Update Management —Prompt Installation Required to Maintain Network Security

Posted On 5 July 2019 By Michael O’Dwyer In Articles /  2

In most companies, at least those who believe in managing security correctly, the rollout of all updates is controlled by the IT team. Only users with administrative access can install security patches, firmware and software updates or service packs. Basic users are also blocked from installing software on company assets. This is good practice and prevents shadow IT (where users can install unapproved and unsupported software). It does annoy users, as they must ask IT to add any applications they feel are necessary to add productivity to their roles. However, it does make sense and aids security, ultimately creating a list of approved software that satisfies all company activities.

Unfortunately, this activity is not enough as, regardless of hardware and software configurations, updates are necessary on at least a weekly basis, whether related to the OS, applications or installed hardware. Some experts recommend prompt installation while others advise performing some research before installation, to make sure the update does not have a negative impact on operations. I advise a combination–it’s better to verify on an offline machine before rolling out the update to all.

What is the ideal way to ensure reliable yet prompt update installation? In a traditional office environment, is it practical to supervise individual installs? Can we rely on all updates or will they cause additional problems?

Unfortunately, there is no single solution, given the plethora of hardware and software configurations available. It’s impossible for manufacturers to test on all possible system configurations not to mention on connected peripherals and other software. Therefore, as security vulnerabilities and other issues are identified by end-users and real-world usage, patches and updates are released. Managing all these updates on a company network is a task that requires prompt action but in a way that ensures business continuity, given that some updates cause problems.

How Important is Update Management?

Ignoring updates is not a good idea as hackers exploit known vulnerabilities, secure in the knowledge that companies are often slow to implement security updates. It’s not enough to focus on OS patches as commonly used applications such as MS Office, Acrobat and many more are all attractive targets, exploited to launch cyber-attacks, ransomware, or simply to harvest data. Therefore, a process is needed to stay on top of all updates.

Are you Prepared for Updates?

A company’s activities are often defined by processes, procedures and compliance requirements. Documentation is key to ensuring a defined strategy for all aspects of the business. Most will have a security policy, cybersecurity strategy, disaster recovery policy and other documents to ensure a defined process is maintained and improved where necessary. Update or patch management is no different. Define your process and follow it. If you haven’t decided how to officially handle updates in your organisation, it’s worth starting. Let’s make a few assumptions first:

  • Most companies will have similar (if not identical) desktops and notebooks. In most cases, they will at least be from the same manufacturer if not the same model. It makes sense to do so as discounts are available for volume orders. A mix and match approach to desktops is rarely observed.
  • All will have the same OS.
  • A complete audit of the network has provided an inventory of all hardware and software on the business network.
  • Installations and updates are managed by the IT team, with users unable to perform admin functions on their machines.
  • System restore or other rollback function is installed on every machine in case a patch or update requires removal.

If all the above are not true, it complicates matters for the IT team. In my opinion, driver updates for hardware and application updates rarely cause problems and can easily be rolled back on a machine if problems occur. OS patches are another matter and need more careful rollout, given that they will apply to all machines. If flawed, a patch can grind operations to a halt. It’s for this reason, I’d recommend a dedicated machine for testing updates before rolling out updates to the entire network.

Define a Process

Therefore, a potential process could include a review beforehand. Ask some questions. These could include but are not limited to the following:

  1. Is the update plugging a security vulnerability or just a performance/feature update? Security updates receive priority.
  2. Have any problems been identified by those who have already installed the update? Google is your friend in this case.
  3. Who is affected by the update? If everyone, test on standalone machine before rollout.
  4. Is a network rollout possible or is it necessary to update each individual machine? Most sysadmins perform updates after hours to mimimise downtime.

Of course, there are other issues, especially for software companies or those who use software with a browser-based GUI. Such issues should be identified during online research.

In conclusion, it’s best to act on new updates as soon as possible. Automatic installs are possible but carry some risks. It may be best to avoid automated installs in some cases and follow a manual process based on prior experience with your company systems (most admins will identify a pattern of problematic updates). Regardless of the method used to process updates, ignoring them is not an option, especially when you consider that doing so could allow a data breach or result in network downtime. Can you take that risk?

Read More

5 reasons why schools should add texting to safety plans

Posted On 19 December 2016 By Joe Butler In Articles /  1

Today’s college officials face challenges that that previous generations of education professionals never had to deal with, starting with the Internet.

Though advances in digital technology have generally been a good thing as far as program delivery and creating more interactive multimedia classroom experiences, they have also created more potential for harm, or at least new distractions for instructors and students.

At the same time, interest in school security has also risen, partly due to increases in violence at secondary schools and colleges. Though shootings get headlines and cause high levels of fear, other crimes can take place too, including assaults with other weapons.

Because of a push to keep students safer, educators and security staff continue to search for new methods to alert students during a crisis – it doesn’t have to be violence, but any occasion when information needs to be delivered in a hurry. Perhaps it could be a natural disaster or even a serious traffic accident or weather situation that could impact traffic in and out of campus.

One solution that has gained popularity is texting, when school officials can send instructions to students and faculty in the event of a safety situation.

Here’s why it should be added to a college’s security plan.

  • Students are more likely to see a text first.

Emergency warnings in the past have included mass emails or automated phone calls. But these may not be able to be seen as quickly as a text – sometimes emails or voice messages aren’t checked for hours or days while a text can be seen in minutes. Since more students are using mobile devices, especially for texting, it’s likely that they will hear and see an immediate message, or at least someone near them will.

  • It’s a faster delivery method.

Depending on your particular texting service, thousands of one-to-many texts can be sent a matter of minutes. In comparison, thousands of mass emails must be sent in small bursts over hours to avoid spam detectors. Texts are also universal – the same message can be seen on everyone’s phone.

  • Brief is better.

In emergency situations, school officials may just send out short details and quick instructions, with the expectation that more info will be shared later. “Active shooter on campus, seek shelter.” “Tornado coming, stay indoors, will text all-clear later.”

  • No reply needed.

Sending one-to-one texts can create opportunities for a conversation, but one-to-many texts aren’t intended for interaction, only instructions. Officials sending texts may not have time or interest to answer the same question multiple times, so it’s easier just to send an identical message out to everyone.

  • Different databases can be managed easily.

A college may have multiple ‘text’ lists, such as students on different campuses, or even local media. Plus it may have an ‘everyone’ list.  Most texting programs make it easy to specify which database when creating a message. This can make sure the correct students and staff receive the message.

Secondary schools like middle schools and elementary schools will likely require different texting policies than colleges. Younger students may not even own mobile phones, or if they do have them, they may not be permitted in the classroom.

In this case, school alerts should be sent to faculty/staff and perhaps a separate database for parents. These also can give quick, direct information with the promise of more details to come. “School in lockdown. Keep students calm and in classrooms.” “Fire in gym, please evacuate to field.”

Leaders also should keep in mind that every school’s texting plan should be customized based on local resources and the local community.

Overall, it’s critical that a school gets the word out as much as possible prior to launching a texting service to make sure many as many people sign up. Schools also should consider sending out several types of warnings, not just texts, in case a student may not have their phone on or even with them on any given day.

Read More

5 Security Experts on Why IT Leaders Need to Start Automating

Posted On 21 October 2016 By Megan Morreale In Technology /  2

Automation has been cited as the next big thing for IT leaders looking to secure their communications in all types of cloud environments—but leadership knows the challenges they face in doing so.

Answering to a Network World survey, 47% of respondents claim that it is difficult to monitor network behavior from end-to-end, and 41% say these security operations have difficulties that arise from cloud computing.

The main problem with not automating security operations is scalability and the difficulty in setting up these systems. But it’s necessary—it’s impossible to keep up with the increasing pace, limited cybersecurity, and network operations personnel, all while managing network security operations on a box-by-box, or CLI-by-CLI basis.

But don’t take our word for it. These five security experts have driven deep into the world of network security, and have their own reasons for passing along advice to IT leaders to start automating security processes today.

Security Experts and their Reasons for Encouraging IT Leaders to Automate

According to the Enterprise Security Group (ESG) 63% of networking and cybersecurity professionals working at enterprise organizations (more than 1,000 employees) believe network security operations is more difficult today than it was two years ago.

The bottom line – the main roadblock standing in the way of IT leaders and automated security process is difficulty. Here’s why you should take the plunge despite the challenges.

Jon Oltsik, ESG Senior Principal Analyst and Founder of the Firm’s Cybersecurity Service

Oltsik knows the scalability problems that security leadership faces, even though leadership knows the risk they’re taking without it. He cites a survey of 150 IT professionals, where 31% of respondents say automation is “critical” to address future IT initiatives, while 58% claim it is “very important” to address future IT initiatives.

Because of the recognition of its importance, the technology industry is listening – Companies like Cisco, Fortinet, Check Point, and more have all introduced solutions that will assist security network operations teams in automation and visibility of their networks. His advice to leadership is to adopt these technologies:

“Since relying on people and manual processes can’t scale or keep organizations secure, CISOs and network operations managers should assess where they are in the network security operations automation transition as soon as possible, making sure to look into their people, processes and technologies.

Once shortcomings and bottlenecks are discovered, large organizations should develop a plan to address these areas and institute network security operations automation projects, phasing in capabilities over the next few years.” Jon Oltsik

Stephanie Tayengco, SVP of Operations, Logicworks

Tayengco is a proponent for automation, but automation the right way in the face of risk. Her bottom line—you need to get rid of as much manual work as possible to stay secure.

According her, it’s important to automate infrastructure buildout first, continually check instances across the environment, fully automate deployments, include automated security monitoring in those deployments, and finally, prepare for the future of automation.

“Ninety-five percent of all security incidents involve human error, according to IBM’s 2014 Cyber Security Intelligence Index.

This year alone, enterprises will spend $8 billion on cyber security, but these initiatives are often useless in preventing an engineer from misconfiguring a firewall or forgetting to patch a security vulnerability on a new server. Manual work is risk, and manual security work is a disaster waiting to happen.” – Stephanie Tayengco

Gabby Nizri, CEO, Ayehu

Nizri is worried about the rising number of security breaches. According to the ISACA 2015 Global Cybersecurity Status Report, 781 publicized cyber security breaches resulted in 169 million personal records being exposed.

Well-known companies like BlueCross, Harvard and Target were involved, making it clear that even the most sophisticated and well-funded security departments aren’t safe. Even so, only 38% of organizations across the globe can confidently say they are prepared to handle a sophisticated cyber-attack. Because of this, Nizri urges you to automate.

“Simply put, IT personnel are no match for such intensive, sustained attacks. Not only are humans incapable of keeping up with the sheer volume of incoming threats, but their ability to make quick and highly-impactful decisions to manually address such an attack is equally inefficient.

This is why automation is becoming such a powerful and effective component of cyber security incident response. To combat the onslaught of incoming threats, organizations must employ an army of equivalent strength and sophistication.” – Gabby Nizri

Danelle Au, VP of Strategy and Marketing at SafeBreach

Automation isn’t all about just avoiding mistakes. Au cites instances where automation makes an IT department more agile, and improves processes such as application delivery.

For the private cloud environment, applications and desktops are being virtualized at an faster than ever before. According to Au, As the number of virtual machines (VMs) increases, automation and orchestration is no longer a “nice to have.”

“The ability to translate complex business and organization goals into a set of automated data center workflows is critical to not slowing down the application delivery process. It is also an essential part of making compliance and security requirements a lot easier to manage in a very dynamic environment.

To fully realize the promise of private clouds or software defined data centers (as VMware defines it), the traditional IT infrastructure — in particular network security — needs to transform into agile and adaptive end-to-end automated processes.” – Danielle Au

Brian Dye, VP of Intel Security Group

A recent ESG study noted that 46% of organizations said they have a “problematic shortage” of cybersecurity skills—up from 28% just a year ago. That means the development of these skills in IT personnel isn’t improving at a rate needed to keep up with threats.

One-third of those respondents said their biggest gap was with cloud security specialists. According to Dye, this is the reason security automation is important, as well for working with SDN technologies and responding to breaches.

“As organizations explore software defined networking (SDN), they see a need for more automation skills, as security policy must co-exist with the orchestration to fully exploit an SDN environment. These skills become especially important as virtualization expands beyond servers and into networks and storage.” – Brian Dye

Network security automation is important for many reasons – the risks associated with manual processes, adaptation to new technologies, the agility of the cloud, and the race to keep up the skills needed in personnel to use new emerging technologies.

Creating the proper mix of skillsets, automation and processes will provide IT leaders with the security confidence they need moving forward.

SMSEagle is Hardware SMS gateway to send and receive SMS text messages. To find out how we can help support your network security program, check out our online store.

Read More

3 Secret Habits of Really Effective Network Security Programs

Posted On 1 June 2016 By Megan Morreale In Trends /  3

Effective network security programs require more than just one layer of protection if one solution fails, you still have others guarding your company and its data from all types of network attacks.

There are best practices that set the highly effective network security programs apart from the rest.

A recent survey conducted by ReRez Research, and commissioned by Infoblox, shows that when IT departments are segmented by security success factors, there are certain best practices that rise to the top.

The study was comprised of 200 large organizations, and shows how certain habits differed between organizations with top-tier network security programs and everyone else.

These alterations in behavior matter, as breaches in security can cost organizations large fees in both recovery and damages.

Analysts estimate the cost of a typical unplanned network outage now tops $740,000. Protecting the network – from problems like breaches, outages and poor performance – is crucial for organizations. – Infoblox 2016 Network Protection Survey

Education is the first place you should start. Your network security awareness program is probably following a one-year plan, which isn’t the best practice. Programs that follow 90-day plans are more effective, and focus on three topics simultaneously throughout those 90 days.

After your awareness program is in place, start thinking about your network security structure in a different way.

Below are the three secrets of the most highly effective network security programs.

1. Make Sure there is Cooperation Between the Network, Security and Application Teams

Siloing the various teams in your department can stifle your security activities, and keep you from reaching your goals. Network operations staff, the security staff and the application teams should all be communicating fluidly, with 100% of top-tier organizations in the survey citing this as a best practice.

High performing organizations are 9x more likely than others to be using integrated visibility tools already, and they’re 4x as likely to be using integrated security tools in conjunction.

Communication becomes paramount when it comes to reporting. One key factor in running a successful network security program is being able to prove that success. The only way to do so is to collect metrics that reflect this success across the organization.

2. Utilize DNS/DHCP Data to it’s Full Potential

This is a slowly growing but serious differentiator between effective and mediocre security departments. According to the survey, close to half of top-tier organizations use DNS/DHCP data to discover other new devices, compared to zero other contenders.

Not only are they tracking and utilizing the data, but they’re 3x as likely to use DNS logs for security purposes.

3. Commit to the Continual Use of Intelligence

The most successful organizations have a mechanism in place that forces them to commit to security intelligence. They’re 6x as likely to have deployed an SIEM, and 4x as likely to invest in machine-readable threat intelligence.

In addition to intelligence commitment, they’re 6x as likely to use automated tools that alert them to new devices appearing on the network.

Keep in mind some of these changes when building your network security program certain best practices could not only set you apart from the rest, but save your organization it’s reputation, and hundreds of thousands in damages.

SMSEagle is Hardware SMS gateway to send and receive SMS text messages. To find out how we can help support your network security program, check out our online store.

Read More