Kaspersky Endpoint Security Cloud review: Merciless against malware

Dave Mitchell

31 Aug, 2021

Easily managed and good value, Kaspersky is a great choice for small businesses

£405 exc VAT

Kaspersky offers an endpoint protection answer for every business. Large firms that want total control can choose its on-site Endpoint Security for Business products, while smaller companies that don’t want to run their own host server have two cloud-managed solutions to choose from.

We tested Kaspersky’s Endpoint Security Cloud, which is managed entirely from a cloud portal and protects ten to 150 Windows systems and Macs. Licensing is flexible, with each user licence supporting one workstation, laptop or server, plus two iOS or Android mobile devices.

The standard service includes protection against all types of malware and ransomware, a client firewall, a network attack blocker and vulnerability scanning. There’s also a new cloud discovery feature that lets you keep an eye on email, file-sharing, messaging and social networking services being accessed by users.

If you need more, you can move up to the Plus version, which adds Office 365 protection, URL-based web filtering, endpoint device controls, encryption and patch management. The Plus service lets you block specific cloud services too, while the regular tier only monitors them.

We found deployment pleasingly simple: the agent can be downloaded and installed directly from the web portal, or you can email a download link to users. Either way, it takes around five minutes to set up, with a further 15-minute wait while the client registers its licence.

Once that’s done, protection starts immediately with a default security policy that enables everything Kaspersky has to offer. If you want to customise your coverage, it’s easy to create your own policies, organise clients into groups and grant admin rights to specific users. For Windows systems there are three levels of file and web threat protection on offer, and you can choose whether to scan emails for dodgy content and enable network threat protection. If you have the Plus version, you can browse all detected cloud services and decide whether to block any. Macs get file, web and network threat protection, but mail and cloud discovery are off the menu.

It’s a varied offering for mobile users too. Android devices benefit from antivirus protection plus web and app controls, while for iOS it’s more about access security: the portal lets you create APNs certificates, allowing you to choose what device features are accessible, set a screen lock and password policy, apply simple website keyword blocking and restrict which networks can be joined.

As you’d hope, the whole system is highly responsive to threats. When we tried introducing malware to some of our test Windows 10 systems, the local client blocked them immediately, with email alerts landing in our administrative mailbox barely ten seconds later.

The web portal is very informative. A graph displays the top five categories of cloud services in use and lets you drill down to see exactly who’s using what; our only slight niggle is that this took several hours to populate with details on detected services. Below, more graphs show device protection status, the OS spread, detected threats and the results of daily vulnerability scans. There’s a good set of predefined reports too, covering protection status, threats, database updates and cloud discovery, which can be exported in CSV and PDF formats.

If your business is of a suitable size, Kaspersky Endpoint Security Cloud is great value, especially since each licence includes protection for two mobile devices. The cloud discovery component can be a little slow, but endpoint protection doesn’t get any stronger than this and the cloud portal is very easy to work with.

Windows 11 rollout will begin on 5 October

Zach Marzouk

31 Aug, 2021

Microsoft has confirmed that Windows 11 will be released on 5 October, with all eligible devices to be offered the free upgrade by mid-2022.

From 5 October, Microsoft will start rolling out Windows 11 to eligible Windows 10 PCs, while PCs that come preloaded with Windows 11 will start to become available for purchase. The update is set to be rolled out in a phased approach, which means that new eligible devices will be offered the upgrade first. 

For UK customers, the new update will be available “beginning this holiday season”.

“The upgrade will then roll out over time to in-market devices based on intelligence models that consider hardware eligibility, reliability metrics, age of device and other factors that impact the upgrade experience,” the company stated.

Microsoft expects all eligible devices to be offered the free upgrade to Windows 11 by mid-2022. Users that have a Windows 10 PC that’s eligible for the update will be notified by Windows Update when it’s available. Alternatively, users can check to see if it is ready by going to Settings>Windows Update and select “Check for updates”.

New features in Windows 11 include “Start”, which uses the power of the cloud and Microsoft 365 to show users their recent files, no matter what device they were viewing them on. Chat from Microsoft Teams is integrated into the taskbar, a new Microsoft Store will be available, and Snap Layouts, Snap Groups and Desktops will allow users to multitask and optimise their screen space.

One feature that won’t be included at launch is the inclusion of Android apps support in Windows 11 and the Microsoft Store, through the company’s collaboration with Amazon and Intel. Microsoft said that it will start with a preview for this feature for Windows Insiders “over the coming months”.

Microsoft recently provided more details on the reliability of computers that could update to Windows 11, saying that those systems were more reliable in use.

“Those that did not meet the minimum system requirements had 52% more kernel mode crashes (blue screens) than those that did meet the requirements,” Microsoft said. “Additionally, app hangs are 17% more likely, and for first-party apps, we see 43% more crashes on unsupported hardware.”

Pace of government IT spending to slow in 2022

Keumars Afifi-Sabet

31 Aug, 2021

Investment in digital technologies will see global government IT expenditure rise by 6.5% between 2021 and 2022, with total spending expected to hit $557.3 billion (approximately £479 billion) next year.

IT infrastructure and applications modernisation, as well as digital government transformation, are the key areas that are set to fuel government IT spending in 2022, according to Gartner. 

COVID-19 funding packages, too, will drive further investment in digital enablement, including support for sustainable growth, social programmes, education, cyber security and digital inclusion.

“Governments will continue to accelerate investments in digital technologies to respond and recover from the continuing evolution of public health uncertainties due to the COVID-19 pandemic,” said Irma Fabular,  research vice president at Gartner.

“The disruptions caused by the pandemic have also reinforced a key digital government tenet, which is public policy and technology are inseparable.”

Although the total amount of government IT spending will reach new highs, the 6.5% increase represents a slowing down in the pace of growth, given that government IT spending rise by 9.5% between 2020 and 2021.

The rise between this year and next will mostly be driven by a 12% rise in software spending, from $135.6 to $151.9 billion (roughly £98.4 to £110.2 billion). Even this, however, is a slowdown from the 14.9% rise between 2020 and 2021.

The area expected to benefit from the most expenditure is IT services, with $203.9 billion (approximately £147.9 billion) spent in this area in 2022. 

The only area in which the pace of change is set to be faster in 2022 than between 2020 and this year is internal services, which will increase in spending by 2.7% versus 0.3% last year. 

Spending on telecoms services and devices will actually fall by 0.8% and 1.6% respectively between 2021 and 2022. This represents a massive turnaround for spending on devices, in particular, which rose by 17.6% between 2020 and 2021.

Despite the pace of spending falling slightly overall, these overall levels of expenditure still represents a massive commitment from governments across the world to digital transformation and the revamping of IT infrastructure. 

The pandemic has served to boost the pace of digital transformation in the public sector, with Gartner estimating that by 2025, more than half of government agencies will have modernised critical core legacy applications.

Zoom reports first billion-dollar quarter despite slowing growth

Bobby Hellard

31 Aug, 2021

Zoom posted its first billion-dollar quarter on Monday but issued a cautious estimate for the rest of the year with demand for the platform expected to slow dramatically.

The company’s Q3 revenues brought in between $1.015 billion and $1.020 billion, a 31.2% rise year-on-year. 

Zoom was one of the biggest success stories of the pandemic, enjoying unparalleled growth and adoption in its business while consumers and companies were forced into multiple lockdowns. By the middle of 2020, the company had seen its daily active users grow by 355%.

However, there has long been a feeling that this would dissipate with the successful rollout of COVID vaccines and the return to the workplace.

“We had expected that (the slowdown) towards the end of the year, but it’s just happened a little bit more quickly than we expected,” chief financial officer Kelly Steckelberg said on an earnings call.

Zoom has also faced stiff competition from the likes of Cisco Webex and Microsoft Teams, both of which have dented its efforts to win bigger contracts from businesses.

Zoom said it expects a decline in revenue from smaller businesses – those with 10 or fewer employees – that pay their subscriptions on a monthly basis. The company has adjusted its earnings for the third quarter, expecting between $1.07 and $1.08 per share, compared to previous estimates of $1.09 a share. 

The company has also pushed ahead with plans to expand its business, essentially moving from a service to a global platform like Google. It recently announced a buyout of call-centre software maker Five9 for $14.7 billion – its largest deal to date – and has also begun to invest in smaller firms to build products and services on its platform. 

NHSX guidance aims to improve NHS digital transformation efforts

Sabina Weston

31 Aug, 2021

NHSX has published a new set of guidelines that aims to help NHS trusts embrace technology to further their digital transformation efforts. 

The move follows a report from earlier this year which found that major technological innovations implemented in the NHS during the COVID-19 pandemic need “further work” before they are locked in.

Known as What Good Looks Like (WGLL), the new framework provides NHS managers with instructions on how to use digital technology in medical services – as well as information about who should be paying for it.

NHSX hopes the WGLL guidelines will set a “common foundation that should be in place across the NHS”, from making it easier for patients to access online services to implementing the correct cyber security measures in order to avoid cyber attacks.

WGLL also calls for NHS trusts to make digital services, such as online access to care plans, test results, and electronic prescribing systems, easily accessible across the whole of the UK, and not just in select locations.

This would help to reduce health inequalities as well as make work easier for frontline workers, whom, according to NHSX chief executive Matthew Gould, were a key part of developing the guidelines.

“They have been produced following extensive consultations with the frontline, and will continue to change as we get more feedback. They are designed to be helpful, empowering and clear. They set out what they should be driving towards, and how they will need to pay for it,” he said.

The NHSX has also published a set of proposals on how to tackle the obstacles in digital technology investments. Known as Who Pays For What, it aims to solve issues such as the uncertainties over funding sources, digital transformation costs, and lack of understanding of the benefits of digital investment.

The NHSX is proposing changes in financial and payments policies in 2021 to 2022 as well as seeking to encourage the uptake of established technologies and promote the adoption of emerging innovations.

It also announced that it’s bringing together multiple existing funding pots into one national application process, in order to simplify the bidding process and make funds more equally distributed.

Commenting on today’s news, NHSX CIO Sonia Patel said that she hopes that “these resources are both empowering and enabling in terms of understanding the destination we commonly want to reach across the nation with digital transformation”.

“Talking to leaders across the NHS, there is a renewed belief and confidence in the digital and data agenda and increasing awareness of the importance it holds in supporting a modern NHS,” she added.

Microsoft Exchange Server flaw lets attackers misconfigure mailboxes

Keumars Afifi-Sabet

31 Aug, 2021

A now-patched vulnerability in Microsoft Exchange Server, dubbed ProxyToken, could be abused by an unauthenticated attacker to perform configuration actions on targeted mailboxes.

This latest flaw in the beleaguered platform is tracked as CVE-2021-33766 and is rated 7.3 out of ten on the threat severity scale, and might give rise to the disclosure of personal information if abused.

A hypothetical example of exploitation, according to researchers with the Zero Day Initiative, could lead to an attacker copying all email addresses on a targeted account and forwarding them to an account controlled by the attacker.  

The flaw lies in the Delegated Authentication feature, a mechanism in which the front-end site passes authentication requests to the back-end system when it detects the presence of a SecurityToken cookie.

Because Microsoft Exchange needs to be specifically configured to use the feature and have the backend carry out checks, the module that handles this delegation isn’t loaded under a default configuration. 

This leads to a bypass as the back-end fails to authenticate incoming requests based on the SecurityToken cookie. The back-end will be completely unaware that it needs to authenticate incoming requests, which means requests can sail through without being subject to authentication on either the front or back-end systems.

Microsoft patched this vulnerability as part of its Patch Tuesday round of fixes for July, with no evidence so far that hackers have exploited it.

Businesses will be put on high alert in light of the existence of another Microsoft Exchange Server flaw, however, following the supply-chain attack earlier in the year. 

Hackers linked with the Chinese state exploited four flaws in the platform to launch a series of attacks against potentially hundreds of thousands of victims in March, according to security researchers.

The incident was one of many similar supply-chain attacks during 2021, including the infamous SolarWinds hack towards the end of last year.

Microsoft Azure flaw exposed ‘thousands’ of customer databases

Bobby Hellard

27 Aug, 2021

Microsoft has warned thousands of its Azure cloud customers that their main databases have been compromised.

The impacted customers included some of the world’s largest companies, according to cyber security researcher Wiz

The vulnerability is in Microsoft’s Azure Cosmos database and allows intruders to read, change and even delete customer information, according to Wiz. The researchers were able to find keys that control access to databases held by “thousands” of companies.

The chief technology officer of Wiz, Ami Luttwak, is former CTO of Microsoft’s Cloud Security Group. Her team found the exploit, dubbed ‘ChaosDB’, on 9 August and notified Microsoft on 12 August. 

“This is the worst cloud vulnerability you can imagine. It is a long-lasting secret,” Luttwak told Reuters. “This is the central database of Azure, and we were able to get access to any customer database that we wanted.”

IT Pro has approached Microsoft for comment, but it seems that it cannot change the access keys by itself, according to emails sent by the company to Wiz. The tech giant has reportedly agreed to pay the security researchers $40,000 for finding the flaw and reporting it.

In the email to customers, Microsoft said it has fixed the vulnerability, adding that there was no evidence the flaw had been exploited: “We have no indication that external entities outside the researcher (Wiz) had access to the primary read-write key,” it said. 

This latest disclosure comes just a few months after the SolarWinds hack, where actors suspected to be working for the Russian government stole Microsoft’s source code and caused breaches and issues around the world.

Exchange email flaws were still cropping up last week, with the US government sending out a warning that customers needed to instal patches that were issued months ago because ransomware gangs were now exploiting them. 

IBM launches SASE services

Danny Bradbury

26 Aug, 2021

IBM has unveiled a set of secure access service edge (SASE) solutions to help customers secure complex distributed work environments. 

SASE is a concept first articulated by Gartner in a 2019 white paper. It combines security and SD-WAN in a cloud-based approach designed to embed security directly into the network. This enables companies to apply security policies in the cloud that govern users no matter where they are. 

Because the network and security are software-defined, administrators can manage them programmatically, making it easier to update these policies across the organisation. 

IBM Security Services for SASE is an end-to-end offering covering strategic consulting, design and integration, and application onboarding. It also encompasses a set of managed security services in the cloud to protect user sessions and data, such as secure web gateways, cloud-based firewalls, cloud access security broker services and data loss prevention. 

Zero-trust security is another big component of SASE. This part of the solution removes implicit trust for people that access the network and verifies their identity when accessing resources inside the company’s infrastructure. Zscaler, with which IBM partnered in May, will provide the zero-trust functionality for IBM’s SASE portfolio. 

IBM sees potential for its SASE services in areas such as hybrid workforce access, contractor and third-party access, and edge computing scenarios. It can also help to secure businesses undergoing mergers and acquisitions, the company said. 

IBM commissioned a study from Forrester to support its SASE roll-out, and it found 60% of companies lacked a clear security strategy spanning their entire cloud deployment.

Most companies (70%) found it challenging to implement centralised security controls across multi-cloud environments, while almost two-thirds found it difficult to secure their remote and in-office employees across multiple devices and locations. 

Microsoft hires AWS veteran Charlie Bell for VP role

Bobby Hellard

26 Aug, 2021

Microsoft has reportedly hired former Amazon Web Services (AWS) executive Charlie Bell for an undisclosed position.

Bell, who left AWS earlier in August, has been listed as a ‘corporate vice president’ but assigned to the department led by Kathleen Hogan, Microsoft’s chief human resources officer, according to CNBC sources.

It’s unlikely that Bell will stay within the human resources team at Microsoft, given his 23-year career at AWS was largely spent developing services such as EC2 and S3 computing and storage. He was also reportedly a candidate to succeed Andy Jassy as the cloud giant’s CEO.

The secrecy around his role is thought to be due to a ‘non-compete clause’ he may have signed with AWS. The Information reports that “people familiar with the matter” said Bell is going to take “a few weeks off” while Microsoft and AWS work out what Bell can do in his new role without violating the non-compete agreement.

AWS is well known for using the practice of non-compete agreements, which prevents one party from participating in activities that would directly compete with the other party, and has taken legal action against a number of former employees for breaking these agreements.

In 2019, ex-global director of financial services, Philip Moyer was taken to court after leaving AWS for a similar role at Google. Brian Hall, a former VP of product marketing at AWS, was also hit with legal action after leaving for Google Cloud. In both cases, AWS alleged that it was the terms of the new role that violated the non-compete agreement.

Whatever role Bell eventually takes, he brings extensive leadership experience to Microsoft, having held management roles at Oracle and an engineering position at Boeing in the early 1980s. He also ran his own business, Server Technologies Group, which was acquired by Amazon in 1998, kicking off his career with AWS.

Managed edge services market primed for growth

Danny Bradbury

24 Aug, 2021

IDC has predicted a bright future for the managed edge computing services market as multiple drivers compel businesses to rethink their computing architectures. 

The market research company forecasts worldwide revenues of $445.3 million for the managed edge services market this year, up 43.5% compared to 2020. This positive trend will continue until at least 2025, with a compound annual growth rate of 55.1% during that period. 

Managed edge services are low-latency services that process data near the edge of a network, closer to where it is consumed and produced. Services in this emerging market range from content distribution through to edge application hosting and real-time data analytics

IDC has identified three types of managed edge services environments. On-premises or private deployments located at the customer’s facilities, such as production plants or health care facilities, will be the fastest-growing use case with a five-year CAGR of 74.5%. An example might be augmented reality services or industrial automation.

Service provider deployments in a public cloud service or telco’s premises will enjoy the second-fastest growth. IDC added that this use case will involve fixed and mobile deployments and would be significant for sector-specific applications. It expects a CAGR of 59.2%, making it the largest market segment by next year. 

Finally, IDC singled out content distribution network (CDN) services as a specific use case. CDNs will continue to refine their services with new edge technologies. IDC expects more personalized and interactive media experiences from the CDN managed edge services segment, enjoying a 41.9% CAGR over five years. 

A key driver for the deployment of managed edge services is the need for process efficiencies. Analysts also pointed to new consumer applications, such as augmented and virtual reality

Data sovereignty and security measures will also be big drivers as companies strive to maintain regulatory compliance while pursuing better customer experiences. 

5G will also play a big part in managed edge services, the company said. Cloud service providers will partner with 5G infrastructure companies — typically telcos. Data center operators will also be eager to participate, as will network equipment vendors and software companies.