Tuesday, February 25, 2014

How-To: Maintain visibility and accountability in outsourced IT

The combination of a competitive managed services market and increasingly complicated enterprise network expectations have lead many companies to outsource their network management. Benefits that include lower cost of ownership, outside expertise and fewer inside demands must be balanced with less direct control and visibility. Or does it?

A common complaint is that when problems do arise in an outsourced arrangement, users are the first to notice the problem. Initial responses typically involve finger-pointing. From the outsourcer, "Sounds like a carrier issue. Not our problem." From the carrier, "Probably a network issue. Not our problem." From the users to their IT group: "This is big issue. We can't get to all of the applications that now reside in the cloud and are critical to our business. This is your problem."

Uplogix Local Management is well-suited for solving this issue. With high-resolution out-of-band monitoring, network infrastructure is always visible—say it is a carrier issue and a backhoe took out the line leading into the building, or a network management problem like a failed config on a key router.

Granular authorization functionality makes it possible for Uplogix to provide all parties with varying levels of access and visibility to specific devices. And audit and compliance reporting captures every interaction and response from managed devices.

Some of the largest Uplogix customers outsource their network management and have written Local Management into their contracts for the additional visibility it provides. From a Service Level Agreement perspective, Uplogix is advantageous to all involved parties. The automated responses possible with a Local Manager can resolve issues often before even users even notice. And for the people responsible for the network management, and those responsible for the network management contracts, the time that used to be spent finger-pointing can be spent solving the problem.

SLAs only go so far - at the end of the day, getting money back for downtime or slow networks is a good thing, but what you really need is a network operating at spec. Rather than put all of the focus on carrots and sticks, and deal with the finger-pointing it generates, improve visibility in your network management. In the words of technologist (for his day) and founding father George Washington, "Truth will ultimately prevail where there is pains to bring it to light."

Wednesday, February 19, 2014

Cisco, health care reports show no industry is safe

Data breaches clearly aren't limited to retailers like Target. Cisco's annual security report predicts "unprecedented growth" for more and more advanced attacks coming in 2014. Mobile devices are clear targets, with about 99 percent of mobile malware affecting the Android platform. The behavior of mobile users tends to be less guarded, leaving devices with "unanticipated weaknesses and inadequately defended assets."

Network infrastructure is also increasingly targeted by cybercriminals "with the goal of proliferating attacks across legions of individual assets served by these resources." And organized cyber crime is maturing, with diverse motivations ranging from Robin Hood-type attacks to those aiming to score cold hard cash. There are public versus private sector battles and those seeking a financial payout versus inflicting vindictive damage on reputations.

No industry is safe. Cisco cites malware as becoming more directed toward oil, gas and energy companies than in the past.

Then there is health care. Another recent report by Redspin says over 7 million patient health records were recorded as breached in 2013 alone, an increase of over 138 percent year over year. 29 million patient health records have been affected since reporting became mandatory with the HITECH Act (Health Information Technology for Economic and Clinical Health) in 2009. Despite HIPAA regulations, 83 percent of the 2013 breaches resulted from theft—about 35 percent were from someone stealing a piece of hardware like an unencrypted laptop or other portable device. Was the data used for malicious purposes? Probably not. In most cases a drive is probably wiped for a quick sale. But the law is clear that unencrypted data out of a controlled situation is breached.

The Cisco report wraps up by summarizing their recommendations as "verifying trustworthiness and improving visibility." Readers are encouraged to approach security from a real-world position. Cyber security is an ongoing battle, with new fronts opening up as quickly as others are conquered, or at least holding ground.
“Come to an agreement as to what is most important from a cybersecurity perspective,” says Gavin Reid, director of threat intelligence for Cisco. “This is a more productive approach than hoping to find a magic pill that can fix everything.”
Short of a magic pill, CTOs and CISOs need to be looking for—and finding—security at all levels. A technology like Uplogix Local Management won't disappoint. When it comes to network infrastructure security, at a high level, Uplogix:
  • Maintains secure software and configurations | Updating the software on, and configuration of, network and communications devices in the face of constantly evolving security threats
  • Secures Administrative Console Access | Ensuring appropriate and audited access and compliance with policy by the technicians, sometimes employees sometimes not, that you rely on to maintain network and communications gear

Thursday, February 13, 2014

Cybersecurity Framework released in the calm before the storm

A day before another winter storm shut down Washington DC with up to a foot of snow, the National Institute of Standards and Technology released the first version of a long-awaited cybersecurity framework. The report follows several recent cyber-attacks that compromised more than 100 million customer records from major retailers.

The framework was billed in a statement from President Barack Obama as a "turning point" in a nationwide discussion about cybersecurity. During the Framework announcement, a senior administration official said:
“One of the biggest cybersecurity issues facing critical infrastructure companies in all of these sectors — transportation, financial, health care, communications, energy — is simply this: When are you doing enough? When do you know you’ve done the best you can to protect your company, your suppliers, your customers from the adverse effects of cybersecurity threats?”
The framework is a three-part risk-based approached to managing cybersecurity risk. The first part, the Framework Core, is a set of functions (Identify, Protect, Detect, Respond, and Recover) that provide a high-level strategic view of an organizations cybersecurity management.

Framework Implementation Tiers describe the degree to which an organization is prepared to manage cyber security risk, ranging from Partial (Tier 1) to Adaptive (Tier 4). The tiers represent increasing levels of preparedness from informal, reactive responses to agile, risk-informed approaches.

Finally, Framework Profiles provide a snapshot of where an organization is currently and the target profile which is based on business drivers and risk assessments of what the organization needs to implement.

The report opens stating "Cybersecurity threats exploit the increased complexity and connectivity of critical infrastructure systems, placing the Nation’s security, economy, and public safety and health at risk." Hopefully the nationwide discussion inspired by the NIST framework will help ensure that the only infrastructure shutdowns in Washington (and the nation) will be from winter storms.

Make Uplogix part of your cybersecurity framework. Local Management has unique functionality for infrastructure security that can help you identify, protect, detect, respond and recover in ways that other network management tools just can't.

Wednesday, February 12, 2014

Assume that you are a Target

There has been a buzz in the Uplogix office about the much-publicized Target credit card information breach. No, not just because many of us are now carrying shiny new credit cards proactively replaced by our banks due to our vulnerability as frequent Targ├ęt (say it Tar-zhay) shoppers, but because initial reports indicated that the breach relied on access hacked from an HVAC vendor.

More recent information indicates it was an email phishing scam of some sort that probably found a small company (the HVAC contractor), that happened to have logins to an online partner portal of a big fish—Target (the 2nd largest discount retailer in the US after Walmart). The investigation is still ongoing, so factual information is hard to come by, but one thing is clear—when it comes to the chains of security, especially in the world governed by the PCI standards, it's only as secure as the weakest user. And often that user is external.

From its position in the rack of network gear, an Uplogix Local Manager has some unique capabilities when it come to allowing access to devices from internal and external users. Uplogix ensures that only the right users have the right access to devices and systems by providing very granular and customizable administrative access. By authenticating to systems through Uplogix, user access can be limited to specific devices, IP addresses, or even specific commands available to them.

Then there is the monitoring. By leveraging the Local Manager’s dedicated serial connection with managed devices and servers, Uplogix logs all changes made by users and the results of these changes. This information is saved locally and then transmitted to a central location for analysis and long-term storage. Logging, recording and reporting are unaffected by the state of the network—Uplogix continues to satisfy compliance requirements even during downtime. This is unlike network-based tools that fail to capture changes during a network outage.

Automated actions ensure that policies are enforced at all times. For example, Uplogix can prevent unauthorized user access by automatically closing idle sessions. This eliminates a potential security gap. Functionality like being able to update access passwords on multiple managed devices all at once gives IT additional tools in their fight against attackers.

Keep your eyes and ears open, there is surely more to come out on the breach that struck Target, Neiman-Marcus, and what sounds like other retailers involved that are not yet named. And if you are running a network, take a look at Uplogix. There's a good chance that we might plug a security hole you have, maybe don't even know about yet, or one that your weakest vendor might bring.

Tuesday, February 11, 2014

Locking down long-time vulnerabilities

Don't worry -- National Cybersecurity Awareness Month isn't until October, you still have many months to plan that perfect awareness event. But this month we're going to focus on the security topic because you need to be aware of security every month.

Today we're going to talk about two forms of critical security vulnerabilities continue to plague mission critical network infrastructure and account for the majority of related security breaches:
  • Maintaining secure software and configurations | Updating the software on, and configuration of, network and communications devices in the face of constantly evolving security threats
  • Securing Administrative Console Access | Ensuring appropriate and audited access and compliance with policy by the technicians, sometimes employees sometimes not, that you rely on to maintain network and communications gear
When it comes to maintaining securing and updating software and configs, it's an on-going battle that can never ultimately be won. New forms of attack are being developed and new vulnerabilities discovered every day in even the best software. For example in 2013 Cisco alone issued 42 Security Advisories typically recommending configuration changes or software patches.

Network devices that cannot be frequently and easily configured and upgraded cannot be secured. “If it ain’t broke don’t fix it” is a hacker’s dream. (see a previous blog entry, Even it it ain't broke, you might want to fix it.)

When the network goes down users notice and the goals of the enterprise can be severely undermined. Given this, pushing upgrades and making changes to the network, over the network, using centralized tools is extremely risky. Applying upgrades and patches reliably can mean time consuming and expensive site visits, still with the risk of down-time, leading to infrequent change.

Uplogix Configuration and Change Management makes it easy and safe to apply changes and updates to address new threats immediately as they become known. For more key change management capabilities, see the Uplogix website.

For console access, in the heat of the moment when network problems arise, urgency can prevail over security. Break-glass root passwords are issued to empower technicians to console connect to devices and resolve issues, any centralized administrative audit is off-line, and carefully crafted policies intended to protect data are quickly forgotten. This is precisely the circumstance that sets the stage for a serious breach, unintended or not.

Uplogix Local and Out-of-Band Management is console connected to managed devices, simultaneously enhancing technicians’ ability to mount an effective response to issues while ensuring that security and audit is not compromised. By storing encrypted device credentials only on the Uplogix Local Manager, secure, policy compliant and audited administrative access can be ensured with complete logging of all transactions for compliance requirements. For more information on secure administrative access, see the Uplogix website.