Backup

Email Backup vs Archiving Graphic

Email backup, email archiving: what’s the difference, and why shouldn’t businesses just rely on one or the other? We explain.

 

Email is alive and well – and growing!

The daily business email volume worldwide will increase from 112.5 billion in 2015 to 128.8 billion in 2019, according to this downloadable report from The Radicati Group.

So there’s an enormous challenge involved in ensuring copies of emails are retained in a manner that both enables them to be quickly accessed in order to support ‘business as usual’ activities, but delivers more extensive and detailed transparency for the purposes of regulatory compliance.

This is the essential difference between email backup and email archiving. Email backup is largely about business continuity, whereas email archiving is largely about protecting a business’s ‘licence to operate’.

Email archiving: a matter of legal record

Email archiving and email backup are two very different beasts – and here’s why.

Email archiving focuses on retaining emails and associated data to ensure legal and regulatory compliance.

Archiving solutions can therefore hold many years’ worth of data demanded by compliance requirements, even for heavily regulated industries like healthcare, banking and finance, pharma, and so on. Email backup does not retain data this long.

Also, email archiving can hold a 100% faithful copy of the email that has been received or sent, because it retains even deleted mails, which backup does not.

Lastly, email backup typically has very granular tools to satisfy compliance requirements around considerations like access control, audit trails, content integrity, and so on – not something you’d typically find in a backup solution.

As an example, take a look at the features in the Libraesva Email Archiver. You’ll see a whole host of refinements that email backup doesn’t offer, including, amongst others:

  • 80 separate permissions to create finely differentiated user roles and restrict access to sensitive information (important for GDPR compliance!)
  • Trusted time-stamping of each email, to securely keep track of creation and modification times
  • Legal hold, to freeze email and data pending litigation or investigation
  • Anti-tampering, to prevent retrospective adulteration of email content and data

Email backup: copy, restore, recover

The objective of email backup, on the other hand, is to easily recover and restore email that is essential to business activity, when that email has either been deleted or made inaccessible in some other way (e.g. by file corruption, deactivation of a leaver’s account, or even a ransomware attack.)

It can be tempting for businesses to convince themselves they don’t really need this service. After all, with cloud services like Office 365, G-Suite and others, isn’t email already backed up - and in some of the most robust data centres in the world?

Actually, no. Once the recycle bin is manually or automatically purged (and that can be after as little as 30 days) the data is gone…forever.

It follows, then, that cloud services still need backup sitting behind them somewhere, and the most readily accessible place to put it is elsewhere in the cloud (cloud-to-cloud backup).

So, for example, a solution like Cloud Ally will back up all the emails (and other data) contained in cloud services like Office 365 Exchange, Sharepoint Online, OneDrive, SalesForce, G-Suite, Box and others) to a cloud-based AWS S3 data centre that is ISO 27001-certified - and indeed to other user-owned storage too.

This process is automated, enabling a business to easily recover backed-up email long after the cloud service providers would have junked it.

So why do businesses need both email backup and email archiving?

Clearly, email backup and email archiving share some DNA.

But neither is a substitute for the other. In fact both, used incorrectly, are risky, and can put the brakes on businesses’ productivity.

Email archiving boasts powerful storage, search and retrieval powers, but for most everyday users - whose emphasis is simply on being able to find and restore email content and attachments, rather than delivering them as legal records in an approved regulatory format – it’s unnecessarily sophisticated to learn and use.

By the same token, the snapshots generated by email backup solutions, whilst typically simple for users to navigate and restore, do not offer the same historical completeness as email archiving – and any attempt to make them do so in answer to a regulatory investigation or similar would entail many hours’ work manually stitching the snapshots together.

Two sides of the same coin? Perhaps. But businesses need both in the bag, or they could end up paying a hefty price - operationally, reputationally, and in the law courts!

BadRabbit

BadRabbit has munched through cyber-defences, sowing ransomware far and wide. So how does it work? And can you protect your customers against it?

“Run rabbit, run”, goes the song – and ransomware attack BadRabbit has certainly done some running over the past few days!

It has got its teeth into Russia, Ukraine and many other Eastern European countries besides, with some sources also reporting cases in Germany, Turkey, and the US. It seems only a matter of time before it spreads further afield.

So what is BadRabbit – and is there any defence that can protect your customers against it?

What’s up, Doc? What BadRabbit does and how

BadRabbit Screenshot
What users see when BadRabbit bounces into view

BadRabbit is cryptolocker ransomware – it encrypts Windows users’ files using a private key that is known only to the hackers’ own servers. The user must pay for access to this key, in order to decrypt and recover their files (a Bitcoin wallet appears on screen to enable this transaction to take place).

Technically, according to this specialist cyber-security website, BadRabbit is closely related to the recent NotPetya attack, using much of the same code.

However, it executes in a different way, using hacked websites to display a fake Adobe Flash update that, if clicked on, triggers the attack (it drives users to these sites using malicious links.)

Additionally, according to this threat alert website, BadRabbit can move laterally across a network and propagate or spread without user interaction!

Can security vendors stop the naughty bunny?

In short, it seems some of them can.

Bitdefender, for example, states on its website that if your customers are “running a Bitdefender antimalware product for either home or business, you don’t need to worry, as our solutions detect this threat…”

machine-learning
Bitdefender’s inbuilt machine-learning recognises the signs of ransomware and stops it before it can execute

Enabling machine-learning in Trend Micro’s solutions also appears to detect BadRabbit, according to the former’s website, whilst Malwarebytes states that “Users of Malwarebytes for Windows, Malwarebytes Endpoint Protection, and Malwarebytes Endpoint Security are protected from BadRabbit.”

An interesting take on keeping the cunning coney at bay, however, comes from Heimdal, who point out in this very comprehensive ransomware resource that some 85% of ransomware attacks target vulnerabilities in existing applications.

By this logic, updates to software (and not just security software) are, in themselves, a key anti-ransomware security layer.

Damage caused by Ransomware graphic
The consequences of ransomware. Source: Heimdal Security

What other steps can you take to protect customers against BadRabbit?

For systems admin and IT people, of course, quick technical fixes in the form of ‘kill switches’ or similar are indispensable, and it turns out that BadRabbit, like NotPetya and Goldeneye before it, can be tamed by changing the properties of certain files (scroll down to the bottom of this article to find them).

But fundamentally, ransomware works by holding your customers’ data hostage. If this data is backed up and easily accessible, as we discussed in this recent post, ransomware, by definition, loses pretty much all of its bite.

It’s important, therefore, that you advise your customers well on how to choose an appropriate data backup and recovery solution.

For a comprehensive list of all the other steps your customers need to take to protect themselves against ransomware, this recent article from the Carnegie-Mellon Software Engineering Institute offers some thorough advice.

BadRabbit is on the loose. So share what we’ve told you above with your customers and they’ll be all ears.

Business Continuity2017 will see greater demand for security products than ever before. Backup and recovery are predicted to be big business for security channel partners!

Security predictions for 2017 are coming thick and fast – and there’s little for businesses to be cheery about.

“A major bank will fall as a result of cyber-attack,” the BBC relates in this article, whilst, at the other end of the scale, a solicitor has found itself embroiled in an email fraud scam that has, to date, left a homeowner £67,000 out of pocket.

But it’s perhaps ransomware, explored in a previous post, that will see the most noticeable growth in 2017, and it’s a major factor driving businesses’ and security partners’ interest in business continuity solutions like backup and recovery.

After all, if a business can reinstate critical backed-up data at will, ransomware loses much of its bite, and therefore its attractiveness to those who perpetrate it!

So what does an effective business continuity solution look like?

Business continuity solutions – what to look for

True business continuity is about more than just security applications – there’s a whole host of cultural and organisational requirements too, as this basic guide from CSO Online explains.

But from the solutions point of view, business continuity is basically about two things: reliable and bomb-proof (perhaps literally!) data backup, and rapid data recovery.

Two metrics are critical, here: Recovery Point Objective (RPO) and Recovery Time Objective (RTO).

The former dictates how much data a business could afford to lose before it caused any real and lasting damage – and therefore reflects considerations like how often backups need to be performed, what volumes and formats of data need to be involved, and how robust the backup environment is.

The latter dictates how rapidly that backed-up data can not only be accessed (hint: off-site tapes just don’t cut it any more!) but actually redeployed in a form that the business’s hungry systems can once again get to work on – not just files and folders, but settings, too - to get the business back on its feet post-incident.

Between them, these two metrics hinge on a host of solution capabilities that can be problematic.

For example, one oft-cited issue is that when backup and recovery data is being streamed back into a stricken business, the data can’t be accessed or used until the recovery process is complete – and that can take many precious hours, days, or even longer. Unhelpful.

Reliance on recovery via hardware is also a sticking point, since it may be impaired by the very hack that caused the data incident in the first place (ransomware is a very good example of this!)

What’s the appetite for business continuity solutions in 2017?

Nonetheless, business continuity has been a problem crying out for a solution for a long time before 2017; ransomware has simply put an especially shrill edge on it!

Scary statistics abound; did you know, for example, that according to a study by Onyx Group, 71% of UK SMEs only ever manage to back up part of their data?

Or that 75% of SMBs have no disaster recovery plans in place at all?

But even more terrifying, when considered in the light of the ransomware issue, is that, according to one estimate, 58% of small businesses could not withstand any amount of data loss whatsoever!

Think about that for a moment. It means the hackers’ job is made much, much easier. Even holding the slightest amount of a business’s data to ransom could easily provoke a payout. Minimum effort, maximum return – which means more hackers getting involved in this kind of activity in the future, of course!

Not for nothing is the Business Continuity Institute’s agenda focused “overwhelmingly” on cyber-resilience in 2017.

(And in case you’re wondering, the disaster recovery-as-a-service market, in which backup will play a key role, is estimated to be worth $11.11 billion - £8.83 billion - by 2021. Ripe for the picking!)

Where can I check out the latest business continuity solutions?

Clearly, what we’ve said above also means that the competitive landscape for security partners in this space is going to become challenging.

But for an insight into how one backup and recovery solution is evolving to deliver both strengthened protection to end-users and a more compelling proposition to the security partners who sell to them, take a look at this data backup and recovery features update.

And keep watching this series of blogs – we’ll be looking at a whole range of security solutions for 2017, covering email, web, cloud, data centre, and Office 365.

DataFortress Instant Data“Instant Data”, full system backup with one click, local storage options – read how DataFortress’s new features give you a competitive edge!

We pride ourselves on backing the newer, more agile players in the industry, and when we launched our DataFortress MSP solution (you might have seen the data sheet and the infographic) we knew we’d come upon a cloud solution that would give service providers some enviable differentiators in the backup and security space.

But DataFortress is now an even more tempting proposition for service providers, thanks to a raft of new features that really mark it out from the competition.

Here’s a quick overview of its latest and greatest differentiators.

Killer new DataFortress features (1): Instant Data

Recovery Time Objective (RTO) is a critical measure of backup resilience, but whilst customers are waiting for the backup and recovery data to build, they can’t access it. Inevitably, then, RTO starts from an already delayed position.

But DataFortress’s new Instant Data enables the customer to spin up a virtual SQL backup server that can both stream the backup and recovery data, and enable the customer to access and use it, as it builds – without having to wait for it to download.

Result: recovery starts more quickly, delivering much-improved RTO.

InstantData
Instant Data – customers get to their critical backup data without having to wait for it all to download.

Killer new DataFortress features (2): Full System Backup

Imagine that customers could simply click a button and all their data (files, folders, and images) could be backed up from all target machines (endpoints, servers, and everything in between). That’s DataFortress’s new Full System Backup feature.

The data is saved to a file that can then be run on a virtual machine, so that the business can always rapidly recover the very latest version of its backup data – with no reliance on hardware that might itself have fallen victim to whatever caused the need for recovery in the first place!

sliding button
This sliding button (top left) backs up everything, immediately. End of.

Killer new DataFortress features (3): Local Backup

The cloud might invite misty-eyed wonder, but the reality is it’s not bullet-proof. ISPs can experience interruption and bandwidth can be flakey. A hybrid approach would seem to be the path of least risk for many backup users -  and this is exactly what DataFortress’s Local Backup now offers.

As the name implies, it enables backup onto local storage media, so that there is always an accessible in-house fallback for customers when internet access has temporarily disappeared into the ether.

For companies who have an established physical backup routine, of course, (for example, storing tapes in secure offsite locations), Local Backup can also slot neatly into existing arrangements.

Local backup
Local backup adds “belt and braces” contingency to cloud services

Killer new DataFortress features (4): Legacy account conversion

Industry analyst Forrester has reported that 60% of businesses have said improving disaster recovery capabilities is a high or critical priority.

For many established companies, particularly those with strict compliance requirements, this means there is likely to be a whole mass of legacy backup accounts that need to be brought into the fold when a new solution is deployed.

Here, too, DataFortress has seized the initiative, making it possible for legacy data to be converted into modern formats and standards, and (to support this process) enabling old SE (Server Edition) accounts to be upgraded to new and improved ESE (Enterprise Server Edition) accounts and agents.

No longer is the past something that prevents backup and recovery service providers from making a sale in the present!

Legacy account conversion
Yesterday’s backup accounts brought bang up to date..

DataFortress: more killer features to come?

It seems certain that developments like GDPR are set to drive a new focus on data, how it’s managed, and how its value is protected, and DataFortress’s solutions certainly serve these objectives.

And, as we’ve mentioned in a previous post, this GDPR-fuelled market is potentially worth several billion to vendors and the various partners (resellers, MSPs, distributors) who work with them.

In the light of this – and given DataFortress’s past history of innovation – we can’t see it falling behind on features any time soon.

Watch this space...

Why Backup is not Business ContinuityBusiness runs on data, but how many businesses have acted to actually protect their lifeblood if and when disaster strikes?

Only about 35% of businesses have data backup in place, and at the SMB end of the market, some 75% of SMBs have no disaster recovery plan at all.

This is playing with fire. According to this article, 58% of small businesses couldn’t withstand any amount of data loss whatsoever.

It’s a revealing statistic, because it hints that the challenge is not only in backing up the data somewhere safe, but also in reinstating it to enable the business to “withstand” the outage, and get the wheels turning again.

That, in a nutshell, is the difference between data backup and disaster recovery (often termed, somewhat loosely, business continuity, as I’ll explain later) – and here’s what SMBs should be focusing on to get their data disaster ducks in a row!

Speccing the Backup Process: Recovery Point Objective (RPO)

How much data can an SMB afford to lose before it starts to damage their business?

This is the critical question SMBs need to answer, because it is this RPO (Recovery Point Objective) calculation, explained in more detail here, that informs all elements of the data backup process.

How often do backups need to be performed? (Every hour? Every minute?) What volumes and formats of data need to be involved, and what kind of data backup system or service partner can achieve this?

Evidence suggests this is where smaller businesses really struggle, as 71% of UK SMBs, according to research from Onyx Group in this article, only manage to back up part of their data.

It seems that limited bandwidth, mixed IT environments (Windows/Unix/Linux) and disparate file formats conspire to reduce the scope of the RPO, and so dilute its effectiveness as a measure of true backup capability.

The value of the RPO is also diminished by the realities of where the data is being backed up to.

Locally? The fire that took out the core systems just took out the backups, too!

The cloud? Data backup is just as vulnerable to the potential limitations of the cloud as any other service is. How will the data centre be powered in the event of its own outage, and for how long? Is it covered by EU data regulations, and certified to industry-recognised standards like ISO 9001 and ISO 27001? And how secure are the data centres it “mirrors” to, to back up the backups?

Tape? Inherently RPO-unfriendly (you can’t very well create and send off a new tape every hour!), it is also cumbersome and expensive, often funded by an insurance policy and requiring a full-time employee just to manage it. (Read this article, written by one SMB owner, explaining how he improved his disaster recovery capability by getting away from tape!)

The process of deciding on the RPO can expose far greater backup shortfall than the SMB has thus far been forced to confront!

Getting back to business: Recovery Time Objective (RTO)

But the most demanding RPO in the world will only ever address one side of the business continuity equation – the need to back the data up.

The other, equally crucial side of the equation is being able to get to that backed-up data, reinstate it into the organisation, and rapidly rebuild any of the infrastructure that is needed to make it work.

The speed with which this can be achieved is called the Recovery Time Objective (RTO), and is usually set by working backwards from how much a data loss would cost the company (by adding up the average per-hour wage and overheads of the employees who need to work with the data, and the per-hour revenue).

Hardware, physical media and software issues can all mess with the RTO. Imagine you’re an SMB, and all your data is backed up to a physical tape at an offsite location somewhere, that has to be manually shipped back to you before you can reinstate it. #RTOfail

Or imagine you’ve successfully saved all your critical files to your backup service, but you haven’t saved any system images – so the accompanying settings and system data that you need to make the files quickly work again are missing. #RTOfail

Or imagine you’re doing all your backup locally and the hardware that does the backup breaks down, so you first have to repair or replace the machine(s) before you can get to the data – if indeed you then can at all! #RTOfail

What’s emerging here is that no one approach necessarily delivers maximally RTO-friendly use of backed-up data. Instead, a combined strategy can often work better, to minimise the risk in each component of the approach, and deliver:

  • Local, image-based backup that is complete and rapid to recover
  • Rapid replication to and from the cloud through bandwidth-efficient streaming that only transmits changes, not entire datasets
  • Instant local and cloud virtualisation, to vastly reduce the risk posed by fault-prone hardware and cumbersome, inaccessible physical media.

SMB backup and recovery budgets are often meagre. So when the chips are down, the data’s gone, and it’s time to pull business continuity out of thin air, the ability to recover, say, a 70Gb SQL server in a few seconds flat, in return for a modest monthly fee, is a big shout in favour of the cloud.

Summary: Disaster Recovery vs. Business Continuity

Of course, it’s not just using the right tools to meet the commitments of RPO and RTO that will help ensure business continuity. It takes a much longer-term view than that, embracing succession planning, recruitment, supply chain management, and a whole host of human skills to which technology is only peripheral, as this piece explains.

But the facts stand. Backing up data “somewhere safe” is useless unless it’s achieved at sufficient frequency, with sufficient comprehensiveness (system images and data formats), sufficient ease and speed of reinstatement, and with a high degree of freedom from the weaknesses of hardware and physical media dependencies.

There’s a marketable SMB cloud solution in there, somewhere…

manage-backup-banner

Here’s the terrifying truth: according to industry analysts Gartner Group, in this recent article, only 35% of small and medium businesses have data backup in place for disaster recovery (DR) - and 70% of them do not believe that their backup and DR operations are well planned!

So that’s 65% of SMBs just waiting, apparently, for IT channel partners to sweep in with a convincing new backup or DR solution, and swathes more of them looking to the channel to help them either replace or improve the solutions they are already using.

Only it’s not quite that simple. Firstly, there is a fast-changing regulatory environment, which is outpacing many of the DR and backup solutions available.

Secondly, end-users are clamouring for unprecedented ease of use. Forget complex on-premise applications that suck up admin resource; in Gartner’s words, today’s business users want one simple data backup solution that meets all their RPO (Recovery Point Objective) and RTO (Recovery Time Objective) requirements.

A big ask?

Backup and recovery challenges: is MSP the panacea?

On the face of it, backup and DR services delivered in an MSP model would seem to be a great fit for these eager but choosy end-users.

Rapid to set up (often within an hour or two), easily scalable (so the service builds margin and profitability for the channel partner as it grows), the MSP approach also removes complexity from the mix, smoothly delivering viable alternatives to partners whose long-standing offerings have too limited a scope for their business today.

And as the MSP model is naturally compatible with the cloud, it helps get the thorny mechanics of backup and recovery off hard-pressed IT managers’ desks, slashing on-premise risk and admin overheads.

But beware - there are dizzyingly stringent forces at work in the background, potentially challenging many MSP backup and DR solutions’ licence to operate. EU data protection directives are now being reworked and will become regulations – that is, they will assume uniform force of law across the 28 signatory countries – by 2017.

Make no mistake, for MSPs and other service providers, these changes are a big deal. They make MSPs, as data processors, explicitly responsible for breaches in any data they have “touched.”.

Fines may be as high as €100m or 5% of global revenue (whichever is higher), in stark contrast to the current UK limit of £500,000!

 

Backup & DR: the MSP proof points

Clearly, the data regulators are upping the ante, so here’s how to ask questions that will help to identify the MSP backup and DR solutions that can be profitably delivered in this newly draconian environment - without engendering insane levels of legal and reputational risk!

1) Data centre - citadel or sitting duck? Firstly, Is the data all in one centre, or is it mirrored between different sites so that data can instantly fail over to another centre in the case of an outage? Is the data centre elsewhere in the EU, or in the UK, where it’s ultimately more manageable?

At the very least, the data centre should be ISO 27001-certified. But additionally, consider what physical security there is on site, and how long the generator fuel will keep the centre online in the event of a power failure.

(If all this seems like nitpicking, remember that €100 million fine for the consequences of getting it wrong…)

2) Speed, frequency, and data volume – Some 80% of businesses experience a shutdown if they can’t get to their data.

 Yet the fact is that, often, when backup software is tested against large, complex data sets that emulate those of a real-world production system, the time it takes for the backup to complete  - despite even the most ample computing, I/O and bandwidth resources – does not fit within the required backup window.

And that window is shrinking. Indeed, as Information Age recently put it, “with today’s expectation that services will be available around the clock, every day of the week and with an increasing data volume, the back-up window is constantly being squeezed… more than ever before.”

This raises another pertinent point. When uploading of data is not an option, due to bandwidth constraints, can large data sets be “seeded” to the solution provider instead? And will this attract extra fees that will eat into partners’ margins?

Likewise, does the solution make it possible for the partner or end-user to instantly access large amounts of data without the prior need to download it in its entirety? The most powerful MSP backup solutions use clever technology to eliminate this latter bottleneck.

3) Security – In a multi-tenant cloud MSP environment, global encryption keys and space-saving deduplication (each of which can be used to unlock customer-confidential data) should frighten partners and their end-users alike!

 Partners need to be sure that their solution providers’ offerings use both source-side and global deduplication. This makes the data tamper-proof by ensuring that each customer’s unique encryption key remains valid only for their own data set, whilst intelligently managing the shared data pool as it changes.

Finally, solution providers should use the latest, government-standard 256-bit AES GCM encryption technology, both for data in transit and at rest.

Settle for nothing less!

4) Cost, effort, and complexity – Managing hundreds of DR and backup end-users manually does not scale, invites security errors and, ultimately destroys margins. Partners need to quiz solution providers about whether they offer integrations that simplify customer and technical management, including remote monitoring (RMM) and “single pane of glass” operating consoles.

Likewise, when things do go wrong, where is the support coming from? Chasing it down across continents and timezones is stressful, time-consuming, and, therefore, expensive. Prefer a service provider that offers UK-based support, 24/7.

 

The size of the MSP backup/DR opportunity

So with regulations stricter, but end-user expectations higher, than ever before, is there still money to be made from managing the provision of a MSP backup and DR service?

The answer seems to be a resounding “Yes”! Analyst MarketsandMarkets, for example, predicts global growth in the DR service market from $1.42 billion last year to $11.92 billion by 2020, a compound annual growth rate of 52.9%.

But, like everything else in business, it’s about backing the right horse - so choose your tipster wisely.

security-banner

Our top security updates in the news and on the web this week

1.10 tips to avoid Cyber Monday scams

Shoppers familiar with the Cyber Monday circus know they’re stepping into the lion’s den. The Internet has always been a lawless place. First posted on Malwarebytes.

For the original post and further information click here

2. More POS malware, just in time for Christmas

Threat researchers are warning of two pieces of point of sales malware that have gone largely undetected during years of retail wrecking and now appear likely to earn VXers a haul over the coming festive break. First posted on The Register.

For the original post and further information click here

3. Some simple security advice for computer and smartphone users

Demonstrated how easy it can be to compromise users computers and 'steal' very personal video and photos, here's some really simple advice to help prevent this happening. First posted on Pen Test partners.

For the original post and further information click here

4. CryptoWall Updates, New Families of Ransomware Found

The ransomware threat isn't just growing—it's expanding as well. There has been a recent surge of reports on updates for existing crypto-ransomware variants. First posted on Trend Micro.

For the original post and further information click here

ransomware-update

5. Blast from the Past: Blackhole Exploit Kit Resurfaces in Live Attacks

The year is 2015 and a threat actor is using the defunct Blackhole exploit kit in active drive-by download campaigns via compromised websites. First posted on Malwarebytes.

For the original post and further information click here

6. Another Day, Another HMRC Tax Phish…

We could all do with a bit of a tax refund right before the festive season, and wouldn’t you know it. First posted on Malwarebytes.

For the original post and further information click here

7. Diving into Linux. Encoder’s predecessor: a tale of blind reverse engineering 

Linux.Encoder.1 has earned a reputation as the worlds first Ransomware family tailored for Linux platforms. First posted on Bitdefender Labs.

For the original post and further information click here

If you have any security news that you would like to see on our blog please send it to us at bluesolutions, please include the link from the original article in the email.

security-banner

Our top security updates in the news and on the web this week

1. CryptoWall 4.0 A Stealthier, More Sweet-Talking Ransomware

When the malware makes its move, the new CryptoWall not only encrypts files, as it always has done, it also encrypts filenames. Heimdal Security states this new technique increases victims’ confusion, and thereby increases the likelihood that they’ll pay the ransom, and quickly. First posted on Dark Reading.

For the original post and further information click here

2. TalkTalk – The case for a Chief Security Officer

While the importance of the Chief Information Security Officer has been in constant growth over the past few years, organisations that employ a CISO/CSO are still far too few. First posted on Trend Micro.

For the original post and further information click here

3. Linux Ransomware Debut Fails on Predictable Encryption Key

No need to crack RSA when you can guess the key. File encrypting ransomware Trojans are almost ubiquitous on Windows, and it was only a matter of time. First Posted on Bitdefender Labs.

For the original post and further information click here

Brian-A-Jackson1

 

4. Adobe Flash Update Includes Patches for 17 Vulnerabilities

In what’s becoming a monthly ritual, Adobe today pushed out an updated version of its Flash Player that includes patches for critical vulnerabilities. First posted on Threatpost.

For the original post and further information click here

5. How Scammers Are Trying To Use Your Computer To Steal Your Cash

Cyber criminals want to hijack your computer for financial gain. But how does the scam work and how can you stop them? First posted on TechWeek Europe.

For the original post and further information click here

6. Top ranking Instagram client removed from iTunes and Google Play after user data theft discovery

A software developer has discovered that a leading free app on iTunes and Google Play has been sending people’s usernames and passwords to an unknown website. The malicious app is called InstaAgent, and is touted as an Instagram client. It is also reportedly the most downloaded free app in the UK and Canada. First posted on TechWeek Europe.

For the original post and further information click here

If you have any security news that you would like to see on our blog please send it to us at bluesolutions, please include the link from the original article in the email.

blue and comptia bannerAre you attending CompTIA EMEA Member and Partner Conference 20th October 2015?

If you haven't yet registered to the Comptia event at 155 Bishopsgate London please go to  https://www.comptia.org/emea/home it would be great to see you there.

Blue Solutions was founded in 2000 with a clear mission: to enable IT channel partners to sell managed services software that would boost recurring revenues, strengthen margins, and clearly differentiate their offerings in a crowded market. As key vendor partners like AppRiver, Bitdefender, Censornet, DataFortress, Malwarebytes, Microsoft, Phish5, Redstor, Symantec, TrendMicro, and many others will testify, we’ve been succeeding at it ever since.

The bottom line of it is we enable our partners to build profitable, regular revenues, by delivering what their competitors can’t – compelling, diverse, scalable managed services, at low cost, that delight their end-users. So if you’re serious about growing your business, don’t miss this opportunity to expand your knowledge and to hear from our vendor and industry experts please feel free to book a time with Barry Atkinson, Emma Wale, Lee Walker or Israel Azumara to discuss Blue Solutions our vendors in more detail.

If you have queries please call 0118 9898 222 and request to speak to any of the names above regarding the event.

comptia-logo

The managed service best practice offerings template is intended to provide a list of the most common offerings that are currently being deployed by newly formed managed service practices.

The list has been developed based on the experience of IPED consultants, research conduct with numerous channel partners and direct discussions with partners that have successfully built an MSP practice. Although the customer offerings vary from MSP to MSP, most of the solution providers that have built a successful MSP practice have started their practice with one or more of a variety of managed services.  You can read the CompTIA Managed Service Best Practice Offerings study here.

Need more help with finding the right solutions for your MSP business? Call our sales team today on 0118 9898 222.