Skip to main content
Monthly Archives

July 2016

||||

Verismic Named Finalist for OC Technology Alliance Awards

By AwardsNo Comments

Verismic Recognized for Explosive Growth and and Transformative Cloud-Based Technology; Syxsense Enables Agentless Management of All Devices

Verismic has been named a finalist in the “Emerging Technology Company” and “Emerging Technology CEO” categories of the Orange County Technology Alliance’s annual High-Tech Innovation Awards. Verismic’s agentless Syxsense is a cloud-based IT management solution that automates cumbersome IT tasks such as software distribution, third-party patching and power management. A user-friendly dashboard allows for tracking of IT assets through automated and customizable reporting.

[vc_single_image source=”featured_image” img_size=”medium” alignment=”center”]

“We’re thrilled to earn this recognition from the influential OC Tech Alliance, an organization that does great work promoting Orange County as an important technology hub,” says Verismic president and CEO, Ashley Leonard. “Syxsense provides companies with a better way to distribute software and handle patching, resulting in reduced costs and a more productive IT department. I’m also honored to receive the accolade as an emerging technology CEO. My success is not possible without the the Verismic team which provides our customers with a sophisticated IT management platform and amazing service.”

Now in its 23rd year, the High-Tech Innovation Awards is Southern California’s premier awards program event celebrating achievement among the regional tech industry. The OC Tech Alliance honors local companies, leaders and technology products that make Orange County a technology hub. The winners will be announced at a gala dinner on October 6, 2016, at the Westin South Coast Plaza.

“Orange County is home to many outstanding technology companies and our judges had a difficult task of choosing finalists from many worthy submissions,” said Peter M. Craig, OC Tech Alliance chairman. “We congratulate Verismic as a finalist in these categories as it certainly achieves high marks for technology innovation here in Orange County.”

This press release was originally published on Marketwired.

||||

5 Ways Your Data is Safer in the Cloud

By NewsNo Comments

As the cloud continues to grow, so do the misconceptions.

The cloud is often misunderstood. Security and privacy are top concerns for users when it comes to their data, and the thought of not having physical control is a problem for many users. However, those same users might not be aware of the security benefits the cloud provides. That’s right, there are legitimate security bonuses for using the cloud. Let’s explore why your data is safer in the cloud and how using the cloud can help your organization.

[vc_single_image image=”10061″ img_size=”medium” alignment=”center”]

1) Reduced Human Error – We’ve all done it. That brief moment of horror when you can’t find your phone or laptop. It’s a harrowing experience because so much of our lives are connected to these devices. But what would happen if you actually lost your device and it made its way into the hands of some unsavoury sorts? Locally stored data is at a major risk for moments just like this. Cloud data storage mitigates the fallout from human error by securing data with the cloud service provider. So even if they get into the device they won’t have access to your data without your login credentials.

2) Multilevel Monitoring – Data stored in the cloud is monitored way more closely than you might think. Cloud application providers and data hosts, like Microsoft and Azure, are vigilant about keeping data secure in the cloud. Both monitor your information closely because it’s in their best interest to do so. Their vast resources are dedicated to keeping your data secure because they want you to continue partnering with them. This multileveled monitoring is particularly adept at securing data, and when something does get compromised they quickly remediate and inform you of what’s occurred.

3) Georeplicated Data – One of the most unique features of the cloud is its accessibility. Locally stored data is susceptible for a multitude of reasons, including a corrupted hard drive or even damage due to natural disasters such as floods and earthquakes. If something of this magnitude were to strike then it spells the end for many users’ data, but if data is stored in the cloud that data is georeplicated. This means that even if one storage site is damaged or goes down for some reason, cloud users already have backups in place because their data is replicated across many unique geographic locations.

4) Encryption – There’s a notion among some users that data in transit is easily identified and because it’s travelling in the cloud that other users are capable of accessing it. Data in transit between local user and cloud service provider is actually encrypted, meaning that even if someone could get access (which is highly unlikely) deciphering that information would be far more hassle than it’s probably worth. There are also many cloud service providers that offer user end encryption, so data stored in the cloud is encrypted with the user having the only key. It’s a nice extra touch that certifies the protection of user data.

[vc_single_image image=”10066″ img_size=”medium” alignment=”center”]

5) Two-Factor/Multifactor Authentication – It’s a basic level of security, but many cloud providers understand that usernames and passwords aren’t always sufficient when it comes to protecting user data. That’s why two-factor authentication is such a common practice among cloud providers because it’s important to ensure the individuals with access to data are also who it belongs to. There are even some cloud service providers who take it an extra step and offer multifactor authentication which adds security measures like a thumbprint scan or voice recognition.

Data security is rightfully important for users. There’s nothing worse than having your data in the hands of the wrong people, but that keeping data stuffed inside a mattress probably isn’t the secure answer. The cloud is one of the safest places to secure data and it’s constantly improving. Just be sure that who you choose as your cloud service provider is a trusted partner. There’s a lot to like when moving to the cloud and security is just one of the benefits you’ll be able to take advantage of.

This article was originally published on Engadget.com.

|||

No School Left Behind: How Technology is Helping Schools Go Green

By NewsNo Comments

In 2011, the United States initiated the U.S. Department of Education Green Ribbon Schools (ED-GRS) program. The goal was inspiring schools, districts and Institutions of Higher Education (IHEs) “to strive for 21st century excellence, by highlighting promising practices and resources that all can employ.” Those selected each year demonstrate outstanding progress in three areas, referred to as the Three Pillars:

  1. Promoting better health for students and staff
  2. Providing effective environmental education—incorporating STEM (science, technology, engineering and math), civic skills and green career pathways
  3. Taking action to reduce environmental impact and utility costs.

Last year’s 81 honorees, voluntarily nominated by 30 state education agencies, were selected from 28 jurisdictions. This includes 52 public schools and six private schools serving various grade levels and diverse populations. Of the 35 elementary, 19 middle and 17 high schools selected, 47 percent serve a disadvantaged student body, 22 percent are from rural areas, and 33 percent of the postsecondary institutions were community colleges.

[vc_single_image image=”10050″ img_size=”medium” alignment=”center”]

These numbers may seem small compared to the thousands of educational institutions in the U.S., but for every publicly recognized school, district or IHE, countless more are working tirelessly toward their green ribbons. Focused on reducing environmental impact and cutting energy consumption, educational institutions and communities everywhere are realizing tremendous benefits from new technology and software applications. They are not only cost-effective, but simple to use, even for an IT department of one.

Schools with new tools

Boulder Valley School District (BVSD) is part of a committed, environmentally conscious community that takes pride as a U.S. leader of sustainability. As a community hub, BVSD supports the community’s sustainability efforts which include offering residents and businesses a reliable and affordable power supply. By installing cloud-based, energy-saving software to nearly 10,000 computers and devices with virtual server technology, BVSD’s IT team manages power usage on thousands of computers with a single interface. This is a significant step toward reducing costs while helping the community achieve its environmental goals and a clean energy future.

Positive economic growth in any community relies on educational opportunities, including modernized facilities and technology. When visitors consider moving to a new community, they are typically interested in touring schools to observe opportunities available for their children. New technology plays an important role in the classroom, but it is critical to running cost-effective, efficient schools to provide quality education.

[vc_single_image image=”10055″ img_size=”medium” alignment=”center”]

Cloud-based solutions improve efficiency and save taxpayer money

The National School Boards Association recently honored Nevada’s second largest school district, Washoe County School District (WCSD), for increasing its graduation rate, increasing the achievement of low-income and minority students, and placing highly qualified teachers in schools with the greatest need. Serving 63,000 students across 93 school sites in Reno and Sparks, WCSD strives for academic excellence and environmental stewardship. Working to streamline processes and reduce its carbon footprint, the district deploys cloud-based software, which saves up to $500,000 in energy costs each year.

Even small school districts are taking initiatives with energy cost savings and better technology solutions. These decisions help administrators direct resources toward educating students rather than expanding operational costs.

For example, Donnie Morgan oversees all technology issues for Stanton County Unified School District 452 (USD 452), the only school district in Johnson, Kansas. Like many rural U.S. school districts, budgetary constraints create challenges for Ms. Morgan, who had few resources available for managing, maintaining and updating nearly 350 outdated computers. With a chaotic IT environment, Ms. Morgan explored a free trial of a Syxsense , which included energy-saving tools. She ran the demo and performed a lab update within 15 minutes, something that would normally take several hours. She realized this was the perfect solution for not only simplifying IT processes, but also cutting energy consumption for the entire district. CMS ultimately benefits the bottom line, environment and quality of education in USD 452.

Technology’s transformational potential—beyond the classroom

Regardless of geographic and economic barriers, America is finding new ways to use technology beyond the classroom. With an estimated annual revenue of $605 billion from K-12 education, there is potential for transformation through advancing technologies. Administrators are faced with diminishing resources and rising expectations, thus investing in cost-efficient technology is crucial. As educational institutions strive to reduce costs and improve student outcomes through technology, Green Ribbon Schools may become a thing of the past due to 100 percent success. However, this is a stepping stone towards increased sustainability for the world.

This article was originally published on TMCnet.

Top 5 Cloud Security Myths

By NewsNo Comments

The cloud offers countless benefits to organizations everywhere. Unfortunately, there are countless misconceptions as well.

User privacy and data security are major concerns across any IT infrastructure. A recent poll shows that only 38 percent of global organizations say they are prepared to handle a sophisticated cyberattack. Still, there is a reluctance among many organizations to adopt cloud computing systems due to fear that the system would be incapable of handling major security threats.

Many businesses are just more comfortable internally managing IT systems with on-premises solutions. However, reluctance to use cloud computing systems shouldn’t be based on misconceptions. There are tremendous benefits businesses enjoy when transitioning to cloud-based solutions, and it’s important to dispel some particularly erroneous cloud computing myths.

[vc_single_image image=”7289″ img_size=”medium” alignment=”center”]

1. Data is less secure when stored in the cloud

Security is often listed as the primary concern for the IT departments of companies of all sizes. Data breaches and information hacks continue to rise, and some companies believe that data is more secure if it’s on premises. Companies choosing this option must of course manually deliver each patch and security update to their internal networks. This also leaves them with the task of monitoring servers to ensure that unauthorized access isn’t gained.

One of the primary benefits that cloud computing services provide is that they do the patching and security monitoring for you. Transferring data storage to the cloud better secures company data by reducing stress on internal IT departments. In addition, there are multiple levels of monitoring of the cloud data, with the cloud application provider and data host, such as Microsoft or Azure (which have more robust security measures in place than a typical IT department), each owning a part of the data security responsibility.

This also doesn’t account for potential natural disasters that may strike a company, such as earthquakes, fires, or floods. If a company’s data center is hit by any of these natural disasters, it could be an even greater disaster for the company. If the company has taken the proper measures to create backups of the data at an offsite location, then it is closely approaching the same ideas used for the cloud. But the cloud demonstrates a major advantage over on-premises solutions, with georeplicated data centers. So if a disaster does strike a geographic region, the company data is safe because it’s replicated across many geographically unique sites.

Lastly, cloud security frequently firewalls internal and external networks. Since the target location of most breaches is internal due to users unintentionally downloading malware through unlicensed software, creating a firewall that insulates the internal network and prevents the external network from becoming compromised adds additional layers of security. The same works in reverse. If it is an external threat, the firewall will prevent internal networks from becoming compromised too. It’s no wonder that 69 percent of organizations are relying on cloudbased cybersecurity to reduce risk and create better security.

[vc_single_image image=”11058″ img_size=”medium” alignment=”center”]

2. Data can’t be controlled once it’s in the cloud

Due to compliance, regulatory, and security issues, there is justifiable concern regarding the geographical storage location of data once it is in the cloud. This is particularly important for organizations that work extensively with confidential records that cannot be stored outside of the country. Organizations in the healthcare field as well as businesses that deal with financial information must meet industry compliance, regulatory, and security standards.

European security standards also require that data be stored within Europe to meet compliance. For U.S. businesses that wish to expand overseas, this would require them to build a costly onpremises data center in Europe, or they could partner with one of the several cloud providers that readily provide information on data storage location and can work to meet compliance standards. Additionally, there is the option of the private cloud, which adds control over the network environment while benefiting from the features cloud computing provides.

3. BYOD and cloud computing are fads

Bring your own device (BYOD) is used by many companies that appreciate its ease of use, since devices aren’t required to be tethered to a network infrastructure when using this model. Companies that adopt the BYOD method of operating are typically major proponents of cloud computing. Even though BYOD as a strategy will likely evolve into another model for business operations, cloud computing has definitely proved itself as far more than a fad. Many of the top businesses in the world are already taking advantage of cloud computing technologies while simultaneously deploying robust security measures to keep information safe.

4. Anyone has access to your data in the cloud

Many people believe that the cloud is more susceptible to threats, given that it’s maintained by an outside provider that manages data storage for other users. Although public clouds permit sharing of network space by different users, this does not give anyone else access to your data. Data is encrypted in transit for cloud networks, which makes deciphering any potential breach nearly impossible. Internal networks don’t usually deploy encryption, making them more susceptible if a breach does occur for the onpremises center. Data in the cloud operates like a highway: The road is shared among many vehicles, but no one is entering your car because it’s locked (encrypted) and traveling down the highway.

5. Cloud computing is too new to trust

The cloud has existed a lot longer than many people realize. The concept of the cloud began in the 1950s. The first mainframes were so expensive that major corporations and universities set up terminals and shared the mainframe. As the internet became widely accessible in the ’90s, cloud computing started to really take shape along today’s lines. Purchasing and deploying software over the Internet started in the late ’90s, so there’s over 20 years of history where businesses used cloud computing technologies to better their businesses.

In addition to how much security cloud computing can lend to your organization, there are even more positive aspects of the cloud. Lowered expenses when it comes to operating and maintaining cloud software as opposed to traditional IT software is just one additional bonus. Once you get past the myths about the cloud that do nothing more than limit the perception of cloud computing’s ability, you get a clearer view on how using the cloud can actually improve the way your organization functions.

This article was originally published on Tech Beacon.

|

Who Watches the Watchmen?

By Patch ManagementNo Comments

You might recognize this article’s title as an important question posed in Alan Moore’s classic graphic novel, “Watchmen.” If you’re unfamiliar with the novel, this line examines what happens when heroes (the Watchmen) are left unchecked. What happens when one of them goes rogue? It’s a call for a checks and balances approach, one that applies to various aspects of life and business.

Consider an IT department’s system management tool. These tools are used by IT departments of all sizes, from small start-ups to larger early-stage firms with explosive growth. These tools are similar to a hero protecting citizens, but in this case it’s a company’s valuable data requiring protection. What happens if the tool is compromised? Who watches the tool when the tool is designed to do the watching?

[vc_single_image image=”10030″ img_size=”medium” alignment=”center”]

This is a question many businesses face when using agent-based solutions. If the agent is compromised and backdoor access is gained through the agent, then what happens to the network? Are there measures in place to mitigate the branding disaster that could follow? For some context, an agent is software that runs on a system and sends information to a central location for use by another program or service. Agentless solutions still collect the necessary data, but use the previously installed software instead of installing and maintaining software on every machine in the network.

The problem of unauthorized access or comprised agents is not simply a theoretical scenario. Recently, Panda Security and Symantec Altiris IT Management Suite (ITMS) had emergency patches released for their agent-based endpoint management software. Both clients had vulnerabilities in the agents that enabled unauthorized access to installed networks. It gave unauthorized users the ability to access system-level privileges, effectively controlling the system management tool undetected.

So what’s the solution for detecting and properly managing system management tools? Or as Alan Moore so eloquently puts it, “who watches the watchmen?”

Read the full article on Entrepreneur.com.

||

Don’t Let Ransomware Ruin Your Summer

By Patch ManagementNo Comments

Summertime beckons lazy days to unwind by the pool. Unfortunately, threatening vulnerabilities and menacing ransomware do not take vacations.

IT security officers must remain ever vigilant in protecting their companies’ systems. In July, Microsoft released a total of 11 bulletins—six rated Critical and five rated Important. Thirty KB updates covering Office 2007 (another junk mail filter update) were also released. Two major antivirus solutions became exposed to critical vulnerabilities in the core engine used in both solutions. In a recent Google Project Zero blog, Tavis Ormandy commented, “These vulnerabilities are as bad as it gets.”

[vc_single_image source=”featured_image” img_size=”medium” alignment=”center”]

He added, “They don’t require any user interaction, they affect the default configuration and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption” (full article here).

The US-CERT (United States Computer Emergency Readiness Team) provides advice on protecting systems from Ransomware infections. Since vulnerable applications and operating systems are targeted in most attacks, it’s recommended to keep operating systems and software up-to-date with the latest patches. Being patched with the latest updates reduces the number of exploitable entry points available to an attacker.

[vc_single_image image=”11077″]

Antivirus solutions are not the be-all and end-all solution for securing environments. Recently, two very popular antivirus solutions were exposed. Without a well-planned patch remediation policy, those environments would be in serious trouble if a vulnerability was to spread through their network. Based on insights from industry experts (including our own), it’s vital to pay special attention to the following updates from this month’s Patch Tuesday. The recommendation underscores the anticipated business impact, and most importantly, the independent CVSS score for the vulnerability.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

Microsoft Updates

MS16-084 resolves 15 vulnerabilities with Internet Explorer 9 (Windows Vista) to Internet Explorer 11. It affects how IE handles objects within memory, how the Jscript scripting engine works and fixes some XSS/HTML filter validation. Due to the number of customers still using IE, it’s recommended to make this a priority for this month.

MS16-085 plugs 13 vulnerabilities with Microsoft Edge by remediating several memory handle issues, including how Edge implements Address Space Layout Randomisation (ASLR), and how the browser parses HTTP responses. Although there are no known exploits currently publicly disclosed, due to the increase in Windows 10 usage, it’s recommended to make this update a priority this month.

MS16-088 resolves several vulnerabilities with Office 2007 to 2016 by closing several memory/ object issues and how some libraries are validated by Windows. With the rise in exploits being seen using Word, Excel and PowerPoint documents, it’s vital to make this a priority this month.

MS16-093 fixes 52 individual vulnerabilities with Adobe Flash Player on Windows 8.1, Windows 10 and Windows Server 2012 (known as APSB16-25). This update resolves a race condition, as well as improves type confusion and several buffer overflow and memory leaks, including stack corruption that could be used to execute code or information disclosure. Make sure Adobe updates are included within a monthly patching cycle. This is critical, especially when the number of vulnerabilities is resolved by a single update, which dwarfs the number resolved in the entire Microsoft bulletin list.

The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 are Medium and 0-3.9 are Low.

MS16-084 Cumulative Security Update for Internet Explorer (3169991)

(Impact: Remote Code Execution, Restart Requirement: Yes, Severity: Critical, CVSS Score: 9.3)

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker, who successfully exploited the vulnerabilities, could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker is able to install programs as well as view, change or delete data. Even new accounts can be created by the attacker with full user rights.

MS16-085 Cumulative Security Update for Microsoft Edge (3169999)

(Impact: Remote Code Execution, Restart Requirement: Yes, Severity: Critical, CVSS Score: 9.3)

This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

MS16-086 Cumulative Security Update for JScript and VBScript (3169996)

(Impact: Remote Code Execution, Restart Requirement: Maybe, Severity: Critical, CVSS Score: 9.3)

This security update resolves a vulnerability in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker, who successfully exploited the vulnerability, could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker, who successfully exploited the vulnerabilities, could take control of an affected system. An attacker is able to install programs as well as view, change or delete data. Even new accounts can be created by the attacker with full user rights.

MS16-087 Security Update for Windows Print Spooler Components (3170005)

(Impact: Remote Code Execution, Restart Requirement: Maybe, Severity: Critical, CVSS Score: 9.3)

This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker is able to execute a man-in-the-middle (MiTM) attack on a workstation or print server, or set up a rogue print server on a target network.

MS16-088 Security Update for Microsoft Office (3170008)

(Impact: Remote Code Execution, Restart Requirement: Maybe, Severity: Critical, CVSS Score: 9.3)

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

MS16-089 Security Update for Windows Secure Kernel Mode (3170050)

(Impact: Information Disclosure, Restart Requirement: Yes, Severity: Important, CVSS Score: 1.7)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Windows Secure Kernel Mode improperly handles objects in memory.

MS16-090 Security Update for Windows Kernel-Mode Drivers (3171481)

(Impact: Elevation of Privilege, Restart Requirement: Yes, Severity: Important, CVSS Score: 7.2)

This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

MS16-091 Security Update for .NET Framework (3170048)

(Impact: Information Disclosure, Restart Requirement: Maybe, Severity: Important, CVSS Score: 4.3)

This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could cause information disclosure if an attacker uploads a specially crafted XML file to a web-based application.

MS16-092 Security Update for Windows Kernel (3171910)

(Impact: Security Feature Bypass, Restart Requirement: Yes, Severity: Important, CVSS Score: 2.1)

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow security feature bypass if the Windows kernel fails to determine how a low integrity application can use certain object manager features.

MS16-093 Security Update for Adobe Flash Player (3174060)

(Impact: Remote Code Execution, Restart Requirement: Yes, Severity: Critical, CVSS Score: No Score Stated)

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows RT 8.1, Windows Server 2012 R2 and Windows 10.

MS16-094 Security Update for Secure Boot (3177404)

(Impact: Security Feature Bypass, Restart Requirement: Yes, Severity: Important, CVSS Score: 1.7)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow Secure Boot security features to be bypassed if an attacker installs an affected policy on a target device. An attacker must have either administrative privileges or physical access to install a policy and bypass Secure Boot.

Learn more about Patch Management with Syxsense

This article was originally posted on Channel Partners.