager (CSSM). Here, users can register, activate, and manage all licenses with a single-token registration.  

For the Cisco ISE Release 3.0, licenses will be supplied in the following packages: 

  • Tier Licenses, which have been renamed:  
  1. Base will now be Essentials 
  1. Apex will now be Advantage 
  1. Plus will now be Premier 

For those still using Base, Apex, or Plus, these will need to be converted into the new tier licenses using the CSSM.  

  • Device Administrative Licenses: These are Policy Service nodes (PSN) that have the TACACS+ persona enabled on them and use Device Administration licenses.  
  • Virtual Appliance Licenses, which are available in three forms: 
  1. VM Small 
  1. VM Medium 
  1. VM Large 
  • Evaluation Licenses: These are enabled by default when Cisco ISE Release 3.0 is installed. This is a 90-day license that grants access to all Cisco ISE features. License consumption is not reported to the CSSM during this period.  

For those upgrading to Cisco ISE Release 3.0 with existing smart licenses, these will be upgraded to the new license types in Cisco ISE but must be registered in CSSM to activate them in the newest release.  

For those with traditional Cisco ISE licenses, these will have to be converted to smart licenses.  

There will be notifications sent out in Cisco ISE at 90, 60, and 30 days prior the expiration date. As a warning, you will lose all admin control if your license consumption is out of compliance for more than 45 days.    

Cisco End of Support Dates to Know 

All software and hardware will someday reach it’s “End of Life.” This means the product will no longer be manufactured, supported, or updated and it’s time to transition to the newest generation product. 

There are a number of risks associated with running software or hardware that has reached its EOL. This could lead to security issues, inefficient processes, poor reliability, and high operational costs. IT teams should always be looking ahead and taking note of EOL dates so they have plenty of time to plan their upgrades.  

Several Cisco products will be reaching lifecycle milestones that users need to take note of. Our Hybrid Infrastructure team got together to compile some key products and their end of service dates:  

As this sku will no longer be supported, our suggested replacement sku is R-ISE-VMM-K9=. Customers can continue to receive support based on the support contract they initially purchased. Customers should open a case with Cisco Customer Service and request the EOL’d product PID to be replaced with the new product PID in order to renew and receive support.  

This can be replaced with the newer model, which is number MA-ANT-21, the Meraki 5GHz Sector Antenna.  

This can be replaced with the newer model, which is number MA-ANT-23, the Meraki 2.4GHz Sector Antenna.  

Cisco is encouraging its customers to migrate to the Cisco 4000 Series Integrated Services Routers.  

Users can refer to Table 2 for recommended replacement products. When replacing end-of-life equipment, Cisco recommends that you use the Customer Recycling Solutions (CRS) program which allows customers to return this equipment to Cisco free of charge.  

For a comprehensive list of 2022 EOL dates, please reference the following chart: 

Cisco Hardware/Software Last Date of Service    Last Day to Order 
R-ISE-VM-K9= 2/28/2022 5/19/2019 
Nexus 7000 Series Network Analysis Module (NAM-NX1) 3/31/2022 3/22/2017 
Meraki ANT-11 4/24/2022 4/24/2015 
Meraki ANT-13 4/24/2022 4/24/2015 
Nexus 6000 Series Switches 4/30/2022 4/30/2017 
Cisco 9513 Director 4/30/2022 10/31/2016 
Cisco 9506 Director 4/30/2022 10/31/2016 
MDS 9506 Director 4/30/2022 10/31/2016 
MDS 9500 Family Fiber Channel Switching Modules 4/30/2022 5/1/2017 
9500 Series Supervisor 2A 4/30/2022 5/1/2017 
Nexus 9500 48-Port 1/10GBASE-T 7/31/2022 8/1/2017 
Meraki MX60 10/24/2022 10/24/2015 
Meraki MX60W 10/24/2022 10/24/2015 
Meraki MR12 10/24/2022 10/24/2015 
C1-N9K-C93128TX 10/31/2022 10/30/2017 
N9K-C93128TX 10/31/2022 10/30/2017 
Meraki MS320 power supply and fan 11/16/2022 11/16/2015 
Meraki MS420 power supply and fan 11/16/2022 11/16/2015 
3900 Series Integrated Routers 12/31/2022 12/9/2017 
2900 Series Integrated Services Router Modules 12/31/2022 12/9/2017 
2900 Series Integrated Routers 12/31/2022 12/9/2017 
3900 Series Integrated Services Router Modules 12/31/2022 12/9/2017 

Next Steps: Plan Ahead to Keep Your Data Center Current 

If your business is up against any of the above EOL dates or running on legacy licenses, it’s time to make changes so you don’t run into issues down the road. At Arraya, our team of experts can help your business plan the upgrade that best fits your specific needs.   

To get started, reach out to an Arraya expert today to start a conversation.  

VisitContact Us – Arraya Solutions to connect with our team now.   

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.   

Follow us to stay up to date on our industry insights and unique IT learning opportunities.  

by

The increased use of technology throughout the pandemic means there is substantially more data out there for the taking. With more fish to catch, cyber criminals are out there “phishing” at every opportunity.  

This drastic increase in cyber crime has led to an interesting time for cyber insurance and has changed the cyber landscape in many ways. These attacks have led to higher claims payouts, forcing cyber insurers to both increase premiums and reduce coverage limits. 

Despite these challenges, the demand for cyber insurance remains high. In fact, it’s anticipated that the global cyber insurance market could total $36.85 billion by 2028. Despite the high premiums, businesses and enterprises are recognizing that the risk of falling victim to a cyber attack has become too great to continue uninsured.  

As cyber insurers tighten their belts, many companies may find that they’re not eligible for coverage altogether as the list of requirements for eligibility grows. It’s likely that this will continue.  

For those looking to ensure they’re in a good posture to get coverage, or reduce their premiums, there are several steps they can take to make themselves a more enticing candidate.  

Conduct Your Own Due Diligence  

Security assessments are enormously helpful in reviewing your current security posture and determining if there are potential vulnerabilities that need to be addressed. These assessments both help guide your company’s decision making and document your current security strategy for cyber insurers.  

There are different types of security assessments and it’s important to understand the value of each and when they’re needed. Common assessments include: 

  • Business Impact Assessment 
  • Risk Assessment 
  • Penetration Test 
  • Tabletop Exercise 

These provide a constructive look into your current posture and can help ensure that you’re in compliance with all required regulations.  

Implement Top Controls 

Small security measures can make an enormous impact on your overall position. Some cyber insurance companies may not even consider candidates if they haven’t implemented the following:   

MFA requires users to present two forms of credentials to access their network, account, or device (rather than one password). This small step could reduce your exposure by 99.9%.  

  • Backups 

Backing up your data within a separate, secure archive allows your business to continue functioning in the event of an outage. Each business must determine how often they should be backing up their data. For some, this may be required every day and for others, it could be longer. 

Should you fall victim to a ransomware attack, your back up capabilities will affect your negotiating power. The stronger your back up position, the more leverage you will have against bad actors.   

  • Encryption 

This extra layer of security scrambles readable data, making it impossible to decipher without an encryption key. This practice is used to protect data while it’s in transit and at rest.  

Enforce Continuous Employee Training 

Human error remains one of the biggest threats to a business’s cyber security. Even the most robust cyber security defenses can be bypassed if an employee accidently lets a bad actor in.  

Cyber threats are uniquely dangerous due to their constant evolution. This makes cyber security training a never-ending process. Each business should foster a company-wide awareness and training program to help their employees stay current on the latest threats. As workers continue to log in remotely, it’s important that these efforts extend out of the office to ensure that every team member is vigilant.  

Begin the Micro-Segmentation Journey 

While micro-segmentation used to require an extensive networking team, that’s not the case anymore. Micro-segmentation is an extremely effective security technique that divides an organization’s infrastructure at the system or network level.  

This provides highly granular visibility and control over data flows within the network. Micro-segmentation contains threats by making it impossible for them to move laterally within your network, should they bypass the firewall. This has become a foundational element of Zero Trust.   

Next Steps: Enhance Your Business’s Eligibility for Cyber Coverage 

While we can understand why some business owners are frustrated by these heightened security standards, they are necessary. Cyber insurers are often footing the bill when cyber attacks occur, and they’re familiar with the common denominator throughout paid claims.  

These tightened security methods have become crucial in protecting everyone’s digital footprint, from businesses to consumers.   

At Arraya, we offer security and penetration testing solutions to identify vulnerabilities and remediate any issues. From implementing MFA to beginning the micro-segmentation process, we can help you enhance your cyber security posture, so your business is a desirable candidate for cyber insurance.  

Contact an Arraya expert today to learn more.   

Visit https://www.arrayasolutions.com//contact-us/ to connect with our team now.  

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.   

Follow us to stay up to date on our industry insights and unique IT learning opportunities. 

by

Microsoft’s New Commerce Experience (NCE) is a multi-stage, multi-year transformational journey to deliver a simplified engagement experience. 

The goal of the NCE is to make it easier to transact with Microsoft and drive cloud adoption for businesses. The Cloud Solution Provider (CSP) program is the primary foundation for the NCE.  

While the NCE was initially launched in 2019, it’s now entering the third phase of its transformational journey in 2022.  

This latest phase will provide customers with tools for easier adoption of new products and add-ons, in addition to new term commitment options that provide greater choice and flexibility. 

As Microsoft moves into the next phase of the NCE, here’s what you need to know: 

  • Important Dates: 

March 1, 2022: All new and renewing subscriptions will be purchased through NCE from this date forward.  

October 1, 2022: All customers will be required to purchase through NCE.  

  • NCE Expands to Additional Solutions 

Previously, NCE was only available to Azure. NCE has now expanded to Microsoft 365, Dynamics 365, Power Platform, and Windows 365.  

  • New, “Seat-Based” Offers in the CSP 

With the expansion to Microsoft 365, Dynamics 365, Power Platform, and Windows 365, these subscriptions will use the new commercial “seat-based” offers within the CSP program. This is a step towards Microsoft’s effort to create a more unified experience.  

The seat-based offers will provide partners with greater standardization of offers and terms and give customers more choice and flexibility in how and where they purchase.  

  • Price Changes 

Due to the increased value Microsoft has delivered to customers over the last decade, there will be an increase in CSP pricing.  

The following licenses will be affected: 

  • Microsoft 365 Business Basic: increase from $5 per user to $6 per user 
  • Microsoft 365 Business Premium: increase from $20 to $22 
  • Office 365 E1: increase from $8 to $10 
  • Office 365 E3: increase from $20 to $23 
  • Office 365 E5: increase from $35 to $38 
  • Microsoft 365 E3: increase from $32 to $36 

Until March 1, 2022, Microsoft will be running a promotion that allows month-to-month CSP customers to agree to a 12-month commitment and avoid the price increase on the licensing listed above (for that 12-month term).  

The New Commerce Experience comes with a change to CSP month-to-month customers with a 20% premium in cost for licenses that remain on a month-to-month subscription. The new 12- and 36- month term commitment options will allow you to avoid the 20% premium if you agree to an annual commitment.  

  • Say Goodbye to Open Licensing 

Microsoft has moved away from Open License transactions to opt for cloud and hybrid licensing options instead.  

As of January 1, 2022, the Cloud Solution Provider program is now the primary partner sales motion for all SMBs as a part of Microsoft’s effort to offer fully managed services and highly tailored solutions to customers. Commercial customers are no longer able to buy new or renew software licenses or online services through the Open License program.   

The NCE will continue to invest in the CSP to help partners accelerate business growth, simplify licensing, and provide customers with more preferable, consistent, and flexible purchasing options.  

Next Steps: Prepare for the Price Increase & Maximize Your Investment in Microsoft 365 

Microsoft’s promotion that allows month-to-month CSP customers to agree to a 12-month commitment and avoid the price increase (for that 12-month period) is going to end soon.  

This promotion ends March 1st. This is a great option for those who have a consistent user count as license counts can be increased at any time to scale your business, but downgrades will not be permitted.  

At Arraya, we have a variety of Professional Service offerings that can help maximize your investment into Microsoft 365 and ensure that you’re getting the most out of your subscription.  

Whether you’re looking to take advantage of the 12-month commitment promotion or discuss your subscription options, our Arraya experts can help. Contact us today to start a conversation.  

Visithttps://www.arrayasolutions.com//contact-us/ to connect with our team now.  

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.   

Follow us to stay up to date on our industry insights and unique IT learning opportunities. 

by

In today’s threat landscape, cyber security must be a top priority for businesses and enterprises. Cyber risks evolve just as rapidly as technology develops, meaning security efforts can never stop. With so much sensitive information at stake for businesses, their clients, and their customers, consistent cybersecurity assessments are a necessary practice to identify potential vulnerabilities and strengthen security measures.   

To ensure businesses are taking the proper precautions in handling sensitive information, there are growing standards and regulations that govern how companies can store, manage, transmit, and use data. Security assessments are used to monitor, test, and report on whether these regulations are being followed.   

At Arraya, our cyber security team is often approached by businesses looking to complete a cybersecurity risk assessment. They may be looking to satisfy compliance requirements, company standards, or security reporting, among other reasons. However, when these assessments are being used to simply check a box or satisfy a requirement, they’re not being utilized for their full value.    

The right assessments in the appropriate order are enormously helpful in improving a company’s security position. In this blog, we’ll outline the different types of security risk assessments available and how those assessments should be conducted.    

Types of Cybersecurity Risk Assessments  

Business Impact Assessment  

In general, a Business Impact Assessment (BIA) is the first assessment that should be completed. This type of analysis “predicts the consequences of disruption of business function and process and gathers information needed to develop recovery strategies.”  

In short, this assessment allows a business to prioritize which functions are the most important and should be addressed first, should there be a disaster. What impact would each function have if it was unavailable? What can’t your business manage without? And how long can your business manage without them?  

This gives your IT department a ranking of which systems to prioritize in a subsequent risk assessment.    

Risk Assessment  

Pinpointing the results from your BIA report, a risk assessment analyzes how the identified risks are currently being handled within your organization. Are your current procedures compliant with all rules and regulations? Are these procedures being followed accurately? Do your procedures make sense, or should these be adjusted to account for reality?    

This type of risk analysis assessment is often used to validate whether your company is in compliance with regulatory standards.   

Penetration Test  

This type of testing is also most valuable when conducted after a BIA.   

Once your most critical systems are identified in the BIA, a penetration test (commonly referred to as a pen test), is an authorized simulated cyberattack on your network and computer systems that’s completed to evaluate how effective your existing security methods are.   

With a pen test, businesses can identify where and how they’re most likely to fall victim to an attack and bolster their defenses, so they’re prepared when a real cyber-attack comes along.   

Tabletop Exercise  

We all know that a plan in theory and a plan in action are two very different things. While a penetration test evaluates the strength of your security systems, a tabletop exercise assesses the effectiveness of your current incident response plan.   

If a system goes down, what is the order of your response and everyone’s role in the plan? Is the plan followed accurately? Are your current methods effective? Until your business is faced with a cyber-attack, you don’t know how your team is going to react. A tabletop exercise is not only a test of your incident response plan but of your organization’s communication abilities overall.   

With a tabletop workshop, your organization can spend a day working through your response to a simulated cyber incident to determine your true level of preparedness.   

Ransomware Readiness Assessment 

It should come as no surprise that ransomware continues to be one of the most significant cyber threats used against businesses and organizations today. The FBI & CISA have recently issued a joint Cybersecurity Advisory campaign focused on a #StopRansomware effort.  

This joint effort encourages organizations to proactively review their ransomware preparedness to reduce the impact of ransomware overall.  

A ransomware readiness assessment investigates a business’s resiliency against ransomware threats specifically. This is a tactical assessment in which the goal is to determine the organization’s point-in-time ability to both withstand and recover from ransomware attacks.  

This will review your: 

  • Configuration policies 
  • Logging & monitoring policies 
  • Vulnerability management 
  • Patch management 
  • Backup processes 
  • Endpoint protections 
  • Identity & access management 

Should any hazards or risks be identified, proper security controls can be implemented to strengthen resiliency moving forward.  

Next Steps: Get the Best Value from Your Assessments   

Each of these assessments offers a constructive look into your business’s cyber security standings. When used appropriately, they not only help you evaluate the risk you face and make informed decisions to protect your business but ensure you’re in compliance with all regulations and eligible for cyber insurance.   

At Arraya, our expert cybersecurity assessment services will help you identify which assessments best fit your needs and when to conduct them. If you’re already making the investment, make sure you’re taking advantage of the full value.   

Contact us today to learn more.   

Visithttps://www.arrayasolutions.com//contact-us/ to connect with our team now.      

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.      

Follow us to stay up to date on our industry insights and unique IT learning opportunities.      

Tags:     

by

The pandemic brought on unprecedented disruption in the workforce. With only a matter of days to plan, anyone capable of working from a laptop was sent home. While remote work was already gaining popularity prior to the pandemic, in March 2020 the remote workforce boomed overnight. As IT departments had to act fast, many of these newly configured remote work capabilities weren’t thought out well. After all, they were only supposed to be a temporary solution. 

As two weeks has turned into almost two years, now is the time to re-evaluate your remote workforce. With the stabilization of hybrid work, employees are changing the way they connect with one another. A large portion of the workforce will continue to work from home indefinitely and this “new world of work” requires a reliable and secure virtual desktop infrastructure (VDI) solution. 

In this blog, we’ll break down and compare the best VDI solutions for securing and improving your employees’ remote work experience.  

VDI Solutions: Getting to Know Your Options 

Azure Virtual Desktop 

Azure Virtual Desktop offers remote users a secure, easy to manage, and productive personal computing experience from the cloud. Users can access both Windows 10 and Windows 11 for a familiar experience with Outlook, OneDrive, and Teams.  

This offers: 

  • Built-in intelligent security 

Azure Virtual Desktop’s security capabilities proactively detect threats and take remedial action.  

By storing in Azure rather on local desktops, your employees and company data will be protected by Azure Firewall, Azure Security Center, Azure Sentinel, and Microsoft Defender for Endpoint.  

  • The ability to deploy and scale in minutes 

Simplify the deployment and management of your infrastructure and scale quickly when needed. With the Azure portal as your management hub, you can configure network settings, add users, deploy desktop apps, and enable security all in one place.  

  • Reduced Costs 

As there are no additional license costs for existing eligible Microsoft 365 or Windows per-user licenses, businesses with a modern cloud-based virtual desktop infrastructure only pay for what they need.   

Further, businesses can right-size virtual machines (VMs) and shut them down when they’re not in use.  

Horizon Cloud with On-Premises Infrastructure 

Horizon Cloud with On-Premises Infrastructure combines the economics of the cloud with the simplicity of a hyper-converged infrastructure (HCI) to rapidly deliver virtual desktops and applications to end users. 

Deploying virtualized desktops and applications on-premises and close to end-users improves performance and ensures security and regulatory requirements are met. This solution simplifies your transition to the cloud and requires less time and IT expertise to get up and running and with a unified cloud plane. This makes it possible to deploy your first 100 desktops in less than one hour.  

Users can choose from a broad range of certified vSAN ReadyNode and HCI partners.  

Horizon in the Cloud 

VMware’s Horizon in the Cloud enables a digital workspace with the efficient delivery of virtual desktops and applications to workers.  

Users can expect to: 

  • Manage from the cloud 

Efficiently deploy, manage, monitor, and scale desktops and apps across private, hybrid, and multi-cloud deployments using a cloud-based console and SaaS management services.  

  • Modernize operations 

Leading edge technology automates the provisioning and management of virtual desktops and apps, transforming legacy infrastructure.  

  • Build resiliency 

This scalable, cloud-based platform has flexible deployment options across private and public clouds.

  • Secure data and achieve compliance 

Ensure secure remote access to corporate resources from any device with security built into the VMware infrastructure. 

  • Enable remote work 

Keep employees connected and productive from anywhere, at any time, and on any device.  

With deep integration into the VMware technology ecosystem, the platform offers an agile, cloud-ready foundation, modern management, and end to end security.  

Horizon Cloud on Azure  

Horizon Cloud on Azure deploys Window 10 virtual desktops and apps from Azure, all with the enterprise-class capabilities of VMware Horizon.  

This provides: 

  • Added value to Azure Virtual Desktop through advanced power management, application and user environment management, and hybrid capabilities 
  • Advanced user environment management capabilities with App Volumes while using Dynamic Environment Manager to simplify application management and reduce cloud consumption costs 
  • The most cost-effective approach for cloud-based Windows 10 virtual desktops and applications in a hybrid environment with existing on-premises investments 
  • Intrinsic security that leverages VMware Horizon Cloud and Carbon Black 

From a single cloud-based console, you can deploy and manage desktops wherever they are (on-premises or in Azure) with cloud-native features like application, user environment, and power management.  

Next Steps: Selecting the Right VDI Solution 

Now is the time to step back and re-evaluate your company’s remote work experience. What was working for you a year or two ago may no longer be the best solution.  

When selecting the VDI software solution that will best fit your business’s needs, it’s important to consider these 5 factors: 

  • Security 
  • Features & Functionality 
  • User Configuration Options 
  • Performance  
  • Deployment Options 

Unsure of which VDI solution is best for your organization? Arraya can help. Already have an existing VDI solution that you’d like to improve? We can perform health checks and assessments to improve your end-users’ experience.  

Contact an Arraya expert to start a conversation today.  

Visithttps://www.arrayasolutions.com//contact-us/ to connect with our team now.  

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.   

Follow us to stay up to date on our industry insights and unique IT learning opportunities.  

by

As we move into year three of the COVID-19 pandemic, there’s no better time to reflect on the lessons we’ve learned over the past two years and how we can best plan for our “new normal” moving forward. While the hope is that many aspects of life will return to the pre-pandemic ways we used to know, there’s no doubt that some things will never be the same.  

While some offices are slowly opening back up, remote or hybrid work is here to stay. The remote workforce was slowly growing prior to 2020, however, the pandemic accelerated this to an entirely new level. Remote employees were given the opportunity to prove their capabilities off site and the great resignation forced employers to reconsider their prior on-site policies.  

Considering this expanded remote workforce combined with the growing risk of cyber attacks, looking forward it’s clear that security remains the moral of this story. It’s now more important than ever to stay in front of your vulnerabilities. Arraya’s Cyber Security team recently sat down to discuss what we’ve learned over the past two years and how we can apply this knowledge as we move into 2022. 

It’s Time to Get Off-Premises as Cloud Adoption Dominates  

Just like remote work, cloud adoption quickly accelerated thanks to the pandemic. Today, if your employees aren’t required to be in the office, there’s no reason to host servers on-prem either. On-premises servers are more expensive due to the overhead of maintaining the data center and server on-site, along with the staff it takes to manage them. As businesses reach the end of their lease terms, many are re-evaluating the need for this physical space.  

Adoption of the cloud through a Software-as-a-Service (SaaS) solution offers increased scalability, flexibility, security, and it’s more cost-effective.  

For those who keep their servers on-premises, it’s important to keep empty offices secure. Without employees regularly wandering the halls, these servers can be an easy target. While cyber attacks are the most newsworthy, physical security should still be taken seriously.  

Following the Journey to the Cloud, Prioritize Security 

While transitioning to the cloud offers more security than an on-premises network, many users forget to prioritize security once they’ve made this shift. The cloud requires a completely different tool set and a full security and disaster recovery review is necessary once your business has transitioned to cloud computing.  

While on-premises users relied on their own company’s IT team, operating in the cloud is a shared responsibility. New cloud users will need to understand their security obligations versus their cloud providers’ obligations. 

For more information on securing your cloud, check out our blog, Prepping for Cloud Security in 2022: Is Your Business Ready?   

Large-Scale Vulnerabilities Will Impact All of Us 

Large-scale cyber events, such as the SolarWinds attack, the Colonial Pipeline ransomware attack, and the recent Log4J vulnerability are just a taste of what’s to come. Remote work changes how companies can respond to these attacks. Previously, if a company suffered a cyber attack, they could turn off remote access and have employees come into the office to log onto their network and continue operations.  

Now, as employees are fully remote, this type of attack can force a company fully offline and business interruption costs to skyrocket.  

The Zero Trust Security Model is a Win 

Just like the acceleration of cloud adoption and remote work, employing a Zero Trust security model became a priority during the pandemic. This model means always assuming breach and verifying each request as though it originated from an uncontrolled network, rather than believing everything behind the company firewall is safe.  

With this model, users should: 

  • Always authenticate and authorize based on all available data points 
  • Limit user access with Just-In-Time and Just-Enough-Access (JIT/JEA), risk-based adaptive policies, and data protection 
  • Minimize blast radius and segment access by verifying end-to-end encryption and use analytics to get visibility, drive threat detection, and improve defenses 

Regardless of where a request originates, we should “never trust, always verify.” 

Education & User Awareness Significantly Reduces Risk of Human Error 

While the latest security tools and solutions can drastically reduce your cyber risk, human error continues to be a major threat. What’s the use of the tallest fence if an employee accidently opens the gate? 

Cyber threats are a unique challenge because they are always evolving. Fostering a constant awareness campaign on cyber security is key to keep employees updated and vigilant in identifying and preventing these attacks. As workers log in remotely, these campaigns need to extend out of the office to ensure that every team member is included in this effort.   

Rethink the Need for VPNs 

Traditionally, VPNs were given to most employees to allow them to work from home. With growing SaaS services, which can provide federated access, the need for VPNs is slowing. In adopting SaaS and cloud-based services, you’re eliminating the single point of failure as your provider will have multi-home internet connectivity.  

Even if there is a failure, it’s not your company’s responsibility to resolve this issue. In essence, your company is offsetting this liability onto your SaaS provider. While VPN has historically been the most secure option, that’s no longer always the case. 

Next Steps: Staying Ahead of Your Vulnerability 

Companies and enterprises are increasing their cyber security resources and budgets, and for good reason. A strong cyber security posture is now an essential part of any business’s risk management plan.  

At Arraya, we can help your company analyze and discover your potential vulnerabilities through our security and penetration testing solutions. Further, we’ll remediate the issues, once detected.  

As we move into 2022, a proactive approach to your vulnerability is essential. Contact an Arraya expert to get started today.  

Visithttps://www.arrayasolutions.com//contact-us/ to connect with our team now.  

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.   

Follow us to stay up to date on our industry insights and unique IT learning opportunities.  

by

In March 2021, Microsoft announced that their endpoint, email, and collaboration security capabilities would be integrated into one, unified experience known as Microsoft 365 Defender. This became generally available in April 2021, allowing security teams to manage previously distinct portals (which will eventually be phased out) into a single, consolidated portal.  

As a part of Microsoft’s XDR solution, 365 Defender’s cross-domain security: 

  • Stops attacks before they happen, reducing attack surface 
  • Detects and automates across domains, integrating threat data for fast and complete responses 
  • Hunts across all data, leveraging time saved to apply each business’s unique expertise 

This pre- and post-breach suite coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.  

By integrating multiple portals into one solution, 365 Defender automatically analyzes threat data across domains so security teams can better determine the full scope and impact of threats within a single dashboard. Further, 365 Defender has the capability to auto-heal any affected assets.  

As one unified enterprise defense suite, Microsoft 365 Defender encompasses four distinct security platforms that allow security teams to stitch together the full picture of their security posture.  

As there have been a number of changes in recent years, in this blog we’ll break down the four pillars that make up Microsoft 365 Defender.  

Microsoft Defender for Identity 

Microsoft Defender for Identity (previously known as Azure Theat Protection, or Azure ATP), is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your company.  

This solution monitors activity across your network to establish a behavioral baseline for each user to identify potential anomalies. This allows security teams to identify rogue users, attack attempts to gain information or move laterally within the network.  

Defender for Identity is designed to reduce alert noise and provide only relevant, important security alerts.  

Microsoft Defender for Endpoint 

Microsoft Defender for Endpoint helps enterprise networks prevent, detect, investigate, and respond to advanced threats to end-user devices, such as laptops, desktops, mobile devices, and more.  

This solution provides advanced threat protection including, antivirus, antimalware, and ransomware mitigation, all with centralized management and reporting. Using a combination of technology, including endpoint behavioral sensors, cloud security analytics, and threat intelligence, Defender for Endpoint provides the following: 

  1. Threat and vulnerability management: This uses a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.  
  1. Attack surface reduction: As the first line of defense, this ensures configuration settings are proper and exploit mitigation techniques are applied.  
  1. Next-generation protection: This is designed to catch all types of emerging threats to further reinforce your network’s security perimeter.  
  1. Endpoint detection and response: Should threats bypass the first two security parameters, advanced hunting provides a query-based threat-hunting tool.  
  1. Automated investigation and remediation: In conjunction with the ability to respond to attacks quickly, this offers automatic investigation and remediation to reduce the volume of alerts in minutes at scale.  
  1. Microsoft Threat Experts: With the new managed threat hunting service, users have access to proactive hunting, prioritization, and insights that empower security teams to identify and respond to threats quickly and accurately.  

Microsoft Defender for Endpoint is available in two separate plans. Read more about comparing Plan 1 and Plan 2.  

Microsoft Defender for Cloud Apps 

Microsoft Defender for Cloud Apps (formerly known as Microsoft Cloud App Security) enables both local and remote users to adopt business applications without compromising security.  

Businesses continue to embrace cloud apps to improve productivity and the average company now uses 1,180 cloud apps. This modern workforce requires a present-day approach to security and compliance.  

Microsoft Defender for Cloud Apps provides security teams with visibility across cloud deployed apps, discovers shadow IT, and protects against cyber threats seeking sensitive information. With app governance, security teams can monitor and govern app behaviors and quickly identify, alert, and protect against risky behaviors with data, users, and apps.  

Microsoft Defender for Office 365 

Microsoft Defender for Office 365 protects businesses from malicious threats sent via emails, links (URLS), and collaboration tools. As businesses face more advanced and targeted attacks, including zero-day phishing attacks, malware, and business email compromise attacks, the risk of falling victim to a cyber attack has never been higher.  

This solution provides threat protection policies, investigation and response capabilities (which can be automated), and real-time reports to monitor Defender for Office 365’s performance within your organization. 

Microsoft Defender for Office 365 is also available in two separate plans.  

Next Steps: Learn More During a 3-Part Virtual Series on 365 Defender

2021 was a trying year for cyber security and it’s anticipated that 2022 could be even worse. With Microsoft 365 Defender, users can rely on one unified portal for their detection, prevention, investigation, and response to sophisticated attacks.

Join our Arraya experts for a 3-part virtual series on 365 Defender:

  1. March 9, 2022: Defender for Office 365

2. March 16, 2022: Defender for Endpoints

3. March 23, 2022: Defender for Cloud Apps

Register now to reserve your spot, or contact an Arraya expert with any questions.

Visithttps://www.arrayasolutions.com//contact-us/ to connect with our team now. 

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.     

Follow us to stay up to date on our industry insights and unique IT learning opportunities.     

   

by

A Zero Trust security framework has now become the cyber security industry standard, and for good reason. Zero Trust Security continually authorizes access of both users and devices, no matter the device’s location. As cyber threats continue to pose significant risk to every industry, this security model has become essential.  

Many companies face significant challenges in the visibility and control of their network. With employees working remotely, an increase in BYOD (bring-your-own-device) devices, and the use of cloud applications, endpoint visibility has become a challenge. With Cisco Identity Services Engine (ISE), companies can take full control of visibility within their network and fully embrace a Zero Trust security framework.  

With a broad range of use cases, Cisco ISE simplifies the delivery of a highly secure network by empowering software-defined access and automating network segmentation.  

Dynamic visibility 

Cyber threats are constantly changing. This is what makes them so dangerous and difficult to prevent. Therefore, your cyber security should also be dynamic. Just like the threats your network is fighting against, authentication and authorization must be continual.  

The dynamic visibility offered by Cisco ISE addresses endpoint visibility challenges by being all-seeing, all-knowing, and continuously updating without the use of agents. This also allows a company to create more agile security policies to ensure endpoints are assessed and authorized into the correct parts of their network environment.  

Network segmentation 

Network segmentation divides your network into multiple zones of trust, which reduces your attack surface. Limiting a threat’s ability to move laterally allows you to respond to threats quickly and automate threat containment. Zero Trust authorizes access continually, no matter the device’s location. 

Further, network segmentation simplifies the BYOD and guest access processes and boosts productivity by streamlining and automating policy enforcement. And while BYOD is often popular among employees due to its convenience, it presents security challenges to the customer’s network environment. With Cisco ISE, you can easily control approved personal devices and onboard or remove them, whenever necessary.  

Automated threat containment 

With automated threat containment, the network device closest to the resource that the threat is trying to access will automatically shut down. By automating the response to a suspected endpoint, your network will immediately stop the spread of the potential threat. This rapid threat containment approach is in line with Cisco’s vision of providing full visibility across all platforms within a user environment. Cisco ISE can work in conjunction with Secure Endpoint and Firepower Threat Defense to provide a coordinated rapid effort to contain any emerging threats on a customer’s network.  

Overall, this will significantly reduce the severity of potential damages and the time it takes to recover from a breach.  

Guest and secure wireless access 

The need for easy wireless access today is as crucial as indoor plumbing. But this can present security challenges with various employees, contractors, and visitors looking to log on. Cisco ISE allows companies to provide convenient wireless access without compromising security.  

Secure wireless access means your business can: 

  • Identify: Confirm who is logging on 
  • Authenticate: Ensure that users are who they claim to be 
  • Authorize: Control the level of access for each user and device 
  • Track: Account for what users and devices are doing and for how long  

Whether they’re simply browsing the internet or need partial access to your network, you can securely control how much access each individual and device is granted. 

Device compliance 

With Cisco ISE, each device that connects to your network is reviewed for its security posture to ensure compliance. You can easily locate and correct any potential vulnerabilities, including outdated software, unauthorized applications, weak security settings, and endpoints that lack the latest security technology.  

Any workstations or mobile devices trying to access your network must comply before they’re trusted.  

See Cisco ISE in Action: A Short Case Study  

A community hospital engaged Arraya Solutions for assistance in upgrading their wireless environment. The customer sought a cloud-based solution with enhanced security. The previous environment used weak security methods, such as pre-shared key and low-level encryption mechanisms, to secure their wireless.  

Arraya established a small, two node Cisco ISE deployment for redundancy and resiliency. Cisco ISE was configured to provide secure 802.1X Access on the newly configured wireless networks utilizing Meraki Cloud access points. Arraya was able to consolidate the customer’s wireless networks from 10 static SSIDs to 3 dynamic ones utilizing ISE.  

This design increased wireless performance and provided better airtime capabilities. 

Next Steps: Take Control of Visibility Within Your Network 

With Cisco ISE, users can expect secure network control through a dynamic and automated approach to policy enforcement.  

Cisco is leading the migration to the cloud as ISE supports a cloud-first strategy and Azure Active Directory. Cisco reported that the network segmentation and visibility offered through ISE resulted in a 98% reduction in the time it took to implement network changes.  

If you’re ready to start taking advantage of Cisco ISE, reach out to an Arraya expert today to start a conversation. 

Visit https://www.arrayasolutions.com//contact-us/ to connect with our team now. 

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.     

Follow us to stay up to date on our industry insights and unique IT learning opportunities.