New data center technology leverages SDN for security

It was announced this week that Israeli security startup GuardiCore had closed a round of fundraising to begin production on its new security system designed to internally secure data centers. The technology takes advantage of recent improvements in network virtualization and uses software-defined networking methods to defend data centers operating at multi-terabit rates of traffic.

"SDN is an opportunity to introduce advanced security controls and capabilities into the data center network in a way that can scale to the demands of a large [data center] and offer a dynamic and proactive security control framework, detecting and mitigating an attack at an early stage,"  said the company in a statement.

A weakness created by modern facilities' tendency to include applications that cross security parameters has been exacerbated by the adoption of intra-data center traffic that moves at multi-terabit levels, according to GuardiCore CEO Pavil Gurvich. The new technology aims to address the increase in cyberattacks committed within a data center that go unnoticed due to insufficient security measures. Traditional methods of defense, including sandboxing, intrusion detection and deep packet inspection, are not capable of keeping pace with the speeds at which data center traffic currently operates.

The first component of this new security system, Active Honeypot, surreptitiously re-routes network traffic to counter attack cybercriminals by sending data to an 'ambush' server. The secret server is highly monitored and is capable of quickly providing information about the attack in order to effectively eliminate the threat. Active Honeypot is currently being evaluated in a variety of data centers and private cloud environments.

The recent round of fundraising was led by Battery Ventures, whose general partner Scott Tobin noted that tracking and eliminating intra-data center threats is the next important skill for the industry to master.

"Traditional security techniques have focused on keeping the bad guys out of the perimeter. GuardiCore's approach assumes you have already been compromised and provides levels of visibility and protection that were previously unattainable," said Tobin. 

Cybersecurity shifts to managed network security

Traditional approaches to cybersecurity such as simply installing antivirus software are losing their edge, according to many in the industry. As a result, companies are increasingly looking to more comprehensive solutions, including additional security training, advanced malware detection, vulnerability scanning services and managed network security services.

The shift away from basic antivirus tools has been occurring for several years now, a recent Wall Street Journal article noted. One executive for one popular antivirus software told the publication that antivirus “is dead.” Instead, companies are increasingly shifting their attention from keeping threats out to detecting intrusions more effectively and minimizing the impact.

Reflecting this trend, recent years have seen rapid growth in investment in services such as advanced malware detection and managed network security, a recent ESG research study found. Six in 10 enterprises working with managed services providers in these areas have increased their use of the services somewhat or substantially in the last two years. In particular, 41 percent are investing in managed network security services, 39 percent are investing in risk assessment services and 39 percent are investing in vulnerability scanning services as well. Around 23 percent of organizations have completely outsourced incident detection and security response or are using a provider for staff augmentation.

“[M]any firms realize that chasing anomalous behavior and malcode demands time, resources, and the right technologies,” Network World contributor Jon Oltsik wrote. “Given this, an average regional bank, process manufacturing company, or teaching hospital may not want to play cyber cops and robbers anymore.”

By outsourcing security tasks and relying on a third-party vendor for services such as managed network security, companies can free up resources to focus on their core competencies, while at the same time improving their effectiveness in fighting today’s advanced security threats.

Reports highlight recent malware explosion

Malware is long-running and consistent threat to companies and computing end users, and, while the cybersecurity community has worked hard to close vulnerabilities and make carrying out exploits more difficult, malware continues to proliferate. Two recent reports highlighted massive spikes in malware infections in late 2013 and the beginning of 2014, respectively. The data should be instructive to companies looking to keep malware out of their networks. With infections on the rise and becoming more insidious, companies can benefit from enlisting malware removal services to address this ongoing problem.

A long-term malware infiltration
In Microsoft's most recent Security Intelligence Report, the company noted that the average rate of malware infection nearly tripled in the final quarter of 2013, due largely to a single malicious browser plugin. In the third quarter of 2013, an average of 5.8 out of every 1,000 Windows computers were infected with malware, but that number increased to 17 per 1,000 in the fourth quarter of the year, according to Tim Rains, director of Microsoft's Trustworthy Computing division.

Much of the increase was due to the proliferation of a program called "Rotbrow," which comes disguised as a browser add-on security product called "Browser Protector," Rains said, according to PCWorld. Computer security companies failed to identify the software as malicious at first because it was not itself dangerous, and it did not do anything threatening immediately. Instead, the program is what's known as a "dropper," a program designed to download other software onto a computer. Eventually, Rotbrow began downloading malicious browser extensions and code such as Sefnit, a botnet tool linked to click fraud and ransomware schemes. Microsoft noted the change and alerted security companies, but the program was already installed on a large number of computers.

"I would characterize it as a low and slow attack," Rains told PCWorld. "They were patient and waited a long time before they started to distribute malicious stuff. I think they gained a lot of people's trust over time."

Rains noted that Microsoft has generally improved its products, reducing the number of remote exploitation vulnerabilities in its software by 70 percent from 2010 to 2013. As a result, malware infection schemes have gotten more elaborate and expensive to carry out. One increasingly common approach has been to bundle malware with legitimate software or music.

A flood of email attacks
Another recent study from email firm AppRiver screened more than 14 billion email messages in the first quarter of 2014. Of those, nearly 10.9 billion were spam, and another 490 million contained malware. The company concluded that one in every 10 pieces of email was malicious, and January was the biggest month for malware traffic since 2008. AppRiver security analyst Fred Touchette warned people to exercise more caution toward emails that address the recipients in vague terms or by their email addresses.

Both studies show that malware threats continue to be a major problem for companies and their employees. Even as tools and awareness to prevent infections improve, the threats are becoming more complex and infections are growing more common. For businesses, the best solution may be to work with a managed services provider to access malware removal and managed network security services to remove the threat.

Malware removal essential as new study shows 100 percent of companies have malware

Malware infection has become effectively ubiquitous, according to Cisco's recently released 2014 Annual Security Report. In the study, 100 percent of companies surveyed were found to be hosting some kind of malware. Given the preponderance of malicious software, the need for malware removal services is high in today's business world.

According to the study, malicious exploits are finding their way into high-level resources such as web hosting servers, nameservers and data centers. Penetrations often go undetected for long periods of time. And more than nine out of 10 web exploits are tied to Java.

"Of all the web-based threats that undermine security, vulnerabilities in the Java programming language continue to be the most frequently exploited target by online criminals," the report stated. "[These] far outstrip those detected in Flash or Adobe PDF documents, which are also popular vectors for criminal activity."

The Java Runtime Environment has long been a favorite target of malware authors because it supports an enormous number of devices and offers a very broad range of functions, providing many possible attack vectors, a TechTarget article noted. Given the complexity of securing any device that may be run on Java, companies are also forced to handle malware reactively. By enlisting a malware removal provider, businesses can locate and address some of the malware that, statistically, is inevitably in their environment.

Managed services equip companies to deal with changing cybersecurity landscape

Each year seems to bring a broader and more complex array of cyber threats to businesses, and many companies are struggling to keep up with the rapid pace of change. According to a recent survey from security software firm KnowBe4, more than half of IT managers – 51 percent – find security harder to maintain now than a year ago. Preventing cyberthreats and responding quickly to security issues are some of the biggest challenges for companies, which is why many are turning to managed services providers for a more secure infrastructure, as well as functions like malware removal and application support.

“Cybercriminals are constantly devising cunning new ways to trick users into clicking their phishing links or opening infected attachments,” KnowBe4 CEO Stu Sjouwerman stated, adding that companies need to respond with thorough cybersecurity procedures, policies and training.

Another recent study from Solutionary and the NTT Group found that 54 percent of new malware goes undetected by antivirus software. As a result, companies need to make sure they are protected at the application level by using secure software and applying updates, ITBusinessEdge contributor Sue Poremba wrote in a recent column. Leveraging managed services for application support can help ensure software is kept updated and secured against threats, while external expertise can also be valuable in implementing state-of-the-art perimeter solutions and secure data center infrastructure.

Additionally, a managed services provider that offers malware removal can be a valuable partner in responding to and limiting the damage of an incident like an SQL injection attack, which the Solutionary study noted can easily cost a business $200,000 or more. Such protection might be unaffordable for a small business to implement in-house, but, by outsourcing certain IT management functions, companies can access state-of-the-art security solutions and industry-leading expertise. With the right portfolio of tools protecting it, a small business can avoid these ever-expanding threats.

Disaster recovery services, cybersecurity critical to protecting electric grid from attacks

Over the past few years, the utilities industry has made a concentrated effort to make key infrastructure "smarter." The integration of data-capturing devices and automated, software-based management systems has the potential to create smart electric grids that can more effectively use and distribute power, reducing energy costs and environmental impact in the process.

However, turning power grids into connected devices has potentially harrowing implications – a concentrated cyberattack could cause lengthy and widespread outages, not only withholding electricity from businesses and residences, but disrupting communications, healthcare systems and the economy. According to many cybersecurity researchers, the likelihood of a potential problem occurring is less of an "if" and more of a "when." 

Ramping up disaster recovery services and cybersecurity protocols is key to shielding the smart electric grid from a devastating attack. While the federal government tries to increase the efficacy and stringency of its own security measures, it's important that utility companies – from national generators to local distributors – build up their own prevention and backup systems, according to a recent white paper by the three co-chairs of the Bipartisan Policy Center's Electric Grid Cybersecurity Initiative. This effort will require a hybrid system that responds to both physical and cybersecurity threats. 

"Managing cybersecurity risks on the electric grid raises challenges unlike those in more traditional business IT networks and systems," the report stated. "[I]t will be necessary to resolve differences that remain between the frameworks that govern cyber attack response and traditional disaster response."

Disaster recovery efforts need to include backup digital systems that rival physical ones. Electric grids require faultless failover technology that can depend on a secondary backup network if the primary one is taken offline for any reason. As the Baker Institute pointed out in a recent Forbes article, the measure of a disaster recovery system's effectiveness is based on whether the grid can be restarted following a major breach, disruption or cyberattack. Without a system that can effectively monitor, prevent and immediately respond to such threats, the smart electric grid could be putting many key infrastructure systems in danger.

Target breach fallout highlights importance of comprehensive malware removal

Without proactive malware removal, organizations are putting themselves at serious risk. Recent developments in the Target data breach saga highlight the direct costs that can result from a lax approach to eliminating malware. As more details emerge about the hack, which resulted in the compromise of 40 million credit card numbers and 70 million pieces of personal information, it’s become evident that the embattled retailer likely could have prevented the attack if it had a stronger, more comprehensive approach to malware removal.

The latest development, per Bloomberg Businessweek, is the discovery that Target was actually warned about the vulnerability that led to the breach through a malware detection tool. The $1.6 million technology monitored Target servers and computers around the clock, looking for anything amiss. The alert system worked the way it was supposed to, according to FireEye, the malware detection tool’s producer, and the Bangalore-based security specialists in charge of scanning the retailer’s network. They notified Target’s Minneapolis-based security team according to procedure, who ended up not doing anything about it.

Of course, hindsight is 20/20, but it’s worth pointing out that malware detection is only half of the battle. Malware removal requires organizations to be proactive. Whether Target’s security team didn’t recognize the severity of the vulnerability and the need for swift action is undetermined, but it’s important to remember that cyberthreats don’t wait. In an interview with NPR, Businessweek’s Michael Riley said that Target’s reactionary or indecisive approach was unable to keep the hacking attempt at bay.

“Whatever was going on inside Target’s security team, they didn’t recognize this as a serious breach,” Riley told NPR. “There was no serious investigation that went on. They didn’t go to the server itself to figure out what the malware was doing.”

Insulating organizations against attacks and identifying malware are difficult tasks that require constant vigilance. A company unsure of whether it can provide this level of attention should strongly consider adopting a third-party malware removal service that can neutralize threats in a preventative fashion.

You've got mail, and it's a virus: Why organizations need cloud storage services for email

Security researchers recently discovered a cache of personal records for sale on the Internet’s black market, including 1.25 billion email addresses, according to the Independent. Finding one email address for every seven people in the world in the care of hackers is alarming. Email continues to be the central repository for the digital transmission and storage of confidential information and remains one of cybercriminals’ prime targets. Cloud storage services are a must for organizations struggling to take control of email security and management.

Keeping on top of email storage and archival is challenging for organizations of any size. Smaller organizations lack the IT resources of their larger peers, making it difficult to process email and ensure that all files are stored safely. Bigger companies have dedicated IT departments, but they also have massive email systems generated by bigger user bases and more diverse device profiles. The expertise and resources required to maintain in-house email storage are usually too costly. Either way, upholding the integrity of protection and system management at all times is beyond the purview of virtually every organization.

Adhering to traditional models of email storage simply won’t suffice in the face of today’s threat landscape. Moving email to cloud storage services, on the other hand, allows organizations to outsource the hardware and storage support to a trusted third party provider, wrote Nashville Business Journal contributor Richard Pinson.

“Hosting your own email requires constant upgrading, patching, backing up and monitoring,” Pinson wrote. “Once email transitions to the cloud, the service provider is responsible for all storage maintenance tasks and provides the most-recent version of their product.”

Cloud storage services are scalable, meaning that an organization won’t pay for what they don’t use. Over the long term, this is a much more cost-effective option than having to update legacy in-house environments every few years to respond to new security and productivity challenges. It only takes one malicious email ending up in a user’s inbox to let hackers in. In this landscape, organizations need the help of a dedicated cloud provider to keep their confidential information safe.

ISG Announces Executive Responsibility Changes

The Twin Valley family of companies announced leadership changes among their C-Level executives, effective for 2014. John Gunn, President and Co-Founder of ISG Technology, will transition from his current role as President and COO to Chief Strategy Officer of ISG Technology. Gunn will focus on supporting and defining the strategy of ISG Technology.  Gunn currently serves and will remain on the board of directors for all three companies.  Ben Foster, current CEO of all Twin Valley companies, will assume the general management of ISG Technology previously handled by Gunn. Foster will remain President and  CEO for the Twin Valley companies.

“When Twin Valley acquired ISG Technology in 2011 the roadmap and evolution of our company was clear to both John and me,” said Foster. “John has served and will continue to serve as a critical business leader and advisor to the Twin Valley family of companies.  This is a carefully planned transition that will enhance our clients’ ability to attain their organizational goals.”

Additionally, Scott Cissna has joined the Twin Valley companies as CFO, effective January 6, 2014.  Cissna brings more than 20 years of finance experience from the telecommunications, cloud services, and wireless industries.  With his broad base of experience ranging from performing sophisticated analysis to building scalable teams, Cissna is an analytical leader and decision maker hired to help navigate the complex, growing, and rapidly changing landscape where the companies operate.

The Twin Valley family of companies is a privately owned business with diversified investments and holdings in the telecommunications and IT space. The company is diversified through three separate operating entities; Twin Valley Telephone, Twin Valley Communications, and ISG Technology.

Twin Valley Telephone and Twin Valley Communications is the largest privately owned independent telecommunications company in the state of Kansas, providing voice and advanced services in rural areas for more than 65 years.  Over state-of-the-art FTTP infrastructure, Twin Valley’s portfolio includes voice, broadband, television, cloud services, hosted voice, wireless, and security.  Through strategic acquisitions and organic growth, the company has experienced a tenfold growth in the past decade.

ISG Technology is a full spectrum Data Center and IT Infrastructure partner uniquely positioned to provide complete solutions from client premises all the way to the cloud. With more than 30 years of experience, ISG has the unique ability to provide IT equipment (IT Infrastructure), cloud services through a regional Network of Data Centers (Data Center Services), the required connectivity (Bandwidth) to connect it all together, and the ongoing support to help manage client’s IT environments (ITaaS). ISG places a premium on enduring client relationships and reference-ability – attributes only achievable through deep understanding of client business objectives, authoritative vision of what’s possible, and the relentless commitment to deliver successful solutions.