Faced with the volume and rapid evolution of cyber threats these days, technology solution providers (TSPs) may find offering cyber security to be a daunting task. But with the right knowledge to inform your security decisions, and the right solutions and mitigation strategies in place, organizations like yours can keep customers ahead of the rushing malware tide.
The Webroot team recently released the latest edition of their annual Threat Report, which gives crucial insight into the latest threat developments based on trends observed over the last year, the challenges they bring, and how to defeat them. Let’s review 2016’s Threat Report highlights.
The New Norm: Polymorphism
In the last few years, the biggest trend in malware and potentially unwanted applications (PUAs) observed by Webroot has been polymorphic executables. Polymorphic spyware, adware, and other attacks are generated by attackers so that each instance is unique in an effort to defeat traditional defense strategies.
Traditional cyber security relies on signatures that detect one instance of malware delivered to a large number of people. It’s virtually useless for detecting a million unique malware instances as they are delivered to the same number of people. Signature-based approaches will never be fast enough to prevent polymorphic breaches.
During 2016, approximately 94% of the malware and PUA executables observed by Webroot were only seen once, demonstrating how prevalent polymorphism is. Oddly enough, however, the percentage of malicious executables related to malware and PUAs has dropped significantly over the past 3 years, a 23% and 81% decline, respectively.
While this decline in the volume of new malware encountered by Webroot customers is a decidedly positive trend, TSPs and their customers should continue to treat malware as a major threat. Approximately one in every 40 new executable file instances observed in 2016 was malware. These types of files are customized and often designed to target individuals, and cannot be stopped by traditional antimalware technologies.
Ransomware Continues to Rise
You’ve probably heard about at least one of the numerous ransomware attacks that have crippled hospitals and other institutions. According to the FBI, cyber criminals were expected to collect over $1 billion in ransoms during 2016.[1] It’s quite likely that actual losses suffered were even higher, given the disruption of productivity and business continuity, as well as a general reluctance to report successful ransomware attacks.
In 2017, Webroot anticipates that ransomware will become an even larger problem. According to the Webroot cyber security Threat Research team, the following are 3 ransomware trends to be aware of:
Locky, the most successful ransomware of 2016
In its first week in February 2016, Locky infected over 400,000 victims, and has been estimated to have earned over $1 million a day since then.[2] Throughout 2016, Locky evolved not only to use a wide variety delivery methods, but also to camouflage itself to avoid detection and to make analysis more difficult for security researchers. Locky shows no signs of slowing down, and is likely to be equally prolific in the coming year.
Exploit Kits
The second important trend involves the frequent changes in the exploit kits ransomware authors use. As an example, most exploit kit ransomware in the first half of 2016 was distributed using Angler or Neutrino. By early June, Angler-based ransomware had virtually disappeared, as cybercriminals began switching to Neutrino. A few months later, Neutrino also disappeared. Toward the end of 2016, the most commonly used exploit kits were variants of Sundown and RIG, most of which support Locky.
Ransomware as a Service (Raas)
Despite having emerged in 2015, ransomware-as-a-service (RaaS) didn’t find its place in the ransomware world until 2016. RaaS enables cybercriminals with neither the resources nor the know-how to create their own ransomware and easily generate custom attacks. The original authors of the RaaS variant being used gets a cut of any paid ransoms. RaaS functions similarly to legitimate software, with frequent updates and utilities to help distributors get the most out of their service. The availability and ease of RaaS likely means even greater growth in ransomware incidents.
Stay Informed
The best defense is knowing your enemy. Download the complete 2017 Webroot Threat Report to get in-depth information on the trends we’ve explored above, as well as other crucial insights into phishing, URL, and mobile threats.
[1] http://money.cnn.com/2016/04/15/technology/ransomware-cyber-security/index.html
[2] http://www.smartdatacollective.com/david-balaban/412688/locky-ransomware-statistics-geos-targeted-amounts-paid-spread-volumes-and-much-
————————————————————————————————————————–
The information above was provided by our service partner : Webroot.
Improve your disaster recovery reliability with Veeam
The only two certainties in life are death and taxes. In IT, you can add disasters to this short list of life’s universal anxieties. Ensuring disaster recovery reliability is critical to ensure your organisations enduring viability in your chosen marketplace.
Regardless of the size of your budget, people power and level of IT acumen, you will experience application downtime at some point. Amazon’s recent east coast outage is testimony to the fact that even the best and brightest occasionally stumble.
The irony is that while many organizations make significant investments in their disaster recovery (DR) capabilities, most have a mixed track record, at best, with meeting their recovery service level agreements (SLAs). As this chart from ESG illustrates, only 65% of business continuity (BC) and DR tests are deemed successful.
In his report, “The Evolving Business Continuity and Disaster Recovery Landscape,” Jason Buffington broke down respondents to his DR survey into two camps: “green check markers” and “red x’ers.”
Citing his research, Jason recently shared with me: “Green Checkers assuredly don’t test as thoroughly, thus resulting in a higher passing rate during tests, but failures when they need it most — whereas Red X’ers are likely get a lower passing rate (because they are intentionally looking for what can be improved), thereby assuring a more likely successful recovery when it really matters. One of the reasons for lighter testing is seeking the easy route — the other is the cumbersomeness of testing. If it wasn’t cumbersome, most of us would likely test more.”
DR testing can indeed be cumbersome. In addition to being time consuming, it can also be costly and fraught with risk. The risk of inadvertently taking down a production system during a DR drill is incentive enough to keep testing to a minimum.
But what if there was a cost-effective way to do DR testing that mitigates risk and dramatically reduces the preparation work and the time required to test the recoverability of critical application services?
By taking the risk, cost and hassle out of testing application recoverability, Veeam’s On-Demand Sandbox for Storage Snapshots feature is a great way for organizations to leverage their existing investments in NetApp, Nimble Storage, Dell EMC and Hewlett Packard Enterprise (HPE) Storage to attain the following three business benefits:
Back when I was in school, 65% was considered a passing grade. In the business world, a 65% DR success grade is literally flirting with disaster. DR proficiency may require lots of practice but it also requires Availability software, like Veeam’s, that works hand-in-glove with your storage infrastructure to make application recoveries simpler, more predictable and less risky.
This article was provided by our service partner Veeam.
Veeam : Ransomware resiliency – The endpoint is a great place to start
Fighting ransomware has become a part of doing business today. Technology professionals around the world are advocating many ways to stay resilient. The most effective method is to have end-user training on how to handle and operate attachments and connectivity to the Internet. One other area to look is frequent endpoint devices: Laptops and PCs.
Veeam has taken ransomware resiliency seriously for a while. We’ve put out a number of posts such as early tips for some of the first attacks and some practical tips when using Veeam Backup & Replication. Now with Veeam Agent for Linux and Veeam Endpoint Backup FREE available as well as Veeam Agent for Microsoft Windows (coming VERY soon) as options for laptops and PCs, it’s time to take ransomware resiliency seriously on these devices.
Before I go too far, it’s important to note that ransomware can exist on both Windows and Linux systems. Additionally, ransomware is not just a PC problem (see recent survey blogpost), as at Veeam we see it nearly every day in technical support for virtual machines. We’ll see more content coming for the virtual machine side of the approach for most resiliency, in this post I’ll focus on PCs and Laptops.
Veeam Agent for Linux is the newest product in which Veeam has offered image-based Availability for non-virtualized systems. Veeam Agent for Linux is a great way to do backups of many different Linux systems with a very intuitive user interface:
For ransomware resiliency for Veeam Agent for Linux, putting backups on a different file system will be very easy to do with the seamless integration with Veeam Availability Suite. In this way, backups of Veeam Agent for Linux systems can be placed in Veeam Backup & Replication repositories. They also can be used in the Backup Copy Job function. This way, the Linux backups can be placed on different file systems to avoid propagation of ransomware across the source Linux system and the backups. The Backup Copy Job of Veeam Agent for Linux is shown below writing Linux backups to a Windows Server 2016 ReFS backup repository:
Now, let’s talk about Microsoft operating systems and resiliency against ransomware when it comes to backups. Veeam Endpoint Backup FREE will soon be renamed to Veeam Agent for Microsoft Windows. Let’s explain this changing situation here briefly. Veeam Endpoint Backup FREE was announced at VeeamON in 2014 and since it has been available, it has been downloaded over 1,000,000 times. From the start, it has always provided backup Availability for desktop and server-class Windows operating systems. However, it didn’t have the application-aware image processing support and technical support service. Veeam Agent for Microsoft Windows will introduce these key capabilities as well as many more.
For Veeam Agent for Microsoft Windows, you also can put backups on several different storage options. Everything from NAS systems to removable storage, a Linux path, tape media, a deduplication appliance when integrated with Veeam Availability Suite and more. The removable storage is of interest as it may be the only realistic option for many PC or laptop systems. A while ago, Veeam implemented a feature to eject removable media at the completion of a backup job. This option is available in the scheduling option and when the backup target is a removable media and is shown below:
This simple option can indeed make a big difference. We even had a user share a situation where ransomware encrypted one’s backups. This underscores a need for completely offline backups or otherwise some form of an “air gap” between backup data and production systems. Thus, behave as if when you have ransomware in your organization the only real solution is to restore from backup after it is contained. There is a whole practice of inbound detection and prevention but if it gets in, backup is your only option. Having media eject offline is another mechanism that even with isolated PCs and laptops can have more Availability by having the backup storage offline.
Availability in the ransomware era is a never-ending practice of diligence and configuration review. Additionally, the arsenal of threats will always become more sophisticated to meet our new defenses.
This post was provided by our service partner : Veeam
Cyber Security: Cyber-Threat Trends to Watch for in 2017
Faced with the volume and rapid evolution of cyber threats these days, technology solution providers (TSPs) may find offering cyber security to be a daunting task. But with the right knowledge to inform your security decisions, and the right solutions and mitigation strategies in place, organizations like yours can keep customers ahead of the rushing malware tide.
The Webroot team recently released the latest edition of their annual Threat Report, which gives crucial insight into the latest threat developments based on trends observed over the last year, the challenges they bring, and how to defeat them. Let’s review 2016’s Threat Report highlights.
The New Norm: Polymorphism
In the last few years, the biggest trend in malware and potentially unwanted applications (PUAs) observed by Webroot has been polymorphic executables. Polymorphic spyware, adware, and other attacks are generated by attackers so that each instance is unique in an effort to defeat traditional defense strategies.
Traditional cyber security relies on signatures that detect one instance of malware delivered to a large number of people. It’s virtually useless for detecting a million unique malware instances as they are delivered to the same number of people. Signature-based approaches will never be fast enough to prevent polymorphic breaches.
During 2016, approximately 94% of the malware and PUA executables observed by Webroot were only seen once, demonstrating how prevalent polymorphism is. Oddly enough, however, the percentage of malicious executables related to malware and PUAs has dropped significantly over the past 3 years, a 23% and 81% decline, respectively.
While this decline in the volume of new malware encountered by Webroot customers is a decidedly positive trend, TSPs and their customers should continue to treat malware as a major threat. Approximately one in every 40 new executable file instances observed in 2016 was malware. These types of files are customized and often designed to target individuals, and cannot be stopped by traditional antimalware technologies.
Ransomware Continues to Rise
You’ve probably heard about at least one of the numerous ransomware attacks that have crippled hospitals and other institutions. According to the FBI, cyber criminals were expected to collect over $1 billion in ransoms during 2016.[1] It’s quite likely that actual losses suffered were even higher, given the disruption of productivity and business continuity, as well as a general reluctance to report successful ransomware attacks.
In 2017, Webroot anticipates that ransomware will become an even larger problem. According to the Webroot cyber security Threat Research team, the following are 3 ransomware trends to be aware of:
Locky, the most successful ransomware of 2016
In its first week in February 2016, Locky infected over 400,000 victims, and has been estimated to have earned over $1 million a day since then.[2] Throughout 2016, Locky evolved not only to use a wide variety delivery methods, but also to camouflage itself to avoid detection and to make analysis more difficult for security researchers. Locky shows no signs of slowing down, and is likely to be equally prolific in the coming year.
Exploit Kits
The second important trend involves the frequent changes in the exploit kits ransomware authors use. As an example, most exploit kit ransomware in the first half of 2016 was distributed using Angler or Neutrino. By early June, Angler-based ransomware had virtually disappeared, as cybercriminals began switching to Neutrino. A few months later, Neutrino also disappeared. Toward the end of 2016, the most commonly used exploit kits were variants of Sundown and RIG, most of which support Locky.
Ransomware as a Service (Raas)
Despite having emerged in 2015, ransomware-as-a-service (RaaS) didn’t find its place in the ransomware world until 2016. RaaS enables cybercriminals with neither the resources nor the know-how to create their own ransomware and easily generate custom attacks. The original authors of the RaaS variant being used gets a cut of any paid ransoms. RaaS functions similarly to legitimate software, with frequent updates and utilities to help distributors get the most out of their service. The availability and ease of RaaS likely means even greater growth in ransomware incidents.
Stay Informed
The best defense is knowing your enemy. Download the complete 2017 Webroot Threat Report to get in-depth information on the trends we’ve explored above, as well as other crucial insights into phishing, URL, and mobile threats.
[1] http://money.cnn.com/2016/04/15/technology/ransomware-cyber-security/index.html
[2] http://www.smartdatacollective.com/david-balaban/412688/locky-ransomware-statistics-geos-targeted-amounts-paid-spread-volumes-and-much-
————————————————————————————————————————–
The information above was provided by our service partner : Webroot.
Considerations when Picking a Managed VoIP PBX
Not all things are created equal, and when considering a new phone system for your business, not all Cloud Based Managed VoIP Providers are the same. Before you sign a contract, there can be huge differences among Hosted VoIP Providers.
Features – What features are most important to your business? Does your business need auto attendant, voicemail sent to an email, mobile twinning (sending calls to both a cell phone and desk phone at the same time)? Does the receptionist want to see who is on the phone? How about the ability of having “hot desking”, the ability of logging into anyone’s phone and have it appear as your own. This feature works great for medical practices who have rotating staff working the front desk. Don’t forget to ask office workers what features they could use.
Equipment – What about the brand of phones that are used? Is the equipment proprietary or can it be used with other Managed VoIP services providers? Should you purchase the equipment or rent each handset and what are the advantages? Make sure you are getting quality VoIP phones from a quality manufacture or have them outsourced to australian voip phones who will take care of your communication needs at your business and help you improve the way your team connects with each other, the last thing you want to happen is finding out the phones you bought are not good quality. Does each user on the system need a fancy phone with lots of features, most employees only use two or three features. Do you really need a cool looking conference room phone or will a basic handset do the trick? Many newer phones have excellent speaker phones, so a basic handset may work fine. A good provider should be able to offer multiple phone options as your business grows and expands as mobile command centers explained by Connected Solutions Group.
Pricing – Many providers offer confusing or different pricing options. Some offer unlimited options that may be simple to understand but you pay for features not needed. Another consideration is whether to rent or buy phones. With some customers it makes sense to buy, but what happens when the phone breaks, who is responsible? The cost of renting phones has dropped dramatically, however pricing and features vary greatly. Make sure you understand how the companies long distance calling is priced; contrary to what many believe, Hosted VoIP is not free phone service. You can also get VoIP services and learn more about the healthcare solutions and its benefits in this field.
Call Quality – This is where customers get burned and have poor VoIP call quality and get disappointed. It is important to know the difference between BYOY (Bring you own Bandwidth) compared to “managed VoIP” using a private MPLS data network. Some carriers provide an extra layer of call quality by using a managed router. Make sure you know the difference between managed and unmanaged services, there can be a big difference in call quality.
Vendor Experience – This is one of the most important considerations when considering a Managed VoIP phone system. VoIP (Voice Over Internet Protocol) has been around for many years and many service providers are now selling Hosted VoIP via the internet, out of car trunks, basements and garages. It would be disastrous for a business if the phone company went out of business and had control of your phone numbers? Make sure you find out how long the Hosted PBX provider has been in business, how many customers they support and the types of customers.
Disaster Recovery – It is very important to make sure you understand the providers network and how many POP’s (point-of-presence) they own and manage. Does the hosted PBX provider have built in intelligence that can determine when a business’s on-site phones stop working and can they re-rout calls to different numbers? How many network operation centers does the provider have, east and west coast only?
Summary – Managed VoIP PBX offers advanced features previously only available to much larger business all for a great value. Hosted or Cloud PBX phone service compared to traditional solutions offers no-hassle phone service without ongoing maintenance, service contracts, costly hardware and onsite trip charges. While a hosted PBX offers customers ease of management; an onsite or Premise PBX is can still be a more cost efficient solution.
Report Uncovers Cloud Security Concerns and Lack of Security Expertise Slows Cloud Adoption
Crowd Research Partners yesterday (28th March 2017) released the results of its 2017 Cloud Security Report revealing that security concerns, lack of qualified security staff and outdated security tools remain the top issues keeping cyber security professionals up at night, while data breaches are at an all-time high.
Based on a comprehensive online survey of over 1,900 cyber security professionals in the 350,000-member Information Security Community on LinkedIn, the report has been produced in conjunction with leading cloud security vendors AlienVault, Bitglass, CloudPassage, Cloudvisory, Dome9 Security, Eastwind Networks, Evident.io, (ISC)2, Quest, Skyhigh, and Tenable.
“While workloads continue to move rapidly into the cloud, security concerns remain very high,” said Holger Schulze, founder of the 350,000-member Information Security Community on LinkedIn. “With a third of organizations predicting cloud security budgets to increase, today’s cloud environments require more than ever security-trained, certified professionals and innovative security tools to address the concerns of unauthorized access, data and privacy loss, and compliance in the cloud.”
Key takeaways from the report include:
Download the complete 2017 Cloud Security Report here.
The Importance of Linux Patch Management
In recent news there have been a number of serious vulnerabilities found in various Linux systems. Whilst OS vulnerabilities are a common occurrence, it’s the nature of these that have garnered so much interest. Linux patch management should be considered a priority in ensuring the security of your systems.
The open-source Linux operating system is used by most of the servers on the internet as well as in smartphones, with an ever-growing desktop user base as well.
Open-source software is typically considered to increase the security of an operating system, since anyone can read, re-use and suggest modifications to the source code – part of the idea being that many people involved would increase the chances of someone finding and hopefully fixing any bugs.
With that in mind let’s turn our sights on the bug known as Dirty Cow (CVE-2016-5195) found in October – named as such since it exploits a mechanism called “copy-on-write” and falls within the class of vulnerabilities known as privilege escalation. This would allow an attacker to effectively take control of the system.
What makes this particular vulnerability so concerning however isn’t the fact that it’s a privilege escalation bug, but rather that it was introduced into the kernel around nine years ago. Exploits already taking advantage of Dirty Cow were also found after the discovery of the bug by Phil Oester. This means that a reliable means of exploitation is readily available, and due to its age, it will be applicable to millions of systems.
Whilst Red Hat, Debian and Ubuntu have already released patches, millions of other devices are still vulnerable – worse still is the fact that between embedded versions of the operating and older Android devices, there are difficulties in applying the updates, or they may not receive any at all, leaving them vulnerable.
Next, let’s have a look at a more recent vulnerability which was found in Cryptsetup (CVE-2016-4484), which is used to set up encrypted partitions on Linux using LUKS (Linux Unified Key Setup). It allows an attacker to obtain a root initramfs shell on affected systems. At this point, depending on the system in question, it could be used for a number of exploitation strategies according to the researchers whom discovered the bug, namely:
— It can be used to store an executable file with the bit “SetUID” enabled. Which can later be used to escalate privileges by a local user.
— If the boot is not secured, then it would be possible to replace the kernel and the initrd image.
Whilst many believe the severity and/or likely impact of this vulnerability has been exaggerated considering you need physical or remote console access (which many cloud platforms provide these days), what makes it so interesting is just how it is exploited.
All you need to do is repeatedly hit the Enter key at the LUKS password prompt until a shell appears (approximately 70 seconds later) – the vulnerability is as a result of incorrect handling of password retries once the user exceeds the maximum number (by default 3).
The researchers also made several notes regarding physical access and explained why this and similar vulnerabilities remain of concern. It’s generally accepted that once an attacker has physical access to a computer, it’s pwned. However, they highlighted that with the use of technology today, there are many levels of what can be referred to as physical access, namely:
Their point is that the risks are not limited to traditional computer systems, and that the growing trends around IoT devices will increase the potential reach of similar attacks – look no further than our last article on DDoS attacks since IoT devices like printers, IP cameras and routers have been used for some of the largest DDoS attacks ever recorded.
This brings us back around to the fact that now, more than ever, it’s of critical importance that you keep an eye on your systems and ensure any vulnerabilities are patched accordingly, and more importantly – in a timely manner. Linux patch management should be a core consideration for all IT systems, whether they are servers or workstations, and of course regardless of the operating systems used.
This article was provided by our service partner ESET
Advantages of Managed Storage for Business
Cloud service and managed storage providers offer valuable IT solutions for businesses of all sizes. Originally thought of as more for personal and less for business, cloud and managed storage for business is following in the footsteps of many personal tech. adapted for business (you can check this lead conversion squared review to get started on that). Many businesses can benefit from comprehensive cloud services – hosted applications, Infrastructure as a Service and more – and the transition often begins with data storage needs.
COST SAVINGS
The first benefit, and perhaps most important in the minds of many business owners, is the cost advantage. Cloud storage is generally more affordable because providers distribute the costs of their infrastructure and services across many businesses.
Moving your business to the could eliminates the cost of hardware and maintenance. Removing these capital expenditures and the associated service salaries from your technology expenses can translate into significant cost savings and increased productivity.
SIMPLIFIED CONVENIENCE
All you will need within your office is a computer and an internet connection. Much of your server hardware will no longer be necessary, not only saving you physical space but eliminating the need for maintenance and employee attention. Your managed storage provider will maintain, manage and support your business. This frees up employees who would otherwise cover the tasks necessary for keeping your data safe and your server(s) up and running.
ENHANCED SECURITY
Instead of having hardware within your office, cloud storage is housed in a data center, providing enterprise level security, which is cost prohibitive for most individual businesses. There is also no single point of failure in the cloud because your data is backed up to multiple servers. This means that if one server crashes, your data stays safe because it is stored in other locations. The potential risk of hardware malfunction minimizes because your data is safely stored in redundant locations.
MOBILITY OPPORTUNITIES
The mobility benefits provided by the cloud are rapidly increasing for businesses of all sizes. In today’s world of connectivity, we are able to work (and play) whenever and wherever. Platforms like WhatsApp, that is verified by the WhatsApp Green Tick Mark and other platforms have made communication easy. While you’re waiting for a flight at the airport or at home with a sick child, you can still work – and work efficiently. Before cloud storage came along, working outside the office was problematic and more time consuming than it needed to be. Remember having to save your files on your laptop and then returning to work and needing to transfer your updated files to ensure others have access to the latest version?
This example highlights another one of the advantages of cloud storage and VOIP phones Springfield experts told us about – enabling mobility. If you work from multiple devices – i.e. phone, tablet and desktop computer – you won’t have to worry about manually adding the latest file onto each device. Instead, the newest version of your document is stored in the cloud and will be easily accessible from any of your devices.
SCALABLE SERVICE
With cloud storage, you pay for what you use, as you use it. You do not need to anticipate how much storage space you will need for the year and risk paying for unused space or running short. You can adjust the resources available through cloud storage providers and pay based on your current needs, modifying as they change.
Five considerations when searching for an off-site backup solution
For a number of years now, Veeam has been talking about the 3-2-1 rule of backups, whereby you keep three copies of your backup data on two different media types with at least one of those backups held off-site. Traditionally, most organizations have been able to put this into play by taking advantage of on-premises storage and media hardware along with multiple data center locations to cater for the off-site backup solution. This is where off-site data backup services can come into play to satisfy the off-site backup services requirement.
Off-site backup solutions offer numerous benefits to organizations, including increased efficiency and reliability based upon features and capabilities that not many companies may afford. There’s also no need to worry about infrastructure maintenance as that burden lies with the service provider, and the scalability of service providers can be leveraged without an upfront CAPEX spend. Another advantage of off-site backup solutions is accessibility, as the data is accessible from any internet-connected location and device.
Since Veeam Backup & Replication v8, Veeam has offered Cloud Connect as a means for the Veeam Cloud & Service Provider (VCSP) partners to provide off-site data backup services. With Veeam Cloud Connect, they can give their customers the ability to leverage cloud repositories to store virtual machines in service provider facilities. By leveraging Veeam Cloud Connect Backup, a number of VCSPs around the world have built off-site backup solutions. The Veeam Cloud & Service Provider directory lists out VCSP partners in your region of choice… but how do you choose between them?
Below are five considerations when searching for an offsite backup solution:
1. Data locality and Availability
Data sovereignty is a still a major concern for organizations looking to back up off site to the cloud. With the VCSP network being global, there is no shortage of locations to choose from to have as an off-site repository. Drilling down even further, some providers offer multiple locations within region, which can increase the resiliency and Availability of off-site backups and let you choose multiple repositories to further extend the 3-2-1 rule. It’s also a good idea to do some research into the service providers uptime and major event history, as this can tell you either way if a provider offering the off-site backup service has had any history of Availability issues.
2. Recoverability and restore times
It’s hard to defeat the laws of physics, and in searching for an off-site backup solution you should think about how long the data you have in a cloud repository will take to restore. This goes beyond the basics of working out recovery time objectives (RTOs) in that taking backups off site means that you are at the mercy of the internet connection between you and the restore location and in the restore capabilities of the service provider. When looking for a suitable off-site backup solution, take into consideration the roundtrip time between yourself and the service provider network and also the throughput between the two sites making sure you test both, upload and download speeds to and from each end.
Note that Veeam-powered off-site backup services can improve recovery times compared to those that rely on tape-based backup due to Cloud Connect repositories at the service provider end being housed on physical disk.
3. Service provider certifications and SLAs
As with data locality, more and more organizations are looking for offsite backup solutions that meet or match their own certification requirements. This extends beyond more common data center standards such as ISO 9001 and 27001, but also now looks at more advanced regulatory compliance to do with data retention and goes as far as service providers abiding by strict security standards. If your organization is in a specific vertical, such as Healthcare’s HIPAA standard, then you may look for an off-site backup solution that is compatible with that.
It’s also worth noting that service providers will offer differing service level agreements (SLAs) and this should be taken on board when searching for an off-site backup service. SLAs dictate the level of responsibility a service provider has when it comes to keeping to their promises in terms of services offered. In the case of off-site backup, it’s important to understand what is in place when it comes to integrity and security of data and what is done to guarantee access to your data when required.
4. Hypervisor support
Multi-hypervisor support does come into play when looking forward towards extending off-site backup and looking at recoverability in the cloud. For example, Veeam Cloud Connect works with both VMware and Microsoft hypervisors, and VCSPs have the ability to offer one or both of these platforms from a replication point of view. However, with Cloud Connect Backup, the off-site backup repository is hypervisor agnostic; cloud repository is acting as a simple remote storage option for organizations to back up to. With Veeam Backup & Replication 9.5, you can now replicate from Cloud Connect Backups and choose a provider that has one or the other, or both hypervisors as platform options.
5. Cost
Cost might seem obvious, but given the variety or services offered through the service providers it’s important to understand the difference in pricing models. Some service providers are pure infrastructure providers (IaaS) offering Backup as a Service (BaaS), which means you are generally paying for a VM license, storage and there might be additional charges for data transfer (however, this is fairly rare in the IaaS space). These service providers don’t cover any management of the backups — generally this is handled by managed service providers that wrap service charges on top of the infrastructure charges offering end-to-end off-site backup solutions.
The five tips above should help you in searching for an off-site backup service. You need to remember that each service provider offers something slightly different, which means your organization has choice in terms of matching an off-site data backup service that suits your specific requirements and needs. My recommendations will also help you navigate through Veeam Cloud & Service Provider partners that leverage Veeam Cloud Connect for their off-site backup offerings.
This article was provided by our service partner. Veeam
Network Security : OpenDNS
Why Firewalls and Antivirus are not enough in our fight for the best network security ?
Understanding Malicious Attacks to Stay One Step Ahead
Network (firewall) and endpoint (antivirus) defenses react to malicious communications and code after attacks have been launched. OpenDNS observes Internet infrastructure before attacks are launched and prevent those malicious internet connections happening in the first first. Learning all the steps of an attack is key to understanding how OpenDNS can bolster your existing defenses.
Each step of the attackers operation provides an opportunity for network security providers to find the attack and defend the intrusion.
High level summary of how attacks are laid out.
—> RECON: Many reconnaissance activities are used to learn about the attack target
—> STAGE: Multiple kits or custom code is used to build payloads. And multiple networks and systems are staged to host initial payloads, malware drop hosts, and botnet controllers
—> LAUNCH: Various Web and email techniques are used to launch the attack
—> EXPLOIT: Both zero-day and known vulnerabilities are exploited or users are tricked
—> INSTALL: Usually the initial payload connects to another host to install specific malware
—> CALLBACK : Nearly every time the compromised system callbacks to a botnet server
—> PERSIST : Finally, a variety of techniques are used to repeat through steps 4 to 7
We do not have to understand each tool and technique that attackers develop. The takeaway from this is to simply understand how multiple and often repeated, steps are necessary for attackers to achieve their objectives undermining your existing network security tools.
Compromises happen in seconds. Breaches start minutes later and can continue undetected for months. Operating in a state of continuous compromise may be normal for many. but no one should accept a state of persistent breach.
Existing defenses cannot block all attacks.
Firewalls and AntiVirus stop many attacks during several steps of the ‘kill chain’, but the volume and velocity of new attack tools and techniques enable some to go undetected for minutes or even months.
Firewalls know whether the IP of a network connection matches a blacklist or reputation feed. Yet, providers must wait until an attack is launched before collecting and analyzing a copy of the traffic. Then, the provider will gain intelligence of the infrastructure used.
Antivirus solutions know whether the hash of the payload match a signature database or heuristic. Yet providers must wait until a system is exploited before collecting and and analyzing a sample of the code before gaining intelligence about the payload used.
The OpenDNS Solution
Stop 50 to 98 percent more attacks than firewalls and antivirus alone by pointing your DNS traffic to OpenDNS.
OpenDNS does not wait until after attacks launch, malware install, or infected systems callback to learn how to defend against attack. By analyzing a cross-section of the world’s Internet activity, OpenDNS continuously observe new relationships forming between domain names, IP addresses, and autonomous system numbers (ASNs). This visibility enables us to discover, and often predict, where attacks are staged and will emerge before they even launch.
Why keep firewalls and antivirus at all?
Once we prove our effectiveness, we are often asked: “can we get rid of our firewall or antivirus solutions?” While these existing defenses cannot stop every attack, they are still useful—if not critical—in defending against multi-step attacks. A big reason is threats never expire—every piece of malware ever created is still circulating online or offline. Signature-based solutions are still effective at preventing most known threats from infecting your systems no matter by which vector it arrives: email, website or thumbdrive. And firewalls are effective at defending both within and at the perimeter of your network. They can detect recon activities such as IP or port scans, deny lateral movements by segmenting the network, and enforce access control lists.
“One of AV’s biggest downfalls is the fact that it is reactive in nature; accuracy is heavily dependent on whether the vendor has already seen the threat in the past. Heuristics or behavioral analysis can sometimes identify new malware, but this is still not adequate because even the very best engines are still not able to catch all zero-day malware.”
Your Solution:
Re-balance investment of existing versus new defenses:
Here are a couple examples of how many customers free up budget for new defenses.
• Site-based Microsoft licenses entitle customers to signature-based protection at no extra cost. Microsoft may not be the #1 ranked product, but it offers good protection against known threats. OpenDNS defends against both known and emergent threats.
• NSS Labs reports that SSL decryption degrades network performance by 80%, on average. OpenDNS blocks malicious HTTPS-based connections by defending against attacks over any port or protocol. By avoiding decryption, appliance lifespans can be greatly extended.
“OpenDNS provides a cloud-delivered network security service that blocks advanced attacks, as well as malware, botnets and phishing threats regardless of port, protocol or application. Their predictive intelligence uses machine learning to automate protection against emergent threats before your organization is attacked. OpenDNS protects all your devices globally without hardware to install or software to maintain.”
Managed Security Services
“The Internet of Things is the biggest game changer for the future of security,” emphasizes David Bennett, vice president of Worldwide Consumer and SMB Sales at Webroot. “We have to figure out how to deal with smart TVs, printers, thermostats and household appliances, all with Internet connectivity, which all represent potential security exposures.”
Simply put, the days of waiting for an attack to happen, mitigating its impact and then cleaning up the mess afterward are gone. Nor is it practical to just lock the virtual door with a firewall and hope nothing gets in–the stakes are too high. The goal instead must be to predict potential exposure, and that requires comprehensive efforts to gather threat intelligence. According to Bennett, such efforts should be:
“Security professionals of the future must act like intelligence officers or analysts,” Bennett notes. “They have to consume information that’s already been parsed for them, and make decisions based on that intelligence. Success will depend on how they are fed the data. How is it presented? Is it relevant? Have the irrelevant data points already been removed? Only then will they be able to make decisions in time to prevent breaches.”
What This Means for MSPs
MSP services are particularly valuable to SMBs that lack the internal resources needed to effectively manage complex systems, or for any customers seeking to defer capital expenses in favor of leveraging their operational budgets. As such, cybersecurity is a perfect discipline to utilize the managed services model. “The biggest untapped opportunity for our partners today is providing security as a managed service,” observes Bennett. “Users are overwhelmed and just not capable of keeping on top of the rapid changes in the nature of threats.”
MSPs that offer managed security services address one of the major problems users face today: the lack of access to talented security professionals. Especially for SMB customers, finding and competing for talent with larger firms can be daunting. “Hiring and retaining the right personnel should not be a vulnerability in and of itself,” says Bennett. “Users who leverage managed security services remain protected through transitions in their IT staff and lower the risk of losing institutional knowledge critical to their security procedures. In addition, managed security services represents one of the largest and most profitable growth opportunities today for solution providers.”
MSPs that include Webroot SecureAnywhere Business Endpoint Protection solutions as part of their service offerings to clients are ideally positioned to take full advantage of these growth opportunities. In effect, Webroot technology gives MSPs their own dedicated security firm to monitor their customers’ environments. As Bennett explains, “We don’t just collect data—we scrub it, make correlations globally, and pass on exactly what our customers need to reduce exposures. It’s a big data approach to security, and it’s the only effective means to combat the ever-changing threats companies face.”