- April 30, 2024
- Catagory Data Protection
How XDR Extends Your Security Capabilities
Endpoint detection and response (EDR) has evolved: extended detection and response (XDR) takes a more holistic, streamlined approach to threat detection and response.
XDR combines data ingestion, analysis, and prevention and remediation processes across your entire security stack, providing your IT teams with the necessary visibility to detect threats as well as automate workflows.
Eliminate Security Siloes
XDR pulls data from endpoints, cloud workloads, networks and email and then correlates and analyzes it using advanced automation and artificial intelligence (AI), which allows it to prioritize data and deliver insight through a single pane of glass.
Not only does XDR consolidate data from disparate sources, but it also coordinates siloed security tools so that your IT team doesn’t have to spread their attention across different consoles to conduct their security analysis, investigation and remediation.
XDR can help you reduce vendor sprawl while integrating the tools you do have to gain better visibility into your environment, whether it’s a private cloud or hybrid environment, including your public cloud instances. By coupling this integration with automation, XDR helps you respond faster to security incidents and effectively mitigate them to reduce the impact of any attack.
Like many security platforms, XDR can be purchased as a managed service, which opens access to expertise in threat hunting, intelligence, and analytics via a managed services provider.
Combine XDR with SIEM and SOAR
XDR doesn’t replace Security Information and Event Management (SIEM) or security orchestration, automation, and response (SOAR).
SIEM gives you a single, streamlined view of your data along with your operational capabilities and security at activities to you can better detect, investigate, and mitigate threats by ingesting as much data as possible. It gives you the ability to analyze data from network applications and hardware, and cloud and software-as-a-service (SaaS) solutions.
SOAR software manages threats and vulnerabilities, responds to security incidents, and automates security operations. The aim of SOAR is to collect as much data as possible and automate as much as possible by leveraging machine learning technology.
SIEM is primarily a log collection tool intended to support compliance, data storage and analysis –security analytics capabilities tend to be bolted on. SOAR incorporates orchestration, automation, and response capabilities to the SIEM and enables disparate security tools to coordinate with one another, but it doesn’t solve the big data analytics challenge, and it can’t protect data or systems on its own.
XDR fills the gap left by SIEM and SOAR by taking a different approach that’s based on endpoint data and optimization and applying advanced analysis capabilities that allow you to focus on high priority events and respond rapidly.
SIEM and SOAR are complementary and can’t be fully replaced by XDR. SIEM has other uses outside of threat detection, including compliance, log management and non-threat related data analysis and management. XDR can’t replace SOAR’s orchestration capabilities.
Assess, Protect and Respond
Adopting an XDR platform in combination with SIEM and SORA provides better threat visibility, optimizes and automates security operations, and enables your busy IT teams to focus strategic objectives rather than being bogged down by manual security tasks. A managed services provider can help you implement XDR along with SIEM and SOAR so you’re in a better position to assess and protect your data and respond quickly and effectively to cybersecurity threats.
Small and medium-sized businesses (SMBs) are not much different than larger organizations when it comes to sensitive data or IT infrastructure, which makes them a popular target of cyberattacks.
Often, threat actors use the same methods to attack SMBs as they do enterprise organizations.
Viruses
Viruses and malware remain a popular tool for threat actors who want to hinder an organization’s IT infrastructure. Once a virus finds its way through one endpoint, such as a business workstation, it spreads through email messages or sharing of infected files across the network.
Ransomware
A ransomware attack involves a hacker taking control of computers and servers and then locking authorized users out. Access can only be regained by paying the hackers a ransom. Worse yet, control may not be given back even after the ransom is paid.
Phishing
Phishing attacks are a little subtler than viruses, malware, and ransomware in that they trick users into sharing sensitive information, including credentials, financial information, and valuable intellectual property through social engineering techniques. Your employees are misled by professional looking emails and slick websites that look like the real deal but were designed to deceive and collect sensitive data.
Distributed Denial of Service (DDoS) Attacks
The server that hosts a company’s website gets many requests from other computers that it responds to. Threat actors launch a DDoS attack by sending millions of fake requests which overwhelms the server – all its focus and processing power is trying to respond to each of these phony requests and it becomes unable to provide access to real users.
Your Own Employees
Unfortunately, your own people can present a threat to your cybersecurity, most often through human error. If an employee fails to practice adequate security hygiene by neglecting to properly protect their credentials by connecting remotely via an VPN, threat actors can weasel their way in and gain increasing levels of access to more sensitive areas of your network and key systems.
Sometimes breaches can be physical because someone accidently leaves their device unattended while working on the road or leaving a door open to a server room. Worse yet is when a disgruntled employee decides to misuse their credentials for their own profit and steak intellectual property, customer data or financial information.
Assess, Protect and Respond
SMBs must mirror their larger counterparts if they want to avoid cyberattacks and be proactive. It’s critical that you assess your security posture, implement the capabilities to protect users, customers and data, and be prepared to respond to any threat to mitigate it and reduce the risk to your business operations and your reputation.
- March 14, 2024
- Catagory Data Protection
Protect Your Backups from Ransomware Infections
Your backups are not immune to ransomware – infected data can be replicated, so it’s important to configure your data protection so that mission critical information isn’t corrupted and clean copies can be easily restored.
Ransomware is sneaky, and it’s cross-platform. It can sit in in your backups – whether it’s an email, PDF, or Zip file, among many others – waiting to go off. And ransomware attacks don’t discriminate, either. Small and medium-sized organizations are just as viable a target for threat actors as large enterprises.
Ransomware starts with one computer, encrypting some or all its valuable data, but it can easily spread across the network, making all users susceptible and all systems potentially unusable. If ransomware corrupts a critical database, it can cripple your organization, which is why you must protect all your backups.
Preventing dangerous duplicates
If your backups are infected by ransomware, they are no more useful than your primary data – your restoration will just ignite a reinfection.
Protecting your backups from ransomware always starts by preventing users from downloading dangerous files that are riddle with malware, viruses, and ransomware. If a nefarious file does get through due to clever phishing and human error, you must make sure infections can’t be transmitted across your network through file sharing and syncing.
Most of all, you must prevent ransomware from accessing your backups at all costs. Although it’s impossible to fully protect your backups from threats, including ransomware, applying the right rules and leveraging smart software can minimize the likelihood of your backups getting infected.
Follow tried-and-true backup rules
The well-established 3-2-1 rule for backups continues be a good strategy for preventing ransomware infection of replicated files – you should have your original copy of a file, a duplicate that is stored on-site on a different medium, and a copy that is stored off-site. It is recommended that your on-site copy be stored on removeable media, such as tape.
Each of your backups requires a different approach – if you use tape, you should do a full backup rather than a differential or incremental backup. Your onsite tapes should be stored in a secure, fireproof location.
Using versioning for your backups can also prevent ransomware from infected all copies of your data – it saves a new version of the file as backup rather than wiping out the previous backup so you can return to an uninfected iteration, allowing you to easily roll back to a clean copy.
Roll backs are where software tools can help prevent your backups from being infected with ransomware as they can help manage versioning. However, your strategy is just as important as the tools. If you do a complete backup to on-site tape daily outside of office hours, you can back up the most current version. Even if ransomware hits the next day when users are likely to trigger it, you only lose that day.
Once the full backup is restored, you can review the offsite incremental backups done throughout the day to restore specific files with the latest and greatest versions.
Another strategy is to distribute your backups – by having separate backup systems for different types of data you can reduce the likelihood of ransomware spreading between them.
User endpoints are ransomware’s first target
No matter your backup strategy, protecting your endpoints is always your first line of defence when combatting ransomware. Endpoint data protection combined with employee cybersecurity awareness and training will contain ransomware within the first infected machine, reducing the likelihood of it infecting your backups.
- November 29, 2023
- Catagory Data Protection
How AI and Machine Learning Will Impact Your Cybersecurity in 2024
There are many ways artificial intelligence (AI) and machine learning already impact cybersecurity. You can expect that trend to continue in 2024 – both as tools for data protection as well as a threat.
Even as you implement AI and machine learning into your cybersecurity strategy through the adoption of tools like Security Orchestration, Automation, and Response (SOAR), Security Information and Event Management (SIEM) and Managed Detection and Response (MDR), so are threat actors. They will continue to update and evolve their own methodologies and tools to compromise their targets by applying AI and machine learning to how they use ransomware, malware and deepfakes.
With small and medium-sized businesses just much at risk as their large enterprise counterparts, SMBs must take advantage of AI and machine learning as mush possible. AI-directed attacks are expected to rise in 2024 in the form of deepfake technologies that make phishing and impersonation more effective, as well as evolving ransomware and malware.
Deepfake technologies that leverage AI are especially worrisome, as they can create fake content that spurs employees and organizations to work against their best interests. Hackers can use deepfakes to create massive changes with serious financial consequences, including altering stock prices.
Deepfake social engineering techniques will only improve with the use of AI, increasing the likelihood of data breaches through unauthorized access to systems and more authentic looking phishing messages that are more personalized, and hence, more effective.
If hackers are keen on leveraging AI and machine learning to defeat your cybersecurity, you must be ready to combat them in equal measure – just as AI and machine learning will create new challenges in 2024, they can also help you bolster your cybersecurity. While regulations are being developed to foster ethical use of AI, threat actors are not likely to follow them.
AI will also affect your cyber insurance as your providers will use it to assess your resilience against cyberattacks and adjust your premium payments accordingly. AI presents an opportunity for you to improve your cybersecurity to keep those insurance costs under control.
There’s a lot of doom being predicted around the growing use of AI and machine learning. And while it does pose a risk to your organization and its sensitive data, you can use it to bolster your cybersecurity even as threat actors leverage AI to up the ante. A managed service provider with a focus on security can help you use AI and machine learning to protect your organization as we head into 2024.
- October 26, 2023
- Catagory Data Protection
Artificial Intelligence Will Bolster Data Security in the Long Term
Artificial intelligence (AI) is a threat to your organization’s data security, but it also a critical tool for defending it.
Just as business intelligence has become embedded in software tools and enables you to ride the ups and downs of your industry, AI is getting embedded in cybersecurity solutions to combat increasingly sophisticated threat actors.
This sophistication combined with evolution of connected organizations, including remote work, means attack surfaces are getting larger. Hybrid environments where people are working from home and office via different networks are appetizing targets for hackers. When there are so many devices operating on your network, there’s bound to be some that go unmanaged, and hence are unsecured.
Generative AI is making phishing scams harder to detect, and most data breaches are already due to employees not recognizing fake emails. Even though AI helps threat actors be more deceptive than ever, it can help to automate security so that you can more quickly respond, mitigate, and recover from a data breach.
Detecting patterns has always been a core capability of security solutions, and AI makes this capability more robust so that it can be more preventative – it will advise you of potential breaches, as well as help you set policy and automate tasks to lessen the burden for your IT staff, including the onboarding of new employees and managing their access. AI can even help you set policy as to how your employees are allowed to use AI, including ChatGPT.
If you’re nervous about AI and how will affect your business, including its data security, there’s good news in that it can be a net positive thanks to the many productivity gains. Already it’s become clear that security analysts can’t keep up with every alert and every security threat, so AI and automation are necessary to handle them at scale.
In the longer term, AI is going to be an essential tool for discerning between legitimate activity and security threats. As generative AI becomes more sophisticated and bad actors exploit it to fool unsuspecting users, AI is also going to be able to detect these attempts and allow for immediate, decisive action to prevent data breaches before they happen.
Organizations will also need to deploy fewer security tools as AI capabilities will be consolidated into interoperable security platforms that will reduce the number of vendors and policies that must be managed.
Even as AI streamlines and fortifies your security, it’s still not going to be your core business. A managed service provider can help you navigate the dynamic changes ahead so you can effectively leverage AI to bolster your data security.
- June 15, 2023
- Catagory Data Protection
Why You should Have Magnetic Tape in Your Data Backup Mix
If you think magnetic tape storage for backup and archives is old school, think again – even the big hyperscale data centers see the benefit due to its low cost.
Hyperscalers are some of the biggest users of magnetic tape because it enables them to store massive amounts of “cold” data cost effectively – a on a cost-per-bit basis, tape storage is cheaper than hard drives, and it makes no sense to store seldomly-accessed information on ultra-fast flash-based SSDs.
Magnetic tape can also play a role in a comprehensive security strategy. By backing up to tape, you can create what is known as an “air gap.” You can back up sensitive data to magnetic tape to protect it from a malware attack since data that is instantaneously replicated to the cloud can be corrupted just as quickly at the backup destination. By backing up to tape periodically and otherwise keeping it off the network, you have a clean version that can be restored in the event of a malware or ransomware attack.
In the meantime, the capacity of magnetic tape is growing fast while the amount of data grows exponentially. Not only is tape the lowest cost for bit compared with other storage media options, but the overall capacity per tape now has a native capacity of 18 terabytes with 500 terabytes on the horizon.
While it may take longer to restore from tape, the media itself has a long shelf life as well – a magnetic tape cartridge stored in the right environmental conditions can last for several decades. If you’re required by government legislation or other regulatory bodies to retain data for years after it’s collected, tape is a great option for archives and backup. Small and medium-sized companies must often comply with the same legal and regulatory requirements as large enterprises, such as Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and Europe’s General Data Protection Regulation (GDPR).
The financial services and health sectors have data retention requirements, with the latter being required to retain patient records including tests like X-rays for many years.
Magnetic tape is also sustainable because it consumes the least amount of energy compared with other data storage options. And if you’ve embarked on an Environmental, Social and Governance (ESG) strategy, tape is more compelling because its overall footprint starting with the raw materials to ultimate disposal is quite low.
All these characteristics make magnetic tape a popular option for many industries – capacity per cartridge, low cost per bit, and low power consumption have made it a preferred option for the oil and gas sector, particularly for seismic data, while the entertainment industry uses tapes like they are big USB drives to move media from one stage of production to another.
And while artificial intelligence (AI) and machine learning processes do require fast memory and storage, the vast amounts of information it needs to learn from have to be stored somewhere. If you collect a lot of data via internet of things (IoT) devices, you may want archive it for future use. The capacity of tape is ideal for large data sets.
While there is an upfront cost to investing in magnetic tape for backup and storage, the total cost of ownership is appealing if you’re a small or medium-sized company that’s mindful of its energy bills – you’ll recoup your initial outlay thanks to a low cost of ownership (TCO).
Better still, like most data storage and backup options like the cloud, you don’t necessarily need to set up your own tape storage on-site. There are many service providers who can help exploit benefits of magnetic tape and manage it for you.
- November 16, 2022
- Catagory Data Protection
What is SIEM and Why Do You Need It?
The cybersecurity landscape is replete with acronyms, and it can be hard to figure out which ones matter to your business. SIEM stands for Security Information and Event Management, and it’s something you should be leveraging to keep your organization safe.
Pronounced “sim,” SIEM is a software-based cybersecurity technology that gives you a single, streamlined view of your data along with your operational capabilities and security at activities to you can better detect, investigate, and mitigate threats. SIEM bolsters your security posture by providing this visibility in real-time and encompasses your entire environment, no matter how distributed – and it likely is in this era of increased remote and hybrid work.
If you’re worried that SIEM is yet another massive software deployment, there’s good news: it can be cloud-based and configured to monitor your on-premises, hybrid and cloud infrastructure while tapping into a broad array of security tools and technologies.
How SIEM works
SIEM thrives on having a lot of data sources to monitor. It ingests as much data as possible on the hunt for unusual activity that represents a threat actor trying to gain access to your systems or making trouble once they’re already in. Combined with its ability to give you a real-time snapshot of your IT infrastructure and keep logs to support your compliance obligations, SIEM gives you the ability analyze data from network applications and hardware, and cloud and software-as-a-service (SaaS) solutions — all in real time so you can stay top of threats, whether they’re internal or external.
SIEM monitors network devices such as wireless access points, routers, and switches, bridges, as well as the software running on them. It also pulls data from security devices such as firewalls, antivirus software, and intrusion detection appliances, as well as devices and activity related to remote work. Users, event types, IP addresses, memory, and processes are all monitored for signs of exceptional activity – everything from potential malware to a failed login so that any deviations are flagged for security analysts to investigate.
Essentially, your SIEM is a security command center that pulls together all event data into a single location but adds useful context for analysts so they can prioritize what to respond to and investigate. Everything is presented on dashboards, including an overview of notable events with details, risk analysis, and a workbook of all open notifications. Intelligence from users, threats, protocols, and the web are all brought together.
How SIEM helps
SIEM offers many benefits for organizations looking to improve their security posture.
It provides a high level of visibility to help your security teams see everything across your IT infrastructure, including remote endpoints. The right SIEM solution also reduces the number of false alerts, so your IT teams aren’t spinning their wheels and are able to focus on detecting and investigating actual threats. SIEM is also flexible so you can integrate it into your environment with all its unique characteristics that are driven by your industry, including any compliance obligations.
Most of all, SIEM is something your managed service provider can help you with, so you’re not faced with another onerous software deployment. They can help you select, deploy, and even manage the right SIEM solution so you can get the visibility you need to improve your security posture.
- August 31, 2022
- Catagory cybersecurity
Insurance not a substitute for good cybersecurity
You don’t use auto insurance as an excuse to drive recklessly, so why would you cut corners on cybersecurity because you have ransomware insurance?
With ransomware attacks doubling in 2021 compared to the previous year – due in large part to the massive shift to remote work – the average cost of a data breach grew to record levels by more than 10% in 2021 as threat actors took advantage of a broader attack surface that resulted from a hybrid work environment.
Much of the costs of these breaches were covered by insurance, including ransom payments, but cybersecurity insurance providers are becoming more selective with their coverage as payouts have increased – qualification processes are more rigorous and the threshold for a payout is getting higher.
If you were depending on cybersecurity insurance without a data protection strategy, you need to seriously rethink how you implement security in your organization.
As ransomware attacks rise, so do premiums
For starters, the number of ransomware attacks is only going to get higher as more and more threat actors with a wide array of experience and expertise look to make money off data breaches – cybersecurity insurance is not going to be enough to save your business.
It’s not that you should cancel your insurance – you should be prepared to pay more – but you must also have people, processes, and technology in place to secure your business and sensitive customer data. Making an insurance claim should be a last resort – no matter how much you pay for it, it won’t bring your data back if you fall victim to a successful attack.
You really don’t want to be paying the ransom, even though many companies go that route – that only emboldens the bad guys to keep at it. Some insurance companies are no longer even covering ransomware payouts. If cybersecurity insurance premiums are going up and not covering what they used to, it’s time to implement better security practices – prevention is much more affordable in the long run.
Your MSP can help you up your security game
Cybersecurity awareness should be something that touches everyone in your organization, including the understanding that a data breach costs the business money – and your insurance provider expects you to raise your game to take a more proactive stance with security.
Even if you’ve put the effort into your cybersecurity, keeping it current and staying on top of all the threats can be daunting. With so many systems, endpoints and users, visibility is you biggest challenge, and understanding the threats, attack surfaces and vulnerabilities requires a great deal of time and resources, including skilled people.
That’s why you should turn to your managed service provider for guidance – they’ve got to contend with rising insurance premiums too and know that prevention is better than getting the cost of a ransomware attack covered. They already have visibility into your infrastructure and can help you put all the people, processes, and technology in place so you can qualify for cybersecurity insurance but hopefully never have to use it.
- June 16, 2022
- Catagory cloud backup
Complexity is the enemy of effective data protection
If you want to effectively protection your data, it’s best to keep things simple – complexity is your enemy.
While it’s important to have redundancy for your mission critical applications and data, the more tools and systems implemented to safeguard data, the bigger the likelihood of something going wrong and the greater potential for data loss. Simplifying your data protection systems will make it easier to get back to business in the event of a disruption due to data breach, malware and ransomware, natural disaster or human error.
Less is better
It’s easy to fall into the trap of setting up a complex solution for data protection because your business information systems tend to be complex. But even when you have a wide variety of applications and data to back up, complexity makes your data protection less effective.
The problem is that when lines of business incrementally add Software-as-a-Service (Saas) applications such as Microsoft Office 365 and Salesforce, they often assume data is automatically backed up by the vendor. However, they are just adding to the mix of systems that must be backed up by IT, including multiple endpoints including servers, workstations and laptops, and remote workers and satellite offices. Every time a new software solution, endpoint or physical office is add, incremental data protection is added to keep up with infrastructure sprawl. Complexity is an unintentional side effect because when data protection is put into place, it tends to be done in a silo, not holistically with all other applications and data in mind.
In the same way having more endpoints, network access, and applications creates more attack surfaces for threat actors, having more data protection systems increases the number of potential points of failure in your organization.
More complexity means risk
It may seem daunting to simplify data protection when your data is distributed across different applications and endpoints, especially with rise of remote work and the emergence of the hybrid workplace. Having multiple backup system in place to protect all this information increases complexity and risk of a data breach that can disrupt your operations, cost you customers, and even lead to a breach of regulatory compliance.
And as much as data protection is necessary, you don’t want to create any more work than necessary for your IT teams. Data protection systems must be configured, maintained, and updated, and backups must be verified – double checking backups takes time and people. Each tool you implement requires expertise and training and represents a software license you must pay for and manage.
Overprovisioning your data protection capabilities is an unnecessary expense and doesn’t improve your overall security posture. Running multiple backup solutions with overlapping features and even backing up the same data to different locations, is costing you time and money.
Given the complexity of production systems, it’s not realistic to have a single data protection system for everything, but it’s essential your streamline as much as possible. Settle on a small number of backup tools that will encompass all your system so that your IT team isn’t overwhelmed by their data protection duties. Otherwise, you can end up with misconfigurations that defeat the purpose and result in a data breach.
Most of all, remember that data protection may be essential, it’s not a strategic IT activity, so consider looking at how a managed service provider can consolidate your data protection tools to reduce complexity and ensure all your backups are effectively safeguarding your mission critical information.
- May 26, 2022
- Catagory Data Protection
Every data backup plan must be put through its paces
A robust cybersecurity strategy is not the only way organizations protect sensitive information – having a data backup plan that’s tested regularly is essential to ensure complete protection.
While putting a disaster recovery plan in place can be daunting for small or medium-sized organization, it must be done because it’s only a matter of time before you face a major disruption that threatens your mission-critical business data. However, thanks to the cloud, its easier than ever to implement enterprise-class data backup with the help of an experienced managed service provider.
Your data backup plan should be part of a broader and comprehensive disaster recovery plan, which identifies all the activities, resources and procedures needed to carry out all processing requirements during interruptions to normal business operations. You may be tempted to back up all your data and applications, but ideally, you should focus on identifying the data and applications that are essential for running the business.
Even more important is to make sure your data backup is running properly. It’s easy to get complacent and take for granted that your backups are running on schedule and safeguarding the right data. But whether you maintain your own backup infrastructure or adopt a managed backup service from a outside provider, you must regularly test your backups.
It’s easy to get out of the habit of testing your data backup and assume you’re backing up essential data and applications when there are more pressing demands on your IT staff. However, none of the more strategic technology initiatives you’re pursuing will matter because your business can’t afford the downtime that comes with a disruption related to a data loss – it means lost revenue, productivity, and the loss of current and future customers due to a negative perception of your brand.
Whether it’s your broader disaster recovery plan or just your data backup process, you should be doing regular fire drills. Even if your data backup is still working, it may not be keeping up with changes to your business – your data and applications are not static. Applications and data evolve, and a dynamic environment requires regular monitoring. Whether you do your own backups or outsource it, you should always be testing, and any credible managed service provider will always be testing without you having to ask and part of your Service Level Agreement (SLA).
Knowing the right data is being backed up is not enough either. You should also have peace of mind that you can restore it and any applications quickly to minimize any interruptions in business operations. Your restoration process is a critical aspect of any data backup plan. Your fire drill should demonstrate the ability to mount the backup and access the relevant files quicky and that a virtualized backup copy is bootable. Remember that your storage used for backup is subject to defects, and files can be accidentally erased or overwritten. If your primary storage can fail, so can your secondary.
Even if you do have the capability to maintain a data backup plan in-house, it’s one more thing on the to do list of your IT staff and distracts them from more strategic initiatives, so you should consider engaging a managed service provider that can remotely monitor and manage your backup infrastructure, as well as send your backups to their hosted backup repository. This will reduce your capital expenditures and simplify your data backup.
Remember: It’s just a matter of when, not if, your organization will be faced with major data loss, so no matter how you decide to implement your data backup, regular testing not only minimizes disruptions to operations and your customers, but it also allows you to stay in business.
Latest Blogs
FAQ