cyber secuirty

Five Crucial Components of a Layered Security Strategy

Modern cyber threats are evolving at an alarming pace. Today’s thieves are constantly devising new tactics, angles, and technologies that can be used to victimize your customers—everything from malicious mobile apps to phishing emails and malware, and the consequences can be costly. Last year, the FBI estimated that criminals would net $1 billion in ransomware profits alone.

To truly ensure your customers are safe from these increasingly complex attacks, they need multiple defense layers to protect against every tactic at every attack stage. Here are a few essential layers that should be a part of any successful cyber security strategy.

Multi-Vector Protection

Cyber criminals are more organized and better educated than ever before. This means they’re increasingly savvy in implementing multistage, multi-vector attacks. Multi-vector protection ensures that your customers’’ endpoint security covers threats that cross multiple vectors, through multiple stages, reducing the opportunity for cyber criminals to successfully breach their networks.

Web Filtering

In many cases, the weakest links in a security strategy are the very same end users it’s intended to protect. In order to ensure end user behaviors don’t jeopardize the security of business networks, effective domain-level protection is a must. Using a cloud-based, web accessible security layer protects a TSP’s customers by reducing the flow of malware into the network by up to 90 percent. Plus, it gives TSPs granular control of all users’ internet activities, blocking dangerous websites automatically, and placing others under real time policy control.

End User Education

According to the Verizon Data Breach Investigations Report, phishing—a practice in which cyber criminals impersonate a legitimate company to steal personal information or login credentials—was behind 90 percent of security breaches in 2016. Plus, thanks to an increasingly mobile workforce, an organization’s data often leaves its secured network perimeters, creating a major vulnerability. For these reasons, implementing a recurring and continuously updated security education program is more important than ever to help end users remain current on increasingly sophisticated and realistic phishing attempts.

Patch Management

Patching ensures that your customers’’ systems are up-to-date making it more difficult for the majority of hackers to penetrate. Regularly scanning for vulnerabilities in your customers’ environments can help you determine if patches are necessary. It’s a low-cost practice that can dramatically improve security.

Backup

Backups are essential for remediating malicious activity and eliminating the effectiveness of ransomware. Having a regular backup in place also addresses concerns about whether your customers have ready access to the latest versions of their applications and data. This is critical for organizations that must meet certain compliance mandates such as HIPAA or PCI-DSS.

Webroot SecureAnywhere® solutions specialize in providing all the layers of security you need to protect your customers from complex, zero-hour cyber threats.


This article was provided by our service partner Webroot.

Veeam

Why hybrid cloud is the new normal for enterprises

We are living in times when it’s hard to imagine our lives without technology. Our center of command is sitting in our pockets, and we are just a few taps away from booking a flight, checking our bank account or reading the news about our favorite football team. Our fast pace of life demands uninterrupted access to each application on any type of device from everywhere. Therefore, organizations need not only speed and versatility, they also need what we call Availability.

In a recent study, Forrester states that the hybrid cloud will open unlimited possibilities for enterprises around the globe to enrich their offerings through a customer-centric approach. The cloud storage deployments are evolving from simple storage silos and low-cost archiving to covering more complex use cases like global namespaces and policy-based migration.

If you thought cloud was already popular, just give it a bit more time. Hybrid cloud storage is now able to combine on-premises applications with cloud-based services, and this is only going to bring a whole lot more benefits for organizations:business agilityscalability and improved data sharing. Just think about it: a few years ago, cloud was more of a personal tool, mainly used to store documents and other files, but look at where it is today! The hybrid cloud technologies now support remote office/branch office operations (ROBO), Disaster Recovery as a Service (DRaaS), the internet of things, file sync and share, and pretty much anything related to business technology.

While many organizations are migrating from expensive conventional storage systems to cloud-based systems — and this is the natural step of the IT evolution — it’s important to acknowledge that the cloud is not all milk and honey. There are a few considerations that you might need to deal with: security, regulatory compliance or long-distance data migration. However, the overall value of adopting the cloud is immeasurable, and its full-scale adoption is already happening.

Veeam enables modern organizations to deliver seamless digital life experiences to their customers through the Veeam Availability Platform, which integrates virtual, physical and cloud-based workloads. Embracing a hybrid cloud architecture opens new possibilities for both our customers and service provider partners looking to leverage the rapidly-evolving cloud computing best practices and adopting the next generation of Availability for the Always-On Enterprise.

The same report claims that “Cloud forces a new architectural approach to everything.” Of course, adopting a hybrid cloud architecture requires a new mindset, but the cloud will play a major role in our digital future, that’s for sure.

To find out more about the hybrid cloud and its benefits, I recommend you read the Hybrid Cloud is the Foundation for Storage Agility and Economics full report by Forrester.


This article was provided by our service partner Veeam.

ransomware attack

Is Your Organization Ready to Defend Against Ransomware Attacks?

Without question, cybercrime is escalating and ransomware attacks and threats abound. Learn how to defend against ransomware, how infection can occur and how you can fight back.

Cybercrime is reaching unprecedented heights. And with the recent “WannaCry” ransomware attack, cyberthreats are back at the top of every IT department’s list of priorities and concerns. Unfortunately, it’s a trend that is unlikely to be curbed anytime soon. Cybersecurity communities have estimated that the total cost of cybercrime damage worldwide is estimated at $6 Trillion annually by the end of 2021, forcing more and more businesses to invest in cybersecurity spending on products and services to protect their business critical data from potential ransomware attacks.

Here I’ll talk more about what ransomware is, how infections can occur and how your business can be more prepared to defend against potential attacks.

What is ransomware?

Ransomware is typically defined as a subset of malware where the data on a victim’s computer becomes inaccessible and payment is demanded (usually in the form of bitcoin or other cryptocurrencies), before the data is decrypted and the victim can re-access their files.

Ransomware attacks can present themselves in a variety of forms but Microsoft Malware Protection Center explains that the two most widespread ransomware families to be reported in 2016/17 were:

  • Lock-screen ransomware
  • Encryption ransomware

Typically, lock-screen ransomware will present victims with a full-screen message which then prohibits the user from accessing their PC or files, until a payment is made. Whereas encryption ransomware will modify the data files via encryption methods so that the victim cannot open them again. In both cases, the attackers are in total control and demand large sums of money to access or unlock the files.

How does a ransomware infection occur?

On average, most ransomware infections occur through email messages carrying Trojans that attempt to install ransomware when opened by victims, or alternatively, websites that attempt to exploit vulnerabilities in the victim’s browser before infecting the system with ransomware.

Multiple high-profile incidents in 2016/17 alone, have demonstrated the destruction ransomware attacks can have on enterprise networks just as easily as on individual PCs.  For example, EternalBlue (a Windows exploit) released by the mysterious hacking group Shadow Brokers in April 2017 breached spy tools at the National Security Agency (NSA) and offered stolen data for auction, and the WannaCry strain targeted thousands of targets including the National Health Service in the UK (in total netting ~52 bitcoins or around $130,000 worth of ransom).

Not to mention many other widespread strains of ransomware including Petya, Nyetya, Goldeneye, Vault 7, Macron which have had devastating effects on countries, enterprises, election debates and individuals around the world. Attacking enterprise networks in this manner, is even becoming even more attractive because of the value of the files and data that large enterprises own means attackers can demand higher monetary values for ransom.

How to fight back

The increasing threats of ransomware attack should come as no surprise, because in reality organizations have always been under threat from malicious cyberattacks, viruses and ransomware, just more so now than ever before, and IT managers should continually be looking for ways to better protect their valuable data. Therefore, it is essential that your organization has a plan in place to defend against such attacks, minimize financial impact, reduce IT impact and maintain brand reputation.

The industry recognized recommendations suggest organizations follow the simple 3-2-1 rule and the implementation of a strong security plan. The goal of the 3-2-1 rule is to provide customers with a data protection solution that maximizes application uptime, and data availability in the event of a disaster striking.

With the proper execution of the 3-2-1 backup principles, IT managers can protect their data by:

  • Maintaining 3 copies of data (primary data and two copies)
  • Store backup copies on 2 different media types (such as tape, disk, secondary storage or cloud)
  • Keep 1 copy off-site (either on tape or in the cloud, since disasters can strike without notice, if all other forms of protection fail, you still have access to offline data!)

 

Windows 7

Windows 7 EOL timebomb identified

Latest figures reveal Microsoft is still struggling to shift people off Windows 7. Will it be the XP End of Life drama all over again?

The number of people still using Windows 7 could lead to a problem when it eventually goes out of support, with even the well-received Windows 10 failing to convince a majority of users to upgrade.

Hospitals, and the police in particular have been slow to give up Windows XP, despite it being out of support and hence vulnerable to new forms of attack.

The latest Netmarketshare figures from Net Applications reveal the picture two years on from the launch of Microsoft Windows 10.

here are the latest month on month figures:

Windows 7: 48.43 (-0.48), Windows 10: 27.99 (+0.36), Windows XP, 6.07 (-0.03), Windows 8.x: 7.42 (-0.35), Mac OS 13 Beta: 0.02 (no change), Mac OS 12 (stable): 3.59 (+0.07), Mac OS 11: 1.09 (-0.08), Mac OS (older): 1.24.

Bottom line: Windows 90.37 percent of the market. Mac has 5.94 and Linux has taken a jump to 3.37 (0.84).

The only event of note – it has been quiet, as relatively few devices are released over the summer – is that there are now the same percentage of people using Windows 8.1 as there are Windows XP – 6.07.

So how is Windows 10 is actually doing? At launch, Microsoft stated it was aiming for 2 billion machines in its first two years. The fact it hasn’t achieved that even allowing for IoT and XBox devices, as well as a host of other new form factors, is obvious, but it was a big goal in the first place.

When the first figures came out, a few days after launch, Windows 10 was already sitting at 0.39 percent, thanks to the early adopters program. A year later, it sat at 22.99, as the free upgrade offer finished.

Microsoft would have had egg on their faces, had they extended the offer, but nevertheless, progress since has been slow. Today’s 27.99 means that just a five percent shift has moved to Windows 10 since the end of the freebie.

When you consider all the devices that Windows 10 is on besides desktops, that’s a pretty unhealthy figure. The last public figure that Terry Myerson gave was 500,000 devices. That’s just not good enough, and whatever Microsoft’s notoriously oily marketing people tell you, it remains a long way from where the company would hope to be.

Microsoft has actually increased its market share overall – It was 90.37 percent for August, up from 88.74 two years ago. But it’s actually down a tiny fragment on this time last year, where it was at 90.39.

So where is all this coming from? Well we can’t look to Windows 8.x which now has less than half the users of two years ago (from 15.86 to 7.42). And XP has dropped by a similar figure (from 13.09 to 6.07).

The issue is Windows 7. People and more especially businesses are still refusing to give it up. It has lost its market share – down from 60.75 in August 2015 to 48.43 percent in August 2017. But again – it’s actually UP on this time last year, where it was at 47.25.

So Microsoft’s increase market share seems to be down to the continuing success of an eight-year old operating system that has been superseded twice. In other words, come 2020, we’re going to have the XP debacle all over again.

And it’s not just Windows. Mac OS has actually fragmented in the past two years. The number of people of Mac OS has dropped from 7.66 to 5.85. Linux on the other hand continues to bloom in its own tiny way, going from 1.68 to 3.37.

There’s no question that the last two years have seen a tremendous change in the market – not least of all, the variety of form factors and new players such as Chrome OS, which isn’t included here for logistical reasons.

But the key problem remains, if Microsoft can’t shift people off Windows 7, without annoying them in the process, then we’re setting ourselves up for another End of Life timebomb.

Good Bye, VMware vSphere Web Client

VMware has announced to deprecate the Flash-based vSphere Web Client with the next numbered release (not update release) of vSphere. The next version of vSphere will be the terminal release for which vSphere Web Client will be available.

Since vSphere web client is based on Adobe flash technology, It results in less than ideal performance as compared to HTML5 based vSphere client and also has constant update requirements. Additionally, Adobe also has recently announced plans to deprecate Flash.

vsphere web client

Currently we have two variants of the vSphere GUIs which includes the vSphere Web Client and HTML5-based vSphere Client in vSphere 6.5 to manage the operation of virtual datacenter.

With the decommissioning of windows based vSphere client, VMware also introduced the HTML5 based vSphere client with vSphere 6.5. Which provides the solid performance as compared to the vSphere web client. The vSphere Client was introduced first in the Fling, then supported with vSphere 6.5. Since its introduction, the vSphere Client has received positive responses from the vSphere community and customer base.

With the recently released vSphere 6.5 Update 1, the vSphere Client got even better and is now able to support most of the frequently performed operations. With each iteration of the vSphere Client additional improvements and functionality are being added.

By the time the vSphere Web Client is deprecated, the vSphere Client will be full featured but with significantly better responsiveness and usability.

The HTML based vSphere Client will be the primary GUI administration tool for vSphere environments starting in the next release. It is recommended that customers should start transitioning over to the HTML5 based vSphere Client as the vSphere Web Client will no longer be available after the next vSphere release. This announcement from VMware gives ample time to customers to prepare for the eventual vSphere Web Client deprecation.