November 2015

Ashley Leonard is the president and CEO of Verismic Software, a global industry leader providing cloud-based IT management technology and green solutions. He is a technology entrepreneur with 25 years of experience in enterprise software, sales, and operational leadership. Leonard worked nearly two decades as a successful senior corporate executive, providing critical leadership during high-growth stages of well-known technology industry pioneers. He founded Verismic in 2012 after successfully selling his former company, NetworkD, an infrastructure management software organization. Leonard currently manages U.S., Australian and European operations, defines corporate strategies, oversees sales and marketing, and guides product development.

In Microsoft’s November Patch Tuesday, there are 12 security bulletins that resolve more than 80 individual vulnerabilities. Four of these updates are “Critical” with the remaining eight marked as “Important.”

Security officers beware! This baseline contains numerous updates that have a vulnerability impact of Remote Code Execution or Elevation of Privilege, which are often exposed by users rather than seen as a failure in technology. It is critical to pay close attention to the number of reboots required in this release.

James Rowney, service manager, Verismic Software, adds, “The number of reboots is significantly high in this public release. If you deploy these patches to the systems in your network, you must reboot. Otherwise, the vulnerability remains a problem. In this process, remember, communication is vital to minimize user impact.”

Although initially marked as “Important,” we are on the lookout for the bulletin with a vulnerability impact of the “Security Feature” bypass. We understand this affects the internal security password database of all Microsoft operating systems. With such a large range of operating systems available, this patch warrants an even higher priority than the severity suggests.

It’s not the first time Microsoft has changed its mind and increased the severity post release. If elevated to critical, be sure to deploy this patch as soon as possible.

For Windows 10 users, the “Threshold 10″ improves security, adds features and fixes some bugs; however, some users will not be happy with Microsoft for ending its “unlimited OneDrive Storage” promise.

The most important updates this month are MS15-112 and MS15-113. They can be exposed by a user accessing a website or opening a specially crafted document. It is important to note that they require a reboot. Experience has taught us well that the closer we get to the holiday season, the more likely our users will be launching innocent looking websites.

UPDATES

MS15-112 (Impact: Remote Code Execution, Restart Requirement: Requires restart, Severity Rating: Critical)

• This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploits the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

MS15-113 (Impact: Remote Code Execution, Restart Requirement: Requires restart, Severity Rating: Critical)

• This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploits the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

MS15-114 (Impact: Remote Code Execution, Restart Requirement: May require restart, Severity Rating: Critical)

• This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS15-115 (Impact: Remote Code Execution, Restart Requirement: Requires restart, Severity Rating: Critical)

• This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or to visit an untrusted webpage that contains embedded fonts.

MS15-116 (Impact: Remote Code Execution, Restart Requirement: May require restart, Severity Rating: Important)

• This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploits the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

MS15-117 (Impact: Elevation of Privilege, Restart Requirement: Requires restart, Severity Rating: Important)

• This security update resolves a vulnerability in Microsoft Windows NDIS. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.

MS15-118 (Impact: Elevation of Privilege, Restart Requirement: Does not require restart, Severity Rating: Important)

• This security update resolves vulnerabilities in Microsoft.NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if an attacker convinces a user to navigate to a compromised website or open a link in a specially crafted email that is designed to inject client-side code into the user’s browser.

MS15-119 (Impact: Elevation of Privilege, Restart Requirement: Requires restart, Severity Rating: Important)

• This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs specially crafted code that is designed to exploit the vulnerability.

MS15-120 (Impact: Denial of Service, Restart Requirement: May require restart, Severity Rating: Important)

• This security update resolves a denial-of-service vulnerability in Microsoft Windows. An attacker who successfully exploits the vulnerability could cause the server to become nonresponsive. To exploit the vulnerability, an attacker must have valid credentials.

MS15-121 (Impact: Spoofing, Restart Requirement: Requires restart, Severity Rating: Important)

• This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow spoofing if an attacker performs a man-in-the-middle (MiTM) attack between a client and a legitimate server.

MS15-123 (Impact: Information Disclosure, Restart Requirement: May require restart, Severity Rating: Important)

• This security update resolves a vulnerability in Skype for Business and Microsoft Lync. The vulnerability could allow information disclosure if an attacker invites a target user to an instant-message session and then sends that user a message containing specially crafted JavaScript content.

MS15-122 (Impact: Security Feature Bypass, Restart Requirement: Requires restart, Severity Rating: Important)

• This security update resolves a security feature bypass in Microsoft Windows. An attacker could bypass Kerberos authentication on a target machine and decrypt drives protected by BitLocker. The bypass is exploited only if the target system has BitLocker enabled without a PIN or USB key, the computer is domain-joined, and the attacker has physical access to the computer.

Read the full article on channelpartners.com.

Posted by Paul Burns

I’ve recently spent some time with Verismic Software, a company that develops cloud-based IT management technology. As I looked at the value proposition and benefits of the company’s SaaS portfolio, including Syxsense , Power Manager, Application Packaging Service and Password reset, I couldn’t help but think back to the evolution of SaaS benefits… benefits that were hardly known and not fully understood just 15 years ago.

Salesforce.com was founded in 1999. Since then SaaS and other forms of cloud computing have matured and become mainstream technologies. While there is still plenty of ongoing IT spending related to on-premises technologies, IT managers and CIOs no longer blink when asked to consider cloud services. In fact, many of them have instructed their organizations to bias spending toward cloud technologies.

Everyone Understand the Benefits of SaaS, right?

It may seem logical that “everyone” in the IT industry today understands the benefits of SaaS. Yet it has become so commonplace that some in the IT industry are actually forgetting many of the challenges created by purchasing and managing software rather than subscribing to SaaS. In other words, I believe that SaaS has become so ingrained with many early adopters that they are forgetting some of its “original” benefits.

Late adopters tell a slightly different tale. While they have been aware of SaaS for many years, they were often the ones that decided against earlier versions of SaaS offerings. As SaaS has evolved, new benefits have emerged and been refined – leaving a gap in understanding for late adopters. “Many SaaS offerings now offer data center redundancy and rapid disaster recovery? Who knew?”

Looking Back at the Benefits of SaaS

Even though I’ve essentially lived within a cloud bubble for the last six and a half years or so, I found myself saying “Oh yeah, this used to be a lot harder before SaaS” and “SaaS offerings have become more capable than ever.”

Here are some of the SaaS benefits I’ve stumbled upon once again when studying the offerings from Verismic:

• Foundational SaaS benefits have included the many tasks and responsibilities that IT organizations get to avoid by not purchasing licensed software. These apply to most SaaS offerings.
  • Generally no new hardware purchases are needed to get a new SaaS system up and running. If you prefer CapEx to OpEx – and not every organization does – you also get the flexibility of paying as you go, without a huge upfront payment.
  • Without new hardware to deploy, operations teams get to avoid OS and patch installation, tasks that – like ordering the hardware in the first place – can take a lot of time yet not add any differentiated value. They also get to avoid ongoing patch updates.
  • No installation and very little to no system-wide configuration is needed for things like performance, availability, security and scale.
  • Customer-specific configuration is sometimes still required, but SaaS vendors have widely done a good job keep things simple and streamlined.
• There are also important benefits that don’t fit every type of SaaS offering. These benefits are related more to systems and application management offerings such as those from Verismic Software.
  • Systems under management no longer have to be on the same side of the firewall. Verismic Syxsense (and some other SaaS management offerings) easily handles its management tasks from outside the customer firewall. Take note late adopters: hybrid IT has arrived – even for SaaS, and even for managing your on-premises systems.
  • Verismic CMS even eliminates the need for agents running on systems within the firewall. Deploying, managing, updating, troubleshooting and patching management agents can be and enormous headache. If your choosing SaaS to manager your on-premises systems, why should you be forced to go back to the dark ages with complex, error-prone agent management?
  • Other capabilities once handled only within the firewall are also enabled. For example, Verismic CMS will discover new and updated systems, keeping inventory straight even when machines get re-imaged and older systems are retired. Verismic Power manager even learns endpoint behaviors with enough detail that it can efficiently perform power management. Yes, SaaS management offerings can handle low level details and keep up with rapidly changing systems.

Summing It Up

By this point, it should be obvious why SaaS adoption is still rapidly growing. When compared to equivalent on-premise software functionality, SaaS has advantages related to speed, flexibility, efficiency, CapEX, simplicity and more. At the same time, many current offerings no longer face the limitations of early SaaS offerings.

SaaS is no longer just for managing tables of data, isolated from your other applications and workflows. SaaS can be an integral part of your IT systems and processes – and safely manage hardware and software stacks that still live behind your corporate firewall.

Read the full article at neovise.com.

President and CEO of Verismic Software, Ashley Leonard, was featured in TIME Magazine alongside 25 executives for insight into daily habits and success strategies. His advice: don’t hide in your office.

“Too many CEOs are separated from their businesses and their teams by taking the big corner office. I strongly believe that as a CEO I’m a more effective leader by being with my team. I hear more of what is going on. I am more approachable and I can address problems quicker by dumping the office and being with the team. Sure, you need to deal with sensitive meetings and calls sometimes, but all you need is a small meeting room.”

Read the full article on TIME.com.

The idea of information technology support anytime, anywhere is now so common, many companies are unable to function without it. The number of employees who are teleworking or working remotely is rapidly growing. According to Global Workplace Analytics, the number of employees who work offsite has grown 103 percent in the past decade, with a 6.5 percent increase in the past year alone. This represents the largest year over year increase since before the recession. With so many employees scattered in satellites and home offices across the globe, the need for IT support to engage with them remotely is mounting just as fast.

End users, no matter where they are working, require immediate support to keep business going. Endpoints still require constant troubleshooting and servers must have needed security patches around the clock, all over the world. Since the first text-based computer, remote access was a concept, even if it was only a command line. Evolving operating systems with complex graphical interfaces are now the business standard. While working either at the office or offsite, a system can always go down. That is why a remote control support system is a necessary tool of the helpdesk and integral to business continuity.

Resolving tickets on the helpdesk quickly and efficiently, without interrupting either the support professional or end user, is crucial to meeting service levels and maintaining a good relationship with your workforce. Remember—IT should be anytime, anywhere.

Tools of the Trade

Helping a user is not just about maintaining professional quality on the other end of the phone. It’s about the quality of the toolset being used. The tools used to support users who are working remotely, as well as users within the realm of your corporate network, are often different. Helpdesks are using custom-reduced security remote control tools for internal support, and corporate security enhanced software for remote users.

Remote control IT support tools often function as system applications. They often need many powerful permissions. They allow the helpdesk or IT support staff to troubleshoot problems with offsite workers’ devices by taking control of their screens remotely while interacting with the end user.

Sometimes internal customers require physical appliances to broker connections from the internet to an IT support worker’s screen. These often come with a yearly maintenance cost, not to mention the power to run the appliance 24/7. Today, remote control IT support tools are being made to work without the added expense of a physical appliance. For instance, a remote control tool that needs only a modern HTML5 web browser and a “dissolvable” code to take remote control of end-user Windows PCs and laptops located anywhere in the world then vanish without a trace. Multi-point remote control IT support tools allow the help desk to remote control any systems in the organization from any browser, without the need to deploy a remote control client or appliance.

Remote control IT support tools are not just important, they’re necessary. But in order for these tools to be effective, the end user has to be able to access them securely. The proper tool must be able to support users wherever they are. Keep in mind the helpdesk has limited time to use multiple tools. The more tools that are being used, the more likely the company and the end user will run the risk of connection issues, software updates interrupting service, and an extremely high cost of running multiple tools at the same time. Would you buy two different antiviruses to keep your PC safe? No – the right one is all you need.

When considering a remote control IT support tool for your offsite end users, check for added features that will make the tool more efficient such as chat and file transfer.

What about security?
Cyber attackers can exploit remote access tools to compromise a company’s data. When remote control IT support tools are at risk, malicious apps could abuse the remote support functionality to take data, download viruses and open the door to more risk for the company through the connection. The number one target of cyber criminals is unpatched vulnerabilities in apps and the operating system.

IT security teams can protect remote systems with detection and remediation. As with devices at the office, offsite workers need to be educated about what sources are trusted, and to engage the helpdesk when installing any application or downloading any program. To protect the device and ultimately the systems it connects to for work, the proper patches must be kept up to date.

If there has been a possible breech, it’s important to mitigate the problem as quickly as possible. With some remote control IT support tools, IT security can view recorded remote activity for full security auditing purposes.

With so many employees working remotely in town or across the globe, IT helpdesks and support staff also have more tools to serve them and protect the enterprise securely than ever. Remote control support systems are a necessary tool to manage these remote employees’ connectivity and integral to keeping business going. As security and multi-point remote control tools evolve, IT support staff will accomplish their goals of serving employees everywhere safely and efficiently for the company.

Read the full article on tmcnet.com.

Verismic, a provider of IT management software for enterprises across the globe, is standing up for the environment.

The company’s latest announcement regards the latest upgrade to its Syxsense , a set of software tools for cloud-based IT management. This upgrade includes a link to the Verismic Power Manager, which handles power management of networked computers, and can help provide companies with savings on their energy bills.

Ashley Leonard, the president and CEO of Verismic, commented on the need for saving power in this time when global energy consumption is reaching record levels.

“At Verismic, we take this to heart – all year round – by working to provide organizations with green IT solutions at a time when energy consumption across the globe is at an all-time high,” Leonard said. “By leveraging technology from our industry-leading Power Manager platform, we can protect our customers’ enterprise networks through CMS’ unmatched endpoint management capabilities and protect the environment by managing IT system-generated electricity over-use.”

One of the primary benefits of CMS is its cloud-based nature. By working entirely in remote servers, clients can avoid conflicts with their own software and hardware they use or any third-party programs they may utilize on a daily basis. Clients can use any Web browser to enter the CMS interface and gain a complete look at their entire IT systems and associated energy usage.

The system is simple enough to work for small and midsize organizations but remains powerful enough to handle international businesses. From the console, IT managers can make sure that unused devices will power down at the end of the work day. Admins can see which devices use the most power and potentially decide to upgrade on-site hardware to match their energy goals. CMS can also handle unique tasks, such as virus scanning across networks, to make sure all computers within a network are clean and ready to use. It also control inventory management and can patch network computers with the latest software upgrades – all automatically.

For its solid software development, Verismic made TMC’s (News – Alert) list of those companies which were awarded a 2015 Cloud Computing Excellence Award. It stands alongside large market players such as Avaya and Five9 for its development of CMS and involvement in the cloud-based software industry.

Check out the original article at tmcnet.com.