Recent Tech News
FOR IMMEDIATE RELEASE: IntegraONE Launches IoT Dedicated Practice as Part of Digital Transformation InitiativeAllentown, December 12, 2017 — IntegraONE, a leading technology systems integrator based in Pennsylvania since 1990, announced today that it has launched a dedicated Internet of Things (IoT) practice as part of its larger digital transformation initiative.
The new IoT practice will be led by Peter Walsh, IoT Practice Manager, IntegraONE, and focus on consultative development strategies, and secure datacenter for at-the-edge implementations and management. IntegraONE is a recognized leader in networking, data center, and security solutions among its vendor partners. The company has served clients in the healthcare, commercial, education, government, and financial industries for more than 27 years.
IntegraONE’s emphasis and investment in this new IoT solution area evolved from its close relationship with its clients and understanding of the impact of digital transformation, including IoT, on their strategic business initiatives and objectives.
“This new focus area is another step in our continued dedication to providing the most advanced technologies to our clients to enable them to meet their ever-changing technology needs and organizational objectives,” explained Marty Andrefski, President, IntegraONE. “It allows us to have deeper conversations with our clients around how we can help them meet the challenges of IoT and digital transformation.”
IoT has roots across all industries and early adopters of these solutions are realizing a higher customer experience, cost savings, and insight into both opportunities and threats that they didn’t have in the past. In the vast IoT landscape, IntegraONE’s focus is on the optimization of client strategy and the assessment of infrastructure to ensure solutions are never underpowered and always secure.
IoT solutions are helping businesses realize operational efficiency, including break/fix, utility optimization, process efficiency, and resource tracking and sharing. As more connected devices are introduced to the business environment, the case for adoption of IoT strategies grows stronger. IntegraONE’s new IoT practice enables clients to respond to this challenge and manage these devices effectively.
“Smart buildings, smart schools, smart healthcare are the reality of the world today as digital transformation affects every type of organization from healthcare and long-term care facilities, to K-12 schools and higher education, to government entities, financial institutions, and commercial businesses. IntegraONE knows how to simplify the vast IoT landscape into a custom strategy for our clients,” explained Pete Walsh, IoT Practice Manager, IntegraONE. “Our job is to make sure our clients are tapped into the full power of what an IoT solution can offer while also ensuring they have the right security and protection in place,” said Walsh.
For more information on IntegraONE’s solutions, including IoT technologies, please visit www.integra1.net.
Founded in 1990, IntegraONE provides clients throughout Pennsylvania, New York, New Jersey, Delaware, and Maryland with a full range of networking and technology solutions around the following core competencies: network infrastructure, data center solutions, security technologies, unified communications, managed services, IoT technologies, and technical repair services.
IntegraONE maintains partnerships with industry leading technology companies such as Cisco Systems, HP Enterprise, HP, Inc., VMware, Fortinet, APC, Axis, Barracuda, Bradford, EMC, Ruckus Networks, Eset, Kaspersky, Lenovo, Eaton, FireEye, ForeScout, Cylance, Veeam, StorageCraft, Lightspeed Systems, Trend Micro, and more.
Allentown Headquarters: 7248 Tilghman Street, Suite 120, Allentown, PA 18106
Central PA Office: 1007 Mumma Road, Suite 100, Wormleysburg, PA 17043
Pittsburgh Area Office:
Philadelphia Metro Office: 1300 Virginia Avenue, Suite 305, Fort Washington, PA
December Blog - The Year in Review
by Brad Rudisail, MCITP, MCSE, Virtualization Administrator, Network Engineer
It is that time of year when we pause and reflect on the year from a cybersecurity point of view and review some of the year’s most devastating and extraordinary cyber-attacks. More importantly, we look back at them in order to determine how best to combat similar attacks in the future so that our organizations do not garner unwanted headlines in the year ahead.
Continue reading December Blog
Cylance - New exploit allows malware that’s quarantined in some antivirus programs to still infect computers...
There’s an interesting new exploit being discussed online that deserves some attention: malware that’s quarantined in some antivirus programs can still infect computers, partially due to a quirk in how Windows handles files via NTFS.
Information security auditor Florian Bogner discovered this exploit while conducting penetration testing for some of his clients and named it AVGater.
Bogner lists the affected vendors who have patched the vulnerability here and believes others may also be affected. (Rest assured that Cylance’s product doesn’t have this vulnerability. There, that’s been said.)
Why is the Exploit Specific to Windows Applications?
Unprivileged Windows users can interact with their antivirus application’s UI. They usually may change some of the application’s settings and see warnings related to potential malware. But in order to conduct actions such as monitoring file access or putting suspected malware files into quarantine, the antivirus application must interact with the Windows System level within user mode, which is more privileged. Checking scanned objects for known threat identifiers with signatures, heuristics, or both probably involves the kernel.
There are channels between the unprivileged user, the Windows System, and the kernel and those channels have been shown to be susceptible to privilege escalation with the AVGater exploit. When an object is restored from the antivirus application’s quarantine, that action is carried out by the Windows System privileged user. In Windows, the System can circumvent access control lists.
Anyone with access to a Windows computer can make an NTFS directory junction, otherwise known as a soft link. They’re implemented through reparse points, and can be used to link one folder to another, provided they’re within the same logical drive on the disk. An example of a logical drive in Windows is C, which is the default main HDD partition.
Let’s say a malicious DLL file has been quarantined by the antivirus application. An attacker who exploits the AVGater vulnerability can create an NTFS directory junction from the quarantine location to any other folder within the logical drive. Bogner believes the targeted folder would probably be inside C:\Program Files or C:\Windows, but it doesn’t have to be.
According to Windows’ DLL search order, applications will look for a DLL in the System or Windows folders, including their children, if the DLL can’t be found from a known path or the application’s folder. If the DLL the application finds is malicious, then bingo, you’ve got a cyberattack.
Bogner describes the AVGater attack scenario as follows:
A vulnerable antivirus program quarantines a malicious DLL. Then the NTFS directory junction process is exploited to link the malware from the original source path to another folder, usually within C:\Program Files or C:\Windows to maximize the probability of the malicious DLL’s execution.
That NTFS directory junction process is a way to privilege escalate to the System level. The malicious DLL can be written to a folder the unprivileged user doesn’t have access to. Because of the DLL search order, the malware can be executed and then an attacker who doesn’t have administrative access can then take control of the targeted computer.
To protect against the vulnerability, Bogner recommends frequent antivirus software patching, and not giving users in corporate environments the privileges needed to restore files from quarantine. I’d suggest that you can also consider AI-driven antivirus solutions.
For more information, please visit our partner, Cylance.
Fortinet Quarterly Report: The Battle Against Cybercrime Continues to Escalate
Fortinet just released its Threat Landscape Report for Q3 of 2017. Its findings are drawn from millions of sensors deployed inside production environments across the globe.
This quarter’s report focuses on three key threat indicators: exploits, malware, and botnets. The first two provide a view into criminal attempts to identify and compromise vulnerable systems. The third, botnets, provides insight into malware that has managed to penetrate a network and its communications back to its command and control center. It also examines important zero-day vulnerabilities and infrastructure trends of the corresponding attack surface to add context about the trajectory of cyberattacks affecting organizations over time. Combined, they provide insight into what cybercriminals value, and the techniques they rely on to access those resources. This information, in turn, provides valuable information on what sorts of security measures organizations should be focused on.
In terms of exploits, 79% of organizations being monitored saw severe attacks in the third quarter, with an average of 153 attacks per firm. The top exploit of the quarter, targeted at the Apache.Struts vulnerability, was reported by 35% of organizations. That is the exploit that attackers leveraged to nab approximately 145 million records from credit bureau Equifax, which was first reported on September 7th.
One of the key takeaways from this data is that whether it’s WannaCry in Q2 or Apache Struts in Q3, long-known and yet still-unpatched vulnerabilities continue to bite organizations time and time again. Which is why it is imperative that IT teams pay close attention to critical patch releases and establish an aggressive patch and replace protocol. In addition to lapses in regular patching, network and device hygiene are the next most neglected elements of security. They may not be the most fun or sexy part of security, but they are critically important.
According to Phil Quade, Fortinet’s Chief Information Security Officer, “long-known and yet still-unpatched vulnerabilities consistently serve as the gateway for attacks. Remaining vigilant of new threats and vulnerabilities in the wild is critical, but organizations also need to keep sight of what is happening within their own environment. Of course, continually removing unnecessary application services, stamping out vulnerabilities, and maintaining good order in IT environments is easier said than done. However, there is an increased urgency for prioritizing security hygiene, along with a need to embrace fabric-based security approaches that leverage automation, integration, and strategic segmentation. Our adversaries are adopting automated and scripted techniques, so we need to raise their price of attacking to combat today’s new normal.”
As with exploits, malware analysis helps uncover adversary intent and capability. During Q3 the FortiGuard Labs team detected nearly 15,000 unique malware variants from over 2,600 different families, which while down slightly from Q2, still represents a huge variety of ways to compromise a network. Of the total number of organizations analyzed, 22% reported attempts to infect their systems with ransomware, with the Locky ransomware family roaring back to take the top spot after a summer of relative quiet with three new variants: Diablo6, Lukitus, and Ykcol.
In addition, 25% of organizations detected malware targeted at their mobile devices, up from 18% in Q2. This is a clear indicator that cybercriminals are looking for new ways to infiltrate networks by targeting devices without the level of control, visibility, and protection that traditional systems receive. Effective mobile security strategies must deal with this reality through mobile application controls and malware protections built into the network to cover any device anywhere.
The most common functionality among top malware families was dropping malware onto vulnerable systems. This technique helps malicious payloads wrapped in dynamic packaging to slip through legacy defenses. Once deployed, the majority of malware strains attempted to establish remote access connections, capture user input, and gather system information, demonstrating the increased intelligence and automated nature of today’s malware.
The fact that so many high-variant downloaders and droppers topped our charts is a good reminder that single-point, signature-based AV alone is not an effective security strategy. It is essential that IT teams integrate layers of malware defenses together capable of detecting known and unknown threats, and deploy them at multiple layers throughout the environment.
While exploit and malware trends highlight efforts to compromise a device or network, botnets provide a post-compromise viewpoint. Once a network has been breached, installed botnet malware attempts to communicate with the remote malicious hosts for updates and instructions or to deliver pilfered data. Detecting command and control traffic in a corporate environment clearly indicates that something went wrong from a defense perspective.
In Q3 there were about two active botnets per organization detected inside their networks, with 3% of organizations seeing 10 or more infections. Interestingly, while botnet activity was down in Q3, those botnets that were most active Gh0st, Pushdo, Andromeda, Necurs, and Conficker remained the most prevalent, which was an exact repeat of Q2.
One of the most compelling data points is that 75% of the organizations that reported Gh0st botnet infections in July also reported them in August, and 70% of those also reported September infections. The first takeaway is that while most organizations seem to be focused on responding to the symptoms of an infection, many are not very good at understanding the scope of a breach, or are not thorough enough in their incident response. They need to have a plan of steps to follow, and either they don’t have a plan or they are skipping some essential steps. They may also be too focused on remediating systems but are not being very effective at getting at the root cause.
The other is that while all organizations are vulnerable, midsize companies seem to be more frequently compromised over both small and large firms. While smaller firms likely have less protection, they also have less – and less valuable – data, so they tend to be ignored. Larger firms, on the other hand, certainly have the data cybercriminals want, but also greater resources to protect it. It’s midsize firms, however, that typically have enough valuable data to make them a worthwhile target, and yet not nearly the same security resources of their larger counterparts. Simply put, we see more botnets in mid-sized companies because they have a higher infection rate (malware is somehow successfully dropped onto their systems) than other companies.
As the threat landscape becomes more intelligent and automated, organizations will need to respond in kind. The time between breach and compromise will soon be measured in milliseconds, which makes it imperative that organizations automate basic security hygiene, such as patch and replace, hardening systems, and implementing two-factor authentication. AI and automation need to fill this gap by replacing basic security functions and day-to-day tasks currently being performed by people with an integrated expert security system that can determine device vulnerabilities, track and patch devices, and apply security protocols or policies, and configure and monitor security and network devices.
As the volume, velocity, and automation of attacks continue to increase, organizations need to ensure that a strategic threat detection and incident-response strategy is in place. Only a security framework that utilizes advanced threat detection, comprehensive threat intelligence sharing, an effective IR strategy, and an open architecture that can tie security and networking components into an integrated defense and response system is going to be able to protect organizations going forward. The evolving attack surface requires flexibility to quickly implement security strategies and solutions and seamlessly add advanced techniques and technologies as they emerge.
You can read more important takeaways in the full Global Threat Landscape Report. Also the infographic (below) summarizing valuable data points from the report.
November Blog - Why you Need to Focus on IoT Device Management
by Brad Rudisail, MCITP, MCSE, Virtualization Administrator, Network Engineer
The cloud is most definitely one of the most transformational technology architectures of the past several years as companies have utilized it to digitally transform their organizations and services. The cloud brings with it near limitless scalability and agility as well as unrivaled levels of redundancy. Those who recognized the value of migrating their resources and assets to the cloud have enjoyed the dividends of this new approach to delivering workloads. However, there is another facet of the cloud that most companies are just beginning to utilize, that in itself could be equally transformational – the Internet of Things (IoT).
Prepare Today for the Next Wave of Digital Transformation
"IDC estimates that by 2025, we will live in a world that has over 80 billion IoT connected devices that generate over 162 zettabytes of data."
When people and devices interact in the connected world, they feed incredible synergies among humans, machines, software, and environments. But it's the quality and efficiency of those interactions, and the insights gathered from them that affect your organization's ability to be transformative and achieve the business outcomes needed to thrive in the digital age.
Why accelerate your mobility and IoT transformation?
MODERN CUSTOMER EXPERIENCES
Create store location services that deliver personalized offers and product information with location-based services. Enhance daily customer experiences with applications purpose-built for specific tasks, as well as specific industries.
INSPIRED, MORE ENGAGED WORKFORCES
Develop ‘smart workplaces’ to boost employee productivity and efficiency. Ensure secure collaboration and productivity across campuses and remote offices. Accelerate your business with a mobile-first digital workplace.
CONNECTING THE UNCONNECTED
Uncover new ways to drive efficiencies, engage customers, and develop new business with greater insights at the Intelligent Edge. Computing at the edge reduces delay and avoids bandwidth consumption while transmitting data to the cloud or data center.
Want to learn more about what digital transformation and IoT can do for your organization? Talk to an integraONE expert today. Call us at 800-582-6399 or email email@example.com.
Cisco: New Frontiers - IT innovations in 5 minutes.
Watch this five part video series from Cisco and meet the engineers behind the latest network innovations.
Episode 1 - Quality of Service (QoS) without the pain
Episode 2 - Don't fly blind: analytics in real time
Episode 3 - Anti-aging treatment for your network
Episode 4 - Safe IoT: Easy network segmentation
Episode 5 - The Network. Intuitive.
Cylance: How to Secure Personal Mobile Devices (without making your employees hate you)
Personal Devices – Are Used for Work by Both Remote and On-site Employees… a Lot
It’s no surprise that more people than ever before are bringing their personal devices into work in 2017 and, unless you’re a bank or a government agency, you’re most likely not stopping your employees from this behavior. You want to keep your employees happy, inspired, and productive, making it as easy as possible for them to get their work done while staying connected to their family and friends.
There are, of course, major security risks that you must defend your organization against now that this practice has multiplied your attack surface by the hundreds, if not thousands. Let’s talk a bit more about the changes that have happened in recent years in order to grasp the challenges presented by our ever-changing work environment.
Continue reading on Cylance.com
August Blog: Why you probably need a Web Application Firewall
by Brad Rudisail, MCITP, MCSE, Virtualization Administrator, Network Engineer
While Ransomware stole most of the cybersecurity headlines in 2016, data breaches continued to plague companies and institutions at a record setting rate. 4,149 data breaches resulted in the compromise of more than 4.2 billion records, shattering the record set in 2013 of just over 1 billion. According to a global study compiled by IBM and the Ponemon Institute entitled, The 2017 Cost of Data Breach, the total cost of a data breach is $3.62 million on average. The average cost per data record is $141. The United States is the most expensive country with an overall cost of $7.35 million due to the aftermath costs of litigation and lost business. What’s more, according to the study, there is a 26 percent probability a company will have a data breach involving a minimum of 10,000 lost or stolen records over a 24-month period. Those are not very good odds.Continue reading on our blog page
Quantifying Data Center Inefficiency: Making the Case for Composable InfrastructureDigital transformation requires the ability to run next-generation applications alongside legacy apps, which in turn requires IT departments to manage “infrastructure duality.” IDC recently conducted a study on datacenter infrastructure and operations efficiency among medium-sized and large enterprises, which found that nearly all datacenters in enterprise IT have areas where efficiency can be improved.
Read this report to find out how solutions such as HPE Synergy can help you optimize your IT operations so that your business can thrive in the idea economy.
Tech News Index
FOR IMMEDIATE RELEASE: IntegraONE Launches IoT Dedicated Practice as Part of Digital Transformation Initiative ...
December Blog - The Year in Review ...
Cylance - New exploit allows malware that’s quarantined in some antivirus programs to still infect computers... ...
Fortinet Quarterly Report: The Battle Against Cybercrime Continues to Escalate ...
November Blog - Why you Need to Focus on IoT Device Management ...
Prepare Today for the Next Wave of Digital Transformation ...
Cisco: New Frontiers - IT innovations in 5 minutes. ...
Cylance: How to Secure Personal Mobile Devices (without making your employees hate you) ...
August Blog: Why you probably need a Web Application Firewall ...
Quantifying Data Center Inefficiency: Making the Case for Composable Infrastructure ...