Worldwide issues, such as the recent Heartbleed bug, bring into focus the importance of Internet security. Of course, we have all heard scare stories about the dangers of the world wide web, and in some cases, these can be dismissed as scare stories. However, some of the more rabid reporting on the issue of Internet security shouldn’t disguise the fact that there are real threats out there.
Outsourcing has been growing in popularity. It represents an opportunity for companies to expand, as needed, while cutting the costs associated with new technologies and services. Recent studies conducted by Computer Economics, Inc. showed outsourcing made up only 4 percent of IT costs in 2008. By 2009 this percentage increased to more than 6 percent. By 2011, outsourcing IT services made up more than 10 percent of the total IT expenditures, and this trend has only continued in 2012.
This means that choosing the right outsourced IT provider is now more important than ever. There is a lot at stake in terms of business continuity, company productivity, growth of revenue, and company expansion.
Part of choosing an outsourced IT provider is knowing what mistakes to avoid. Investing the time at the beginning means fewer headaches over the long term and minimizing the potential for unexpected costs as a result of making the wrong decision.
There can hardly be a person who has used a computer in the last ten years who hasn’t received a spam email at some point or another. For most of us, this is a daily occurrence, a nuisance that can be filed alongside the daily commute and packaging that won’t open properly. It rarely occurs to many of us why we receive so much spam. While it is pretty obvious that there is a basic commercial imperative behind a lot of spam, why is this particular marketing technique so prevalent in the modern world?
Quite simply…because it works! Pitching goods via spam earns the people engaged in it hundreds of millions of dollars per business per year, while the cost and time involved in sending spam is somewhere between negligible and non-existent.
In the every changing world of online threats, a new type of spear phishing attack has emerged.
Have you ever gotten an email in your office asking you to receive money on behalf of someone in distress? These emails are easy to spot as pure SPAM and/or Phishing attempts. Even if you didn’t recognize this as SPAM, you would remember what your mother told you as a kid: “If it seems too good to be true, then it probably is.” Take a look:
Microsoft has released an out-of-band security update to address the latest Internet Explorer “Zero-Day” vulnerability, as of 1PM on Thursday, May 1st, 2014. The patch has been fully tested and is ready to be released for all affected browsers. Despite previous reports, Microsoft will be releasing the security update for Microsoft XP users.
How do I download the patch for the “Zero Day” Vulnerability?
- If you have “Automatic Updates” enabled, you will not need to take any actions. The security update will be downloaded and applied automatically.
- If you do not have “Automatic Updates” enabled, you can manually update your machine by visiting Microsoft’s Security Update page and selecting your operating system.
As a reminder to all Thrive Managed Patching, ThriveCloud, and ThriveProtect customers, this patch will automatically be applied to your machine once we have tested it and approved it for release. You should continue to use other web-browsers until notified that you have been patched.
If you are a Thrive Managed Firewall customer, you have been protected from this vulnerability as long as you are behind your company’s corporate firewall.
For more information about Thrive’s Managed Patching and Managed Firewall Services, please visit our website.
This is a follow up to Thrive previous blog: “What you need to know about the Microsoft Internet Explorer “Zero-Day” Vulnerability“
The latest Internet Explorer “Zero-Day” vulnerability, first acknowledged by Microsoft on Saturday, April 26th, has left all version of Internet Explorer 6 through 11 vulnerable to exploitation. However, initial reports indicate that IE versions 9, 10, and 11 are the primary targets. According to the research firm FireEye, the exploit uses an Adobe Flash SWF file to execute the exploit. Machines that do not have Flash installed are believed to be safe. It is important to note that Microsoft will not be producing a patch for its Microsoft XP operating system. Support for this OS ended on April 8, 2014 so if you’re running this operating system on your machine, you will need to upgrade.
If you currently have a Thrive Managed Firewall powered by Dell SonicWALL, the Intrusion Prevention signatures to cover the “Zero-Day” exploit were added to your device within the last 48 hours. You are protected from this vulnerability when on the Internet behind your corporate firewall.
By now you may have heard about the “Heartbleed Bug”, a serious security vulnerability in the OpenSSL cryptographic library. The OpenSSL library is used by a number of different computing platforms to secure communication between a client (typically in a web browser session) and a secure endpoint, typically a web site or device used to allow access to secure business systems. Anytime you are conducting a transaction online you are typically using SSL, and you can tell that you are doing so when the URL starts with “https://” or when you see a padlock appear in the browsing session. It is estimated that this vulnerability effects upwards of 50% of Internet web sites that use SSL, so the scope of the bug is potentially huge.
Because the vulnerability exposes extremely sensitive information to an entity who tries to exploit it, such as usernames, passwords, banking information, credit card information, and more, the threat is a very real and very serious one. You should take all reasonable precautions to secure your environment if you have systems that contain the vulnerability, as well as being aware of any communications from online vendors, such as banks, that may reach out to you indicating that they may have been subject to the vulnerability and that data may have been compromised.
For more technical information about the vulnerability you can start by looking here.
Thrive suggests that you do the following in response to the Heartbleed vulnerability:
- Analyze and secure your business systems that have the vulnerability present by shutting down and / or patching effected systems.
- Reach out to your third party vendors or providers about systems that utilize the Open SSL cryptographic library to ensure that the vulnerability is not present in those systems.
If you have any questions or would like Thrive to conduct a security audit of IT systems that are not managed by Thrive directly, please contact Thrive Networks today.
Firewall management is a necessary but tedious and time consuming effort. It also requires industry-specific expertise in order to avoid costly security breaches which can jeopardize compliance requirements.
Meeting compliance requirements for your specific industry can occupy a significant amount of your IT professional’s time. Additionally, it can be difficult to find an IT expert with the appropriate industry experience to ensure all of your compliance requirements are met and your network is protected against unauthorized access.
When you choose to manage firewalls in-house, this requires a resource intensive effort since it involves device deployment and configuration, constant upgrades and security patching, in addition to monitoring upgrades to ensure the appropriate controls are installed to meet necessary changes in business processes. Then the network traffic must be continually monitored for threats so these can be acted upon in a timely manner to avoid costly breaches.
Regardless of your industry, staying proactive with patch management can be a time consuming but extremely important effort. This is where a managed patching provider can be an invaluable resource.
If you were to conduct a survey of businesses to discover whether or not they are happy with their patch management strategy, the majority of them would likely say that they struggle with patch management processes and are overall dissatisfied with their patch management system. If you are one of the businesses that is constantly burdened by patch management, here are a few of the most common issues companies face and how a managed patching provider can help.
Traditionally spyware and viruses have been mostly a nuisance as it relates to your PC or laptop. You might notice that your system is sluggish, and you might have to clean up or even rebuild your operating system, or worst case, pay someone to perform a cleanup and spyware removal for you if you don’t know how to do it yourself. Recently however a new and far more malicious form of spyware has started appearing on unprotected PCs, and its payload is far more dangerous and the cost of recovering from it is far higher than ever before. Its name, Ransomware, says it all – it is spyware that takes over your data or your system itself and holds it hostage from you unless you hand over your hard earned money to the criminal who has infected your PC in exchange for your data or access to your computer back.
With threats like this in the wild, it is prudent to be aware of how you could become infected, what you can do to protect your data and your PCs, and what you should do if you suspect your computer has been compromised.