Bitdefender’s GravityZone solutions are chock-full of benefits that make them easy, slick, and profitable for security partners to use. Read more.

GravityZone killer benefits, (1): Overarching ease of use

The first thing to note is that GravityZone’s whole management workflow, across all customers and products, is driven from a single console with a single login.

Everything – policies, licensing, reporting - is controlled from one space, not two or three different dashboards, as is the case with some vendors.

An exceptionally fluent interface all but dispenses with annoyances like multiple popups that can confuse users and provoke error, whilst a neat hierarchical tree structure enables users to see all their customers in one view (grouped by site or office where necessary), and to simply click to drill down into the detail of their licensing, usage, reporting, etc.

No more firing up multiple tabs and screens, and managing multiple logins!

Overarching ease of use
One view onto everything, and everything under control! (Click to enlarge)

Extensive and instant reporting

But Bitdefender has dragged the process of actually generating and delivering the reports into the 21st century, too.

Not only can security partners (MSPs and resellers alike) pull down accurate usage and other reports on demand, independently of the wholly automatic invoicing process, but the sheer array of possible reports and delivery mechanisms is impressive.

From Amazon AWS usage, to device control, to licence status, to Top 10 malware statistics, and much more, the reports can be fired up ad hoc or scheduled automatically, run on the dashboard, sent as alerts or emails, and basically tailored to whatever form the partner finds easiest and most useful to deal with.

Extensive and instant reporting
I’ll have that anti-malware activity report right now, please! (Click to enlarge)

AWS integration

Looking cloudward, GravityZone’s integration with AWS also delivers enviable simplicity; the MSP can spin up an AWS virtual server and that server will immediately be protected by GravityZone.

It’s a strong reminder of the fact that GravityZone is built from the ground up for virtual environments, in contrast to many other vendors’ solutions, which feature virtual refinements built around an essentially physical-heritage core (as we explore in this recent white paper).

GravityZone killer benefits, (2): Customer-friendly flexibility

For customers that don’t want to be out of the security loop entirely, end-users can have their own logins, giving them role-based access to services and features within the GravityZone security products their business uses.

This is particularly useful for customers who have invested in some degree of security expertise in-house and want to realise the value locked up in that investment.

But of course it can also reduce the management workload for the partner, putting a keener edge on their margins!

Customer-friendly flexibility
Differentiated access for different user roles and needs (Click to enlarge)

GravityZone killer benefits, (3): Integrations - and automations - that matter

Every security partner wants to sell market-leading solutions, but not if managing them on a day-to-day basis will send their operational expenditure through the roof.

GravityZone has addressed this concern head-on, by developing an integration to ConnectWise Manage (the PSA solution used by some 70% of the top technology solutions and service providers).

The integration with ConnectWise Manage supports the delivery of automated, end-to-end helpdesk, contract management, time tracking, account management, sales and marketing enablement and potentially much more, reducing the MSP’s workload, whilst delivering improved customer satisfaction levels.

Automatic policy assignation also slices a significant chunk out of the MSP workflow, as it enables them to effortlessly trigger and roll out security policies based on existing variables like IP address, network type, server address type, and so on.

Integrations
Integration with ConnectWise Manage, plus automatic policy assignation, make GravityZone a natural choice for workflow-savvy security partners (Click to enlarge)

GravityZone killer benefits, (4): Anti-malware with common sense

An office full of software developers needs more freedom to build, run, and test code and applications than a team of salespeople.

So, GravityZone enables the techies’ anti-malware parameters to be set less sensitively, whilst the business development crew can benefit from somewhat more stringent protection!

Naturally, though, this kind of adjustment just won’t work if it is complex or risky to use, and on both fronts GravityZone scores highly.

Sensitivity is controlled by simple tick-boxes, but users are also protected by GravityZone’s N-Tier structure, which means certain security settings and policies are automatically “inherited” based on past and present operation. Plus, security is also enforced by the distributor (us!).

Basically, it’s possible to fine-tune security, but it’s never possible to leave users unprotected.

GravityZone’s granular take on anti-malware
GravityZone’s granular take on anti-malware is simple to set up but its settings can never leave users unprotected (Click to enlarge)

GravityZone killer benefits, (5): Playing ransomware at its own game!

Ransomware’s ability to terrorise businesses has an Achilles’ heel.

It prevents a machine it has already infected playing host to any other infection that could interfere with its planned endgame – and this same defence, used on uninfected machines, effectively blocks the ransomware itself!

Enter the GravityZone Anti-Ransomware Vaccine, which uses exactly this technique to enable partners to “immunise” users against ransomware attacks, simply by enabling it as a policy within existing anti-malware protection.

GravityZone Anti-Ransomware Vaccine
Simply enable Anti-Ransomware as part of GravityZone’s anti-malware protection, and users are “immunised”!

GravityZone: where to learn more

As ever, there isn’t the space here to explore the benefits of GravityZone’s innovative features in ultimate detail.

But there’s some more detail on recent feature updates in this post, and more on the various GravityZone products, and their benefits for both MSPs and resellers, on the Web here.

Hope we’ve helped to put you “in the know”!

DataFortress Instant Data“Instant Data”, full system backup with one click, local storage options – read how DataFortress’s new features give you a competitive edge!

We pride ourselves on backing the newer, more agile players in the industry, and when we launched our DataFortress MSP solution (you might have seen the data sheet and the infographic) we knew we’d come upon a cloud solution that would give service providers some enviable differentiators in the backup and security space.

But DataFortress is now an even more tempting proposition for service providers, thanks to a raft of new features that really mark it out from the competition.

Here’s a quick overview of its latest and greatest differentiators.

Killer new DataFortress features (1): Instant Data

Recovery Time Objective (RTO) is a critical measure of backup resilience, but whilst customers are waiting for the backup and recovery data to build, they can’t access it. Inevitably, then, RTO starts from an already delayed position.

But DataFortress’s new Instant Data enables the customer to spin up a virtual SQL backup server that can both stream the backup and recovery data, and enable the customer to access and use it, as it builds – without having to wait for it to download.

Result: recovery starts more quickly, delivering much-improved RTO.

InstantData
Instant Data – customers get to their critical backup data without having to wait for it all to download.

Killer new DataFortress features (2): Full System Backup

Imagine that customers could simply click a button and all their data (files, folders, and images) could be backed up from all target machines (endpoints, servers, and everything in between). That’s DataFortress’s new Full System Backup feature.

The data is saved to a file that can then be run on a virtual machine, so that the business can always rapidly recover the very latest version of its backup data – with no reliance on hardware that might itself have fallen victim to whatever caused the need for recovery in the first place!

sliding button
This sliding button (top left) backs up everything, immediately. End of.

Killer new DataFortress features (3): Local Backup

The cloud might invite misty-eyed wonder, but the reality is it’s not bullet-proof. ISPs can experience interruption and bandwidth can be flakey. A hybrid approach would seem to be the path of least risk for many backup users -  and this is exactly what DataFortress’s Local Backup now offers.

As the name implies, it enables backup onto local storage media, so that there is always an accessible in-house fallback for customers when internet access has temporarily disappeared into the ether.

For companies who have an established physical backup routine, of course, (for example, storing tapes in secure offsite locations), Local Backup can also slot neatly into existing arrangements.

Local backup
Local backup adds “belt and braces” contingency to cloud services

Killer new DataFortress features (4): Legacy account conversion

Industry analyst Forrester has reported that 60% of businesses have said improving disaster recovery capabilities is a high or critical priority.

For many established companies, particularly those with strict compliance requirements, this means there is likely to be a whole mass of legacy backup accounts that need to be brought into the fold when a new solution is deployed.

Here, too, DataFortress has seized the initiative, making it possible for legacy data to be converted into modern formats and standards, and (to support this process) enabling old SE (Server Edition) accounts to be upgraded to new and improved ESE (Enterprise Server Edition) accounts and agents.

No longer is the past something that prevents backup and recovery service providers from making a sale in the present!

Legacy account conversion
Yesterday’s backup accounts brought bang up to date..

DataFortress: more killer features to come?

It seems certain that developments like GDPR are set to drive a new focus on data, how it’s managed, and how its value is protected, and DataFortress’s solutions certainly serve these objectives.

And, as we’ve mentioned in a previous post, this GDPR-fuelled market is potentially worth several billion to vendors and the various partners (resellers, MSPs, distributors) who work with them.

In the light of this – and given DataFortress’s past history of innovation – we can’t see it falling behind on features any time soon.

Watch this space...

Trend Micro HESTrend Micro HES has long been an attractive cloud solution for users who want email security without on-site hassle. Read how it just got better!

We see a lot of email security solutions, but it’s fair to say that Trend Micro’s Hosted Email Security (HES) has recently upped its game to deliver a user experience that’s slicker, protection that’s broader and more agile, and service management that’s easier (and therefore ultimately more profitable!)

Here’s how Trend has taken HES to the next level.

New in Trend Micro HES, (1): Smoother interface, better data insights

Trend has now extended the successful interface designs found elsewhere in its stable of solutions to HES too, meaning that if you can “drive” other Trend solutions (like Worry-Free or OfficeScan), you can now just as easily drive HES.

For both end-users and service providers, this potentially means smoother workflows, easier internal adoption, lower training and implementation costs, and, overall, sharper ROI.

Trend Micro HES Dashboard
Trend has brought HES into line with its standard interface design and given its threat analysis tools a shot in the arm.

An improved dashboard in the solution now also makes it easier for end-users and service providers to glean more information about the threats they face, thanks to advanced analysis details and top advanced threat charts.

New in Trend Micro HES, (2): Sandboxing now comes for free!

Sandboxing – the ability, in the context of the SMTP protocol, to take mail offline and rigorously test it for threats before it reaches the recipient – is a potent tool in the security partner’s armoury.

But, typically, it’s also very costly – and it’s here that Trend has broken the mould. HES now includes free-of-charge access to new sandboxing solutions including Advanced Threat Scan Engine and Social Engineering Attack Protection.

Tick a box, get sandboxing for free – Trend’s Christmas present to service providers seeking to add value to their customers’ accounts!

Advanced Threat Scan Engine uses combined pattern-based and heuristic scanning to not only combat known email threats, but identify characteristics and behaviours that can suggest new ones (making it particularly effective against stealth threats like ransomware and zero-day exploits).

Social Engineering Attack Protection (now built into the AntiSpam Engine) is part of Trend’s recently much-vaunted machine learning stable, which includes the XGEN solutions.

It detects suspicious behaviour in multiple parts of each email transmission, including the email header, subject line, email body, attachments, and the SMTP protocol information.

Suspect messages are returned to Hosted Email Security for further action or policy enforcement, ensuring the attack does not reach its target.

These services are easy to activate too, by simply ticking a policy check box – convenient for end-users and service providers alike.

New in Trend Micro HES, (3): Protection against spoofing

Spoofed email identities are the gateway to unwitting activation of all manner of threats, from phishing, to whaling, to dangerous attachment payloads, and more.

HES now supports DKIM (Domain Keys Identified Mail) signatures in both incoming and outgoing messages. These authenticate the domain name associated with a message to detect any mismatches, which in turn protects users against receiving messages that have been tampered with – for instance, to spoof the sender name.

Protection against spoofing
Spoof email? That’s so passé!

New in Trend Micro HES, (4): Marketing-friendly segregated email

Trend has consistently led the field in anti-spam protection, but the reality is that what is often defined as marketing spam can in fact be a source of new opportunities or competitor intelligence for some departments in your customers’ businesses.

For this reason, HES now offers email segregation, which enables certain types of user or policy group within the end-user’s organisation to choose to receive marketing and promotional email (whilst still subjecting it, of course, to all the other new and existing HES security features).

Marketing-friendly segregated email
Yes, please market to me! Or just don’t, OK?

New in Trend Micro HES, (5): Time-of-Click Web Protection

Boosting Trend’s already significant arsenal of web reputation and security solutions, Time-of-Click protection automatically rewrites URLs contained in received emails.

This means that the default action when a user clicks on these links is not to take them straight to the site concerned, but to submit that underlying site to Trend for real-time prior security and reputation analysis.

Lucky Trend automatically rewrote this URL and checked it before the recipient got taken to the site…

The delay for the user in accessing a legitimate site is fractional, but the protection against accessing non-legitimate sites is comprehensive, since no access is granted until HES has confirmed that the site is not a source of threats or reputational damage.

More on what’s new in Trend Micro HES

There’s not the space here to cover off all the detail, but suffice it to say that Trend’s latest version of HES delivers additional benefits that could enable service providers to really differentiate their offering in both existing and new accounts.

Here’s a full list – and you know where to come if you want to discuss it!

General data protection regulationGDPR is coming! Here’s what the security channel needs to focus on to create opportunity out of regulatory upheaval.

On 25th May 2018, the EU General Data Protection Regulations (GDPR) become law.

But despite the burden of compliance that this places on the channel, isn’t it also a major opportunity for channel partners to sell more of the solutions that help end-users to address GDPR-related issues?

Here’s what we found when we dug into GDPR, and the opportunities it potentially presents, a little further…

GDPR opportunities – 1: Greater technology freedom?

A noteworthy feature of GDPR is that it does not prescribe specific data protection technologies – like a certain encryption algorithm, for example – and, therefore, does not automatically exclude others.

Instead, it prescribes processes, meaning that partners potentially have greater freedom than before to choose from a palette of vendor solutions that can satisfy those process requirements.

It’s a growth outlook reinforced by the IT industry’s most high-profile membership and training organisation, CompTIA. They have publicly stated to IT channel partners that GDPR means “Clients will be relying on their providers to help them meet regulations, which is a great opportunity to build on your relationships, all while creating new business with current and potential end users.”

So, given that GDPR is seemingly less proscriptive on the technology front than we might have previously assumed, what are the GDPR hot topics to which security partners’ offerings need to provide a compelling (and compliant) response, if they are to make the most of the opportunities at hand?

 GDPR opportunities – 2: Data protection controls

GDPR has serious teeth, but given our background in security software distribution, and from the point of view of security partners’ offerings, we believe it bites hardest around three key internal and three key external threat scenarios, which we’ve paraphrased from this recent research:

(including employee mistakes and malicious insiders)

  • Making lost data valueless if found – in other words, encryption methods that keep data safe if a device with personally or professionally identifiable information on it is lost or stolen.
  • Remote kill and wipe, to easily remove data from lost or stolen devices, or render them unusable, no matter where they are in relation to the user.
  • Data loss prevention (DLP), to control the types and sensitivities of data that users move around or out of the organisation.

(third-parties exploiting the organisation)

  • Locking-down, to control what kind of applications can and can’t run on an endpoint
  • Virtual patching, to stop remote exploitation of unpatched vulnerabilities
  • Breach detection, to flag where a network has been compromised, and thus enable users to block attempted data theft.

Should security partners be quaking at the sound of these snapping jaws? Not a bit of it.

Security solutions are already available that enable partners to deliver many of these GDPR-focused benefits to end-users, from vendors including Trend Micro (in both SMB and Enterprise formats) and others.

Plus, a recent survey of European businesses cited in this Information Age article found that 69% of those polled are not only likely to invest in security technology as a result of GDPR, but to do so in areas including file-sharing. (This hints at a growth in the cloud app-centric security requirement space, into which, as we discussed in an earlier post, at least one vendor already plays strongly.)

GDPR opportunities – 3: The size of the market

But it’s filthy lucre, predictably, that hints most effectively at the pot of GDPR gold at the end of the partner rainbow. And make no mistake, we are talking big money here.

, for example, has predicted that GDPR will create a $3.5 billion market opportunity for security and storage vendors – in which their partners, of course, will share – as the severity of fines drives enterprises to “radically shake up their data protection practices, seeking…new technologies to assist with compliance.”

An additional push factor in the groundswell of GDPR opportunities for security partners also came with the recent comment by the European Commission's Justice Directorate, according to the International Association of Privacy Professionals (IAPP), that companies judged to have invested responsibly in security can, under certain conditions, see any fines for non-compliance reduced.

Security partners, it seems, are likely to become many businesses’ new best friends!

GDPR: What next for security partners?

This piece in ChannelPro perhaps best expresses what partners need to do, as GDPR relentlessly approaches, to turn a disruptive regulation into a profitable business opportunity:

“1. Read up on the changes and ensure they become the trusted expert on the new regulations

  1. Educate their customers about the impact of the EU GDPR
  1. Ensure they’ve got the solutions available to help customers with compliance”

From where we’re standing, point 3 looks to be the least of partners’ worries…

mcafee-end-of-life-3Who can security partners and end-users turn to once McAfee products are end-of-lifed? We look at some compelling options.

In one of our recent posts, we highlighted some of the likely disruption caused by Intel’s ongoing end-of-life (EOL) programme for many of its McAfee-branded products.

But EOL must not spell end-of-business, and although we certainly haven’t discovered the secret of eternal life, our research found there are more than enough security vendors and solutions “out there” to fill McAfee’s shoes!

Here’s our shortlist.

Goodbye (and hello) Endpoint Encryption

“People are still the biggest security risks”, proclaims this article in CIO.com.

Yet in June 2017, McAfee is EOL-ing its Endpoint Encryption solution - arguably one of the most effective methods of ensuring that endpoints lost by employees, or stolen from them, cannot surrender their valuable data..

(And its migration path seems murky, involving a product name change and an upgrade.)

Enter its Trend Micro namesake, which enables security partners and end-users to remotely encrypt, lock and wipe any endpoint – including desktop, laptop, mobile, and removable media – so that businesses can still enjoy productivity-boosting mobility, without the associated data breach risk.

Trend Micro Endpoint Encryption also features automated methods of deploying and policing encryption and security policies, plus comprehensive audit and compliance records to satisfy the regulators (a big deal in the light of the approaching GDPR law!)

Fighting evil in the email

The demise of McAfee’s Email Gateway is not due to happen until 2021 – but, at the same time, the evolution of email-borne threats is likely to hasten the search for a replacement, rather than give it breathing space.

Indeed, with the Verizon Data Breach Report recently stating that 77% of malware infections are now due to users receiving a malicious email with a web link or attachment, according to this white paper, security partners and end-users alike need to move fast to secure alternatives.

Vendors’ offerings in this area are diverse, but compelling. Malwarebytes, for example, rolls email protection into an overall layered security approach that does not displace or conflict with existing security solutions – a boon for partners (it offers them an easy additional revenue stream) and end-users (it doesn’t disturb their current security arrangements) alike.

Trend Micro, for its part, offers multiple email security solutions for both SMB and Enterprise clients. Hosted Email Security solution has achieved 99% blocking effectiveness in independent tests, and takes the security maintenance headache off customers’ desks, as updates, patches and hot fixes are delivered 24x 7 by Trend’s own teams.

Smart Protection Complete, for its part, protects not only mail servers and gateways but also the cloud-based collaboration applications like Office 365 on which end-user businesses are increasingly reliant.

Finally, another convincing contender is Bitdefender, whose products have been rated the best tested for corporate security and performance by independent test lab AV-TEST. Its email security solutions within the GravityZone product set also boast the top antispam detection rates and can be installed in minutes!

Mobile security: a moving target

Keeping mobile devices  - official or otherwise - secure in populous, often geographically diverse enterprise environments is always a challenge, but when your chosen security solution ups sticks and disappears into the sunset (as McAfee’s Enterprise Mobility Management will do in January 2017) it’s time to seriously start nailing down alternative options.

Again, Trend Micro plays pretty strongly in this space, with a comprehensive mobile security and management offering (within Smart Protection Complete) that combines protection (DLP, VPN, app control, web filtering, gateway anti-virus etc.) with centralised visibility and control.

The latter means that the entire enterprise’s mobility is easily secured and managed from a single “pane of glass”, taking the pressure off partners and end-user security admins at the same time (a feature also be found, in similar form, in Bitdefender’s GravityZone Security for Mobile Devices).

EOL for McAfee? New beginnings for your security.

This is just a snapshot of the many new opportunities that McAfee’s EOL programme unearths for the security partners who resell solutions or deliver them as MSPs, and the end-users whose business integrity depends on them.

It may be EOL for many McAfee solutions, but that’s AOK when you’ve got a plan to move to something better.

(Psssst! Have you got a plan to move to something better?)

End of Road for McAfee Email Security SolutionsAs many McAfee security products slide into end-of-life, we take a look at how it could affect end-users, MSPs and resellers.

Forgive us for being forward, here, but if you didn’t read our last post on the McAfee security products that have entered, or are entering, end-of-life (EOL), you probably need to.

Just to recap, many McAfee EOL products simply don’t have a like-for-like migration path, according to McAfee’s own EOL support pages. In fact, many of them apparently don’t have a migration path at all, and those that do have a distinctly oblique one, involving renamed products and (presumably more expensive) updates.

So if you’re a McAfee end-user, are you worried? If you’re a McAfee MSP or reseller, should you be worried, too?

Worry is never helpful – so here are the plain facts about the McAfee EOL products and how their withdrawal will ultimately affect end-users, MSPs and resellers alike.

Which McAfee products does this EOL problem affect?

Since Intel’s acquisition of McAfee in 2011, there has been a concerted focus on EOL-ing those products that are not core to Intel’s strategy, and so the complete list is a long one.

But three that we think will grab most end-users’ and partners’ attention are:

  • Email Gateway
  • Enterprise Mobility Management
  • Endpoint Encryption

What will this mean for end-users and partners?

Bluntly, whether you’re an end-user or a security partner, EOL means what it says on the tin, or at least in the McAfee end-of-life policy; support for the software product simply stops (“Support contracts cannot extend beyond the end-of-life date”).

Support, of course, includes patches – a critical weapon in the struggle to keep security software updated against new or emerging threats – and so a security product kept in service beyond its EOL date is likely to rapidly become no kind of security product at all.

Map the McAfee products that are going / have gone EOL to the current risk profile of the cyber threat universe and the picture looks even more alarming.

  • McAfee is EOL-ing Email Gateway, yet… malware analysis in this publication shows email-borne malware hit 705 million quarantined messages from just one security vendor in just one month of 2015 alone!
  • McAfee is EOL-ing Enterprise Mobility Management, a solution that enables IT teams and security providers to keep large-scale official and unofficial mobile use in large businesses secure - yet McAfee also admits that the unique mobile malware samples collected in its own laboratories increased 72% from Q3 to Q4 in 2015!
  • McAfee is EOL-ing Endpoint Encryption, yet… the loss or breach of customer data from a mislaid or stolen device that this kind of technology can prevent is about to become a source of huge financial risk to businesses because of the draconian provisions of the forthcoming GDPR legislation!

In short, McAfee are pulling the plug exactly where the bad guys are starting to focus most attention – and that can only end badly for end-users and partners alike.

 But MSPs and resellers can get custom support, right?

Don’t you bet on it. Although custom support, beyond the EOL date, is theoretically available, it’s on McAfee’s say-so – reseller, MSP, end-user or whoever else you are. As they state in their policy, it is “an exception”, not the rule.

Clearly, it also costs. Not only that, it requires an existing current and continuous support contract to be in place, provides only limited content updates, for a limited time period, and with specific terms and conditions.

(Oh, and it never covers hardware of any kind, even if you bought the original solution on a hardware platform).

Does all this infuse the need to migrate to other solutions with a certain sense of urgency?

What happens next?

But knowing you have to migrate is little use if you don’t have any help as to where you might migrate to.

In the last blog in this series, we’ll be exploring some of the other security vendors’ offerings, and discussing whether they’re a good fit for partners and end-users looking to leave McAfee’s EOL products behind.

Keep watching!

McAfee - End of service warning

A raft of McAfee products have gone into end-of-life (EOL) since Intel took over. We look into the issues this is likely to create, now and in the immediate future.

It’s been six years since Intel bought McAfee, during which the company has pursued an aggressive end-of-life (EOL) policy across its product range, unleashing what IT publication CRN called “waves of uncertainty” in its core markets.

A visit to McAfee’s EOL support pages reveals a current drop-down menu listing scores of products that have been put into, or are scheduled to be put into, EOL - meaning no further availability of technical support and essentially, therefore, the impending end of the product’s viability for end-users and partners alike.

And although clear migration paths are available for some of these products, for others they are conspicuous by their absence, or are simply replaced by a (presumably more expensive) “upgrade”.

The outcome is inescapable: multiple security solutions are no longer available from McAfee, and each case of EOL leaves a hole that both end-users and security partners will potentially need to look elsewhere to fill.

McAfee EOL: the critical list

Regrettably, the EOL products that appear to have no clear migration path are also the ones that cover the truly critical threat vectors like networks (Asset Manager), email (Email Gateway), mobile devices (Enterprise Mobility Management), and data protection (Endpoint Encryption).

Unfathomably, even Content Security Suite, which combines many of these defences in one convenient package, is destined for the axe.

Intel spoke of “tough tradeoffs” in making these EOL decisions, but the reality is that they have proven – and will continue to prove - tougher still for customers and partners.

The apparent absence of clarity regarding the migration path from one product to a subsequent version or replacement spells disruption, whichever way you slice it.

Should end-users (and partners) simply trust that Intel will come up with something better? Should they be looking to other vendors? If so, which?

And should they seize the simplicity of “going direct”, where available, or should they source the products through a distributor, where the added link in the supply chain could bring value-adds like services, support, consulting, rewards and benefits, and the like?

Beyond McAfee EOL: what next?

Two points are worth noting here.

Firstly, at least some of McAfee’s products won’t go into EOL for a short while yet - so there is breathing space to find and trial alternatives.

Secondly, the security market is evolving fast. Established players like McAfee are coming under pressure from a swathe of specialist security vendors, including the new “big names” like Trend Micro, as well as agile arrivals like Bitdefender, Malwarebytes and others. Essentially, when McAfee stops delivering, there is no shortage of vendors who could potentially step in.

Watch this space for our next blog, which will explore some of the most compelling post-McAfee options for resellers, MSPs and end-users alike.

virtual-cloud

Bitdefender have announced that its GravityZone solution is now certified by VMWare and has achieved the VMware Ready status.

What this means?

Organisations can now enable agentless scanning on guest virtual machines via NSX introspection, which eliminates the overheads that can be seen when running a separate instance of the agent in each VM.  It also offers increased resilience against APT's which target the security solution.

Enterprise Customers now have access to a new and proactive approach for securing Datacenters and their Network Virtualisation environments.

From Kirsten Edwards, Director, Technology Alliance Partner Program, VMware

“We are pleased that the Bitdefender GravityZone qualifies for the VMware Ready™ logo, signifying to customers that it has met specific VMware interoperability standards and works effectively with VMware cloud infrastructure. This signifies to customers that GravityZone can be deployed in production environments with confidence and can speed time to value within customer environments,”

Harish Agastya, Vice President, Enterprise Solutions, Bitdefender

“Data centers are the heart of the digital economy, and security is paramount for data center operators across the world. The VMware Ready certification marks another step in our commitment to provide security that is easy to deploy and scale, and meets the unique requirements of today’s highly virtualized environments. Our award-winning security solution leverages NSX capabilities in the software-defined data center to provide automated deployment and orchestration of security services,”

About VMware Ready

vmware_readyVMware Ready is a cobranding benefit of the Technology Alliance Partner (TAP) program which makes it easy for customers to identify partner products which have been certified to work within the VMware Cloud infrastructure.  With thousands of members worldwide, TAP includes best of breed technology partners who bring the highest expertise and business solutions for each individual customer.

About Bitdefender GravityZone SVE

Bitdefender GravityZone SVE provide security for virtual machines, virtualised Datacenters and cloud instances, through the GravityZone On Premise console.

  • Best protection for Windows and Linux virtual machines: enabling real time scanning for file systems, processes, memory and registry
  • Best proven performance in datacenters: up to 20% performance improvement compared to traditional security vendors
  • Works on any virtualization platform: VMware, Citrix, Microsoft Hyper-V, KVM, Oracle, and others on demand
  • Agentless security for VMware NSX

 

Padlocks SecurityMultiple combined security solutions can be expensive for partners and customers alike, and can cause security gaps. So do integrated suites make more sense?

Calling all security partners - here's a scenario you might recognise: you sell the customer an individual “point” solution to address a specific security need, then you widen the customer’s understanding of their needs and gradually sell them a range of other point solutions to suit. Right?

But is this really the most profitable sell? And isn’t its viability called into question by the fact that the point solutions are only as robust as the glue that’s holding them together?

Here’s what some of the security partners who are our customers told us.

"Individual security solutions inflate costs."

As the quote above suggests, partners must balance the relative ease of progressively selling point solutions with the upward price spiral (and competitive impact) that this process tends to introduce.

Integrated suites of solutions, however, typically tend to be priced much more favourably; entire suites of security products can often be bought by the partner for a fraction of the price of combining point solutions!

But it’s not just about licensing costs. As you’ll read below, industry analysts support the idea that an ecosystem of integrated solutions will be more resource-efficient, enabling repositories to be shared effortlessly between the component solutions within it, and minimising operational costs too.

“Managing complexity is an expensive problem with point solutions.”

Essentially, this boils down to two issues.

Firstly, effective security has to work seamlessly across multiple layers (endpoint, application, network) but it has to do so in a user-centric way.

But if you stitch myriad point solutions together there is typically no centralised console for easily managing security across all these layers. Solutions for every layer then have to be managed in isolation, seamlessness evaporates, and admin and management overheads are multiplied, biting deeply into operating margins.

Secondly, point solutions, by their nature, are not greatly flexible, so they put partners into a complex and therefore potentially costly technical position when it comes to scaling to meet growing user demand, or deploying across mixed on-premise, cloud and hybrid environments.

In short, layered security suites are essential to enable partners to protect their customers comprehensively – but if those layers can’t be controlled from a “single pane of glass” then those partners are heading for a huge profitability drain.

“Combining point solutions doesn’t work 100% - it leaves security gaps.”

This is perhaps the most fundamental observation of all, explained best by industry analyst firm Forrester in this paper.

They say that in systems “protected by separate point products with isolated intelligence analysis/policy engines and management consoles, complexity increases and gaps in security coverage are more likely to present opportunities for exploit by malicious parties.”

They also confirm that integrated suites incorporating layered security offer partners (and customers) significant reductions in “operational friction” and cost, as we have already mentioned above.

“Point solutions have limited threat coverage.”

Related to what we’ve said above, if point solutions struggle inherently to work together, it’s logical to assume that, as attack surfaces and threat vectors proliferate, this shortcoming degrades even further - and there comes a juncture when point solutions effectively become functionally unable to cover off the full spectrum of threat sources.

A cursory glance at the kind of threats that integrated security solutions must now protect against reinforces this view.

Endpoints, smartphones and tablets no longer cut the mustard. Instead, protection must extend to USB, removable drives, mail and file servers, messaging and web gateways, collaboration portals, instant messaging (IM) servers – and, as we noted in a previous post, cloud applications (like Office 365) whose use within businesses is skyrocketing.

Clearly, however, not all point solutions are created equal. A carefully assembled, multi-vendor solution, using only established best-of-breed components, might arguably be up to the tasks demanded of it -  but at what cost?

Disparate licensing agreements. Disparate billing arrangements. The need for a separately purchased and configured remote monitoring and management (RMM) console...

These obstacles are a world away, in cost and complexity terms, from a one-vendor solution with specialist components that target specific security layers, and with its own in-built "single pane of glass", delivering unified management, from very first use, across the customer's entire security estate.

Buyer beware!

Conclusion: integrated suites make security (and business) sense

According to experts quoted in security publication CSO Online, 2016 is the year of advanced cyber attacks, insider threats, ransomware, “cloud wars” - and a huge shortage of in-house cyber talent that security partners will have to help their customers to fill!

Against the backdrop of this surging demand, the notion that partners can profitably supply and effectively manage individual point solutions to simultaneously address such a vast (and growing!) expanse of ever more sophisticated threat sources doesn’t stand up to reasoned analysis.

There seems to be only one sensible way forward for partners in the security channel, and Forrester once again nails it when it writes: “Integrating the security management and analysis within each layer is crucial when protecting against advanced or targeted attacks.”

The day is surely coming when there simply won’t be much point in point solutions.

Keyboard equipped with a red ransomware dollar button.
Keyboard equipped with a red ransomware dollar button.

There has been report of several companies becoming infected by the Crysis Ransomware and as such we have had a look into what it does and how it can be prevented.

History

First detected in February 2016, this virus has multiple methods of infection typically an email which has attachments using double extensions to make them appear non-executable.  Although it has been seen to also come through SPAM emails and compromised websites.  There has also been reports that it has been distributed to online locations and shared networks disguised as an installer for various legitimate programs.

Description

Crysis Ransomware itself is capable of encrypting over 185 file types across fixed, removable and networks drives and uses RSA and AES encryption, once infected it will also look to delete the computers shadow copies.  Whilst also creating copies of itself into the following locations.

  • %localappdata%\­%originalmalwarefilename%.exe
  • %windir%\­system32\­%originalmalwarefilename%.exe

The virus will then look to create/edit certain registry keys to ensure it is run on each system start.

  • [HKEY_LOCAL_MACHINE\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "%originalmalwarefilename%" = "%installpath%\­%originalmalwarefilename%.exe"
  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "%originalmalwarefilename%" = "%installpath%\­%originalmalwarefilename%.exe"

Finally after encryption there is a .txt file placed in the computers desktop folder, sometimes this accompanied by an image set as the desktop wallpaper.

  • %userprofile%\­Desktop\­How to decrypt your files.txt

There has also been reports of Crysis stealing data and credentials from the affected machines and passing these back to its Command and Control server.  This would then allow the computers and local networks that have been infected to become vulnerable to further attack if the credentials are not changed.

It has also been seen that Crysis will monitor and gather data gathered from IM applications, webcams, address books, clipboards and browsers prior to sending this to the C&C server with the windows variant stealing account and password credentials.

Prevention

To reduce the risk of infection we recommend the following

  • Ensure you are using an upto date AV product
  • Ensure any specific Ransomware prevention tools in the AV are used
  • Ensure you have a regular tested backup of the data
  • Educate users in the dangers of opening attachments from an unknown source