Reports highlight recent malware explosion

/in , /by

Malware is long-running and consistent threat to companies and computing end users, and, while the cybersecurity community has worked hard to close vulnerabilities and make carrying out exploits more difficult, malware continues to proliferate. Two recent reports highlighted massive spikes in malware infections in late 2013 and the beginning of 2014, respectively. The data should be instructive to companies looking to keep malware out of their networks. With infections on the rise and becoming more insidious, companies can benefit from enlisting malware removal services to address this ongoing problem.

A long-term malware infiltration
In Microsoft's most recent Security Intelligence Report, the company noted that the average rate of malware infection nearly tripled in the final quarter of 2013, due largely to a single malicious browser plugin. In the third quarter of 2013, an average of 5.8 out of every 1,000 Windows computers were infected with malware, but that number increased to 17 per 1,000 in the fourth quarter of the year, according to Tim Rains, director of Microsoft's Trustworthy Computing division.

Much of the increase was due to the proliferation of a program called "Rotbrow," which comes disguised as a browser add-on security product called "Browser Protector," Rains said, according to PCWorld. Computer security companies failed to identify the software as malicious at first because it was not itself dangerous, and it did not do anything threatening immediately. Instead, the program is what's known as a "dropper," a program designed to download other software onto a computer. Eventually, Rotbrow began downloading malicious browser extensions and code such as Sefnit, a botnet tool linked to click fraud and ransomware schemes. Microsoft noted the change and alerted security companies, but the program was already installed on a large number of computers.

"I would characterize it as a low and slow attack," Rains told PCWorld. "They were patient and waited a long time before they started to distribute malicious stuff. I think they gained a lot of people's trust over time."

Rains noted that Microsoft has generally improved its products, reducing the number of remote exploitation vulnerabilities in its software by 70 percent from 2010 to 2013. As a result, malware infection schemes have gotten more elaborate and expensive to carry out. One increasingly common approach has been to bundle malware with legitimate software or music.

A flood of email attacks
Another recent study from email firm AppRiver screened more than 14 billion email messages in the first quarter of 2014. Of those, nearly 10.9 billion were spam, and another 490 million contained malware. The company concluded that one in every 10 pieces of email was malicious, and January was the biggest month for malware traffic since 2008. AppRiver security analyst Fred Touchette warned people to exercise more caution toward emails that address the recipients in vague terms or by their email addresses.

Both studies show that malware threats continue to be a major problem for companies and their employees. Even as tools and awareness to prevent infections improve, the threats are becoming more complex and infections are growing more common. For businesses, the best solution may be to work with a managed services provider to access malware removal and managed network security services to remove the threat.

Why managed services are essential for security success

/in , , /by

 

Amid the growing range of cybersecurity threats, companies are facing questions about how to secure their data center and application environments. A recent study by Courion found that 78 percent of IT security executives are worried about the possibility of a breach at their organization, with concerns that included loss of client data and negative publicity for the brand. At the same time, while 95 percent of IT security staff believed preventing breaches is a serious issue, they said they thought just 45 percent of employees share their concerns.

This discrepancy underscores the value of having clear governance practices and security standards in place. For companies looking to bring their security operations up to date, a managed services approach can be valuable. With a trusted managed services provider, companies can develop a clear information governance plan, laying out a strategy to keep files safe throughout their life in the company environment.

“In light of the constant changes in the IT environment, all enterprises should look to IT governance to secure information from the moment it is created to the time it is destroyed,” IT executive Dan Chenok wrote in an article that appeared on FCW.com. “That is why, in the past decade, IT governance has moved to the forefront of enterprise efforts to effectively manage and appropriately protect IT systems and assets, contributing to the success of risk-based security and supporting strategic decisions made by C-level executives across the public and private sectors.”

In addition to helping develop a plan for companies to have clear security policies and keep data locked down, a managed services provider can offer ongoing support in the form of managing regulatory compliance and compliance testing, as well as through services such as continuous network monitoring. A third-party provider can access state-of-the-art security technologies and round-the-clock staffing services that a company might not be able to purchase on its own through an economy of scale. And with the growing complexity of cybersecurity risks, companies can benefit from the expertise and knowledge of a specialized outside provider as well.

Approach BYOD with a realistic mindset

/in , , /by

Companies are increasingly embracing bring your own device programs, but BYOD is also introducing new security risks into the business. As a result, having a clear plan for BYOD deployment that acknowledges the realities of the way users behave is essential for avoiding a data breach or other security incident. To smoothly manage a BYOD rollout, companies can benefit from working with a managed services provider and adopting sanctioned hosted collaboration solutions.

At the recent CITE Conference in San Francisco, Cisco executive Brett Belding and Sanofi executive Brian Katz explained that the security problem of BYOD is a simple one: No matter what restrictions are placed on them, users will find a way to access the services they want for cloud storage, collaboration and email on any device with a screen. They said that users are going to be drawn to the services they are familiar with, such as Evernote or Apple's iCloud, CITEworld reported.

Short-term benefits but long-term risk
Using ad hoc or consumer solutions to store and share data gives employees short-term benefits but can create long-term exposure risks, Alex Gorbansky, CEO of document management company Docurated, told Business News Daily. In many cases, employees are bypassing IT and adopting consumer solutions, which then can linger in the cloud without corporate knowledge after those employees have left. The solution to these management issues is for IT to provide sanctioned solutions.

"Employees need to work with IT to adopt a consumer-grade experience with enterprise-grade security," tech executive David Lavenda told Business News Daily. "Without IT buy-in, end users will continue to choose between engaging in risky file sharing behavior with consumer-centric alternatives, or taking a productivity hit through clunky legacy enterprise file sharing systems."

Working with a managed services provider, companies can craft a custom BYOD deployment plan that leverages sanctioned cloud storage and collaboration tools, avoiding the risk, inherent to BYOD, that employees will head off on their own and deploy risky consumer solutions. A third-party vendor experienced in BYOD strategy and cloud systems can help businesses of any size navigate this type of rollout and ensure employees buy into it. With guidance for employees, achieving BYOD success is more likely, Katz said, according to CITEWorld.

"Nobody follows a standard, but everybody follows a recommendation," he explained.

Heading into a BYOD deployment with a realistic mindset and an understanding of how employees will behave is essential, and a managed services partner can help.

3 advantages of server virtualization

/in , /by

 

Server virtualization is quickly becoming the preferred deployment model for corporate data centers, as companies look to tap into the benefits of managing servers on a software level. Switching to virtualization means that the workloads happening on servers are not tied to a specific piece of physical hardware and that multiple virtual workloads can occur simultaneously on the same piece of machinery. The immediate benefits of virtualization include higher server utilization rates in the data center and lower costs, but there are more sophisticated advantages as well. Three of these are:

1. Improved disaster recovery and business continuity: With virtualization, the information on a server is not contained to a specific piece of hardware, which means a hardware failure doesn’t have to be catastrophic. Instead, data and software are backed up to multiple machines, and it’s easier to reboot systems at a new location, a recent Firmology article explained. The result is faster recovery times. Also, since virtual machines can be run on a wide variety underlying hardware, it’s possible for companies to use older machines for their recovery systems to reduce costs.

2. Easier IT management: With virtualization, IT employees are saved much of the grueling maintenance and provisioning work that physical servers require, a recent VMWare white paper noted. Considering that routine tasks like adding new server workloads and launching new applications account for at least half of employees’ time in nine out of 10 IT departments, the potential productivity gains are substantial. Adding new servers and carrying out maintenance can be done with a few clicks of a mouse.

“These tools eliminate the need for IT workers to manually perform routine maintenance and troubleshooting on multiple physical machines,” the white paper stated. “In fact, these tools not only make it easy to pinpoint IT issues, but they can also proactively detect and resolve these issues without intervention.”

3. More agile business processes: The business world changes fast, and companies need to be able to respond accordingly. As opposed to traditional deployment schedules, which required planning for hardware purchases and installation, virtual infrastructure allows companies to scale rapidly, adding new virtual servers on demand, the white paper said. Additionally, it’s much easier to change how virtual resources are allocated, giving businesses the ability to shift strategies on the go.

For companies looking to tap into the advantages of a virtual infrastructure, it can be valuable to work with a managed services provider that has a background in server virtualization deployments. With this external expertise, businesses can move toward a computing model that’s more disaster resilient, more agile and easier to manage.

Creating BYOD value while minimizing risk

/in , , /by

Bring Your Own Device programs are growing in popularity, and, as they evolve, the techniques for managing them are evolving as well. Introducing BYOD programs into the workplace comes with obvious security risks, as more connected devices present more vectors for malware or network breaches, but there's no avoiding the reality that smartphones and tablets are here to stay. Nonetheless, companies need to be deliberate in the way they deploy BYOD.

In many cases, employees are either unaware of the security risks their device use can introduce, or they simply don't care. According to a recent survey by identity management software firm Centrify, 15 percent of employees believe they have minimal to no responsibility to protect data stored on their personal devices. Additionally, 43 percent said they have accessed sensitive corporate data while connected to an unsecured public network.

Traditionally, the response to this type of threat has been to limit employees' device use with restrictive policies and enterprise mobility management tools, a recent TechTarget article noted. However, such limitations can easily restrict the benefits BYOD offers in the first place. As a result, the preferred approach is trending toward implementing better controls on the network and storage levels, giving users more choice of device while taking precautions like protecting their data via hosting it remotely in a secure cloud environment. The ideal security approach will vary by organization, making it useful to work with a managed services provider specializing in BYOD to develop a custom solution.

Embracing virtual desktop infrastructure through managed services

/in , /by

Virtual desktop infrastructure was recently named as the No. 3 highest "low-risk/high-reward" technology in Computer Economics' "Technology Trends 2014" study. Given the predictable cost structure of the technology, as well as its maturity, companies have a strong incentive to embrace it. And the incentive is even stronger when VDI is delivered through a managed services cloud provider, cutting out the capital investments that can otherwise be an impediment.

"VDI can ease desktop support and shrink energy consumption, but the advantages come at a cost," FCW contributor John Moore wrote in a recent article. "Organizations might need to invest in data center infrastructure – servers, storage, software and networking – to make the technology work. They will also need to train or hire employees to maintain the virtual environment."

Given these up-front costs, many organizations are moving to a cloud-based VDI deployment model, Moore noted. By working with a third-party managed services partner, companies can not only outsource capital investments, they can simplify management and access state-of-the-art infrastructure subject to constant refresh cycles. A VDI solution delivered through a managed service provider's data center can dramatically improve the effectiveness and cost efficiency of the technology – already a remarkably effective tool.

Malware removal essential as new study shows 100 percent of companies have malware

/in , /by

Malware infection has become effectively ubiquitous, according to Cisco's recently released 2014 Annual Security Report. In the study, 100 percent of companies surveyed were found to be hosting some kind of malware. Given the preponderance of malicious software, the need for malware removal services is high in today's business world.

According to the study, malicious exploits are finding their way into high-level resources such as web hosting servers, nameservers and data centers. Penetrations often go undetected for long periods of time. And more than nine out of 10 web exploits are tied to Java.

"Of all the web-based threats that undermine security, vulnerabilities in the Java programming language continue to be the most frequently exploited target by online criminals," the report stated. "[These] far outstrip those detected in Flash or Adobe PDF documents, which are also popular vectors for criminal activity."

The Java Runtime Environment has long been a favorite target of malware authors because it supports an enormous number of devices and offers a very broad range of functions, providing many possible attack vectors, a TechTarget article noted. Given the complexity of securing any device that may be run on Java, companies are also forced to handle malware reactively. By enlisting a malware removal provider, businesses can locate and address some of the malware that, statistically, is inevitably in their environment.

Tapping the virtualized data center for unified communications advantages

/in , /by

 

Companies are increasingly abandoning traditional PBX phone systems in favor of unified communications solutions, which enable consolidated phone, email, fax, chat, video and collaboration services through a single online interface. As this approach has become predominant in the business environment, new, virtualized data center solutions have emerged to make service more reliable and easier to manage.

According to one recent study, 84 percent of companies that do not currently use UC features are considering adding such services in the next one to three years. At the same time, a majority of respondents said they were struggling to find the right vendor. This frustration could arise in part from the changes in the way UC services are offered. Traditionally, UC was primarily an on-premises offering hosted on dedicated servers, which could lead to reliability problems.

For companies looking for a reliable UC solution, the preferred model is increasingly trending toward a hosted approach, in which a managed services provider offers UC services that are hosted remotely in a large-scale, virtualized data center. Virtualization allows service providers to host a large number of clients simultaneously and use resources intelligently, cutting costs while also accessing state-of-the-art, reliable infrastructure, a recent TechTarget article noted.

“Virtualization can bring a level of reliability not available on dedicated servers, while lowering the overall costs of the platform,” Brian Riggs, research director for enterprise communications at Current Analysis, told TechTarget. He added, “Service providers … are seeing virtual environments as a cost effective way to deliver hosted communication solutions for a wide range of clients.”

The cost advantages are particularly notable for small and midsize companies, which may not be able to handle the capital investment of installing servers for unified communications services on their own. With a managed services approach, companies can choose the specific solutions they need without running up substantial hardware costs.

Actually meet enterprise security needs with managed services solutions

/in , , /by

 

Today’s businesses face a wide range of cybersecurity threats.  While many are confident in their approach to protecting sensitive information, the reality is that security solutions still remain largely inadequate. According to a recent study from the Ponemon Institute, managing security investments and policies is a C-suite concern at 66 percent of companies. However, the amount of information that is actually passed to the C-suite to make informed decisions is “disturbingly incomplete,” with IT staff actively omitting negatives in more than half of cases.

“What is most concerning is that it would seem security in many organizations is based on perception and ‘gut feel,’ versus hard data,” said study author Larry Ponemon. “The stakeholders with the highest responsibility seem to be the least informed: a view that is amplified externally.”

For businesses, this may mean working with managed service providers that actually have an interest in meeting security needs rather than simply attracting as many clients as possible. A recent TechRadar article noted that concerns over staying on top of security needs appear to be driving many companies to avoid large cloud providers in favor of smaller managed services and colocation firms, where businesses can be aware of where specifically their data resides even as they leverage the benefits of virtualization and cloud infrastructure.

How can companies improve the disaster resilience of their data center infrastructure?

/in , , , /by

According to a recent benchmark survey by the Disaster Recovery Preparedness Council, nearly three quarters of companies worldwide are failing in terms of disaster readiness, with struggles in downtime for specific critical applications or even entire data center environments. Close to 20 percent of companies reported losses of over $50,000 stemming from outages. Companies can protect themselves against this possibility by investing in resilient data center solutions from a colocation provider focused on business continuity.

"Reliability starts with high industry standards in a checklist of requirements: climate-controlled environments, intelligent security structure and state-of-the-art equipment, technologies and design," BizTimes.com contributor Kevin Knuese wrote in a recent article.

He noted that companies should look for data center solutions with redundant networking and power supplies, as well as redundant cooling systems and all-around state-of-the-art technology. Additional data center features such as 24/7 monitoring and physical security safeguards meant to withstand both break-ins and natural disasters such as floods and earthquakes are important as well. A hosting provider based in the Midwest can be particularly reliable due to the reduced likelihood of certain natural disasters like earthquakes, hurricanes and mudslides that are more common on the coasts.

A provider that offers backup and business continuity services is also important, Knuese wrote. Executives can sometimes be skeptical of "disaster recovery," seeing it as an alarmist term and frustrating cost driver, according to industry expert Steve Kahan. However, the argument for a reliable data center and backup solution is more clear-cut, as such technology solves the problem of many IT headaches. As a result, a colocation provider with business continuity services can be key for maintaining brand credibility from an IT side.

"Some audiences are more responsive when the conversation is focused on the crucial role that IT plays in ensuring 'business continuity' or the operational costs triggered by an 'extended outage,'" Kahan wrote for DRBenchmark.org. "Here's one more suggestion: think of disaster preparedness as 'an investment in brand security,' a way to protect your company's reputation."