PatchingPatching is critical in defending your customers against vulnerabilities in everyday applications. It can now be automated from within security software, making it easier than ever to manage.

Think of all those vulnerable third-party applications your customers’ businesses basically run on. Can you rely on your humans to keep their patches up to date?

According to those involved in the recent Equifax debacle, for example, no! Break the human protocol, and the whole patching process falls apart. That’s terrifying when it’s been estimated that, overall, software exploits that target unpatched vulnerabilities account for 85% of all attack angles!

So, automating the patching process seems like a great idea, taking the cost, effort, disjointedness and sheer human fallibility out of keeping users protected against one of the most insidious forms of cyber-attack.

And, indeed, system management software (like the RMM solutions explored in this post) have arguably been doing this for a long time.

But wouldn’t it be neater, easier - and even cheaper – if this automated patching capability were simply built into the security software itself, rather than relying on an extraneous monitoring system? After all, we’re constantly being told patching is security!

Well, two vendors have listened.

Patching done the hard way

But before we look at what Heimdal Security and Bitdefender are offering , (for they are the vendors in question), let’s contemplate just a few of the manual patching challenges faced by end-user businesses and their security partners every day:

  • Slowcoaching – As the Equifax issue shows, being slow off the mark to patch a vulnerability sharply increases the likelihood of falling victim to it, but timeliness is a difficult thing to sustain when workloads are heavy.
  • Proliferation – By definition, the applications requiring patching tend to be big-name office and productivity solutions, so they are not only highly ubiquitous but also available in many different versions (including legacy products). Managing these kind of complex patching scenarios manually can create a massive drain on resources or – worse – a helpdesk meltdown!
  • Patch provenance – Obtaining patches from third-party websites is widespread practice, but does anybody seriously check the hashing of the patch with the hashing on the vendor’s website to make sure they’re downloading exactly what they think they are? Hmmm.
  • System workloads – Downloading and installing patches across large user populations can negatively impact core system workloads, ultimately resulting in disruption and loss of productivity
  • Cost – Every manual process involved in managing or deploying a patch burns through expensive admin and management minutes. Manual patching, though critical, eats readily into margins.

Now let’s consider the alternative.

Automatic patching = business as usual

Between them, what Heimdal and Bitdefender have done is to turn pesky patching (reactive, unpredictable, requiring extraordinary resource) into everyday ‘business as usual’ practice.– simply by automating it.

At a stroke, they have shifted third-party application security into the security layer (where it rightfully belongs), but in a way that it is easy (dare we say profitable?) to manage.

Here’s a snapshot of what this delivers:

  • Automatic patching of apps including Microsoft, Acrobat, Java, Flash and many more, with zero setup - and scheduling also possible.
  • Constant, instant protection – Heimdal checks for patches and updates every two hours and applies them from the moment they’re available
  • Non-disruptive operation – The update process happens ‘silently’ in the background whilst users carry on their work; Bitdefender also makes clever use of cacheing to maximise bandwidth and optimise performance.
  • Trustworthy patches – Updates are guaranteed authentic by automatic checking of the hash patterns against the vendors’ sites
  • Flexible legacy deployments – Updates can be set up to apply to specific software versions, enabling full coverage or legacy-specific deployments

Needless to say, none of this requires the additional cost of an RMM solution, either, but the financial benefits don’t stop there. The Heimdal solution, for example, is available with monthly aggregated billing, so upfront costs are zero and average margin rises with every additional seat.

(Bitdefender are currently pursuing a reseller model with perpetual upfront licensing, but an MSP variant is expected… watch this space!)

Human error: a thing of the patching past?

It’s tempting to see a miracle cure-all in solutions of this kind, but it pays to be appropriately cautious about their market viability.

Security partners can rely on their own product testing, of course – and they certainly should invest time and effort in this.

But the reality is that a security distributor with extensive experience of evaluating hundreds of solutions for sale using their own in-house technical experts is probably a more reliable source for determining the next rising star or the next puff of vapourware.

We like what we see. You should take a look too.

MSP programJoining an MSP program can work wonders with channel partners’ balance sheets, as our friends at Trend Micro explain in this blog!

We’re always keen to share compelling insight from our vendor partners, and Trend Micro have nailed it with their blog Five reasons you need to join an MSP program….today!

 So with thanks to the guys at Trend, we’ve condensed it below. (And if you like what you see, come and talk to us about the MSP solutions we offer!)

Five reasons you need to join an MSP program… today!

1. Better margins

It is not uncommon for our partners to earn in excess of 100% profit margin on the security solutions they are providing to their customers as part of their managed service agreements, which is probably a much higher percentage than what you are earning now if you are just buying annual licenses when your customers’ licenses expire.

Let me explain how in two words: aggregate pricing. Put simply, MSP programs typically offer pricing on an aggregate seat count basis, which means that you are paying for licenses based on the total number of clients you currently manage. This can be a significant difference as business grows and you move in to cheaper and cheaper seat bands. To figure out just how much margin you are missing out on ask your vendor how much it costs per seat in the lowest price band (typically five to 25 seats) vs. the cost per seat in the price band that represents your entire customer base. That number is the extra margin you are missing out on.

2. Predictable revenue stream

Compared to the feast-or-famine nature of revenue in a break-fix business model, predictability is one of the primary benefits of being a managed service provider. Joining an MSP program helps you further streamline and predict both the revenue from your customers, as well as your service delivery costs.

This one is a bit of a twofer since you can more easily calculate revenue projections and do forecasting into the future. You can also calculate cost projections and get a much better understanding of the health and future growth potential of your business. The icing on the cake is that the value of your business increases as well as your revenue streams–a critical component of your exit strategy.

3. Multiple recurring revenue streams

The great thing about being an MSP is that you are forced to heavily focus on automation and repeatability since controlling costs directly impacts your bottom line. Once you’ve joined an MSP program, you will generally have the ability to create multiple recurring revenue streams if they have a broad product portfolio. Once you have created processes and trained your staff around the tools provided as part of the MSP program it’s very easy to “turn on” any additional products your vendor may offer across your entire customer base. This can be done in a very efficient and cost-effective manner, with each of these products representing an additional recurring revenue stream and more profit.

4. Moving from CapEx to OpEx

There may be some tax and accounting benefits to joining an MSP program and moving from purchasing annual licenses upfront for your customers to paying for licenses monthly or quarterly — or moving from CapEx to OpEx. The main benefit is the ability to recognize deductions completely in the current period vs. recognizing them over the useful life of an asset (that is, if you buy a three-year license and deduct it over those three years).

Disclaimer: We are a cybersecurity company, not tax experts. Therefore, we highly recommend discussing this with your accountant or tax professional to weigh the pros and cons and how it may affect your business specifically.

5. Elimination of renewals

Lastly, a good MSP program will give you complete control over license management and provisioning from a self-service portal. This allows you not only to provision licenses when you need them (think evening or weekend deployment when you forgot to place an order three days in advance), but also to eliminate all the hassles, complexity and costs associated with renewals. In essence, since you have complete control over the licenses, an expiration date is no longer necessary–you can simply cancel the license when you need to.

If you’ve never figured out what it costs you to track disparate expiration dates across your entire customer base for every product, to request quotes from your vendors, to create invoices for your customers, to follow-up on payments from your customers, and to submit payments to your vendors just to renew a product, then you probably should! Most partners we  meet who go through this exercise are shocked to find out they often lose money on smaller customers because they did not factor the costs of renewing into their pricing or business model.

Although there are so many more reasons to join an MSP program as soon as possible, these are our top five reasons you should be seriously considering becoming part of one…

Blue Solutions is a specialist security software distributor with many years’ experience in helping partners take their MSP security proposition to market. To talk to us about our range of MSP security solutions, get in touch.

Cloud SecurityCloud security is often as nebulous a term as the word ‘cloud’ suggests! We look into its various meanings and identify where it can add value to channel partners’ propositions.

Cloud security is one of those terms that has morphed rapidly to mean several different things in a very short time. Result? Confusion, more often than not.

Are we talking about security solutions delivered to users from the cloud? Or security around applications that live in the cloud (like Office 365)? Or security that’s targeted at businesses that make use of public cloud services like AWS?

You see the challenge. But actually, each of these is a valid scenario and a saleable cloud security solution. Here’s more info.

1. Security services delivered from the cloud

Your SME customer has few or no IT specialists in the organisation, no money to hire them, and nowhere to store servers. Where do they turn?

To the cloud, of course. Security products are delivered to them via the internet, as a service.

They can typically choose to pay only for what they use, on a monthly ‘rental’ (managed service, or MSP) model, so there are no prohibitive upfront costs.

Their security partner (you!) monitors their networks from a centralised console, makes technical adjustments, and implements patches and upgrades, but the user can retain some control over their security settings if they wish.

But what kind of security solutions can be delivered in this way? Many.

Hosted email security, for example, works with most hosted and on-premise email systems to protect what is stilll the primary route into organisations for most forms of malware and spam.

More comprehensive business security services solutions and cloud security solutions designed specifically for MSPs provide wider protection to end-users, and also enable partners to sell into organisations who have some on-premise systems, but don’t wish to overburden them by adding security software into them.

In this scenario, end-users can run everything else on-premise, but get their security from the cloud!

2. Security for applications that live in the cloud

Solutions like Office 365 have revolutionised office processes, with powerful tools delivered to end-users’ desktops straight from the cloud.

But although the delivery mechanisms for these applications are secure, the content delivered by the applications can still contain threats that the application’s own in-built security can’t detect, as we explored in this cloud apps post a while ago.

Plugging these holes is still a big opportunity for resellers and other security channel partners – and the cloud app security solutions that can help them deliver this critical service are already ‘out there’.

3. Security for public cloud services

SaaS, IaaS, PaaS – businesses’ ability to build their entire proposition on a public cloud provider is no longer the preserve of large enterprises.

In fact, Forbes has ascribed the growth of AWS, for example, to their “Reaching out to all kinds of customers – startups, SMEs and big companies”.

It is this that has driven, in turn, a new kind of security need amongst end-users, as we explained not so long ago in this post - namely, the ability to spin up an AWS virtual server and know that server will immediately be protected by security software that has been specifically designed from the ground up for virtual environments.

We had a bit of fun defining these virtualised must-haves in this security opinion paper recently, but the message is deadly serious: if end-users are building a business on public cloud, and relying on virtual servers, security partners need to be able to reassure them that they can secure it!

Cloud security – evolving meanings, evolving opportunities

As the cloud billows ever more energetically within businesses’ operations, it drives the security agenda in many different directions at once. Cloud security is coming at us from many different angles, and is morphing into multiple meanings.

It’s a wise security partner who has got a handle on them all – and knows the security solutions that play strongest to each definition.

vaccineOrganisations in Europe and the US have been crippled by a ransomware attack known as ‘Petya’. There are claims of a ‘vaccine’ to stop it – but how credible are they?

Hot on the heels of WannaCry comes Petya – a nasty ransomware variant, based on the Goldeneye code.

It has already locked some of the world’s most prominent enterprises out of their data, including construction materials company Saint-Gobain, food giant Mondelez, legal firm DLA Piper, and advertising firm WPP.

But lo! There is a ‘vaccine’ that protects against it, apparently! Simply include the file C:\Windows\perfc.dat on the PC, and the ransomware is stopped in its tracks.

(Well, it’s stopped in its tracks on that machine – though it can still propagate to other machines on the network. So still not ideal.)

We took a look at what some security vendors are saying about Petya / Goldeneye – and whether the idea of a ‘vaccine’ is truly credible.

Bitdefender: ransomware vaccine is old news

The first thing that struck us is that security vendor Bitdefender has had a ransomware vaccine available for some time now, and it’s not just a quick fix using a read-only file.

Instead, it’s rather cleverer than that. It tricks ransomware into believing the machine is already infected, and so the attack goes looking elsewhere. In addition, it can be deployed to every machine on a network simply by ticking a box – meaning that one machine can’t pass the infection to another.

There’s little information at present, admittedly, as to whether this vaccine is effective specifically against the Petya /Goldeneye attack.

However, it has been stated publicly in the Bitdefender Resource Center that “Bitdefender blocks the currently known samples of the new GoldenEye variant. If you are running a Bitdefender security solution for consumer or business, your computers are not in danger.”

That’s pretty unequivocal. And what’s particularly interesting with this vendor is that the ransomware vaccine is standalone – businesses don’t need to have invested in Bitdefender’s suite of other security solutions to use it.

Trend Micro: decrypt it if you can’t stop it

Trend Micro has an established stable of solutions that provide layered protection against a whole range of threats, including ransomware, so they’d surely argue that a ransomware vaccine is unnecessary!

However, what they do also offer is decryptor tools that enable users to recover data even after their files have been encrypted by certain variants of ransomware.

Again, whether these solutions are effective against the most recent Petya / Goldeneye attack is not clear, although Trend Micro states here that it is “in the process of adding known variant and component detections” for Petya-related patterns “and all products that utilise them.”

So, more antidote than vaccine – but it’s worth noting that these decryption tools are free, so they could be a lifesaver (and pave the way to more proactive anti-ransomware strategies and product choices in the future).

Malwarebytes: no ransomware vaccine, but you're safe

Malwarebytes, for its part, has been less than confident about the ability of the C:\Windows\perfc.dat vaccine to stop the Petya infection – in fact, the company states that “our own tests have shown that in many cases, it doesn’t.”

Whilst Windows 10 systems, Malwarebytes says, “seem to have a fighting chance” by using this method, “Windows 7 gets infected every time.”

However, Malwarebytes also publicly says that customers using Malwarebytes Endpoint Security are protected against this specific ransomware variant – so, once again, a vaccine is – theoretically, at least – unnecessary.

Ransomware: vaccines, protection, remediation

For more of our thoughts on ransomware and what security vendors are doing to fight against it, check out our previous post here.

And remember – prevention is better than cure, so keep patching!

Read the latest helpful updates on ransomware and cloud security from our industry partners and contacts.

We like to put our partner and media contacts to good use in helping you and your customers to understand the security landscape.

This month, we bring you three helpful new updates – two guides to ransomware (and how to defeat it) and the other an interesting short article from Cloudworks on the benefits of cloud security for small and medium businesses.

Business guide to ransomware

New from AppRiver, this guide is subtitled ‘Understand, Analyze and Protect’, and is a very readable resource covering what ransomware is, how it works, how it spreads, and the best practices and employee training that can help defend against it.

Ransomware: Malwarebytes bytes back!

Another take on ransomware and how to combat it comes from security experts Malwarebytes, who major on the importance of endpoint security (keeping PCs and devices protected) in this informative and short PDF.

Five reasons why cloud security is important for SMEs

Big servers, large infrastructure, lots of IT staff – these are all security components that SMEs just can’t afford! This is why they must look cloudward – and this article from Cloudworks describes the benefits of cloud security neatly.

We’ll be back with more helpful advice soon!

Email SecuritySpam, phishing, malware – these are just some of the hazards email can carry. We’ll see more of them in 2017, so what kind of security solutions can counter them?

Following on from our recent post about business continuity solutions, another topic worth following in 2017 is email security.

So just how important is it?

Well, according to email research from the Radicati Group, the number of business emails sent and received per day in 2017 will number 120.4 billion. By 2019, it will be nearer 129 billion.

And this unrelenting growth is one of the factors driving a huge increase in email-borne cyber-threats. In fact, in the first quarter of 2016 alone, according to this piece in Infosecurity Magazine, there was an 800% increase in email-borne threats over the previous year!

What, then, should you be looking out for to protect your business (or your customers’ businesses, if you’re a security reseller or service provider) against this onslaught?

Choosing email security

We’ve identified some specific features that we believe are critical to effective email security in 2017’s threat-laden world.

1. Ease of use for SMEs

The latest Government Security Breaches Survey found that SMEs are now being pinpointed by digital attackers, according to this piece in The Guardian.

But SMEs also include many businesses that have little or no in-house IT or security expertise  - so complex on-premise email security just won’t work for them.

Instead, look out for cloud-delivered, as-a-service solutions that major on ease of use (that means, amongst other things, no-maintenance deployment, with 24 x 7 updates, patches and hot-fixes delivered automatically by the vendor).

This kind of solution has the added benefit that it can filter email inline and scan it prior to it reaching the recipient, so threats are intercepted before they touch the business’s network.

Nothing to remediate, no spam to archive, nothing to clean up – good news for resource-starved small businesses.

2. Email clients – cloud’s a must!

Smaller businesses in particular are also turning to hosted email clients like Office 365 and Google Apps, with research showing that nearly two-thirds of small business owners already have an average of three cloud solutions in place.

Combine this with the knowledge that Office 365 has known issues with its ability to detect insecure document content, though, and it’s not enough to just go with a cloud-based email security solution. You also need to choose one that is good at dealing with cloud-based email client vulnerabilities.

Get the last bit wrong and you’re still behind the SME security curve.

3. Threat coverage and awareness

Spam, malware, spyware, phishing and inappropriate content are all known risks that must of course be protected against.

But the underlying question is how the solution’s knowledge of the threat landscape evolves, since it is this process that ultimately protects users against emerging threats like zero-day exploits.

Big data and machine learning algorithms are the key features to look for in this respect, but many vendors are now jumping on this bandwagon, so look at the hard numbers to sort the aspirational from the credible.

Take Trend Micro’s Hosted Email Security (HES) as just one example: over 50 billion website URLs, email sources, and files scanned, correlated, and filtered, with over 7 terabytes of new threat data processed - daily.

That leaves little doubt (and the latest features in Trend Micro HES make convincing reading, too).

4. GDPR compliance

GDPR is never far away from our discussions thesedays, and any cloud-delivered service is now under the microscope with regard to how it protects the privacy of the data that it holds.

Look for a solution backed by data centres that have reached the most stringent privacy certifications - in Europe, these are generally considered to be ISO 9001, ISO 27001, OHSAS18001 (LHR1) and SAS 70 Type II.

5. Ease of partner management

For security partners, there is an added dimension to a choice of security solution: the ease with which they can manage it!

Solutions that are difficult to provision and manage burn through administration resource and gnaw at margins – making them potentially unprofitable.

Look instead for a single security dashboard across all customers, that also works with industry-standard platforms like Autotask, ConnectWise and Kaseya.

This will enable you, for example, to automate monthly usage and reporting management, proactively analyse emerging security threats, and provision new solutions and services more rapidly – without signing into and logging out of multiple systems and tools.

Email security in 2017 – as-a-service solutions to a growing challenge

As long as businesses keep sending and receiving emails, the bad guys will keep using them to try and attack the soft underbelly of businesses.

But to do that, the emails have to get there in the first place – and if they’re getting caught by security in the cloud first, they won’t.

Definitely one to watch for 2017.

DeployManaging licensing processes can bite deep into security MSPs’ margins. But one vendor seems to make it a lot easier. We investigate…

If you’re a managed security service provider, you’ve got an awful lot on your plate when it comes to licensing.

Try to manage it all using different tools and you’ll rapidly flay the flesh from your profitability – and probably send your customer satisfaction levels plummeting, too.

Logically, the solution is to somehow combine all the licensing functions in one place, making them both accessible and easy to use. But is any security vendor actually offering this? And if so, does it really deliver on the promise?

For our money, the answers to these questions are “yes, Trend Micro” and “yes, here’s how”, respectively.

Licensing Management Portal (LMP) – cross-product pain relief

The first thing that is striking about Trend Micro’s Licensing Management Portal (LMP) is that, in contrast to some other so-called “single pane of glass” management tools, it isn’t just available for a core technology that so far only underpins one or two finished products.

Instead, it has already evolved to the point where it is common to pretty much the entire Trend Micro product portfolio

So it makes it possible for MSPs to centrally manage, from a single sign-on system, multiple instances of both “point” solutions like Cloud Application Security (a topic we discuss further in this post), and more comprehensive solutions like the Worry-Free Business Security range.

Let’s not gloss over the pain that this alleviates. It eliminates wait time associated with ordering licences, because LMP is available 24 x 7 x 365. It automates the tracking of renewals and expirations. And it eliminates the complexity and cash-flow risk associated with manual billing.

Remote Manager
LMP, Remote Manager, CLP – a powerful triumvirate of solutions that drastically reduce the costly burden of creating, provisioning, managing and billing MSP licences. More on CLP below. (Click to enlarge)

LMP + Remote Manager = automation

This capability stems in part from the fact that LMP also contains within it Trend Micro’s Remote Manager.

This radically streamlines many of the licensing management processes by plugging them into industry-standard RMM and PSA solutions like Autotask, ConnectWise, Kaseya and LabTech.

So, you no longer have to manually drive your billing process, for example. Instead, LMP can use ConnectWise to auto-issue invoices and create end-to-end billing the moment a new endpoint or device is deployed.

Likewise, there’s a lot less juggling of multiple processes in order to set customers up. LMP syncs with LabTech, so you can map customers from LMP to customers in your LabTech solution, and then, within the latter, just “point and shoot” to deploy, issue licences etc. No jumping around between applications!

LMP and LabTech sync
No jumping around between applications – LMP and LabTech sync, so that deploying and issuing licences to your customers is as simple as a mouse click. (Click to enlarge)

Service plans the way you and your customers want them

Whilst we’re on the point of service plans, it’s worth mentioning that LMP has rewritten the rulebook somewhat in this respect too, offering real flexibility.

You can activate licences into live services in any number of formats – monthly, yearly, quarterly, on receipt of PO – and you can schedule in additional features so that they don’t have to be managed manually.

For example, a new customer that has committed to your services for two years initially, but whose contract needs to revert to a monthly rolling arrangement after this initial period, can have a service plan created in LMP that will deliver this arrangement – automatically.

From where we’re sitting, it’s probably the only example of a service plan mechanism that combines customer-friendly flexibility and features with management tools that don’t place an unsustainable drain on your resources!

Powerful but flexible reporting

Of course, if you can’t easily see what’s billable, automated provisioning and service plans won’t stay viable for very long!

Here, too, LMP shines. Not only is the reporting itself automated, it provides up-to-date detail of everything that has been in any way consumed by the end-user, ensuring that consumption and billing are always in step with each other.

At the same time, the automation allows a window of manual adjustment to cope with cancellations, error correction, atypical deployment scenarios, and other exceptions.

In essence, LMP has enough automation to make the majority of billing scenarios far easier – and far more economical – to manage.

CLP: Convenience for the end-user

But what’s really innovative in LMP, in our view, is that it enables the end-user to manage some of their own licensing, giving them the convenience of direct control, whilst also (let’s be candid) fattening your margins by reducing your workload!

This is because LMP contains a Customer Licensing Portal (CLP), which enables customers to manage licence keys for selected parts of their security estate, based on role. That partial autonomy and flexibility works for them, which makes you look good.

But the fact that the CLP can also carry your own branding will do your business profile no harm at all, either!

“Nobody does it better”, goes the old song. And at the moment, our Trend Micro team seems to be singing it around the office quite a lot. Funny, that.

AppRiver Nautical PlatformAppRiver’s Nautical platform makes all aspects of security service provision manageable from a “single pane of glass”. We look at the benefits.

For security service providers, or resellers wanting to break into the MSP space, there is a double challenge at hand: selecting solutions whose performance will delight their customers, yet that are easy enough to “drive” on a day-to-day basis to prevent margins being eaten away by costly management overheads.

This is why the appearance of AppRiver’s Nautical platform has set our antennae a-twitching. It promises a unified management console that enables service providers to deliver and manage a raft of cloud-based security solutions from one place, without the profit-sapping expense.

Here are just a few ways in which that could benefit service providers and their business.

The business benefits of Nautical, (1): Devolved management

Managing everything from under a “single pane of glass” is a seductive sell, but (I hear you say) doesn’t that just make for a crammed and complex window onto your world, which in turn drives management and admin costs up?

But Nautical turns this on its head, by enabling role-based interaction, so that different users each have different views of what is under the pane and can exercise different levels of control over it – and this includes the end-users themselves.

In this way, management workflows are made more targeted and efficient, but also flexibly devolved to customers where possible - taking even more of the admin burden off the service provider’s desk.

AppRiver Nautical Management
A single pane of glass, multiple kinds of access and interaction - cost reduction through targeted workflows and customer self-service (Click to enlarge)

The business benefits of Nautical, (2): Easy upscaling

Theoretically, cloud-delivered services can easily scale up to meet the needs of increasing numbers of end-users, thus supporting service providers’ revenue growth.

But critical to this process is the ease with which those new users can actually be brought on board. All the cloud service capacity in the world is no money-spinner if it is difficult, time-consuming and costly to connect users to it.

One of the killer new features in Nautical is a configurable user account management function that enables new users to be brought on board, and the overall user count to be increased, very easily.

Previously, this would have entailed multiple workflows in multiple environments; using Nautical, however, it is now a far simpler (and therefore cheaper) process.

AppRiver easy upscaling
More users, more usage, more revenue – and bringing them on board’s a cinch (Click to enlarge)

The business benefits of Nautical, (3): App-style agility and healthchecks

To go back to a previous point, bringing on additional users also inevitably drives demand for more products and services. Any service provider that delivers on the first point but not the second is painting themselves into a corner.

Nautical, however, makes it possible for both service providers and their customers to add and integrate new products and services with the kind of pick-and-mix agility you’d expect from something like an app store.

But (I again hear you ask) doesn’t that, in itself, create another management challenge – namely, monitoring all those disparate products and services without excessive (and expensive) manual intervention?

Here, too, Nautical comes up with the goods, thanks to its cross-product diagnostics that deliver a single, regular, unified application healthcheck to service providers’ customers and all the solutions they’re using.

Apps on demand
Apps on demand – and a unified monitoring and management system to keep them profitable (Click to enlarge)

What else should you know about Nautical?

Nautical has been described as “an entire channel programme in one portal”, but what’s really striking is that this deep integration across all aspects of security service provision comes at no charge.

Nautical simply becomes automatically available when a service provider chooses to deliver AppRiver’s security solutions – including anti-spam / anti-virus, web protection, email encryption, Exchange and mailbox protection – and this of course covers existing AppRiver service providers, too.

All in all, Nautical takes the hard work out of delivering MSP services that can really boost service providers’ bottom line, by making all business activities manageable from one place.

Now that really is something you should know.

Business Continuity2017 will see greater demand for security products than ever before. Backup and recovery are predicted to be big business for security channel partners!

Security predictions for 2017 are coming thick and fast – and there’s little for businesses to be cheery about.

“A major bank will fall as a result of cyber-attack,” the BBC relates in this article, whilst, at the other end of the scale, a solicitor has found itself embroiled in an email fraud scam that has, to date, left a homeowner £67,000 out of pocket.

But it’s perhaps ransomware, explored in a previous post, that will see the most noticeable growth in 2017, and it’s a major factor driving businesses’ and security partners’ interest in business continuity solutions like backup and recovery.

After all, if a business can reinstate critical backed-up data at will, ransomware loses much of its bite, and therefore its attractiveness to those who perpetrate it!

So what does an effective business continuity solution look like?

Business continuity solutions – what to look for

True business continuity is about more than just security applications – there’s a whole host of cultural and organisational requirements too, as this basic guide from CSO Online explains.

But from the solutions point of view, business continuity is basically about two things: reliable and bomb-proof (perhaps literally!) data backup, and rapid data recovery.

Two metrics are critical, here: Recovery Point Objective (RPO) and Recovery Time Objective (RTO).

The former dictates how much data a business could afford to lose before it caused any real and lasting damage – and therefore reflects considerations like how often backups need to be performed, what volumes and formats of data need to be involved, and how robust the backup environment is.

The latter dictates how rapidly that backed-up data can not only be accessed (hint: off-site tapes just don’t cut it any more!) but actually redeployed in a form that the business’s hungry systems can once again get to work on – not just files and folders, but settings, too - to get the business back on its feet post-incident.

Between them, these two metrics hinge on a host of solution capabilities that can be problematic.

For example, one oft-cited issue is that when backup and recovery data is being streamed back into a stricken business, the data can’t be accessed or used until the recovery process is complete – and that can take many precious hours, days, or even longer. Unhelpful.

Reliance on recovery via hardware is also a sticking point, since it may be impaired by the very hack that caused the data incident in the first place (ransomware is a very good example of this!)

What’s the appetite for business continuity solutions in 2017?

Nonetheless, business continuity has been a problem crying out for a solution for a long time before 2017; ransomware has simply put an especially shrill edge on it!

Scary statistics abound; did you know, for example, that according to a study by Onyx Group, 71% of UK SMEs only ever manage to back up part of their data?

Or that 75% of SMBs have no disaster recovery plans in place at all?

But even more terrifying, when considered in the light of the ransomware issue, is that, according to one estimate, 58% of small businesses could not withstand any amount of data loss whatsoever!

Think about that for a moment. It means the hackers’ job is made much, much easier. Even holding the slightest amount of a business’s data to ransom could easily provoke a payout. Minimum effort, maximum return – which means more hackers getting involved in this kind of activity in the future, of course!

Not for nothing is the Business Continuity Institute’s agenda focused “overwhelmingly” on cyber-resilience in 2017.

(And in case you’re wondering, the disaster recovery-as-a-service market, in which backup will play a key role, is estimated to be worth $11.11 billion - £8.83 billion - by 2021. Ripe for the picking!)

Where can I check out the latest business continuity solutions?

Clearly, what we’ve said above also means that the competitive landscape for security partners in this space is going to become challenging.

But for an insight into how one backup and recovery solution is evolving to deliver both strengthened protection to end-users and a more compelling proposition to the security partners who sell to them, take a look at this data backup and recovery features update.

And keep watching this series of blogs – we’ll be looking at a whole range of security solutions for 2017, covering email, web, cloud, data centre, and Office 365.

RansomwareThe word “ransomware” terrifies individuals and organisations alike. We look at how this threat works - and how to fight it!

The ransomware mood music isn’t good this year. As security publications and commentators tell us, ransomware is expected to dominate the malware arena in 2017.

More than ever, then, security partners need to offer sound, confident advice to end-users on both the nature of ransomware, and how to defend against it.

So look no further!

Ransomware: how it works

Ultimately, the aim of ransomware is to paralyse companies’ operations, usually by encrypting data, then demanding money to decrypt it and render it usable again.

For security partners and their customers, one of the challenges with ransomware is that it can enter the network through many different routes – malicious links or infected file attachments in emails, drive-by attacks triggered by a visit to an infected website or ad, botnets, USB drives, Yahoo Messenger images… the penetration potential is extremely high.

But to rub salt into it, ransomware also dodges many of the traditional anti-virus defences.

It disguises filenames and attributes and hides behind legitimate file extensions. And it often uses secure communications protocols like https and Tor, and encrypts its communications as it goes, obscuring the tell-tale server calls that would ordinarily betray its presence.

What this means is that most anti-virus protection is none the wiser to the threat – and so the latter finds its target, which is usually the most critical data the business holds. (Indeed, the notorious Cryptolocker ransomware, as this blog, from Bitdefender, explains, hunted out 70 different specific file extensions, precisely for this reason).

Ransomware: how to stop it

A threat that can infect via so many different channels, and hide its tracks whilst it’s doing it, clearly can’t be stopped by a single “silver bullet.”

It can only be stopped by layered protection that detects and blocks at all the levels at which ransomware can penetrate and spread.

Research carried out by Trend Micro has found that 99% of over 99 million ransomware attacks were found in malicious email or web links, so robust defence at the email and web gateway level, as well as at the endpoint and network levels, are a must.

Protecting email and web traffic from ransomware

Analysis is the key here; in the absence of the normal malware “cues” that signal a threat, security solutions have to look harder, deeper and wider for signs of the miscreants.

This means not just analysing links in the body of an email, for example, but also the links in the attachments that that email contains – as well as the attachments themselves.

It means scanning for zero-day and browser exploits, and other favoured ransomware entry points that are buried in applications (such as within Office 365 – 2 million threats discovered to date, according to Trend Micro!), rather than just in links or attachments.

And it means both being able to instantly compare links with a global database of known malicious URLs, and automatically rewrite links (as we discussed in this post) to divert them into a sandbox and analysis environment.

There, they can be triggered and inspected at no risk - even if they are not “known suspects.”

Protecting endpoints from ransomware

But what if the threat enters the network from an endpoint, like a PC – triggered, perhaps, by an infected document on a USB stick?

Actually, it’s at this level that some of the most useful indicators of ransomware behaviours – rapid encryption of multiple files, for example, or exploit kits that look for unpatched software vulnerabilities, as a prelude to sending ransomware through them – can be detected.

A security solution that can isolate the endpoint can stop the ransomware from spreading further via the network. And on that point…

Protecting networks from ransomware

The network itself must of course be protected.

But network traffic flows across myriad nodes, ports and protocols, so security must be capable of identifying ransomware and attacker behaviour in and across each of these sub-layers.

Here, too the sandbox analysis that we mentioned above is a powerful resource, mirroring the actual network environment so that the presence of typical ransomware behaviours can be accurately tracked and their effect (and therefore likely objective) revealed.

And blocked!

Ransomware immunisation: using the threat against itself

But one of the slickest anti-ransomware developments we’ve seen recently is a “vaccine”, which literally uses the ransomware’s own programming against it.

Ransomware typically prevents a machine it has already infected from playing host to any other infection that could interfere with the ransomware’s own endgame.

But this same feature, deployed on uninfected machines, effectively blocks the ransomware itself, as we have previously described in this post. So, does this mean ransomware is finally hoist by its own petard?

I wouldn’t bet on it. But by sharing knowledge about how ransomware works, how we can defeat it, and where businesses and security partners can go for more advice, we make every hostage that bit more difficult to take.

And that’s a ransomware result.