Blue Solutions

BD Banner for blog

Originally published on the Bitdefender website

No matter how valiant the efforts to secure their systems, or the amount of money spent on IT defenses – many of the same IT security challenges persist today as they always have.

Enterprises are behind in their ability to quickly detect data breaches. According to the 2015 Verizon Data Breach Investigations Report, the vast majority of organizations don’t detect breaches with days of occurring, no – the time to detect compromise is still too often measured in weeks, or months. And, depending on the study, security breaches can cost $100 per record and up.

As the sheer number of breaches, their duration, and their costs reveal in the past few years, enterprises can clearly do much better. But it’s not a matter of a quick fix. It’s not a single product deployment, or hiring to fill a few positions. There are, however, key areas that organizations can focus upon to close the gap between the ease in which attackers can exploit enterprise weaknesses and the ability for enterprises to defend their systems and data.

Here we go:

1. The security program informs the regulatory compliance program, not vice versa

Too many organizations today remain focused on maintaining their baseline security controls. They check their regulatory compliance check boxes and move on. Firewall: check. Network monitoring: check. Network segmentation: Should be in place, check. What lacks is a focus is making sure each of these functions is done right.

This needs to be flipped around. Enterprises need to build rugged security programs and build the reporting on top of those programs to feed into their regulatory compliance efforts.

2. Hire and cultivate the right security talent

In my interviews with CIOs and CISOs it’s clear, across the board, enterprises are hurting when it comes to finding skilled information security professionals. If you know device security, enterprise security architecture, are a pen tester, can manage or build a security program – you are not in want to job opportunities.

The challenge for enterprises is that technology and attack methods are moving so swiftly, that traditional education and corporate training programs don’t keep up. And, quite frankly, many HR departments in large enterprises don’t know how to hire well for information security positions. They rely too heavily on certifications and not enough of security problem solving skills. Traditional training doesn’t keep pace producing security skills needed with constant changes in mobility, cloud architectures, virtualization, containerization, Internet connected devices (IoT) and others.

Skilled security pros also tend to come from non-traditional backgrounds. They are liable to be the men and women with purple hair, lots of tattoos, and a scattered college history: but they know how to hack and many know how to help defend against hackers. But they are overlooked. This needs to change, and government and corporate enterprises need to rethink how they vet and view security talent. They need to consider training in-house talent that has an affinity to this field and wants to be trained.

3. Communicate in terms the business cares about

Today, too many security professionals think, and speak, in technical terms. Such as when they see a certain attack vector, they see a technical problem. And they are right, it is in fact a technical problem in most cases and can be remedied technically. But to business leaders and management it is a business risk. And business people want to understand things in business terms and business risks.

When most people suffer say, a car breakdown, they care more about losing the utility of the car than they care about the technical reason for the breakdown. When they ask technical questions about the nature of the mechanical failure, what is really going on in most people’s minds about the car is how the nature of that mechanical breakdown will impact the cost to fix. So that’s loss of utility and cost to get that utility back that matters to us most.

Business leaders, when it comes to IT, think no differently.
What is at stake with the risk, from a business perspective. How much will it cost to remedy. What is the cost of losing the utility? These are the terms more security people much speak in.

4. Shift some security focus to breach detection and response

With good reason, tens of billions of dollars have been invested by public agencies and private enterprise into traditional security defenses: the stuff geared to keep bad guys and things out. I’m not sure if enterprises have spent enough, or too much. That is certainly an interesting and debatable question. But I am sure we can’t count on it to work all of the time, every time.

Attackers are going to get through. There will be a misconfiguration they find, or there will be an employee who clicks on something they shouldn’t, or a trusted web site will serve malware and that breach will go undetected. Bad things are going to happen to enterprises that strive to protect themselves and do the right thing.

This is why more resources and effort needs to be focused on the ability to detect and respond to successful breaches. It makes sense to want to stop attacks. But like in American football, good defense wins games but it doesn’t win every game and even the best defenses are scored against.

Your information security defenses and efforts are no different.

Plan and put the resources in place to rapidly respond. It will mitigate the damage of successful breaches, and hopefully keep the costs of those breaches down, too.

5. Shift to data-driven security decisions

An important shift is one that has been widely talked about in security, but not always very pragmatically acted upon. Security pros need to stop working from a position of what they knew to work in the past, or their personal hunches, or providing the types of defenses the business thinks it needs.

To date, this hasn’t worked so well. We need to start making more data-driven decisions. If the business wants to invest in certain areas of security spending, perhaps that is the wisest move or perhaps it is not. Collecting the right data about the nature of the security controls in place, how well they are performing, as well as what has not been working well may provide better answers. Certainly the final decision about what spending will get done is up to the business, but by providing the right data you can help them make better decisions.

All the data needed is out there: the nature of the adversarial threats, the technical vulnerabilities, the value of the business data and services provided by critical applications, as well as the goings-on within the network and applications. It’s time this information be better collected, analyzed, and put to use to make the best data driven decisions possible.

 

LabTech logo

 

Originally published on the LabTech Blog - Author Josh Preston

As an MSP, you have two choices. You can be your own boss, be passionate about the work you do and work hard for your success. Sound good? Option two is even better. With the right preparation and foundation, you can have a business that runs so smoothly and effortlessly that you can finally take a real vacation.

Running your business with an eye on growth means changing your mindset and your business focus. Continuous growth is the goal, since it means expanding profits and staying a step (or several) ahead of your competitors. The market changes fast, but the more proactive you can be, the more you’ll be able to offer your clients. The more they depend on your services, the faster you’ll see growth in your company and your bottom line.

Here are a few big game changers to help you jump start your business growth:

1. Stay Safe
Security continues to top the list of your clients’ biggest concerns, so find a strong security platform that keeps them protected without risk. Find the perfect balance between mitigating risk and hindering productivity.

2. User First
How many devices do you have? Chances are you’ve got more than one, and so does every end user you support. Enter the shift to by user management instead of by device. Make sure you’re staying ahead of the game by supporting multiple devices.

3. Connect Everything
Data, devices and people are quickly intertwining, giving MSPs the chance to offer a number of ‘smart’ devices and opportunities. The market opportunity for the Internet of Things (IoT) is huge, so watch this one grow in the next few years and see how you can get on the bandwagon.

4. One-Stop Access
In a nutshell, virtualization allows multiple operating systems to run on one physical piece of hardware. This cost-saving trend will easily catch clients’ attention, so be sure to stay informed of what it offers.

5. Keep Compliant
Regulation and compliance requirements are an important and challenging task for many organizations. Wrap your head around the details for a few relevant verticals, and start reaching out to offer this vital service to new and current compliance-reliant clients.

Keep a close eye on these trends as they come to life, and be ready to answer any questions your clients might have about them. The more you know, the faster you establish your place as a trusted advisor—and the more your clients will thank you.

Windows10

Article originally published on the Malwarebytes website

It’s that time again, a new operating system emerges from the Microsoft incubator! While many of you might not get to experience Windows 10 just yet or even in the foreseeable future, we want you to know that when you decide to use it, Malwarebytes has got your back.

The latest versions of our Malwarebytes products supports Windows 10! And that includes:

  • Malwarebytes Anti-Malware Free
  • Malwarebytes Anti-Malware Premium
  • Malwarebytes Anti-Exploit Free
  • Malwarebytes Anti-Exploit Premium
  • Malwarebytes Anti-Malware for Business
  • Malwarebytes Anti-Exploit for Business
  • Malwarebytes Anti-Malware Remediation Tool

So one of the first things you should do after setting up your new operating system is to download Malwarebytes Anti-Malware. Trust me, the cyber criminals won’t wait until everyone is comfortable with Windows 10 to start targeting folks using it.

To download the latest Malwarebytes Anti-Malware on your new Win 10 system, click here.

Find out more about Malwarebytes at www.bluesolutions.co.uk/malwarebytes/. Call our sales team today on 0118 9898 222 for a free trial or demo.

Malwarebytes Image

Originally published on the Malwarebytes Security Blog

May 6 marked the 15 year anniversary of the infamous ILOVEYOU (Love Letter) email virus. The virus is regarded as the first major virus spread by email.

ILOVEYOU reportedly infected tens of millions of computers worldwide, and cost billions of dollars in damage.

Once a machine was infected with ILOVEYOU, the virus scanned the Windows Address Book and subsequently sent copies of itself to every contact within the list. Using the public’s lack of email security to its advantage, the virus was able to masquerade as a legitimate attachment sent by a known acquaintance.

This simple social engineering tactic allowed the virus to propagate world-wide quickly and efficiently.

In the years since ILOVEYOU, we’ve all learned lots regarding email security and ‘best practices’ to use when downloading attachments. There have been numerous articles, write-ups, warnings, and suggestions advising users to be wary when opening attachments that come via email – even when from a trusted source.

Despite more than a decade and a half of these warnings, email is still a primary vector for the installation of malicious software.

The M3AAWG Email Metrics Report, released Q2 of 2014, indicates that over a three-month tracking period, a whopping 987 billion “abusive” emails were identified as being successfully delivered.

While this pales in comparison to the other 9+ trillion emails blocked by the mail providers, this number demonstrates just how successful  a vector email is for malicious actors to use to compromise their victims.

While the M3AAWG report doesn’t distinguish between emails with malicious attachments and other types of abusive emails such as phishing emails, it’s reasonable to assume that at least a significant percentage of the abusive emails did indeed contain a malicious attachment.

As indicated by the report, the vast majority of these messages are blocked by large email providers such as Microsoft and Google, but despite the best efforts of these companies, many messages still find their way through the filters.  Here is an example of a malicious email I received to my personal email account just the other day.

MalSpam1

The success of these malware campaigns relies in numbers. With an estimated 205 billion emails sent each day, it seems to be a herculean, if not almost impossible task to prevent each and every malicious email from being delivered.

We would all be quite peeved if that important document from our boss wasn’t delivered to our email box, or if that emergency change in insurance wasn’t received from HR.

The big email providers know this, so they are forced to tread lightly when determining if an attachment is malicious or not. The problem is malicious actors know this too.  So for them, it’s just a numbers game.

If one address gets blocked, use another. If one message is blocked, send one more – better yet, send a million more. And there in-lies the issue that we in the security field face when it comes to preventing you from seeing (and in the case of malware – blocking) this sort of garbage all together.

A small portion of over-all attempted deliveries and an even smaller percentage of successful installs is all that’s needed to claim success.

Malware authors utilise a dizzying array of tools, services, and botnets to facilitate delivery of malicious email. Email addresses are spoofed. The subject and body can be dynamically generated using unique information to help provide a sense of legitimacy to the email. Most attachments are randomized both in name and MD5’s to thwart detection.

Geo-location is used to send emails to users of a particular region, city, or post code. And the subject matter of emails constantly changes to play into the fears, desires, and dreams of every potential person.

MalSpam2

Attachments are not limited to .zips either. Attachments have been seen to arrive in .exe format (although rare with large email providers), .scr, .pdf, .com, .js, or a variety of others. Here we can see how some attachments attempt to appear legitimate.  Take notice of the large spaces between filenames and the .exe extension on a few of the attachments.

MalSpam3

Remember, it only takes a small portion of sent emails, and an even smaller percentage of those to be clicked, in order for a malware author to claim a particular spam-run successful.

The reality is, these people wouldn’t use email as an attack vector if it didn’t work – but it does.

The only reason it does is because a small percentage of us still click such attachments thinking there may be some legitimacy to the content.

Despite 15 years of warnings, billions of dollars in damages, and countless attacks attributed to email, we have yet to learn the dangers of downloading unsolicited attachments.

So for the sake of humanity (a bit dire, I know) please quit clicking attachments from people you don’t know, or from contacts where the content appears suspicious.

If there is a question if the email is legitimate, contact the sender and inquire.

If you didn’t order anything online, don’t click the Word document advising you of your recent purchase.

If you haven’t done so already, configure Windows to always show file extensions. That way, if you do download and extract a malicious attachment, you can hopefully see if any trickery is being played with spaces between the visible filename and the extension.

And most importantly, educate someone you know who would never read this (or any) security blog as to hopefully help them from succumbing to the ever-changing tactics of malware spam.

Blue Solutions is now a distributor for Malwarebytes- read the press release here. Call our team on 0118 9898 222 and they'll help with any questions or arrange a free trial.

censornet logo

Originally published by CensorNet

The poor old IT department, if there were ever an Olympic sport where you could count the moments between suggesting that technology could change the world and then having it bite you on the backside by an unruly mob, well, they’d be gold medallists.

Naturally, an IT team is predisposed to focus on the challenges and risks that a BYOD culture can bring, which is not a bad thing.  In the IT world, BYOD makes the world a more complex place rather than a simpler one. A fixed desktop located on an internal network is always going to be simpler to deploy, easier to manage, easier to secure and much easier to monitor. The risks can be easily identified and mitigated.

The problem with Browsers

With a few exceptions, the main browsers tend to be Chrome, Internet Explorer, Firefox & Safari. The problem arises when every user’s personal device needs its browser software up to date. Take your fixed, standardised, controlled infrastructure away and it’s not quite as easy. Some applications will simply not work on older browser versions or even with specific browsers. The quality of user experience may be compromised if the right browser is not selected. It can be a fickle, inconsistent way of working.

More importantly, not keeping a browser up to date may expose security flaws that place the device and its content at risk. Many have learned that particular lesson the hard way.

Our old nemesis ‘Malware and spyware infection’

The natural by-product of an increasing tech savvy world is that the bad guys are getting smarter and the users are more ‘click-happy’, particularly on mobile devices.

Users are seldom intentionally malicious, although clearly it happens. However it is often more a case of due diligence when time is a constraint. Not all will adopt sensible security protocols to ensure they are free of Trojans and other malicious autobots that might be hiding within what, at the time, looked like a cool free widget or an article containing a part of Kim Kardashian that broke the internet.

In 2013, a study by Alcatel-lucent in 2013 estimated that 11.6 million devices were infected; a number that is simply likely to grow. The fastest growing infection rates was on Android with Windows and Android being the primary operating systems likely to be targeted.

In Wi-Fi we (Don’t) trust

All mobile devices will invariably hop on and off Wi-Fi with reasonable regularity. The bandwidth and access point will play a role in mitigating the risk of contamination. Using unsecured hotspots increases the risk, not only to the user but potentially the corporate network. The bad guys are smart and unsecure access channels are a happy hunting ground. An experiment by Jonny Milliken, Valerio Selis and Professor Alan Marshall proved that an airborne virus could be transmitted via WiFi from router to router and hence from one device to another. The attempts to access precious data are unrelenting on the increase.

Even on-premise WiFi can be problematic. The strength of any WiFi and available bandwidth may well dictate how usable a commercial application is on any given mobile device. It should be remembered that not all devices have the same capabilities when it comes to transmission and reception.

Authentication

The mechanism of accessing corporate applications, network and resources requires a method of authenticating that the user is who they say they are. Inadequate mechanisms open the door to abuse.

Legal constraints

It may not immediately spring to mind, but a business cannot control the peccadillos of its employees. A personal laptop that has been used for social activities that cross legal boundaries is one that can compromise the integrity of the business and all that could entail. Reputation is as much a protected treasure as any other business asset, as is consumer confidence in who they are buying from.

Data loss

The most precious asset of any organisation is data. Sales prospects, agreements, policies, goals, strategies, Financial Information, Shareholder reports, whatever information an organisation has must be kept secure. The ramifications of data loss can be severe. A user’s device can compromise data in a variety of ways and not just from pernicious access. How much and where on a device is corporate data going to reside? What degree of sensitive data can be trusted to be on a specific users’ device? What about access codes? Is a user storing key account details in plain text somewhere? What happens if a device is lost or stolen, can data leakage truly be prevented?

Device control

If the device belongs to a user, do they have complete administration rights over their device? The owner tends to know how to use their device and how to change configurations. One potentially  damaging scenario is if a user decides to jailbreak their own device so they can access areas that companies like Apple would rather they did not. Android also has its challenges, although not exactly open source, it naturally lends itself to modification and user changes, given its Linux roots. There is an ever-growing community that seeks to either legitimately change code or simply break it because it can be broken and compromised.

Application conflict

What a user downloads onto their own device is by and large a matter for them. Some applications however, particularly apps for smartphones and tablets, can interfere with commercial applications. There is no way that an IT department can track and recommend, from the hundreds of thousands of apps available, which ones are suitable or which could cause cross-application contamination i.e. result in sub-optimal performance or use.

Human error

No matter what technology is used, there is no way of avoiding simple stupidity or oversight by human beings. A human interface is a flawed one simply because we make mistakes and because the users own their devices; mistakes will inevitably happen. Human error will always be the one true constant why there is no such state as 100% secure.

From an IT standpoint, BYOD presents a raft of obstacles. They are challenges that can be met but the solutions are not fool proof and an element of risk will always remain.

Blue Solutions GoTo logo

We are pleased to announce, we have several new team members at Blue Solutions:

Vip Hammil has joined our Sales Team as a Business Development Manager. He is responsible for delivering new business revenue growth through the identifying and recruiting of channel partners, interested in expanding their security portfolio with emerging and best of breed technology.

Our new Trend Micro Product Manager is Israel Azumara. Israel is responsible for managing the Trend Micro relationship and helping our Resellers and MSPs engage with these anti-malware solutions.

Luke Bennett is our new Marketing Apprentice. He joined us after completing his A-levels and is providing valuable support creating marketing and sales material and publishing social media messages.

Kate Clarkson has joined our team as our new Internal Sales Co-ordinator.  Kate’s role will involve supporting the sales team and responding to customer queries in a timely and effective manner.

A big welcome to our new team members!

BD Banner for blogOriginally published by Bitdefender

I came across an interesting article reported by The Register. In a survey, half of companies will still have Windows Server 2003 somewhere in their environment after the support cut-off date of July 14th passes. While purchasing a custom support agreement with Microsoft is an option, it’s one that will quickly get quite expensive ($600 per server per year, doubling each year).

An often complicated, and critical, application, is the endpoint security management suite. Traditional management relied on applications installed on Windows servers, most often leveraging a SQL database running on other servers. This very quickly creates a series of dependencies. Does the security management support a newer Windows version? If so, which databases does it support, and which Windows versions do those supported databases run on? If the management application uses a web server, which versions, and on which operating systems are those supported? How does the migration work, is there downtime, is the data migrated, can it be done in stages, or is it a forklift upgrade.

Much of this complexity can be avoided. Of course, custom-built, in-house applications are still tricky, but off-the-shelf solutions should be very simple, including endpoint security management.

For example, GravityZone can be delivered in two ways that avoid this complexity. The most straightforward is a GravityZone management console hosted by Bitdefender or a partner. In that case, the organization leveraging GravityZone never has to deal with any complexity underlying the management application.

The second option is hosting GravityZone on-premise. In this case, complexity is minimized because GravityZone operates as a self-contained private cloud. The deployment consists of a Linux-based virtual appliance. Multiple instances can be deployed, each playing one or more roles. The roles encompass all required functionality, including the database (often the source of most upgrade woes).

In this way, complexity of GravityZone is not exposed. Bitdefender builds and tests the virtual appliance, while the customer simply updates it. Everything from the web server to database is contained in the virtual appliance.

While adopting an endpoint security management solution that lowers operating system upgrade complexity won’t solve all of your problems, it certainly takes quite a bit of complexity – and therefore risk – off the table for a critical part of your environment. If you’re struggling to move your current solution off of Windows 2003, consider the advantages of a self-contained, flexible, and scalable solution like GravityZone, because it’s only a matter of time before you’ll begin the next round of operating system upgrades!

Want to know more about Bitdefender solutions? Contact our sales team today at 0118 9898 222 and they'll help with your queries or arrange a free trial.

 

AppRiver logo largerversion

What is your plan to stay protected?

In December of 2012, Microsoft announced changes to the roadmaps of some of its security solutions. Those changes included an announcement of the end of life for Forefront Protection 2010 for Exchange Server (FPE). Microsoft stopped offering the FPE product in 2012, but committed to supporting FPE subscriptions through December 31, 2015. Subscriptions expiring before December 31, 2015 will not be renewed. That means virus updates and signatures will not be made available after this date and the service will end. Are you ready?

AppRiver SecureTide as an alternative to Forefront

We recommend every company currently using Forefront on an Exchange server to review their licenses to find out when they expire. Then contact our Phenomenal Care team at AppRiver and discuss SecureTide™ spam and virus filtering as an alternative solution for your company. Our team will review every case and provide multiple migration options, from buy-out programs to migration support. We will make the transition as seamless and painless as possible for your users.

Switch now to AppRiver SecureTide and benefit from:

  • Real-time protection from today's IT threats
  • Simple implementation
  • No hardware or software installation
  • Inbound and outbound email protection
  • Daily Held Spam Reports
  • Disaster email recovery service included*
  • 99-percent effectiveness in blocking spam and viruses
  • Phenomenal Care™, 24 hours a day, every day

Want to know more about AppRiver solutions? Contact our sales team today on 0118 9898 222 and they’ll help with your queries or arrange a free trial.

Censornet cloud banner

Cloud web security across all devices – be protected anywhere and anytime

We recently signed a new vendor, CensorNet the next generation cloud security company, to offer UK SMB customers enterprise-class web security solutions.

As more organisations move to the cloud, Resellers and MSPs need to offer advanced security solutions that help clients to monitor and control employee activities online. CensorNet deliver on premise and cloud solutions that help companies have visibility and control over internet and application access across all devices, regardless of whether employees are in the office or mobile.

Want to learn more about CensorNet? Join our upcoming webinars on Wednesday 1st July and hear about:

Visit our website to learn more about CensorNet web security solutions.   The webinars will be hosted by Deane Mallinson (Blue Solutions Sales Engineer) and David Tregurtha (CensorNet Sales Engineer).

We look forward to you joining our webinars. Reserve your place today:

register

 


 

Hybrid cloud solution maximises security and performance with minimised cost

We recently signed a new partnership agreement with CensorNet, the next generation cloud security company, to offer UK SMB customers enterprise-class web security solutions. With over 500 customers in the demanding enterprise and education sectors, CensorNet deliver on premise and cloud solutions that offer flexibility, mobility, scale and security to customers.

What are the other benefits for your business?

  • It will help you to expand existing security offerings to cover a mobile workforce and BYOD.
  • The secure web gateway provides real-time visibility and control of web access and cloud application use across all devices.

With this offering, you can win customers with cloud application control, maximising its effectiveness whilst minimising risk.

Want to learn more about CensorNet? If you’re going to Cloud World Forum, some of our team will be at the Cumberland Arms pub (just around the corner from the London Olympia), on 24th June from 12pm -5pm. Join Ben Vadgama and Vip Hammill for a drink and some nibbles, while they answer your questions and tell you how Blue Solutions can make it simple to integrate CensorNet into your existing security portfolio.

Space is limited, so please register today.

Can’t make it to the Cumberland Pub?  Call Ben on 07756 612592  or Vip on  07773 6026247 and they’ll arrange a time with you that’s convenient to discuss CensorNet solutions.