With remote working the future for so many global workforces – or at least some kind of hybrid arrangement – is there an impact on email security we are all missing? Oliver Paterson, director of product management at VIPRE Security, believes so. “The timeframe that people expect now for you to reply to things is… Read more »
The post Oliver Paterson, VIPRE: On email security in the era of hybrid working appeared first on Cloud Computing News.
James Todd, SecOps director at KPMG, describes his role as a merging of SecOps, security architecture, and cloud security. It is a particularly interesting crossing point with regard to automation. “It’s at that intersection of the cloud environment, being very much aligned to deploying everything as code,” says Todd. “A lot of automation is a… Read more »
The post James Todd, KPMG: On automation and machine learning as the future of security appeared first on Cloud Computing News.
Veeam Software, a specialist in modern data protection, has released the findings of the company’s Cloud Protection Trends Report 2023, covering four key ‘as a Service’ scenarios: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), and Backup and Disaster Recovery as a Service (BaaS/DRaaS). The survey found that… Read more »
The post Organisations increasing modern data protection for cloud to reduce security risks appeared first on Cloud Computing News.
Netskope, a specialist in secure access service edge (SASE), has unveiled new research that shows how the prevalence of cloud applications is changing the way threat actors are using phishing attack delivery methods to steal data. The Netskope Cloud and Threat Report: Phishing details trends in phishing delivery methods such as fake login pages and… Read more »
The post Next generation of phishing attacks uses unexpected delivery methods to steal data appeared first on Cloud Computing News.
61% of companies in the healthcare industry suffered a cyberattack on their cloud infrastructure within the last 12 months, compared to 53% for other verticals. This is according to the 2022 Cloud Security Report by cybersecurity vendor Netwrix. Phishing was the most common type of attack reported, followed by ransomware or other malware attacks, and… Read more »
The post 86% of cloud attacks in healthcare sector lead to financial losses or other damage appeared first on Cloud Computing News.
Kevin Bocek, VP of security strategy and threat intelligence, Venafi, explains how cloud complexity and multicloud is increasing the number of outages. Spotify users recently experienced an event that is becoming all-too familiar to digital consumers. They were left unable to listen to their favourite podcasts for hours after an TLS certificate at the streaming… Read more »
The post Over and out: why expired machine identities represent a growing business risk appeared first on Cloud Computing News.
Parallels® Toolbox is helping users find new ways to increase productivity – especially if you need to optimize presentations! Recently released, Parallels Toolbox empowers users with more than 30 easy-to-use, one-click tools, all packaged within a simple interface for both Mac® and PC. This must-have, all-in-one application has helped Sean Bugler, a technical trainer, simplify […]
The post Technical Trainer Leverages Parallels Toolbox to Optimize Presentations appeared first on Parallels Blog.
Update: Apple® releases macOS® High Sierra security fix for critical root vulnerability for macOS High Sierra 10.13.1 (not impacted: macOS Sierra 10.12.6 and earlier). Make sure to install this update on all macOS computers affected, as described at support.apple.com/en-us/HT208315 As reported on CNET on November 28, 2017, a major bug has been uncovered that allows […]
The post macOS High Sierra Critical Update with Parallels Mac Management for Microsoft SCCM appeared first on Parallels Blog.
Just over a year and a half ago, GreenPages posted a video and of Nick Phelps (below) and held a webinar discussing how it’s not VMware NSX vs. Cisco ACI, but the synergistic benefits of running both VMware NSX and Cisco ACI simultaneously which was, at the time, a bit “science-fiction-y.” Fast forward to present day and the tech world has had plenty of time to test how these two products work together. Check out Nick’s update on why using both technologies together can create “a beautiful orchestra of automation!”
As a vendor agnostic solutions provider, GreenPages is in a perfect position to help you evaluate and deploy the best tech depending on your unique business goals. Please reach out to us or your account manager to get started.
By Jake Cryan, Digital Marketing Specialist
Strengthening Network SecurityStrengthening network security is vital to your organization. Check out the tips below to ensure you are well protected.
Any and every device capable of wired or wireless access with an IP address should be known in your environment. This goes beyond desktops, laptops, servers, printers, IP phones, and mobile devices. The “Internet of Things” presents a larger potential footprint of hosts including environmental monitoring and control devices, security cameras, and even things like vending machines. IoT devices all run operating systems that have the potential to be compromised by hackers and used as a platform for performing reconnaissance of your network for more valuable assets. Ensure inventory lists are valid by performing routing network scans to identify unknown devices.
Knowing the culture and habits of users, like when and where they work, is important for establishing baseline behavior patterns. Also, the types of work they do online such as researching, downloading software, and uploading files will vary greatly by industry. For example, users at a law firm are not going to have the same internet usage behavior as users at a software development company. Even within an organization, there will be differences between administrative and technical engineering user behavior. Knowing the behavior of your users will make it easier to identify what is normal versus abnormal network traffic.
The network traffic patterns in your organization should represent the usage of critical business applications that users need to do their job. Understanding these traffic flows is critical to building effective security policies for ACLs, stateful firewall policies, and deep packet inspection rules on network security devices. This applies to traffic within your internal private networks, what is allowed in from the outside, and especially the type of traffic allowed to leave your organization.
The more applications and services running on a host, the more potential for exposure to software vulnerabilities. Software updates are important for bug fixes and new features but security related fixes to applications are critical. Limit the types of applications users may install to reputable software vendors that take security updates seriously. Staying current with operating system security updates is even more important. Situations when legacy applications require older EOL operating systems to run on your network should be monitored very closely and if possible should be segmented to dedicated VLANs.
Know your data & control your data
Understand the data that is critical to your business and classify that data into different levels of sensitivity. You must ensure that encryption is used when transmitting highly sensitive data across the network as well as limit access to sensitive data to only those who require it. It is important to implement effective logging on all devices that store and transmit sensitive data and perform routine checks of your backup solutions to ensure the integrity of critical data backups.
Monitor and control your perimeter (egress too!!)
The network perimeter of your organization includes Internet and WAN connections but also wireless access points. All three of these perimeter pathways need to be protected with the highest levels of access restrictions. Next-generation security appliances should be deployed on all perimeter segments to provide deep packet inspection, content filtering, and malicious URL inspection. Centralized logging of network and security devices using a security information event management (SIEM) solution is vital for analysis and correlation of logging data.
Train your users: they are your weakest link and your best defense
Deliver routine end-user security awareness training to keep users up to date on ways to recognize suspicious email content and websites. Perform routine experimental phishing campaigns to determine how well users are able to identify suspicious emails. Review policies with users on how to manage sensitive data. Make sure users are aware of non-technical methods used by hackers such as social engineering tactics to extract information about your organization.
Implement strong authentication controls
Use multifactor authentication for wireless and VPN remote access whenever possible. Restrict the usage of local user accounts and require complex passwords that must be changed regularly. Implement 802.1x security on wireless LANs as well as wired network connections that are accessible to common areas in your facility.
Utilizing the tips above can go a long way in strengthening network security, reach out to your account manager or contact us to find out more about strategies to strengthen your network.
By Kevin Dresser, Solutions Architect