Skip to main content
All Posts By

bmhume

Verismic Does Remote PC Power Management

By NewsNo Comments

Verismic enhanced its Syxsense with Verismic Power Manager. This updated version of Verismic’s cloud-based IT management software includes remote-control capabilities for PC power management.

Verismic’s CMS allows organizations to proactively monitor and manage their IT infrastructure and reduce energy costs. Verismic says its CMS does not require the installation of software, compared to most endpoint management solutions that run the risk of conflicting with existing client software.

Power Manager is now natively integrated into the CMS. It monitors computer activity throughout each day to reduce power consumption without impacting user productivity and powers down unused devices overnight. The Power Manager module will support multiple power vendors, currencies and power rates – even for complex, international organizations.

Read the feature on energymanagertoday.com

[vc_single_image image=”4007″ img_size=”medium” alignment=”center”]
||||

Verismic Enhances Award-Winning Syxsense With Real-Time Energy-Saving Solution

By NewsNo Comments

First-of-Its-Kind Agentless Systems Management Software Provides Enterprises With Environmental IT Solution, Just in Time for Earth Day

ALISO VIEJO, CA–(Marketwired – Apr 22, 2015) – Verismic, a global provider of IT management solutions delivered from the cloud, today announced the roll-out of its newly upgraded Syxsense , enhanced with Verismic Power Manager — the most advanced, non-disruptive PC power management software on the market. This updated version of Verismic’s cloud-based IT management software suite will include superior remote-control capabilities and will provide enterprises with cost- and energy-savings from one of the most awarded PC power management solutions just in time for Earth Day.

[vc_single_image image=”4718″ img_size=”medium” alignment=”center”]

“Each April, we are reminded of the increasingly critical responsibility we bear to become stewards of the environment, regardless of industry,” says Verismic President and CEO, Ashley Leonard. “At Verismic, we take this to heart — all year round — by working to provide organizations with green IT solutions at a time when energy consumption across the globe is at an all-time high. By leveraging technology from our industry-leading Power Manager platform, we can protect our customers’ enterprise networks through CMS’ unmatched endpoint management capabilities and protect the environment by managing IT system-generated electricity over-use.”

Designed and built for the cloud, Verismic’s CMS allows organizations to proactively monitor and manage their IT infrastructure and reduce energy costs — saving on utility bills month after month, year after year. While most endpoint management solutions run the risk of conflicting with existing client software and require agents that can take months to deploy, Verismic’s CMS — with no software to install — eliminates the need for dedicated staff, servers and skills to manage enterprise IT infrastructure and is accessible from any supported web browser.

Power Manager, which is offered as a stand-alone solution from Verismic and is now natively integrated into CMS, monitors computer activity throughout each day to reduce power consumption without impacting user productivity and powers down unused devices overnight, resulting in a streamlined environment and an improved bottom line. The addition of the Power Manager module to CMS will allow for greater enterprise efficiency, and will support multiple power vendors, currencies and power rates — even for the most complex, international organizations

“Our school district currently uses about 16,000 computers — between desktops, laptops, tablets and iPads — that all require time-sensitive, large-scale software distributions and uninterrupted workflows,” says Marilyn Christie, network and systems engineer for Kyrene School District. “Verismic helps us reduce our carbon footprint and successfully manage necessary maintenance windows — from shutting computers down and waking them up for students, to carrying out specific tasks automatically like addressing applied patches and checking anti-virus software.”

For more information on Verismic’s energy-saving and award-winning Syxsense, visit www.syxsense.com.

ABOUT VERISMIC: Verismic Software, Inc. is a global industry leader providing cloud-based IT management technology and green solutions focused on enabling greater efficiency, cost-savings and security control for users, all while engaging in endpoint management. Headquartered in Aliso Viejo, Calif., Verismic is a growing and dynamic organization with offices in four countries and 12 partners in nine countries. Over the past two years, Verismic has worked with more than 150 companies ranging from 30 to 10,000 endpoints delivering a variety of solutions for organizations of all sizes as well as managed service providers (MSPs). Verismic’s software portfolio includes the first-of-its-kind agentless, Syxsense ; Power Manager; Software Packaging and Password Reset. For more information, visit www.verismic.com.

CONTACT INFORMATION

  • MEDIA CONTACT:
    Leslie Licano
    Beyond Fifteen Communications, Inc.
    949.733.8679
    [email protected]
[vc_single_image image=”4711″ img_size=”medium” alignment=”center”]
|

Enterprise Security Trends that Will Rule 2015

By NewsNo Comments

From 3D printers that can replicate the intricate details of the human heart to wearable technology that tracks everything from blood pressure to incoming emails, 2015 shows great promise in becoming “Year One” of the new digital world order. But before we get too distracted, it’s worth paying attention to—and learning from—the past, which has consistently revealed where even the most established industry giants stumble: enterprise security.

Last year alone, the U.S. witnessed colossal data breaches in both the public and private sectors—from home improvement, to health care, to the entertainment industry—including the highly publicized Sony attack. While it may have been the latest wake-up call, the Sony scandal was by no means the most significant. A string of breaches, including Home Depot, Target, Goodwill Industries, Dairy Queen and JP Morgan, which single-handedly affected 76 million households and 7 million small businesses, sent shockwaves throughout the world.

[vc_single_image image=”4514″ img_size=”full” alignment=”center”]

Enterprise Infrastructure

If 2014 was the year of the hack, it’s logical to conclude that 2015 will be the year of fighting back. As diligently as an enterprise works to innovate groundbreaking advances in products and services, so too must they implement enterprise security solutions. Recent breaches, including leaks of users’ personal data and credentials from popular services like Dropbox and Apple iCloud have once again identified cybersecurity as a harrowing issue that requires immediate attention from both users and enterprises. Rather than focusing solely on prevention, however, today’s enterprises are now proactively beginning to use monitoring techniques for quick identification of and response to any kind of potential infiltration before it occurs. This trend, say analysts at the Gartner Security & Risk Management Summit—which takes a comprehensive look at the entire spectrum of IT security—will expand and evolve organizational roles to include a digital risk officer (DRO)

Read the full article on techzone360.com

|

Sick of Your Systems Management Toolset?

By NewsNo Comments
[vc_single_image image=”3811″ img_size=”medium” alignment=”center”]

IT Systems Management toolsets are becoming increasingly more complex. Whether you have tried one single solution or are using multiple products for patching, remote control, software distribution and inventory, so much work goes in to just managing and maintaining these tools. We invite you to join industry expert and Head of Desktop Management Services at Verismic Robert Brown for an informative webinar where he will share the top six issues IT professionals are sick of dealing with and best options to overcome them.

[vc_single_image image=”2463″ img_size=”large”]
About the Presenter: Robert Brown is the head of Desktop Management Services at Verismic and is responsible for all software delivery services, which includes Security Updates and software distribution deployments. Rob Brown has 15+ years background in IT industry and within the last 10 years has focused on the systems management space.
||||

A patchy channel

By Managed Service Providers, Patch ManagementNo Comments

Downtime: one word to strike fear into the hearts of even the hardiest IT manager.

Avoiding downtime at pretty much all costs is the name of the game now. However, with the reliance on Microsoft products and their attendant regular security updates, some downtime will inevitably be necessary to roll out patches to keep systems secure.

The problem is that the more updates there are, the more downtime is needed to update and install patches. This can be a challenge for customers, but for IT service providers and managed services companies it can be a real headache. Invariably, your customers have a very limited window where systems can be taken offline to install patches.

[vc_single_image image=”3458″]

“Do your own research and don’t be afraid to look elsewhere when advising customers about patches and security vulnerabilities.” – Ashley Leonard, President and CEO of Verismic

This is all well and good when there are only a few patches, such as in Microsoft’s January update, but when there are a large number (generally eight or more), it can be a real challenge. Microsoft has its own rating system for its patches: critical, important, moderate, and low.

On a typical Patch Tuesday we will see a small number rated critical, and the rest are invariably rated important. If taken at face value, you’d presume to roll out critical patch updates first, and work down the list.

But what may be a critical patch for one of your customers could in fact be almost unnecessary for others due to the different systems they use.

Read the full article on channelweb.co.uk

|

Microsoft Patch Tuesday insight: FREAK, Stuxnet and more

By Patch Management, Patch TuesdayNo Comments
[vc_single_image image=”3310″ img_size=”full” alignment=”center”]

Each month I’ll be offering insight into Microsoft’s Patch Tuesday updates, giving advice on which are the most serious vulnerabilities and how to prioritize them. Microsoft rates it’s own vulnerabilities internally, so whilst the ratings can give a good idea of severity, the scoring system isn’t infallible.

We generally compare two sources of information to try and understand the full impact of the patch update – Microsoft’s own rating as well as ratings from US-CERT [United States-Computer Emergency Readiness Team], which uses the Common Vulnerability Scoring System (CVSS).

By taking US-Cert’s independent ratings alongside Microsoft’s, you get a much clearer picture of which vulnerabilities are going to pose the biggest risk to your customers.

This month’s Microsoft Patch Tuesday is a relatively hefty one, with a total of 14 separate updates, with five rated Critical and the rest as Important, according to Microsoft. One update that surprises me is MS15-031, which resolves a major well-known issue with Windows called FREAK. This was serious enough a vulnerability that it was almost released as an out-of-band patch just last week, yet it’s only been rated as Important and not increased to Critical. Very odd!

The eagle-eyed will also notice MS15-020 is included in this month’s update that fixes the Stuxnet vulnerability, which is a virus/worm believed to have been developed by the US and Israel and used specifically to attack nuclear reprocessing plants in Iran. With a CVSS of 9.3 this should definitely be a priority for all businesses, whether you happen to be working at an Iranian nuclear plant or not.

Outlined below are the patches that you should actually consider rolling out first.

Critical patches
MS15-018 – CVSS: 9.3
This security update fixes a total of 13 separate vulnerabilities in Internet Explorer. The most serious flaw could allow remote code execution if a user were to a view a specially crafted webpage. An attacker would be able to gain the same access rights as the current user, so if you’re logged in as an administrator, that attacker can essentially have full control of the system.

The update addresses the vulnerability by modifying the way Internet Explorer handles objects in memory, helps to ensure policies are properly enforced and by adding additional permission validations.

MS15-019 – CVSS: 9.3
This security update resolves a vulnerability in VBScript (a script language designed for interpretation by web browsers). Again, if a user visits a specially crafted webpage it could allow remote code execution. The update is rated Critical for the VBScript scripting engine in Microsoft Windows, but only moderate for affected versions of VBScript on Windows Servers.

MS15-020 – CVSS: 9.3
This patch addresses the Stuxnet vulnerability, and while there were previous patches, they didn’t completely fix all of the vulnerable path code. Even if you aren’t working at an Iranian nuclear reprocessing plant its still worth patching as it can allow remote code execution if a user browses a specially crafted web page, open a specially crafted file, or browse a working directory that contains a specially crafted DLL file. Let’s stop Stuxnet once and for all!

MS15-021 – CVSS: 9.3
This update resolves eight privately reported vulnerabilities within Adobe Font Driver. The most serious of the eight could allow an attacker to take complete control of an affected system if a user views a specially crafted file or website.

MS15-022 – CVSS: 9.3
The final Critical update from Microsoft addresses vulnerabilities in Microsoft Office 2007, 2010 and 2013. This update patches five privately reported vulnerabilities, three of which could allow remote code execution.

Important updates
A further nine updates came from Microsoft this month that were all rated as Important. There is some discrepancy over the severity of the Important updates this month compared to US-CERT’s rating, so I’d recommend patching MS15-025 and MS15-030 once you’ve dealt with the Critical updates, and then take the rest from there.

Three of the Important updates [MS15-023, MS15-025, MS15-026] could allow an elevation of privilege. That is to say, an attacker that successfully gains access to your system can elevate their privilege to an administrator. From there, they could install programs; view, change or delete data; or create new accounts with full user rights.

Two updates (MS15-028, MS15-031) could allow security feature bypass, so an attacker with limited privileges could use the vulnerabilities to execute files that they do not have permission to run. MS15-031 resolves the FREAK vulnerability, an industry-wide issue that’s not specific just to the Windows operating system.

The final three updates resolve issues in Microsoft Windows and NETLOGON that prevent spoofing, information disclosure, and a denial of service attack.

Next steps
There’s rarely a Patch Tuesday that goes by where there isn’t an issue with one of the patches that can cause problems such as the dreaded blue screen of death. I’d advise that before you roll out patches to your customers, look at the binary code for each update and move to testing and piloting the updates before deployment. This is what we do for both our customers and MSPs and then work through the roll out of the patches through Verismic Syxsense.

Update no. CVSS Score Microsoft rating Affected software Details
MS15-018 9.3 Critical Microsoft Windows, Internet Explorer Cumulative security update for Internet Explorer
MS15-019 9.3 Critical Microsoft Windows Vulnerability in VBScript scripting engine could allow remote code execution
MS15-020 9.3 Critical Microsoft Windows Vulnerabilities in Microsoft Windows could allow remote code execution
MS15-021 9.3 Critical Microsoft Windows Vulnerabilities in Adobe Font Driver could allow remote code execution
MS15-022 9.3 Critical Microsoft Office, Microsoft Server Software Vulnerabilities in Microsoft Office could allow remote code execution
MS15-030 7.8 Important Microsoft Windows Vulnerability in Remote Desktop Protocol could allow denial of service
MS15-025 7.2 Important Microsoft Windows Vulnerabilities in Windows Kernel could allow elevation of privilege
MS15-023 5.6 Important Microsoft Windows Vulnerabilities in Kernel-Mode Driver could allow elevation of privilege
MS15-024 4.3 Important Microsoft Windows Vulnerability in PNG Processing could allow information disclosure
MS15-026 4.3 Important Microsoft Exchange Vulnerabilities in Microsoft Exchange Server could allow elevation of privilege
MS15-027 4.3 Important Microsoft Windows Vulnerability in NETLOGON could allow spoofing
MS15029 4.3 Important Microsoft Windows Vulnerability in Windows Photo Decoder Component could allow information disclosure
MS15-028 2.1 Important Microsoft Windows Vulnerability in Windows Task Scheduler could allow security feature bypass
MS15-031 5.0 Important Microsoft Windows Vulnerability in Schannel could allow security feature bypass

Our monthly blog post appears here.