Netwrix 2020 Cyber Threat and Cybersecurity Report

In June 2020, our partner, Netwrix surveyed 937 IT professionals from all over the globe to learn how their threat landscape and priorities have changed due to this massive shift to remote work.

The findings, which are presented in the report below, will help organisations re-assess their security risks and identify new security gaps.

If you need any advice or have any questions on anything in the report, please do not hesitate to get in touch by clicking here or you can view our Cybersecurity services here.

Updates from Microsoft Ignite!

Some of you may know that every year Microsoft holds its Ignite conference for developers and IT professionals. Fresh from the announcements last week, resident Pre-Sales Consultant, Ian Sanderson picks a few of his favourite new features for Teams meetings.


New Together mode scenes
Together mode re-imagines meeting experiences to help participants feel closer together even when you are apart. With new Together mode scenes coming this year, you can transport your team to a variety of settings that can help set the tone and create the experience for your meeting, whether it be an auditorium, a conference room, or a coffee shop.

Custom layouts
Coming later this year, custom layouts allow for a more dynamic content viewing experience and enable presenters to customize how content shows up for participants during a meeting. For example, when a presenter is showing a PowerPoint slide, participants will be able to see the presenter’s video feed transposed onto the foreground of the slide they’re showing.

Breakout rooms
Coming in October, breakout rooms will allow meeting organisers to split up meeting participants into smaller groups to facilitate brainstorming sessions or work group discussions. Presenters can choose to hop between breakout rooms, make announcements to all breakout rooms, and/or close the breakout rooms that then bring everybody back into the main meeting.

Meeting recap
Meeting recaps help teams stay on track and keep work moving forward after a meeting for both participants and for those who were unable to attend a meeting. Coming this year, a recap with the meeting recording, transcript, chat, shared files and more will be automatically shared in the meeting Chat tab and viewable in the Details tab for each meeting. The recap will also be available in the meeting event in your Outlook calendar.

Webinar registration and reporting
For more structured meetings, such as customer webinars, meeting organisers can use event registration with automated emails to make it easier to manage attendance. And after the meeting, view a detailed reporting dashboard that will help understand attendee engagement. These new features are expected to begin to roll out by end of year.

For more new features being released by Microsoft for Teams, you can read the full blog here https://techcommunity.microsoft.com/t5/microsoft-teams-blog/what-s-new-in-microsoft-teams-microsoft-ignite-2020/ba-p/1665600

For help or advice on collaboration tools or unified communication, please email us on [email protected] or call 0191 2503000.

Blog Post – Are you getting the most value out of your Multi-Factor Authentication solution?

When choosing our multifactor authentication product, it is important to understand our thought process when evaluating the marketplace for a product and more importantly why we were looking.

In the last few years, we have seen a massive swing when it comes to business priorities in IT.

You will often find that IT directors and managers mark security as their number one focus on IT spending, and with good reason. Each day we create more and more data which is the lifeblood of many organisations.

What is Multi-Factor Authentication?

Multi-factor authentication and access management is an important part of a multi-layered approach to securing business assets. A common attack vector is credential theft. Think about what a malicious actor could do if they had access to a corporate Office 365 account or similar. Multi-factor authentication means that even if a user does fall victim to credential theft, it would be near impossible for the malicious actor to use those credentials as each login request would require a unique one-time passcode to login with. Similarly, with access management, having strong scenario-based policies in place around who is accessing what, when, and from where, ensures an extra layer of security in an ever-changing working environment.

With that in mind, we set out to find a solution that met a set of criteria. Something easy to use, has a rich set of features, is SaaS-based, and offers value for money.

We looked at offerings from Microsoft, DUO, and others which all have their good points, but none of them offered everything we wanted, apart from Thales.

Who is Thales and what is SafeNet Trusted Access (STA)?

SafeNet Trusted Access (STA) is a combined MFA and access management service that centrally manages and secures access to web based, on premises and cloud-based applications. STA simplifies user experience whilst also being simple enough for IT admins to implement and moderate. STA not only features flexible risk-based policies, but also single sign on portals, universal authentication policies and protection of all SAML-based applications.

If you have not heard of Thales before, part of their organisation is the business they acquired when they bought Gemalto in 2019. The name Gemalto may sound familiar, they specialise in products like Passports with the RFID chips, card readers for online banking systems, and importantly, they make their own physical One Time Passcode tokens.

STA allows business to scale as they move into the cloud, take more applications on premises, or a hybrid of the two whilst ensuring that the business meets compliance.

How can Thales and Microsoft complement each other?

When looking at Thales and Microsoft, the main differentiator between the two products is that Thales can protect all applications, whether they are in a Microsoft environment or not. Microsoft will only protect Microsoft applications being accessed, such as O365.

It is also good security practice to split your security provider from your virtual infrastructure provider. That’s why many companies prefer to select a 3rd party provider for their security solutions, rather than relying on just the one vendor.

The key differentiators between STA and DUO

When looking at MFA provider DUO, the Thales STA product also provides superior features. For example, STA provides a lower total cost of ownership.

Because Thales produce their own physical One Time Passcode tokens, these can be added to the MFA service, typically at no additional cost. With vendors like Duo, it is often an extra. It is important to understand why we think this is a differentiator. Many organisations that would like to roll out MFA may not want a software token installed on users’ personal devices, or indeed the user may not want any corporate software on their personal device. Having the option to hand out a physical token for those use cases, without incurring an additional charge represents excellent value.

Other superior features include, granular reporting, ease of deployment and more robust multi-factor authentication, all of which is all included the price of the license. There isn’t a “buffet-style” approach to their license model, the one license covers all features within the SafeNet Trusted Access consol.

Choosing your Multi-Factor Authentication product

This is not just about enabling MFA and access management policies, but about looking at the bigger cybersecurity picture. To do that we have to have robust conditional access policies that you can integrate with all applications, not matter where they live, be that in the cloud or on premises. It also must be delivered by a name that you can trust, such as Thales and with simplified operations for IT staff.

Are you getting the most value out of your Multi-Factor Authentication solution webinar can be found here.

For more information on STA or our security solutions, you can get in touch with us by emailing [email protected] or by calling 0191 250 3000.

Webinar Recording – Are you getting the most value out of your Multi-Factor Authentication solution?

More organisations are shifting to a remote working framework for the foreseeable future, therefore it is more important than ever to ensure your teams and business assets are safe from opportunistic hackers.

With nearly 60% of organisations sensitive data being stored in the cloud, and over 71% of deployments experiencing at least one compromised account each month; implementing access controls that evaluate risk profiles and implement strong authentication is crucial.

Watch our webinar to hear from Ian Sanderson, Presales Technical Consultant at Trustack and deep dive into the competitive advantages of using Thales STA (Safenet Trusted Access) for your multi-factor authentication security needs.

In the session you will hear about:

  • How Microsoft and Thales Access management solutions can complement each other and enhance your security strategy.
  • How Thales compares to Duo when meeting your access management needs.
  • Real-life use cases to demonstrate how Thales can simplify multi-factor authentication
  • Opportunity to ask those burning questions with Ian Sanderson, Trustack presales Technical Engineer.

For more information on anything you have seen in the webinar, or our security services and agile working solutions, please contact us here.

TruStack Focus On… Support Services

Businesses have enough to think about.

In these testing times, with Brexit, a global pandemic and recession to deal with, businesses have never been faced with such uncertainty.

At TruStack, however, we pride ourselves on being able to remove the burden that supporting IT systems can bring and add a level of our own IT expertise to help businesses through these times and prosper moving forward.

Support services are one of the many bespoke services we offer to clients. When it comes to IT infrastructure, we believe that a shared ownership model is the most efficient way to manage the delivery of applications to staff and customers, providing as little or as much as the client needs. We are essentially an extension of a client’s IT team.

After installing a client’s infrastructure, we are always on hand to manage and monitor operations, giving our clients peace of mind and enabling them to focus on the day-to-day running of their business.

As well as enabling constant monitoring and optimisation of their IT infrastructure, by having us on board it means clients are more prepared for future ‘bumps in the road’, with our team of experts there to forecast problems before they become a major issue that will negatively impact them.

Importantly, our dedicated team of analysts are available 24/7, 365 days a year, for high-priority incidents – a constant safety net in case things go wrong.

A lot of time has been spent over the past few months helping manage clients’ transition to agile working in the new world in which we find ourselves. Flexibility is going to be key moving forward, and as such will remain a key part of the support service we offer.

In turn, many businesses agile working transformations were brought forward by the impending lockdown caused by COVID-19.

One such company that we have supported in this transition is law firm Swinburne Maddison:

‘As I pack myself off from the office I would like to say a big “Thank you” to all the people on your support desk for the help they have been to me over the last few weeks in the run up to our evacuation. You have all, without exception, provided me with invaluable support and treated all my questions and requests with respect and professionalism.

‘Thanks once again – and hopefully reversing the process will prove to be somewhat less of a headache for us all! See you soon – and keep safe!’
William Dobson, Office Manager – Swinburne Maddison.

Elsewhere, CDS Security & Fire contacted TruStack for assistance in implementing a secure remote solution to allow staff members to work from home. Having previously had a limited capability for home working, it was essential that this was set up quickly, efficiently and securely.

We ensured that all of CDS Security & Fire’s devices were equipped with the correct technology needed to enable the end users to access all of their files and documents as if they were working in their normal office environment.

‘Without the support services from TruStack, we would not have been able to continue serving our customers during the pandemic. TruStack were on hand every step of the way to ensure that we had everything set up correctly so that our customers felt minimal, if any disruptions. We would not hesitate to call upon TruStack again as they responded to our requests with professionalism and speed during an unknown event.’ Rosie Abbott, CDS Security & Fire.

Ultimately, when a company invests in TruStack’s support service, they are not just buying IT support – they are investing in peace of mind. Our clients know they have that IT safety net in place, with some of the industry’s most knowledgeable experts there to help them with whatever they need.

To find out more about what TruStack can offer your business contact us on [email protected] or call us on 0191 250 3000.

You can also view our managed monitoring service by clicking here, and our data centre offerings by clicking here.

TruStack Focus On… End User Devices

End points and end user devices are any devices a staff member may use to carry out work, e.g. laptops, thin clients, tablets etc. This blog will address the importance of choosing the right end user devices, including adapting to the rise in agile working requirements.

Why are endpoints so important?

Many organisations invest heavily in the right staff, high performance infrastructure, networking, connectivity and applications to enable their business to deliver for its customers.  They then support this with the correct endpoints, assessing staff needs on a regular basis to ensure their equipment supports them to deliver in their role.

What are the endpoint challenges?

At TruStack we often see customers working on legacy or pre-used machines. However, these machines may not fit the end user’s role, their environment or the application stack the end user needs to access. This may be a commercial decision or have other justifications, but ultimately the wrong endpoint can affect employee productivity, engagement and business output.

We are sometimes asked to provide businesses with the same devices for all end users, who may all work in different ways and environments, with different applications. It’s like giving F1 champion Lewis Hamilton a Ford Focus, because it is the same car his Mechanic uses, and still expect him to win the next Grand Prix.

What about the agile working challenge?

Desktops have traditionally been the device of choice for businesses. However, as the UK lockdown hit, businesses needed endpoints that could enable agile working, often laptops or microform desktops with WIFI capabilities, with access to bespoke applications and files on the corporate network.

Stock disappeared overnight with long lead times on agile style devices. Some end users had no choice but to take large desktops home, with corporate monitors and long patch leads to reach from the home router to the desktop, which is ultimately not practical to do.

Agile working has since become the norm for many businesses, and now additional considerations need to be applied to any refresh.

What does agile working look like for your business and employees?

Agile working for every business and every individual user within that business will be different. Therefore, the types of user devices and peripherals each user requires will be different. There are several factors to consider, including:  

  • What does their agile environment look like? Trains, planes, cars, meetings rooms, environment etc should all be thought about.
  • What is available in that environment? Power, space, ergonomic set up, lighting, internet connectivity, business application access, security etc.
  • Does the environment change the technology needed for day-to-day working productivity and would any peripherals support in each location? For example, extra monitors, docking stations, WIFI and 4G/5G connectivity, anti-glare, privacy glass, webcams, 2-in-1 flexibility, noise cancelling headsets and many other options.
  • How much local compute power and resources do they need, processing cores and speed, RAM allocations, graphics capabilities and additional interface ports?

Does the Desktop still have its place?

It isn’t always about providing ‘a laptop’, it is about providing the equipment most suitable to that individual. As such, desktops can continue to be the right choice for many organisations; it could be a shared workstation, or a desktop which offers easy upgrades, hard drive flexibility, multiple connection availability, graphics capability or lower price points.

We fully understand it isn’t easy to undertake an endpoint refresh on any scale. At TruStack we offer free consultations to find out exactly what it is you require and often provide demonstrations and trial kit to customers.

You can get in touch with us to arrange this via your account manager, by clicking here or call us on 0191 250 3000

TruStack Focus On… Remote Desktop Infrastructure

By Technical Pre-Sales Consultant, Ian Sanderson.

Is 2020 finally the year of VDI?
If you have been in the IT game for a while you may have heard the long-running joke that this year is finally the year of VDI. 2020 Could be when this becomes true.

What is VDI?
VDI or Virtual Desktop Infrastructure is a mechanism that allows a business to deliver corporate desktop images to any device, be that a thin client, a computer, tablet, or smartphone. All desktops are managed from a central location and can be delivered from public, private, or hybrid cloud. I heard a great analogy, imagine that the cables on your keyboard and mouse are just really long and they connect to a desktop somewhere else. Not the one in front of you.

What is it used for?
There are several use cases for VDI. The dominant one at the moment is to grant end-users access to their corporate desktops whilst working from anywhere during the global pandemic. It eliminates the use of a VPN and brings users closer to the data they need to access, making for a great end-user experience.
Did you know you can publish physical desktops and connect to them using the same infrastructure used to access a virtual desktop? Many organisations are adopting this approach to allow people to connect to their corporate devices in the office when they are working from home.

Why would you use it?
It is important now more than ever to secure access to data. A VDI solution can make this task easier as you are moving the entry point for an attack from the end-user device to the VDI estate. With appropriate policies and security in place, no data should be able to traverse the endpoint to the VDI session. From a management standpoint, IT only needs to worry about updating a handful of desktop computers rather than all desktop computers.

Who is it for?
Anyone can make use of VDI. Organisations with many desktops that are the same such as call centres, housing associations, or hospitals to name a few and businesses looking to offer additional flexibility for their users.
A VDI desktop can be accessed easily from anywhere in the world with an appropriate internet connection. If data gravity is a concern, a VDI solution can bring those users closer to the data they need to access.

If you would like anymore information on VDI or Remote Desktop Infrastructure, please do not hesitate to contact us by clicking here.

TruStack Focus On… Disaster Recovery and Backup

Over the last year, ransomware attacks have become more and more sophisticated in their approach. We have seen normalities such as deletion of backup files and encryption of all other files in an organisations systems.

This poses the question whether it is enough to have one back up and data protection vendor in your environment, or do you need to be looking at a more comprehensive data protection and disaster recovery strategy.

Data Protection

A well thought out data protection strategy relies upon multiple layers to help protect data at the core of a business’s infrastructure. As a business, you can no longer rely solely on a local back up that is always online and readily available. This could potentially lead to a complete loss of data.

There are however different methods that could help to better protect your data, or even other methods of duplicating said data. Each layer should have its own security and hardening in place to protect the data further.

As we know, your data is normally the ultimate target of any ransomware attack. If we start from the inside out, you can normally adjust some minor aspects to assist in protecting the data.

  • There should be appropriate permissions in place to ensure that only users that need access to the data, have the permissions to do so. This will then limit the attack surface, should a ransomware attack take place
  • Ensure that you avoid making all users a global admin
  • Follow principles such as, read-only groups, read and modify and full control

Netwrix for example is one of many products that could assist with all of the above.

Near-Line Storage/Back-Up

Near-line storage or back up is a target that is quick to recover from and is always online. This could range from a server, to a NAS or a purpose-built platform that offers benefits such as hardware compression or deduplication. The use case for near-line back up is typically used if someone deletes a file and needs to recover said data quickly.

Physically securing these devices is sensible, and like the data at the core, you should follow similar principles.

  • Access to the backup repository should always be configured
  • Do not use default admin accounts
  • Lock down firewalls
  • Avoid domain joining devices to limit the number of accounts that could log onto the device

Offsite Backup

Offsite backup targets could be considered as cloud-based object storage, for example another building hosting a backup target or rotated hard drives.

This offsite backup is classed as your insurance policy should anything happen to your data and the near-line backups mentioned previously.

Depending on where this data is stored, this can offer additional protection from ransomware and malicious attacks. If you find that someone has compromised your server and deletes the backups, what do you do?

You could use a third party back up target. These targets can help to protect your data, even from a ransomware attack, or internal threat. Many vendors offer this type or service which is normally shortened to BaaS, or backup as a service. Vendors that we use include Veeam and Datto.

Air-Gap Backups

Air-gapped back-ups are those that are completely off the network and not online, so there is no way that anyone could log onto the device and delete the data on it. Tape is the most common example of this and something that is still used frequently today.

However, with tape backups you still need to consider how these are going to be stored should the worst happen. At a minimum they should be stored in a fireproof safe, and preferably off-site.

Also remember that tape doesn’t last forever should you consider using it for archiving purposes, and each LTO generation is only compatible with the most two prior versions.

Snapshots

SAN snapshots are not back-ups; however, many SANS now offer the ability to create a snapshot of their volumes for a quick rollback. If the worst happens, and as the last resort, a SAN can roll back to a volume that is in a known good state and could be exactly what is needed. The volumes on a SAN where many servers run from are typically not exposed to a production environment where an attacker could manipulate them and delete data.

Securing access to the SAN should also still follow the same precautions as mentioned previously.

Remember, a backup is only as good as the last time it was tested, so make sure that this is done as often as necessary.

For more information on Data Protection and the services that TruStack can provide, please feel free to call us on 0191 250 3000 or email on [email protected]

You can also contact us by clicking here.

TruStack Focus On… Connectivity

In this blog we will be addressing the long-standing requirements and considerations for the use of Virtual Private Networks (VPN). We will focus on traditional VPN use from end user to corporate networks access, rather than VPN Mesh, VPN to cloud platforms such as Azure, or consumer style VPN provision for confidentiality and security.


So, what is VPN?
As many of you will know, Virtual Private Network connections (VPN) have been a long-time trusted connectivity option between networks since 1996 when Microsoft first published the Peer to Peer Tunnelling Protocol (PPTP).


Why has VPN been so popular?
Point to Point VPN Tunnels across customer networks and VPN between end user devices and company networks have enabled users to access business data, applications and security measures whilst working from anywhere in the world.


In turn this has allowed companies to become more agile, allowing end users to work from anywhere, whilst still delivering the businesses’ security needs with information normally stored behind an enterprise or business grade trusted firewall.

Over recent years the migrations to cloud based Software as a Service Solutions (SaaS) for business data and applications has in many cases reduced the use of VPN. End users are now able to connect directly to the cloud resources from local endpoints with less reliance on traditional on-premise systems.


However, many companies have key applications and large data sets that are unsuited to cloud SaaS. Businesses may also have to meet various compliance regulations or commercial model requirements which traditional on premises infrastructure still provides and therefore still require a VPN solution.


Why is March 2020 so important?
Across the globe the Covid-19 lockdown hit, many organisations who had never needed agile working and remote access now needed it fast. With no time for planned cloud migrations, businesses needed large scale VPN user rolls outs to enable working from home with access to data and applications for end users. Often this was done with limited considerations on how the VPN would deliver what was required or the security risks involved.


What are some of the common key business cases for customer VPN connections?


Remote access to files: VPN provides a great method of accessing small files on networks, often as part of a domain for work share group.  


Enabling remote access to applications: VPN may provide direct access to applications on the corporate network or can enable access to remote desktop services for remote users to access corporate network-based compute to run the required applications.  


Web security: Agile workers often don’t have the levels of security required on the end-point or network to enable secure access to any web services. There could be other devices on those networks which are malicious and pose a threat to your corporate data. If required, VPNs can pass all web traffic directly back to the main corporate network to run through your traditional on premises network security.  


What key considerations should a business check before jumping to VPN?


Level of encryption: Many companies needed to implement VPN quickly with access for remote working without the latest technology, running the risk with older less secure VPN methods such as PPTP vs more secure SSL VPN providing a better layer of security. Some older firewalls don’t support SSL VPN, so it may be an upgrade which is required, and some firewalls need licencing to enable SSL VPN on a per user basis.  


VPN performance: VPN provides a method for agile working; however, it can be limited in the performance it delivers.  For example, does the VPN provide the performance requirement to open or transfer the documents across your IT environment as end users expect?


Does VPN enable what you need?: VPN connections alone may not allow you to run the applications required, however, VPN may provide the secure the access to another layer of compute such as a remote desktop server or individual Endpoint.


The resiliency of your firewalls: If you are only running one firewall it may be worth considering a pair of high availability configured firewalls to reduce risk and a single point of failure.


Treat VPNS with the highest security: VPN passwords should be highly secure as they allow a device to connect to your network. VPN passwords should be complex, updated regularly and kept up to date to ensure no legacy users have access credentials.


Multi-Factor Authentication and Geo Blocking Controls: For best practice, implement a multi-factor authentication system to complement your VPN security. This can prevent unauthorised access in the event of password breach or brute force attack.


Firewalls limitations: Many firewalls are limited in the number of VPN connections available and the number it can handle concurrently. Ensure latest firmware updates are in place for your firewalls which may offer more stable connections.


And many, many more…

Ultimately VPN can still provide a great layer of security to ensure external users who are accessing the system need a further level of credentials to access the network, particularly when Multi-factor authentication is added to the VPN connection. However, it is important the company understands the required working practices and security risks that need to be fully considered.


If you would like to discuss any VPN requirements for your organisation or advice on your existing connectivity contact us on [email protected] or click here.

Important Updates To Office Support

Office 2016 for Mac and Office 2010 will reach their end of support on October 13, 2020. After this date, Microsoft will no longer provide technical support, bug fixes, or security updates for Office 2016 for Mac and Office 2010. You will still be able to use these versions of Office, but over time, organisations will face an increase in security risks and compliance issues.

Running legacy platforms allows security exploits to be leveraged against businesses and so retaining Office 2010 which Microsoft will no longer patch or bug fix is a significant risk.

Therefore because of the changes listed above, we strongly advise that you move to a current agile platform such as Microsoft 365.

Those who have Cyber Essentials or Cyber Essentials Plus will not be able to maintain the accreditation as the Microsoft platforms will not be patched. To have these accreditation’s patches must be deployed within two weeks.

Why Move to Microsoft 365?

Businesses who adapted best to Covid-19 were those who were already using current technology and leveraging tools such as Teams, securely ahead of the lock down.

Those business were already benefiting from agile working practices which their staff and clients benefited from. Meanwhile, others were left unprepared and looking for last minute solutions to remote and agile working, this is now the opportunity for those businesses behind the curve to pull themselves into the present day with up to date technology.

Benefits Include

  • Reduction in on premises infrastructure to manage by moving to the cloud.
  • No long contracts. The ability to flex up or down depending on the size of your workforce. Removes uncertainty should there be a sudden increase or decrease in staff members.
  • Always entitled to the latest version of the software.
  • Easy license management. 
  • Experts on hand at TruStack to help guide you through your journey.

Contact us today to claim a FREE 30 minute consultation.

You can also read more on Agile Working by clicking here.