The hottest word in IT is automation. More and more companies are using automated technology to speed up repetitive tasks, improve consistency and efficiency, and free up employees’ time. But what exactly is IT automation, and is it worth making changes so you can include it in your IT department or company? By looking at all the facts, options, and benefits, you can make an informed decision and maximize the potential of IT automation for your team.
What is IT Automation?
IT automation is a set of tools and technologies that perform manual, repetitive tasks involving IT systems. In other words, it’s software that carries out information technology tasks without the need for human intervention. IT automation plays an essential role in proactive service delivery, allowing you to provide faster, more effective technology services to your clients. It can also create, implement, and operate applications that keep your business running smoothly.
Businesses today are increasingly turning to IT automation as a method that saves time and improves accuracy, among other benefits. IT automation can apply to a number of different processes, from configuration management to security and alerting. Regardless of what type of technology services you offer—whether it’s managed print services, value-added reselling, internal IT, or managed services—there’s always room for automation within your company.
What Are the Benefits of IT Automation?
Being a time-saver is where IT automation offers the most benefits. As Information Age reports, employees lose an average of 19 working days per year to repetitive tasks like data entry and processing—things that could easily be automated.
By handling redundant tasks automatically, IT automation eliminates the need for techs to spend hours creating tickets, configuring application systems, and performing other tedious functions. As a result, your team can turn their attention to higher priority tasks. And while that will probably come as a relief to your employees, that’s not where the benefits end.
Automating repetitive tasks allows your team to handle more, which enables you to bring on more clients and reduce the need to hire additional employees. In other words, IT automation means you can do more with less.
Technology professionals that use IT automation tend to see a weekly billing average in the 40- to 100-hour range, meaning the automation software performs that many hours of human labor per week. Breaking that down, it translates to the work of one to two and a half full-time employees. Unlike employees, the automation system performs at a fixed cost and never takes a holiday or sick leave. It’s always doing its job.
Of course, we’re not suggesting that IT automation should replace human employees. Rather, it helps employees perform their jobs with greater power and accuracy. It pushes the boundaries of what your team can achieve.
Another benefit of IT automation is simply your peace of mind. As an entrepreneur and/or a manager, it can be hard to hand over all your IT tasks to an employee, and trust that they’ll get the job done. You may feel the need to remind them or check in regularly to see their progress, and that in itself can take up time. With IT automation, all of that is taken care of, which means you can turn your attention to higher pursuits.
Many IT automation systems handle everything from one platform, which greatly improves organization and cross-department visibility. You’ll be able to access all the information you need quickly and seamlessly from one location. And you’ll be able to check in with other departments via a few simple clicks.
You’ve heard that consistency is key. A good IT automation strategy allows you to provide a consistent customer experience. By monitoring workflow, it also ensures that no steps are missed in the delivery process. Since everything is handled automatically, IT automation also cuts down on response times, leading to quicker customer interactions and a more efficient process from start to finish. Needless to say, consistency and a high level of accuracy really are key to satisfying customers, and an improved customer satisfaction rate means more business for your company.
What Are the Risks of Not Automating?
Even if you haven’t yet made the decision to automate, you can safely assume most of your competitors already have. Automation is quickly changing the face of the IT world. In a 2017 study by Smartsheet— which surveyed approximately 1,000 information workers—65 percent reported using automation in their daily work, while 28 percent said their company plans to start using automation in the future. Clearly, if you’re not currently using IT automation, you’re already falling behind the competition.
Companies using automation have discovered that it saves significant time—and that time translates to money. As an example, let’s look at the time an average IT department pours into reactive tickets. If we assume that a technician creates 20 tickets a day, that’s about 100 tickets per week, or 5,000 per year. If automation would allow a tech to save three minutes per ticket by saving them from manually re-entering information, and the billable rate is $125/hour, that translates to $31,250 a year in savings—per technician. Imagine the difference it could make to your bottom line if all your technicians were leveraging automation.
Which Tasks Should You Automate?
If you’re considering automating a certain task, that task should meet the following criteria: It can be resolved consistently through documented steps; and the solution can be performed without accessing the user interface. Once you’ve decided which tasks to automate, the next step is to decide which automation systems to implement.
How to Automate IT
The prevalence of automation in the IT industry today means there is a plethora of tools available to help you make the switch. Here are some of the most effective automated system solutions for IT teams.
RMM
RMM (remote monitoring and management) is a software that allows you to monitor devices, networks, and client endpoints remotely and proactively. Like most IT systems, RMM tools are basically automation engines that can reproduce processes and solve cause and effect situations.
A bonus of RMM software is that it can monitor client devices and detect issues proactively. RMM will then create a ticket for the issue, and your tech team can address it before the issue even comes to the client’s attention. RMM also allows your team to manage more endpoints, greatly increasing productivity.
PSA / Workflow Rules
A PSA (professional services automation) is a system for automating business management tasks. By establishing workflow rules, or automated, repeatable processes, you can program the software to perform certain tasks, like reminding clients of contract renewals or license expirations.
Using workflow rules can greatly simplify the process of managing tickets and service tasks. When it comes to workflow, there are three basic types to focus on for service delivery:
- Status workflow sends a notification when a ticket status changes to a specific value.
- Escalation workflow defines the steps to be taken based on the conditions of a ticket.
- Auto resolution workflow keeps tickets from piling up by creating auto-closure timeframes for alerts that are informational or historical.
Many companies benefit from combining PSA and RMM solutions. For example, based on the real-time alerts you receive in your RMM software, you can automatically generate and manage service tickets in your PSA software, and thereby respond to customer needs more quickly than ever.
Whether or not you need to ticket everything that the RMM software generates is a highly debated topic, but it all comes down to the idea of information. With the right data, you can predict problems before they occur and simplify the troubleshooting process. You’ll have all the info you need about each client, and you’ll be able to see supported devices, service history, and other details. Perhaps best of all, you won’t waste time hunting around for that information. You can simply pull up the ticket and find everything you need, which translates to a faster turnaround and the ability to quickly move on to the next client.
Remote Support and Access
Remote support and access software can integrate with RMM and PSA solutions to help you rectify tech issues, track time and activity onto a ticket, and quickly find that information later while auditing. In effect, remote support and access acts as a bridge between you, your end users, and their devices. Provided the endpoint is online, this software allows you to deliver fast and secure reactive services. Remote support and access can help you both work directly with a customer and remotely access unattended devices. It’s a way to solve issues more quickly from a remote location.
Marketing Automation / CRM Capabilities
The average marketer spends nearly one-third of the work week completing repetitive tasks, according to a study conducted by HubSpot. Those tasks include gathering and organizing data, emailing clients, building landing pages, and managing lists. With a marketing automation tool, you can greatly reduce that number and free up your marketers to spend their time and energy on more high-level tasks.
Marketing automation can help you easily build emails and landing pages, score new leads for sales readiness, and access and understand your marketing metrics to accurately measure the success of your efforts. The best marketing automation software integrates with your PSA tools for centralized information you can access quickly.
With an automated CRM (customer relationship management) system, you’ll be able to set reminders for your sales team, alerting them to complete tasks like following up with prospects so they can move steadily through the sales funnel, and close deals on track.
Quote and Proposal Automation
Also known as a CPQ (configure, price, quote) tool, quote and proposal automation imbues your sales process with greater visibility and accountability. Think of it as a second brain for your sales team—empowering you to turn leads into happy new clients.
With pre-defined templates and pricing models, you’ll achieve a high level of consistency across your sales team. You’ll also save yourself the time of manual calculations, especially if you offer clients the same markup with each quote—and you’ll eliminate the risk of making a costly miscalculation.
Plus, pricing integrations allow you to find and incorporate hardware pricing in seconds, without taking the time to manually check different sources and pull the results into your proposal.
Document Your Automation
After successfully implementing IT automation software, your work isn’t done. It’s important to also document your automation campaign, for a number of reasons.
For one thing, documentation will help significantly when you need to train new team members. And if one of your staff takes a vacation or sick day, clear documentation ensures the rest of your team will be able to quickly fill in.
Documentation will also help your clients see the value of your services. As they assess whether your service is cost-effective or not, a deciding factor can be the efficiency with which you run your business. If you’re using industry-leading automation to run the most effective business possible, that gives you a competitive advantage. And if you’ve documented your automation from beginning to end, you’ll have a record of improvements and stats you can rely on to help inform clients of your company’s high standards.
It’s also important to be aware of the new capabilities automation brings. For instance, if you can tell a client that you proactively monitor for low disk space on their servers and workstations, and that you’ll automatically free wasted drive space to avoid system outages, you’ve already made an impression.
The main point to get across to clients is that your team is constantly looking for ways to provide more proactive and efficient IT solutions. When used and communicated effectively, automation can be key to achieving that element of trust that leads to delighted clients and fulfilled team members.
This article was provided by our service partner : Connectwise.
IT Automation and Why Should You Use It?
The hottest word in IT is automation. More and more companies are using automated technology to speed up repetitive tasks, improve consistency and efficiency, and free up employees’ time. But what exactly is IT automation, and is it worth making changes so you can include it in your IT department or company? By looking at all the facts, options, and benefits, you can make an informed decision and maximize the potential of IT automation for your team.
What is IT Automation?
IT automation is a set of tools and technologies that perform manual, repetitive tasks involving IT systems. In other words, it’s software that carries out information technology tasks without the need for human intervention. IT automation plays an essential role in proactive service delivery, allowing you to provide faster, more effective technology services to your clients. It can also create, implement, and operate applications that keep your business running smoothly.
Businesses today are increasingly turning to IT automation as a method that saves time and improves accuracy, among other benefits. IT automation can apply to a number of different processes, from configuration management to security and alerting. Regardless of what type of technology services you offer—whether it’s managed print services, value-added reselling, internal IT, or managed services—there’s always room for automation within your company.
What Are the Benefits of IT Automation?
Being a time-saver is where IT automation offers the most benefits. As Information Age reports, employees lose an average of 19 working days per year to repetitive tasks like data entry and processing—things that could easily be automated.
By handling redundant tasks automatically, IT automation eliminates the need for techs to spend hours creating tickets, configuring application systems, and performing other tedious functions. As a result, your team can turn their attention to higher priority tasks. And while that will probably come as a relief to your employees, that’s not where the benefits end.
Automating repetitive tasks allows your team to handle more, which enables you to bring on more clients and reduce the need to hire additional employees. In other words, IT automation means you can do more with less.
Technology professionals that use IT automation tend to see a weekly billing average in the 40- to 100-hour range, meaning the automation software performs that many hours of human labor per week. Breaking that down, it translates to the work of one to two and a half full-time employees. Unlike employees, the automation system performs at a fixed cost and never takes a holiday or sick leave. It’s always doing its job.
Of course, we’re not suggesting that IT automation should replace human employees. Rather, it helps employees perform their jobs with greater power and accuracy. It pushes the boundaries of what your team can achieve.
Another benefit of IT automation is simply your peace of mind. As an entrepreneur and/or a manager, it can be hard to hand over all your IT tasks to an employee, and trust that they’ll get the job done. You may feel the need to remind them or check in regularly to see their progress, and that in itself can take up time. With IT automation, all of that is taken care of, which means you can turn your attention to higher pursuits.
Many IT automation systems handle everything from one platform, which greatly improves organization and cross-department visibility. You’ll be able to access all the information you need quickly and seamlessly from one location. And you’ll be able to check in with other departments via a few simple clicks.
You’ve heard that consistency is key. A good IT automation strategy allows you to provide a consistent customer experience. By monitoring workflow, it also ensures that no steps are missed in the delivery process. Since everything is handled automatically, IT automation also cuts down on response times, leading to quicker customer interactions and a more efficient process from start to finish. Needless to say, consistency and a high level of accuracy really are key to satisfying customers, and an improved customer satisfaction rate means more business for your company.
What Are the Risks of Not Automating?
Even if you haven’t yet made the decision to automate, you can safely assume most of your competitors already have. Automation is quickly changing the face of the IT world. In a 2017 study by Smartsheet— which surveyed approximately 1,000 information workers—65 percent reported using automation in their daily work, while 28 percent said their company plans to start using automation in the future. Clearly, if you’re not currently using IT automation, you’re already falling behind the competition.
Companies using automation have discovered that it saves significant time—and that time translates to money. As an example, let’s look at the time an average IT department pours into reactive tickets. If we assume that a technician creates 20 tickets a day, that’s about 100 tickets per week, or 5,000 per year. If automation would allow a tech to save three minutes per ticket by saving them from manually re-entering information, and the billable rate is $125/hour, that translates to $31,250 a year in savings—per technician. Imagine the difference it could make to your bottom line if all your technicians were leveraging automation.
Which Tasks Should You Automate?
If you’re considering automating a certain task, that task should meet the following criteria: It can be resolved consistently through documented steps; and the solution can be performed without accessing the user interface. Once you’ve decided which tasks to automate, the next step is to decide which automation systems to implement.
How to Automate IT
The prevalence of automation in the IT industry today means there is a plethora of tools available to help you make the switch. Here are some of the most effective automated system solutions for IT teams.
RMM
RMM (remote monitoring and management) is a software that allows you to monitor devices, networks, and client endpoints remotely and proactively. Like most IT systems, RMM tools are basically automation engines that can reproduce processes and solve cause and effect situations.
A bonus of RMM software is that it can monitor client devices and detect issues proactively. RMM will then create a ticket for the issue, and your tech team can address it before the issue even comes to the client’s attention. RMM also allows your team to manage more endpoints, greatly increasing productivity.
PSA / Workflow Rules
A PSA (professional services automation) is a system for automating business management tasks. By establishing workflow rules, or automated, repeatable processes, you can program the software to perform certain tasks, like reminding clients of contract renewals or license expirations.
Using workflow rules can greatly simplify the process of managing tickets and service tasks. When it comes to workflow, there are three basic types to focus on for service delivery:
Many companies benefit from combining PSA and RMM solutions. For example, based on the real-time alerts you receive in your RMM software, you can automatically generate and manage service tickets in your PSA software, and thereby respond to customer needs more quickly than ever.
Whether or not you need to ticket everything that the RMM software generates is a highly debated topic, but it all comes down to the idea of information. With the right data, you can predict problems before they occur and simplify the troubleshooting process. You’ll have all the info you need about each client, and you’ll be able to see supported devices, service history, and other details. Perhaps best of all, you won’t waste time hunting around for that information. You can simply pull up the ticket and find everything you need, which translates to a faster turnaround and the ability to quickly move on to the next client.
Remote Support and Access
Remote support and access software can integrate with RMM and PSA solutions to help you rectify tech issues, track time and activity onto a ticket, and quickly find that information later while auditing. In effect, remote support and access acts as a bridge between you, your end users, and their devices. Provided the endpoint is online, this software allows you to deliver fast and secure reactive services. Remote support and access can help you both work directly with a customer and remotely access unattended devices. It’s a way to solve issues more quickly from a remote location.
Marketing Automation / CRM Capabilities
The average marketer spends nearly one-third of the work week completing repetitive tasks, according to a study conducted by HubSpot. Those tasks include gathering and organizing data, emailing clients, building landing pages, and managing lists. With a marketing automation tool, you can greatly reduce that number and free up your marketers to spend their time and energy on more high-level tasks.
Marketing automation can help you easily build emails and landing pages, score new leads for sales readiness, and access and understand your marketing metrics to accurately measure the success of your efforts. The best marketing automation software integrates with your PSA tools for centralized information you can access quickly.
With an automated CRM (customer relationship management) system, you’ll be able to set reminders for your sales team, alerting them to complete tasks like following up with prospects so they can move steadily through the sales funnel, and close deals on track.
Quote and Proposal Automation
Also known as a CPQ (configure, price, quote) tool, quote and proposal automation imbues your sales process with greater visibility and accountability. Think of it as a second brain for your sales team—empowering you to turn leads into happy new clients.
With pre-defined templates and pricing models, you’ll achieve a high level of consistency across your sales team. You’ll also save yourself the time of manual calculations, especially if you offer clients the same markup with each quote—and you’ll eliminate the risk of making a costly miscalculation.
Plus, pricing integrations allow you to find and incorporate hardware pricing in seconds, without taking the time to manually check different sources and pull the results into your proposal.
Document Your Automation
After successfully implementing IT automation software, your work isn’t done. It’s important to also document your automation campaign, for a number of reasons.
For one thing, documentation will help significantly when you need to train new team members. And if one of your staff takes a vacation or sick day, clear documentation ensures the rest of your team will be able to quickly fill in.
Documentation will also help your clients see the value of your services. As they assess whether your service is cost-effective or not, a deciding factor can be the efficiency with which you run your business. If you’re using industry-leading automation to run the most effective business possible, that gives you a competitive advantage. And if you’ve documented your automation from beginning to end, you’ll have a record of improvements and stats you can rely on to help inform clients of your company’s high standards.
It’s also important to be aware of the new capabilities automation brings. For instance, if you can tell a client that you proactively monitor for low disk space on their servers and workstations, and that you’ll automatically free wasted drive space to avoid system outages, you’ve already made an impression.
The main point to get across to clients is that your team is constantly looking for ways to provide more proactive and efficient IT solutions. When used and communicated effectively, automation can be key to achieving that element of trust that leads to delighted clients and fulfilled team members.
This article was provided by our service partner : Connectwise.
Another Intel Vulnerability Discovered: Hello L1TF!
Did you know security exploits have a lifecycle? Since Intel announced Meltdown and Spectre earlier this year, they have expanded their bug bounty program to support and accelerate the identification of new exploit methods. Through this process they discovered a new derivative of original vulnerabilities. The new L1 Terminal Fault (L1TF) vulnerability involves a security hole in the CPU’s L1 data cache, a small pool of memory within each processor core that helps determine what action it should take next. This type of exploit is similar to its predecessors and Intel, along with other chipmakers, are impacted.
Intel and other industry partners have not seen any reports of this method being used in real-world exploits.
Be Prepared
IT professionals can safeguard systems against potential exploits with mitigations that have already been deployed and are available today. Previously released updates are expected to lower risk of data exposure for non-virtualized operating systems, however virtual machines are more susceptible. Intel suggests additional safeguards for virtual environments, like turning off hyper-threading in some scenarios and enabling specific hypervisor core scheduling features. There are concerns around varied performance impact with these fixes however. Intel and other industry partners are working towards additional options for addressing mitigation efforts.
Now, more than ever, it’s important to adhere to security best practices like keeping systems up-to-date through patch management of operating systems and third-party applications.
Microsoft LAPS deployment and configuration guide
If you haven’t come across the term “LAPS” before, you might wonder what it is. The acronym stands for the “Local Administrator Password Solution.” The idea behind LAPS is that it allows for a piece of software to generate a password for the local administrator and then store that password in plain text in an Active Directory (AD) attribute.
Storing passwords in plain text may sound counter to all good security practices, but because LAPS using Active Directory permissions, those passwords can only be seen by users that have been given the rights to see them or those in a group with rights to see them.
The main use case here shows that you can freely give out the local admin password to someone who is travelling and might have problems logging in using cached account credentials. You can then have LAPS request a new password the next time they want to talk to an on-site AD over a VPN.
The tool is also useful for applications that have an auto login capability. The recently released Windows Admin Center is a great example of this:
To set up LAPS, there are a few things you will need to do to get it working properly.
Download LAPS
LAPS comes as an MSI file, which you’ll need to download and install onto a client machine, you can download it from Microsoft.
Schema change
LAPS needs to add two attributes to Active Directory, the administrator password and the expiration time. Changing the schema requires the LAPS PowerShell component to be installed. When done, launch PowerShell and run the commands:
Import-module AdmPwd.PSUpdate-AdmPwdADSchemaYou need to run these commands while logged in to the network as a schema admin.
Install the LAPS group policy files
The group policy needs to be installed onto your AD servers. The *.admx file goes into the “windows\policydefintions” folder and the *.adml file goes into “\windows\policydefinitions\[language]”
Once installed, you should see a LAPS section in GPMC under Computer configuration -> Policies -> Administrative Templates -> LAPS
The four options are as follows:
Password settings — This lets you set the complexity of the password and how often it is required to be changed.
Name of administrator account to manage — This is only required if you rename the administrator to something else. If you do not rename the local administrator, then leave it as “not configured.”
Do not allow password expiration time longer than required by policy — On some occasions (e.g. if the machine is remote), the device may not be on the network when the password expiration time is up. In those cases, LAPS will wait to change the password. If you set this to FALSE, then the password will be changed regardless of it can talk to AD or not.
Enable local password management — Turns on the group policy (GPO) and allows the computer to push the password into Active Directory.
The only option that needs to be altered from “not configured” is the “Enable local admin password management,” which enables the LAPS policy. Without this setting, you can deploy a LAPS GPO to a client machine and it will not work.
Assign permissions to groups
Now that the schema has been extended, the LAPS group policy needs to be configured and permissions need to be allocated. The way I do this is to setup an organizational until (OU), where computers will get the LAPS policy and a read-only group and a read/write group.
Because LAPS is a push process, (i.e. because the LAPS client on the computer is the one to set the password and push it to AD) the computer’s SELF object in AD needs to have permission to write to AD.
The PowerShell command to allow this to happen is:
Set-AdmPwdComputerSelfPermission -OrgUnit <name of the OU to delegate permissions>To allow helpdesk admins to read LAPS set passwords, we need to allow a group to have that permission. I always setup a “LAPS Password Readers” group in AD, as it makes future administration easier. I do that with this line of PowerShell:
Set-AdmPwdReadPasswordPermission -OrgUnit <name of the OU to delegate permissions> -AllowedPrincipals <users or groups>The last group I set up is a “LAPS Admins” group. This group can tell LAPS to reset a password the next time that computer connects to AD. This is also set by PowerShell and the command to set it is:
Set-AdmPwdResetPasswordPermission -OrgUnit <name of the OU to delegate permissions> -AllowedPrincipals <users or groups>Once the necessary permissions have been set up, you can move computers into the LAPS enabled OU and install the LAPS DLL onto those machines.
LAPS DLL
Now that the OU and permissions have been set up, the admpwd.dll file needs to be installed onto all the machines in the OU that have the LAPS GPO assigned to it. There are two ways of doing this. First, you can simply select the admpwd dll extension from the LAPS MSI file.
Or, you can copy the DLL (admpwd.dll) to a location on the path, such as “%windir%\system32”, and then issue a
regsvr32.exe AdmPwd.dllcommand. This process can also be included into a GPO start-up script or a golden image for future deployments.Now that the DLL has been installed on the client, a
gpupdate /forceshould allow the locally installed DLL to do its job and push the password into AD for future retrieval.Retrieving passwords is straight forward. If the user in question has at least the LAPS read permission, they can use the LAPS GUI to retrieve the password.
The LAPS GUI can be installed by running the setup process and ensuring that “Fat Client UI” is selected. Once installed, it can be run just by launching the “LAPS UI.” Once launched, just enter the name of the computer you want the local admin password for and, if the permissions are set up correctly, you will see the password displayed.
If you do not, check that that the GPO is being applied and that the permissions are set for the OU where the user account is configured.
Troubleshooting
Like anything, LAPS can cause a few quirks. The two most common quirks I see include when staff with permissions cannot view passwords and client machines do not update the password as required.
The first thing to check is that the admpwd.dll file is installed and registered. Then, check that the GPO is applying to the server that you’re trying to change the local admin password on with the command
gpresult /r. I always like to give applications like LAPS their own GPO to make this sort of troubleshooting much easier.Next, check that the GPO is actually turned on. One of the oddities of LAPS is that it is perfectly possible to set everything in the GPO and assign the GPO to an OU, but it will not do anything unless the “Enable Local password management” option is enabled.
If there are still problems, double check that the permissions that have been assigned. LAPS won’t error out, but the LAPS GUI will just show a blank for the password, which could mean that either the password has not been set or that the permissions have not been set correctly.
You can double check permissions using the extended attribute section of windows permissions. You can access this by launching Active Directory users and computers -> Browse to the computer object -> Properties -> Security -> Advanced
Double click on the security principal:
Scroll down and check that both Read ms-Mcs-AdmPwd and Write ms-Mcs-admpwd are ticked.
In summary, LAPS works very well and it is a great tool for deployment to servers, especially laptops and the like. It can be a little tricky to get working, but it is certainly worth the time investment.
6 Steps to Build an Incident Response Plan
According to the Identity Theft Research Center, 2017 saw 1,579 data breaches—a record high, and an almost 45 percent increase from the previous year. Like many IT service providers, you’re probably getting desensitized to statistics like this. But you still have to face facts: organizations will experience a security incident sooner or later. What’s important is that you are prepared so that the impact doesn’t harm your customers or disrupt their business.
Although, there’s a new element that organizations—both large and small—have to worry about: the “what.” What will happen when I get hacked? What information will be stolen or exposed? What will the consequences look like?
While definitive answers to these questions are tough to pin down, the best way to survive a data breach is to preemptively build and implement an incident response plan. An incident response plan is a detailed document that helps organizations respond to and recover from potential—and, in some cases, inevitable—security incidents. As small- and medium-sized businesses turn to managed services providers (MSPs) like you for protection and guidance, use these six steps to build a solid incident response plan to ensure your clients can handle a breach quickly, efficiently, and with minimal damage.
Step 1: Prepare
The first phase of building an incident response plan is to define, analyze, identify, and prepare. How will your client define a security incident? For example, is an attempted attack an incident, or does the attacker need to be successful to warrant response? Next, analyze the company’s IT environment and determine which system components, services, and applications are the most critical to maintaining operations in the event of the incident you’ve defined. Similarly, identify what essential data will need to be protected in the event of an incident. What data exists and where is it stored? What’s its value, both to the business and to a potential intruder? When you understand the various layers and nuances of importance to your client’s IT systems, you will be better suited to prepare a templatized response plan so that data can be quickly recovered.
Treat the preparation phase as a risk assessment. Be realistic about the potential weak points within the client’s systems; any component that has the potential for failure needs to be addressed. By performing this assessment early on, you’ll ensure these systems are maintained and protected, and be able to allocate the necessary resources for response, both staff and equipment—which brings us to our next step.
Step 2: Build a Response Team
Now it’s time to assemble a response team—a group of specialists within your and/or your clients’ business. This team comprises the key people who will work to mitigate the immediate issues concerning a data breach, protecting the elements you’ve identified in step one, and responding to any consequences that spiral out of such an incident.
As an MSP, one of your key functions will sit between the technical aspects of incident resolution and communication between other partners. In an effort to be the virtual CISO (vCISO) for your clients’ businesses, you’ll likely play the role of Incident Response Manager who will oversee and coordinate the response from a technical and procedural perspective.
Step 3: Outline Response Requirements and Resolution Times
From the team you assembled in step two, each member will play a role in detecting, responding, mitigating damage, and resolving the incident within a set time frame. These response and resolution times may vary depending on the type of incident and its level of severity. Regardless, you’ll want to establish these time frames up front to ensure everyone is on the same page.
Ask your clients: “What will we need to contain a breach in the short term and long term? How long can you afford to be out of commission?” The answers to these questions will help you outline the specific requirements and time frame required to respond to and resolve a security incident.
If you want to take this a step further, you can create quick response guides that outline the team’s required actions and associated response times. Document what steps need to be taken to correct the damage and to restore your clients’ systems to full operation in a timely manner. If you choose to provide these guides, we suggest printing them out for your clients in case of a complete network or systems failure.
Step 4: Establish a Disaster Recovery Strategy
When all else fails, you need a plan for disaster recovery. This is the process of restoring and returning affected systems, devices, and data back onto your client’s business environment.
A reliable backup and disaster recovery (BDR) solution can help maximize your clients’ chances of surviving a breach by enabling frequent backups and recovery processes to mitigate data loss and future damage. Planning for disaster recovery in an incident response plan can ensure a quick and optimal recovery point, while allowing you to troubleshoot issues and prevent them from occurring again. Not every security incident will lead to a disaster recovery scenario, but it’s certainly a good idea to have a BDR solution in place if it’s needed.
Step 5: Run a Fire Drill
Once you’ve completed these first four steps of building an incident response plan, it’s vital that you test it. Put your team through a practice “fire drill.” When your drill (or incident) kicks off, your communications tree should go into effect, starting with notifying the PR, legal, executive leadership, and other teams that there is an incident in play. As it progresses, the incident response manager will make periodic reports to the entire group of stakeholders to establish how you will notify your customers, regulators, partners, and law enforcement, if necessary. Remember that, depending on the client’s industry, notifying the authorities and/or forensics activities may be a legal requirement. It’s important that the response team takes this seriously, because it will help you identify what works and which areas need improvement to optimize your plan for a real scenario.
Step 6: Plan for Debriefing
Lastly, you should come full circle with a debriefing. During a real security incident, this step should focus on dealing with the aftermath and identifying areas for continuous improvement. Take is this opportunity for your team to tackle items such as filling out an incident report, completing a gap analysis with the full team, and keeping tabs on post-incident activity.
No company wants to go through a data breach, but it’s essential to plan for one. With these six steps, you and your clients will be well-equipped to face disaster, handle it when it happens, and learn all that you can to adapt for the future.
This article was provided by our service partner : Webroot
Three Active Directory Automation Scripting Tips Using PowerShell
Active Directory is one of the most common products I see being automated. After all, it’s the perfect candidate. How many times do new users have to be created, group memberships changed, or new computers added? Employees are coming and going all the time, and the actions to perform these tasks are the same—every time.
Microsoft® has an Active Directory (AD) PowerShell module that allows anyone to manage AD objects and write scripts to tie various tasks together. However, with PowerShell expertise, we can create scripts that go past just finding users and groups. We can automate any task you can think of in AD.
Find All Effective Members of a Group
AD has a great feature that allows you to add groups to other groups. This cuts down on the number of repeated group assignments you have to make, and makes AD much cleaner. However, when navigating to a group in the AD Graphical User Interface (GUI), you can only see the members in that immediate group. You may see others, but you’ll have to look at the members of those groups over and over again.
It can become a pain when you want to see all of the affected user accounts, but we can solve that using a PowerShell code and a recursive function.
To find members of a group with PowerShell, use the Get-AdGroupMember cmdlet. This command returns all members in just that group. However, a property on each of those members is an AD attribute indicating if it’s a user, a group, etc. That way, we know what kind of object it is. Knowing this, we can build code to look at each of those members, check to see if they’re a group, and if so, run Get-AdGroupMember again. If not, we return the member.
We need to use a recursive function—a function that calls itself, forcing it to find user accounts nested deep inside of various groups. By using a recursive function like this, a user can be nested ten groups deep, and we’ll still find it.
An example of how this can be done is below. This function can be called via Get-NestedGroupMember -Group MyGroup.
function Get-NestedGroupMember { [CmdletBinding()] param ( [Parameter(Mandatory)] [string]$Group ) ## Find all members in the group specified $members = Get-ADGroupMember -Identity $Group foreach ($member in $members) { ## If any member in that group is another group just call this function again if ($member.objectClass -eq 'group') { Get-NestedGroupMember -Group $member.Name } else { ## otherwise, just output the non-group object (probably a user account) $member.Name } } }Easily Find Inactive Group Policy Objects
The next tip is finding inactive Group Policy Objects (GPOs). Especially in large organizations, GPOs can get out of hand and run wild unless controlled. Sometimes there ends up being dozens of GPOs created that aren’t doing anything at all. Rather than picking these out one at a time via the GUI, we can build a simple script to find them all in one shot.
There are two ways to define an inactive GPO. This GPO could have all of its settings disabled, or it could not be linked to an organizational unit. We can create a script to find both of these types. First, we’ll pull all of the GPOs in the environment:
$allGpos = Get-Gpo -All Once we have them all, we can then filter those GPOs by the ones that have all settings disabled: $disabledGpos = $allGpos | Where-Object { $_.GpoStatus -eq 'AllSettingsDisabled' } foreach ($oGpo in $disabledGpos) { [pscustomobject]@{ Name = $oGpo.DisplayName Status = 'Disabled' } }Next, we can find all GPOs that aren’t linked to an organizational unit. This is a little trickier, but nothing we can’t handle using the code below:
## Create an empty array $unlinkedGpos = @() foreach ($oGpo in $allGpos) { ## Gather up all settings in the GPO [xml]$oGpoReport = Get-GPOReport -Guid $oGpo.ID -ReportType xml; ## Only return the GPOs that don't have a LinksTo property meaning they aren't linked to an OU if ('LinksTo' -notin $oGpoReport.GPO.PSObject.Properties.Name) { [pscustomobject]@{ Name = $oGpo.DisplayName Status = 'Unlinked' } } } This script will return a list of GPOs that look like this: Name Status ---- ------ GPO1 Unlinked GPO2 Disabled GPO3 DisabledFind How Long Ago a User Reset Their Password
For my last tip, let’s figure out how long ago a user’s password was set. More specifically, let’s write a small script that will allow us to find only those users that have had their password set within a configurable amount of days.
This small script uses the Get-AdUser command and filters the users returned using the Where-Object command. In this example, we’re looking at the passwordlastset attribute for each user that is greater than 30 days ago.
$daysOld = 30 $today = Get-Date Get-AdUser -Filter { enabled -eq $true } -Properties passwordlastset | Where-Object { $_.passwordlastset -gt $today.AddDays(-$daysOld) }Summary
We’ve just skimmed the surface on what’s possible when automating with PowerShell and Active Directory. By leveraging Microsoft’s Active Directory module and stringing together commands with PowerShell, we’re able to come up with some interesting scripts.
HIPAA Compliance — It’s the law…
As an IT Managed Services provider, we’ve heard it all…. I mean, who wants to take on another initiative that is as ambiguous and costly as HIPAA Compliance. Besides, your staff don’t have the time to take on more roles and responsibilities.
There’s only one problem though. These rules and regulations are signed into Law. That means, you are breaking the law. So, where does that leave us? Well, there’s 2 options: 1) Roll the dice and hope you don’t get audited/fined when PHI info is lost/stolen 2) Have someone like NetCal help you be compliant quickly and easily.
You see, we are forced to understand/implement the compliance requirements because as a Business Associate, we are also liable for our client’s non-compliance. We’re in this together and we got your back. It’s actually not as bad as everyone thinks. In particular, we know which items are important to focus on and we know how to get your business in compliance via best practices, trainings, templates, etc…
NetCal will perform the following tasks for you:
1. Perform HIPAA, MACRA, and Meaningful Use Risk Assessment
2. Write your Policies and Procedures
3. Train your Employees
4. Maintain your documents in a web portal
5. Provide support in the event of an audit
High-level Summary of Tasks Needed
1. BAA signings
2. User Training
3. Risk Assessment
4. Create HIPAA Policies
5. Perform IT Discovery and Vulnerabilities list
6. Create Recommendation and Security Plan
Major sites still largely lax on prompting users towards safer password choices, study finds
A study assessed whether or not the most popular English-language websites help users strengthen their security by providing them with guidance on creating safer passwords during account sign-up or password-change processes.
Some of the Internet’s biggest names largely fall short of nudging users towards safer choices when they create or change their passwords, a study by the University of Plymouth has found.
Steven Furnell, Professor of Information Security at the United Kingdom-based university, recently conducted an examination of the password practices of Google, Facebook, Wikipedia, Reddit, Yahoo, Amazon, Twitter, Instagram, Microsoft Live, and Netflix. The results – summed up in a paper called Assessing website password practices – over a decade of progress? – actually follow up on previous runs of the same survey in 2007, 2011, and 2014.
So what are the results? In short, some of the world’s biggest online services “still allow people to use the word ‘password’, while others will allow single-character passwords and basic words including a person’s surname or a repeat of their user identity”.
In other words, although there have been modest improvements on some scores, the picture has remained largely unchanged over the years, according to the survey. That is notwithstanding the increased threat of cyberattacks and privacy breaches, along with the fact that countless people continue to make one of the most common security mistakes by picking atrocious passwords.
On a positive note, the number of wildly popular sites in English that allow you to use “password” as your, well, password has dropped over the years. Also, the number of services that enable you to add an extra safeguard on top of your password by supporting two-factor authentication (2FA) has increased from three to eight between 2011 and 2018.
Enforcement of password restrictions and availability of additional support (source: Assessing website password practices – over a decade of progress? via TechCrunch)
Of the ten online services under review (although their composition has not remained unchanged over the years), Google, Microsoft Live, and Yahoo were found to provide the best assistance to users in designing a strong password. This holds true both for the survey’s 2014 and 2018 editions.
On the flip side, Amazon fared the worst, both now and four years ago, having been joined by Reddit and Wikipedia as the worst performers in the study’s latest run.
Now, in the absence of clear and thorough guidance on some of the biggest websites themselves, be sure to read our pieces on how to avoid the perils of passwords, their reuse, and, indeed, how to ditch your password and use a passphrase instead.
In addition, we’ve also reported on The Digital Identity Guidelines, drafted by the US National Institute for Standards and Technology (NIST) last year, which among other things recommend that every password should be compared against a “black list” of unacceptable passwords. Such a “wall of shame” should include predictable and easily guessable passwords, passwords leaked in past breaches, dictionary words, and common phrases that users are known to pick.
This article was provided by our service partner : Eset
Windows 10 quality updates explained & the end of delta updates
With Windows 10, quality updates are cumulative. Installing the most recent update ensures that you receive any previous updates you may have missed. We used a cumulative update model to reduce ecosystem fragmentation, and to make it easier for IT admins and end users to stay up to date and secure. However, cumulative updates can prove challenging when it comes to the size of the update and the impact that size can have on your organization’s valuable network bandwidth.
When a new Windows 10 feature update is released, the first cumulative update is generally between 100-200 MB in size. Across all versions of Windows 10, cumulative updates grow as additional components and features get serviced, pushing the size to somewhere between 1-1.2 GB. Generally, this happens within the first 6-8 months after the release of a feature update.
To help you reduce the burden on your network bandwidth, yet still receive the same equivalent update, Microsoft designed three different update types:
Regardless of which type of update is installed on a device, that update is fully cumulative and installing the latest update will ensure that the device has all the necessary quality and security improvements.
This raises an important question: why make delta updates available if express updates are more optimized and don’t require the previous month’s update already be installed? Delta updates were originally created because the express update protocol was only available to devices connecting directly to Windows Update or Windows Server Update Services. In January 2017, the express protocol was extended to all 3rd party update management systems; however, we continued to ship delta updates to give companies and third-party update management tools time to implement support for express updates.
Currently delta updates are available for the following versions of Windows 10:
Now that express update support for third-party update managers has been available for over a year, we plan to stop shipping delta updates. Beginning February 12, 2019 Microsoft will end its practice of creating delta updates for all versions of Windows 10. Express updates are much smaller in size, and simplifying the cumulative options available will reduce complexity for IT administrators.
For more information on optimizing update bandwidth and more details about express updates, see Optimize Windows 10 update delivery. To learn more about Windows as a service, check out the new Windows as a service page on the Windows IT Pro Center.
3 Cyber Threats IT Providers Should Protect Against
With cybercrime damages set to cost the world $6 trillion annually by 2021, a new bar has been set for cyber threats security teams across industries to defend their assets. This rings especially true for IT service providers, who are entrusted to keep their clients’ systems and IT environments safe from cybercriminals. These clients are typically small and medium-sized businesses (SMBs), which are now the primary target of cyber threats and attacks. This presents a major opportunity for the managed service providers (MSPs) who serve them to emerge as the cybersecurity leaders their clients rely on to help them successfully navigate the threat landscape.
Before you can start providing cybersecurity education and guidance, it’s crucial that you become well-versed in the biggest threats to your clients’ businesses. As an IT service provider, understanding how to prepare for the following cyber threats will reinforce the importance of your role to your clients.
Ransomware
Ransomware is a type of malware that blocks access to a victim’s assets and demands money to restore that access. The malicious software may either encrypt the user’s hard drive or the user’s files until a ransom is paid. This payment is typically requested in the form of an encrypted digital currency, such as bitcoin. Like other types of malware, ransomware can spread through email attachments, operating system exploits, infected software, infected external storage devices, and compromised websites, although a growing number of ransomware attacks use remote desktop protocols (RDP). The motive for these types of attacks is usually monetary.
Why is ransomware a threat that continues to spread like wildfire? Simple: it’s easy for cybercriminals to access toolsets. Ransomware-as-a-Service (RaaS) sites make it extremely easy for less skilled or programming-savvy criminals to simply subscribe to the malware, encryption, and ransom collection services necessary to run an attack—and fast. Since many users and organizations are willing to pay to get their data back, even people with little or no technical skill can quickly generate thousands of dollars in extorted income. Also, the cryptocurrency that criminals demand as payment, while volatile in price, has seen huge boosts in value year over year.
Tips to combat ransomware:
Phishing
Phishing is the attempt to obtain sensitive information, such as usernames, passwords, and credit card details (and, indirectly, money ), often for malicious reasons. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter personal information into a fake website, the look and feel of which are almost identical to a trusted, legitimate site.
Phishing is a common example of a social engineering attack. Social engineering is the art of tricking or manipulating a user into giving up sensitive or confidential information. The main purpose of a phishing attack can range from conning the recipient into sharing personal or financial information, to clicking on a link that installs malware and infects the device (for example, ransomware uses phishing as its primary infection route.)
Tips to combat phishing:
Brute Force Attack
A brute force attack is a cyberattack in which the strength of computer and software resources are used to overwhelm security defenses via the speed and/or frequency of the attack. Brute force attacks can also be executed by algorithmically attempting all combinations of login options until a successful one is found.
It’s important to note that brute force attacks are on the rise. Earlier this year, Rene Millman of SC Magazine UK reported, “hacking attempts using brute force or dictionary attacks increased 400 percent in 2017.”
Tips to combat brute force attacks:
Leveraging Common Cyber Attacks to Improve Business
As an IT service provider, it’s important to remember that communication is everything. With clients, I recommend you define what exactly you’re protecting them against in an effort to focus on their top cybersecurity concerns. If you “profile” certain attack vectors using common cyber threat attack types, like ransomware, phishing, and brute force attacks, you’ll be able to clearly communicate to clients exactly what it takes to protect against their biggest risks and which technologies are necessary to remain as secure as possible.
This article was provided by our service partner : webroot.com
Tips to backup & restore your SQL Server
Microsoft SQL Server is often one of the most critical applications in an organization, with too many uses to count. Due to its criticality, your SQL Server and its data should be thoroughly protected. Business operations rely on a core component like Microsoft SQL Server to manage databases and data. The importance of backing up this server and ensuring you have a recovery plan in place is tangible. People want consistent Availability of data. Any loss of critical application Availability can result in decreased productivity, lost sales, lost customer confidence and potentially loss of customers. Does your company have a recovery plan in place to protect its Microsoft SQL Server application Availability? Has this plan been thoroughly tested?
Microsoft SQL Server works on the backend of your critical applications, making it imperative to have a strategy set in place in case something happens to your server. Veeam specifically has tools to back up your SQL Server and restore it when needed. Veeam’s intuitive tool, Veeam Explorer for Microsoft SQL Server, is easy to use and doesn’t require you to be a database expert to quickly restore the database. This blog post aims to discuss using these tools and what Veeam can offer to help ensure your SQL Server databases are well protected and always available to your business.
The Basics
There are some things you should take note of when using Veeam to back up your Microsoft SQL Server. An important aspect and easy way to ensure your backup is consistent is to check that application-aware processing is enabled for the backup job. Application aware processing is Veeam’s proprietary technology based on Microsoft Volume Shadow Copy Service. This technology quiescences the applications running on the virtual machine to create a consistent view of data. This is done so there are no unfinished database transactions when a backup is performed. This technology creates a transactionally consistent backup of a running VM minimizing the potential for data loss.
Enabling Application Aware processing is just the first step, you must also consider how you want to handle the transaction logs. Veeam has different options available to help process the transaction logs. The options available are truncate logs, do not truncate logs, or backup logs periodically.
Figure 1: SQL Server Transaction logs Options
Figure 1 shows the Backup logs periodically option is selected in this scenario. This option supports any database restore operation offered through Veeam Backup & Replication. In this case, Veeam periodically will transfer transaction logs to the backup repository and store them with the SQL server VM backup, truncating logs on the original VM. Make sure you have set the recovery model for the required SQL Server database to full or bulk-logged.
If you decide you do not want to truncate logs, Veeam will preserve the logs. This option puts the control into the database administrator’s hands, allowing them to take care of the database logs. The other alternative is to truncate logs, this selection allows Veeam to perform a database restore to the state of the latest restore point. To read more about backing up transaction logs check out this blog post.
Data recovery
Veeam Explorer for Microsoft SQL Server delivers consistent application Availability through the different restore options it offers to you. These include the ability to restore a database to a specific point in time, restore a database to the same or different server, restore it back to its original location or export to a specified location. Other options include performing restores of multiple databases at once, the ability to perform a table-level recovery or running transaction log replay to perform quick point-in-time restores.
Figure 2: Veeam Explorer for Microsoft SQL Server
Recovery is the most important aspect of data Availability. SQL Transaction log backup allows you to back up your transaction logs on a regular basis meeting recovery point objectives (RPOs). This provides not only database recovery options, but also point-in-time database recovery. Transaction-level recovery saves you from a bad transaction such as a table drop, or a mass delete of records. This functionality allows you to do a restore to a point in time right before the bad transaction had occurred, for minimal data loss.
And it is available for FREE!
Veeam offers a variety of free products and Veeam Explorer for Microsoft SQL Server is one that is included in that bunch. If you are using Veeam Backup Free Edition already, you currently have this Explorer available to you. The free version allows you to view database information, export a database and export a database schema or data. If you’re interested in learning more about what you get with Veeam Backup Free Edition, be sure to download this HitchHikers Guide.
This article was provided by our service partner : veeam.com