Tag Archives: Security

Zero day exploitsIn the wake of a Windows 10 zero day exploit that had Microsoft all a-flutter, we explore these insidious threats - and how to combat them.

In the last blog in this series, we looked into ransomware, what it is, and how you can stop it. In this blog, we put another cyber-threat under the microscope – the zero day exploit.

We’ve looked into what the zero day exploit is and how it ticks – and we’ve “zeroed” in (sorry!) on some things businesses and their security partners need to consider in order to confront the danger head-on.

Zero day exploits: what are they?

Perhaps no other threat is guaranteed to drive software vendors’ marketing departments into public fits of bluster and defensiveness quite like the zero day exploit (see Microsoft’s recent performance in this piece in Ars Technica, for example!)

This is because zero day exploits are all about urgency and panic. Typically, they attack newly released software through vulnerabilities even its designers often don’t yet know exist (although legacy software can also sometimes be a target).

They are so called, as Wikipedia explains, because the hapless software vendor has “zero days” to fix the problem, or communicate helpfully about it, before it goes public – since the hackers themselves have usually already publicised it for them!

Zero day exploits love targeting browsers and office applications like Word and others (because we all use them) and they also hijack the common SMTP email protocol to find their way into these vulnerable applications in the first place.

But what makes zero day exploits so dangerous is that they tend to evade typical security software defences.

Why? Because many of the latter rely on triggers like malware signatures and known URL blacklists – intelligence that accumulates over time. And by definition, a zero day exploit has none of this history behind it!

What damage can zero day exploits do?

Here’s just a short list of zero day threats and the havoc they can potentially wreak, curated from various sources covering the last year or two:

  • Suspected North Korean State threat actors were observed exploiting a vulnerability in a word processing application
  • A targeted attack unveiled vulnerabilities in Microsoft Office and Windows, hidden within a Microsoft Word document
  • Adobe and Windows zero day exploits were made use of by Russia’s APT28 gang in a highly-targeted hack
  • Vulnerabilities in Microsoft font drivers were found to allow remote code execution, potentially rendering businesses open to ransomware, data theft, etc.

And, at the time of writing, a memory corruption bug affecting several Windows operating systems was declared capable, in this advisory, of remotely causing a denial of service (DDoS) attack!

Zero day – how do you defeat an enemy you can’t see?

But what defence is possible if security software can’t even recognise a zero day exploit when it’s sitting on top of one?

One effective response to this is to choose security solutions that don’t go hunting for known malware signatures, but instead zoom in on the structural behaviour of the applications that are likely to be targeted by zero day exploits.

Unexpected behaviours in those applications can indicate that they are being asked to do something they shouldn’t – and in tests, this approach has led to security vendor Bitdefender being able to block all Flash player exploits, including zero day, encountered in the space of a year.

It follows that the more extensive the analysis of these applications and the data they generate, the more effective a security solution is likely to be in recognising the signs that a zero day exploit is at work.

Enter Trend Micro, which has woven together an extraordinary mesh of vulnerability intelligence sources that include behavioural, statistical, heuristic and protocol analyses, all drawing on a constantly updated and monitored worldwide threat intelligence network.

Backed up by artificial intelligence (AI) and machine-learning techniques that extend through multiple different security layers, analyses of the entire possible zero day attack surface can be interlinked.

In other words, a more holistic understanding of which of the business’s applications are being asked to do what, and whether this is likely to constitute risky behaviour, is formed.

It’s less about putting a name and face to the exploit itself, and more about spotting changes across the business’s often very complex IT environments that aren’t explicable in any healthy way!

Anti-zero day solutions – what the industry says

An enlightening read for those investigating this area is industry analyst Gartner’s recent Magic Quadrant for endpoint security (which you can download here, and in which Trend Micro, incidentally, is positioned highest and furthest amongst the contenders).

It hits on many of the points we’ve mentioned above – application and process analysis, behaviour monitoring, machine learning, browser and office software vulnerabilities, memory manipulation – to paint a pretty comprehensive picture of what the industry is doing to address the fundamental difficulty of stopping a threat that is, initially at least, invisible.

Meanwhile, keep your eyes peeled for our next topic in this blog series – viruses!

AppRiver Nautical PlatformAppRiver’s Nautical platform makes all aspects of security service provision manageable from a “single pane of glass”. We look at the benefits.

For security service providers, or resellers wanting to break into the MSP space, there is a double challenge at hand: selecting solutions whose performance will delight their customers, yet that are easy enough to “drive” on a day-to-day basis to prevent margins being eaten away by costly management overheads.

This is why the appearance of AppRiver’s Nautical platform has set our antennae a-twitching. It promises a unified management console that enables service providers to deliver and manage a raft of cloud-based security solutions from one place, without the profit-sapping expense.

Here are just a few ways in which that could benefit service providers and their business.

The business benefits of Nautical, (1): Devolved management

Managing everything from under a “single pane of glass” is a seductive sell, but (I hear you say) doesn’t that just make for a crammed and complex window onto your world, which in turn drives management and admin costs up?

But Nautical turns this on its head, by enabling role-based interaction, so that different users each have different views of what is under the pane and can exercise different levels of control over it – and this includes the end-users themselves.

In this way, management workflows are made more targeted and efficient, but also flexibly devolved to customers where possible - taking even more of the admin burden off the service provider’s desk.

AppRiver Nautical Management
A single pane of glass, multiple kinds of access and interaction - cost reduction through targeted workflows and customer self-service (Click to enlarge)

The business benefits of Nautical, (2): Easy upscaling

Theoretically, cloud-delivered services can easily scale up to meet the needs of increasing numbers of end-users, thus supporting service providers’ revenue growth.

But critical to this process is the ease with which those new users can actually be brought on board. All the cloud service capacity in the world is no money-spinner if it is difficult, time-consuming and costly to connect users to it.

One of the killer new features in Nautical is a configurable user account management function that enables new users to be brought on board, and the overall user count to be increased, very easily.

Previously, this would have entailed multiple workflows in multiple environments; using Nautical, however, it is now a far simpler (and therefore cheaper) process.

AppRiver easy upscaling
More users, more usage, more revenue – and bringing them on board’s a cinch (Click to enlarge)

The business benefits of Nautical, (3): App-style agility and healthchecks

To go back to a previous point, bringing on additional users also inevitably drives demand for more products and services. Any service provider that delivers on the first point but not the second is painting themselves into a corner.

Nautical, however, makes it possible for both service providers and their customers to add and integrate new products and services with the kind of pick-and-mix agility you’d expect from something like an app store.

But (I again hear you ask) doesn’t that, in itself, create another management challenge – namely, monitoring all those disparate products and services without excessive (and expensive) manual intervention?

Here, too, Nautical comes up with the goods, thanks to its cross-product diagnostics that deliver a single, regular, unified application healthcheck to service providers’ customers and all the solutions they’re using.

Apps on demand
Apps on demand – and a unified monitoring and management system to keep them profitable (Click to enlarge)

What else should you know about Nautical?

Nautical has been described as “an entire channel programme in one portal”, but what’s really striking is that this deep integration across all aspects of security service provision comes at no charge.

Nautical simply becomes automatically available when a service provider chooses to deliver AppRiver’s security solutions – including anti-spam / anti-virus, web protection, email encryption, Exchange and mailbox protection – and this of course covers existing AppRiver service providers, too.

All in all, Nautical takes the hard work out of delivering MSP services that can really boost service providers’ bottom line, by making all business activities manageable from one place.

Now that really is something you should know.

Business Continuity2017 will see greater demand for security products than ever before. Backup and recovery are predicted to be big business for security channel partners!

Security predictions for 2017 are coming thick and fast – and there’s little for businesses to be cheery about.

“A major bank will fall as a result of cyber-attack,” the BBC relates in this article, whilst, at the other end of the scale, a solicitor has found itself embroiled in an email fraud scam that has, to date, left a homeowner £67,000 out of pocket.

But it’s perhaps ransomware, explored in a previous post, that will see the most noticeable growth in 2017, and it’s a major factor driving businesses’ and security partners’ interest in business continuity solutions like backup and recovery.

After all, if a business can reinstate critical backed-up data at will, ransomware loses much of its bite, and therefore its attractiveness to those who perpetrate it!

So what does an effective business continuity solution look like?

Business continuity solutions – what to look for

True business continuity is about more than just security applications – there’s a whole host of cultural and organisational requirements too, as this basic guide from CSO Online explains.

But from the solutions point of view, business continuity is basically about two things: reliable and bomb-proof (perhaps literally!) data backup, and rapid data recovery.

Two metrics are critical, here: Recovery Point Objective (RPO) and Recovery Time Objective (RTO).

The former dictates how much data a business could afford to lose before it caused any real and lasting damage – and therefore reflects considerations like how often backups need to be performed, what volumes and formats of data need to be involved, and how robust the backup environment is.

The latter dictates how rapidly that backed-up data can not only be accessed (hint: off-site tapes just don’t cut it any more!) but actually redeployed in a form that the business’s hungry systems can once again get to work on – not just files and folders, but settings, too - to get the business back on its feet post-incident.

Between them, these two metrics hinge on a host of solution capabilities that can be problematic.

For example, one oft-cited issue is that when backup and recovery data is being streamed back into a stricken business, the data can’t be accessed or used until the recovery process is complete – and that can take many precious hours, days, or even longer. Unhelpful.

Reliance on recovery via hardware is also a sticking point, since it may be impaired by the very hack that caused the data incident in the first place (ransomware is a very good example of this!)

What’s the appetite for business continuity solutions in 2017?

Nonetheless, business continuity has been a problem crying out for a solution for a long time before 2017; ransomware has simply put an especially shrill edge on it!

Scary statistics abound; did you know, for example, that according to a study by Onyx Group, 71% of UK SMEs only ever manage to back up part of their data?

Or that 75% of SMBs have no disaster recovery plans in place at all?

But even more terrifying, when considered in the light of the ransomware issue, is that, according to one estimate, 58% of small businesses could not withstand any amount of data loss whatsoever!

Think about that for a moment. It means the hackers’ job is made much, much easier. Even holding the slightest amount of a business’s data to ransom could easily provoke a payout. Minimum effort, maximum return – which means more hackers getting involved in this kind of activity in the future, of course!

Not for nothing is the Business Continuity Institute’s agenda focused “overwhelmingly” on cyber-resilience in 2017.

(And in case you’re wondering, the disaster recovery-as-a-service market, in which backup will play a key role, is estimated to be worth $11.11 billion - £8.83 billion - by 2021. Ripe for the picking!)

Where can I check out the latest business continuity solutions?

Clearly, what we’ve said above also means that the competitive landscape for security partners in this space is going to become challenging.

But for an insight into how one backup and recovery solution is evolving to deliver both strengthened protection to end-users and a more compelling proposition to the security partners who sell to them, take a look at this data backup and recovery features update.

And keep watching this series of blogs – we’ll be looking at a whole range of security solutions for 2017, covering email, web, cloud, data centre, and Office 365.

General data protection regulationGDPR is coming! Here’s what the security channel needs to focus on to create opportunity out of regulatory upheaval.

On 25th May 2018, the EU General Data Protection Regulations (GDPR) become law.

But despite the burden of compliance that this places on the channel, isn’t it also a major opportunity for channel partners to sell more of the solutions that help end-users to address GDPR-related issues?

Here’s what we found when we dug into GDPR, and the opportunities it potentially presents, a little further…

GDPR opportunities – 1: Greater technology freedom?

A noteworthy feature of GDPR is that it does not prescribe specific data protection technologies – like a certain encryption algorithm, for example – and, therefore, does not automatically exclude others.

Instead, it prescribes processes, meaning that partners potentially have greater freedom than before to choose from a palette of vendor solutions that can satisfy those process requirements.

It’s a growth outlook reinforced by the IT industry’s most high-profile membership and training organisation, CompTIA. They have publicly stated to IT channel partners that GDPR means “Clients will be relying on their providers to help them meet regulations, which is a great opportunity to build on your relationships, all while creating new business with current and potential end users.”

So, given that GDPR is seemingly less proscriptive on the technology front than we might have previously assumed, what are the GDPR hot topics to which security partners’ offerings need to provide a compelling (and compliant) response, if they are to make the most of the opportunities at hand?

 GDPR opportunities – 2: Data protection controls

GDPR has serious teeth, but given our background in security software distribution, and from the point of view of security partners’ offerings, we believe it bites hardest around three key internal and three key external threat scenarios, which we’ve paraphrased from this recent research:

(including employee mistakes and malicious insiders)

  • Making lost data valueless if found – in other words, encryption methods that keep data safe if a device with personally or professionally identifiable information on it is lost or stolen.
  • Remote kill and wipe, to easily remove data from lost or stolen devices, or render them unusable, no matter where they are in relation to the user.
  • Data loss prevention (DLP), to control the types and sensitivities of data that users move around or out of the organisation.

(third-parties exploiting the organisation)

  • Locking-down, to control what kind of applications can and can’t run on an endpoint
  • Virtual patching, to stop remote exploitation of unpatched vulnerabilities
  • Breach detection, to flag where a network has been compromised, and thus enable users to block attempted data theft.

Should security partners be quaking at the sound of these snapping jaws? Not a bit of it.

Security solutions are already available that enable partners to deliver many of these GDPR-focused benefits to end-users, from vendors including Trend Micro (in both SMB and Enterprise formats) and others.

Plus, a recent survey of European businesses cited in this Information Age article found that 69% of those polled are not only likely to invest in security technology as a result of GDPR, but to do so in areas including file-sharing. (This hints at a growth in the cloud app-centric security requirement space, into which, as we discussed in an earlier post, at least one vendor already plays strongly.)

GDPR opportunities – 3: The size of the market

But it’s filthy lucre, predictably, that hints most effectively at the pot of GDPR gold at the end of the partner rainbow. And make no mistake, we are talking big money here.

, for example, has predicted that GDPR will create a $3.5 billion market opportunity for security and storage vendors – in which their partners, of course, will share – as the severity of fines drives enterprises to “radically shake up their data protection practices, seeking…new technologies to assist with compliance.”

An additional push factor in the groundswell of GDPR opportunities for security partners also came with the recent comment by the European Commission's Justice Directorate, according to the International Association of Privacy Professionals (IAPP), that companies judged to have invested responsibly in security can, under certain conditions, see any fines for non-compliance reduced.

Security partners, it seems, are likely to become many businesses’ new best friends!

GDPR: What next for security partners?

This piece in ChannelPro perhaps best expresses what partners need to do, as GDPR relentlessly approaches, to turn a disruptive regulation into a profitable business opportunity:

“1. Read up on the changes and ensure they become the trusted expert on the new regulations

  1. Educate their customers about the impact of the EU GDPR
  1. Ensure they’ve got the solutions available to help customers with compliance”

From where we’re standing, point 3 looks to be the least of partners’ worries…

Over the last week we have seen an increase in the amount of companies receiving emails containing Zepto Ransomware, a file encrypting virus based on the infamous Locky cryptoware.
Most of the emails have been carefully crafted to ensnare the victims using social engineering techniques, typically greeting the recipient by first name and asking them to open an attachment which they had requested.
zepto image
The attachment will typically be either a .zip extension or .docm extension and once opened will run a malicious JavaScript which then encrypts all files on the users machine with the .zepto extension

To try and combat the infection, we offer the following advice
1. To protect against JavaScript attachments, tell Explorer to open .JS files with Notepad.
2. To protect against VBA malware, tell Office not to allow macros in documents from the internet.
3. Ensure your AntiMalware program is upto date
4. Ensure your users are careful with email attachments and only open the ones they are sure they have requested
5. If possible set email filtering to quarantine all .zip and .docm files

cloud-application-controlWhat customers' employees do within web, cloud and social apps can be a significant threat to their business. We look at how they can limit the risks.

We recently took a look at vendors’ web security offerings, and came to the conclusion, in this post, that much of this risk landscape is being driven by employees and their ceaseless interactions with the raft of web, cloud and social media applications on which so many agile business processes now depend.

As this excellent piece in ITPro explains, it is now imperative for businesses to “understand exactly how data is moving in, around and out of your organisation”, and to provide the “visibility and the ability to discover, analyse and control the information staff are accessing or sharing.”

Whether businesses are updating marketing posts on Facebook, drilling down into Salesforce, uploading price lists to Dropbox, liking comments on Twitter, or using cloud data storage applications (as some 52% of small and medium-sized businesses in the US alone seem now to be doing, according to this Cloudwards article), the potential for both intentional and unintentional data compromise or reputational damage is high.

So how do security vendors tackle this end-user challenge, and create cloud application control solutions that MSPs and other partners can sell and provision to customers profitably?

 Cloud application control: the all-seeing-eye?

The first thing to say here is that cloud application security is not simply about automatically blocking malware, or filtering out clicks on risky URLs, or scanning for abusive language.

Rather, it is about being able to visualise and analyse all users’ application activity simultaneously and in one place, make informed human business risk decisions on it, and, where necessary, change parameters and automated settings to suit.

So, for example, why is a user uploading or deleting a profile image? Are they trying to hide their identity?

Why is someone removing a public link – was something there that should not have been exposed to public view in the first place? If so, how do you address the process failure that allowed such a link to then be posted?

Why is someone permanently deleting files from a recycle bin – are they trying to cover their tracks? For what reason?

With or without malicious intent, these are potentially damaging behaviours – but it takes a human eye to assess them, and that can only happen if all relevant information and alerts are assembled in one dashboard, where they are easy to interpret, at minimum management overhead.

Cloud application control consoles are therefore critical, enabling end-user and MSP alike to monitor and manage both users’ behaviours and the service that is being delivered.

Cloud app control – it’s not everywhere

Yet take a look at the “Treacherous 12” top cloud computing threats recently listed by the Cloud Security Alliance at the recent RSA Cybersecurity Conference, as reported in this Infoworld article, and it hardly paints a picture of a cloud application risk landscape that has been comprehensively tamed.

On the one hand, this presents a healthy sales opportunity for MSPs, who can deliver cloud application control solutions as an inroad into new clients.

But it also provides MSPs with a means of protecting themselves against the ever more litigious risks associated with other cloud applications that they already deliver to their customers.

To give just one rather urgent example, according to this TechTarget article some 75% of all cloud apps used in European enterprises are out of compliance with the new EU data protection regulations that are set to take effect in less than two years – and any MSP providing or provisioning them will be liable, as the incumbent “data processor”, for any security breaches sustained.

Overlaying cloud application control on these existing apps could help to significantly reduce many MSPs’ exposure to this kind of risk, or at least expel any ambiguity as to what is a breach occasioned by vulnerabilities in the application itself, and what is a breach caused by risky operator interaction with the cloud application environment.

Who sells cloud application control solutions?

Unsurprisingly, these factors (and others) have encouraged industry analysts to comment enthusiastically on the projected rise of cloud application-specific security solutions. Channel Pro, for example, has cited Gartner’s statement that, in 2016, 25% of enterprises will use a cloud access security broker.

But this presents something of a difficulty, given that there are actually so few vendors producing solutions in this space.

One player that has broken the mould, however, is CensorNet, and for good reason. It has developed a cloud app control solution that hits on all the critical MSP hot buttons at once – it is white-labelled to boost the MSP’s brand profile, can be up and running without infrastructure costs, is deployable in minutes, and offers stellar system performance and scalability thanks to its proxy-less architecture.

Yet one swallow does not a summer make. Can MSPs take cloud application control mainstream with so few vendors in the frame?

Put it this way, they’re going to let down a lot of customers if they don’t. Consider this: the average employee already accesses seven different web applications at work, but according to one recent article, 58% of respondents had no training in how to use those apps safely, 39% were unaware of the risks associated with them, and 44% hadn’t been trained in how to transfer and store corporate data securely.

Add to that the revelation, in the same article, that 23% of respondents have already experienced cloud data losses or breaches, and 20% have reported unauthorised access to their data or services, and the need for organisations to understand who is doing what in the cloud, to what, and why, is no longer a nice-to-have – it’s a critical imperative.

Over to you, MSPs...

Anti-Malware’s Like Your Winter Clothes: Layered Is Better!

Outdoors magazines, sports coaches, your mother – they all teach you that at this time of year, when the cold snap bites, layers of clothing are far more effective against the cold than one monstrous overcoat. Nobody pretends the cold’s not going to find its way into a fold or two, but after that, other folds stop it.

Seems like common sense, doesn’t it? Yet when it comes to anti-malware and the like, too many vendors (and partners!) still favour the overcoat – one big protective mantle that, once compromised, is a single point of chilly failure.

So for you, and your customers, the question is this: where can you get access to the kind of layered anti-malware solutions that don’t let you down like an overcoat, and how can you be sure they’ll deliver on the promise?

What are these anti-malware layers – and what benefit do they deliver?

Layered security’s central philosophy is that no one solution can cover every base. (Wikipedia describes this neatly here). You need layers of solutions, as well as layers of protection within those solutions.

Take one of the most vicious breeds of malware, for example – zero-day exploits, like the ones that placed millions of Android Chrome users at risk. These target vulnerabilities in newly-released browser and application software, often using these undefended pathways to deliver ransomware payloads.

To fight these threats effectively, each vulnerable program – it could be an Office app, a PDF reader, a media player, or anything else – needs its own dedicated protection.

But this kind of exploitation protection isn’t necessarily focused on threat profiles like viruses, Trojans, worms, rootkits, adware and spyware, so an additional anti-malware layer is needed.

And, critically, malware detection is not the same as malware removal – which, again, is a layer in itself.

Put all these items of “protective clothing” together, of course, and you have a multi-layered solution, something like this one, that covers all the critical malware and exploit vulnerabilities.

That chill wind might find its way in here and there, but it’s not going to hit skin.

Anti-malware’s layers within layers

Drilling down into these solutions, we find that there, too, layers are the key to trapping the threat, wherever it comes from and whatever form it takes.

So for example, an anti-malware solution might have four distinct layers:

  • Application hardening, to make outdated or unpatched applications less susceptible to attack
  • Operating System security, to stop exploit shellcode executing
  • Malicious memory protection, to prevent the execution of payloads
  • Application behaviour protection, for specific applications like Word, PowerPoint and others

 In short, there’s a trigger to raise a red flag on all the hot buttons that malicious code typically tries to press!

“Is layered anti-malware really that effective? Not convinced…”

At this point, if I were your mother I’d be telling you to come inside and get some hot soup. As it is, I’m going to tell you to come in from the cold and smell the coffee.

The effectiveness of layered anti-malware is documented fact, not hearsay. Here are some recent threat-busting stats from the layered anti-malware landscape:

  • It was a layered malware removal technology that recently earnt the only perfect score in tests by the internationally respected laboratory AV-TEST.
  • It was a layered malware tool that removed over five billion separate varieties of malware in 2014 alone.
  • It was a layered malware removal technology that, according to OPSWAT, who release periodic studies on security vendors’ market share, is the most popular security product installed by users.
  • Layered anti-malware technology is hot property, ranking 186th in Deloitte’s 2015 Technology Fast 500 nominations.

So what’s stopping you from (if you’re a partner) offering these solutions profitably to your customers, and (if you’re an end-user organisation) deciding to take the partners up on their offer?

Layered anti-malware as revenue multiplier!

The short answer is “nothing.”

Firstly, distribution businesses like mine (and others) already make these solutions available to partners, and not just in conventional subscription-based agreements.

The MSP model, for example, gives partners a powerful differentiator in their portfolio. This is primarily because it enables partners and their customers to pay only for what they use, but it also makes aggregated billing possible, reducing customer acquisition costs and so supporting the growth of the partners’ business.

Secondly – and this is where layers take on a dimension that’s probably a lot more interesting to you than it is to your mother – layered anti-malware not only gives partners the opportunity to combine (and charge for) multiple solutions, as we’ve already seen, it can also work with the customer’s existing security solutions and need not automatically displace them.

In short, every layer’s a revenue stream in itself, but any other security solutions you have already sold to your customers can stay in place too – so the revenue opportunity is multiplied!

So, that’s a whole load of stuff I bet you (and your mother) didn’t know about the similarity between what you wear and what you sell.

Either way, it’s going to make you look good.

Brian-A-Jackson1

On a weekly basis there are now articles regarding a big brand company which has been hacked, these usually relate to what data has been lost, how they are notifying those affected and what they are going to be doing to prevent this from happening again.

So how do you prevent it from happening in the first place?

From experience I can see that if a hacker wants to get details from somewhere they will take the easiest target, the ‘Low Hanging Fruit’ as they say, in ensuring your company has some basic security principles in place can help mitigate this.

So how do you ensure you are not the ‘Low Hanging Fruit’

Simple measures can be taken within your environment to help secure it. As a basic level you should be meeting the following guide - CyberEssentials Requirements

This sets out some advice regarding Firewalls, User access control, Passwords, Malware protection and Patch management.

Once you have met the standards given within this document you should be looking to increase the security standards within your organisation. The most effective we have found is the use of education, once educated your staff will be able to react to the threats quicker and reduce the risks to your company.

We are offering a multi-year promotion for Standard and Advanced renewals on Worry-Free™ Business Security. Customers who renew for 3 years will receive a 10% discount, while those who renew for 2 years will benefit from a 5% discount.

The offer is valid for up to 100 seats and does not include additional seat sales.  Please contact your account manager Kirk Harris on 0118 989 8231 or email kirkharris@bluesolutions.co.uk for further details or visit the Blue Solutions website http://bit.ly/15Y2i3w

Terms & conditions apply.

  • Offer valid for orders placed between 1st October 2013 and 31st December 2014.
  • Offer only valid on 2 or 3 year renewals.
  • A 10% discount applies to every year on a 3 year renewal and a 5% discount for every year on a 2 year renewal.
  • Eligible Products: Worry-Free Business Security Standard and/or Advanced, license purchases only – up to 100 users.
  • Purchases of additional seats are excluded.
  • The Gov and NGO/NPO/EDU discount can be applied.
  • Offer valid on renewal purchases only.
  • Not to be used in conjunction with any other Trend Micro offer or promotion other than those stated above.