facebookpixel

What the SolarWinds Hack Taught Us About the Need for Endpoint Security Reporting & Software Delivery Analytics

Best Practices

By now, almost everyone has heard of the disastrous SolarWinds hack . To re-cap, in March 2020, hackers stealthily installed malwareinto SolarWinds Orion, a network-monitoring software used for IT infrastructure management. This allowed the hackers to gain access to highly sensitive data via a covertly inserted backdoor. The attack went undetected for months and was first publicly reported in December 2020 after being spotted by cybersecurity firm FireEye. Over a period of eight months, at least 24 organizations installed the SolarWinds software laced with malicious code, including various federal, state and local governments and private sector companies

When Microsoft found out they were among those compromised in the hack, they made quick work to remove the digital certificates that the Trojaned files used, announced that it was updating Microsoft Windows Defender, moved to a sinkhole domain and changed Windows Defender’s default action for Solorigate from “Alert” to “Quarantine.” Microsoft’s quick actions lead to neutralizing and killing the malware while gaining control over the malware’s infrastructure from the attackers. 

The SolarWinds hack highlights the devastating impact of software supply chain attacks and underscores the fact that most organizations are unprepared to prevent and detect such threats. When a security breach happens, speed is a critical factor in remediation, but you also need granular insights into software delivery to understand overall system health. 

Best Practices to Avoid and Respond to a Cyber Security Attack 

According to a Cisco report , “Major incidents and losses can be avoided by proactively refreshing the technology used and by learning from prior incidents, through prompt disaster recovery, sufficient security tech, timely incident response and accurate threat detection.”  

You can help defend your company from a cyber-attack by conducting risk assessments, mitigating against risks that cannot be removed, preparing and implementing a breach response plan and implementing cyber security best practices. In addition to scanning your systems on a continuous basis, Gurpreet Dhillon, Ph.D of Virginia Commonwealth University , recommends organizations to 

  1. Install sensors or mechanisms to collect potential hazards  
  2. Conduct automatic searches at regular intervals for potential flaws  
  3. Collect results from different divisions and/or stakeholder groups  
  4. Triage and analyze results on an ongoing basis  
  5. Fix the most critical issues first and develop a priority list  
  6. Report progress and continuously improve  

If your organization falls victim to a cyber-attack despite all of the security measures you’ve taken to prevent it, after you discover the breach: 

  1. Survey: Identify the attacker and find out where the attacker entered 
  2. Limit: Filter traffic and isolate system  
  3. Record: Find effects and identify disruptions  
  4. Engage: Connect with District Attorney and engage with FBI Infragard 
  5. Notify: Notify affected persons and seek legal counsel 
  6. Learn: Document learning points and proactively ensure learning moving forward 

Even when taking the upmost security measures, a data breach can happen to any organization. Reduce your risk of a cyber-attack by implementing and following your organization’s best practices, and if a breach does occur, follow your security response plan.  

Managing Network Health via Security Analytics 

Security reporting leverages a combination of software, algorithms and analytics processes to detect potential threats to IT systems, not just sniff out hacks as they occur.    

“Many organizations do not use security analytics to its full capabilities; often the analysis is relegated simply to identifying network attacks. However, this is only one subset of the types of security analytics that should be deployed. Security analytics provides insights into how well security programs are working. It can also help identify problem areas and can warn of imminent or active attacks” says privacy and security expert Rebecca Herold . 

Ian McClarty, President ofPhoenixNAP Global IT Services , elaborates, Analytics are key to security.As the complexity of IT networks has grown, the inventiveness and sophistication of cyber security threats and attacks has grown just as quickly.” 

Endpoint analytics can also give clues to security breakdowns and help identify policies or hardware issues that may be slowing down devices, so you can proactively make changes without disrupting end users 

Paired together, security reporting and endpoint analytics can help an IT department understand the data flowing in to and out of its network, detect potential threats and monitor user experience and hardware. The safety of an organization’s data and IT systems increasingly depends on having an effective, real-time monitoring security and endpoint analytics solution. 

Kollective for Software Delivery Accelerates Patching & Provides Insight into System Health with Intelligent Analytics Reporting 

According to IBM Cost of a Data Breach Report 2020 , the average cost of a corporate data breach is $3,860,000. Extensive cloud migrations are the number one cause of data breach, with 24% occurring at the end point, 19% due to a system misconfiguration and 16% because of a vulnerability in third-party software. To help avoid a costly breach, increase your endpoint security by reducing network risk with Kollective for Software Delivery .  

Kollective helps minimize the risk of data breach by ensuring 100% delivery of software updates and security patches when distributing content via Microsoft System Center Configuration Manager (SCCM). By leveraging the scale and flexibility of the cloud, Kollective optimizes software updates and patch delivery to minimize downloads and vulnerabilities with faster and more reliable patch distribution. 

Kollective’s solution delivers: 

  • 70% faster software deployment 
  • No impact to network bandwidth 
  • Analytics that provide a full view of your network 

Want to make your SCCM more powerful? Kollective IQ is an advanced analytics platform that gives you deeper insight into all your endpoints. It allows you to easily create dashboards and reports, providing the metrics your organization needs to better understand network performance and verify the success of deliveries.  

With Kollective for Software Delivery you can achieve greater than 95% peering efficiency, and significantly reduce your Wide Area Network (WAN) bandwidth utilization. This means faster and more reliable delivery of ConfigMgr content to the edge of your network. Kollective IQ provides the analytics you need to ensure your network environment is secure and fully optimized.  

To learn more about Kollective for Software Delivery, request to speak with an expert today. 

The post What the SolarWinds Hack Taught Us About the Need for Endpoint Security Reporting & Software Delivery Analytics appeared first on Kollective Technology .

To view our Partner blog, click here

​Branch Cache Vs. Peer Cache Vs. Delivery Optimization Vs. Distribution Points

branch cache

Throughout the various iterations of ConfigMgr (SCCM), we have seen numerous technologies integrated into the management platform. These integrations were either directly or indirectly built to help administrators tackle the challenges presented when managing thousands of devices in an enterprise at scale.

The current wave of these which I want to talk about are primarily aimed at addressing 3 critical areas:

  1. Efficient deployment and management of Windows devices
  2. Mechanisms to streamline existing ConfigMgr infrastructure
  3. Effective utilization of WAN bandwidth

So firstly, why do we need to think or address these areas?

Organisations are often more globally dispersed with 10’s if not 100’s of offices spread throughout different regions. These remote offices put an ever-increasing strain on the infrastructure and networks required to operate in these scenarios. ConfigMgr is a scalable solution, however, in the past this would typically mean that IT departments would continue to deploy Distribution Points to each of the regional offices to provide management and Software deployment services for endpoints at each of these locations. The issue becomes that this approach can frequently introduce just as many problems for IT as it intends to solve, thus increasing the infrastructure footprint when organisations are generally looking to reduce infrastructure and move away from on-prem services and solutions. Finally, if you don’t deploy the Distribution Point infrastructure and perhaps opt for remote software deployment services, then this will inevitably only increase the strain on organisations Wide Area Network (WAN) links often causing congestion with a whole host of application and business services all fighting for a piece of the available (and sometimes limited) bandwidth. This ultimately, doesn’t help IT or the business drive efficiencies.

Keeping pace with new trends

One key area that brings this topic into sharp focus has been the trend of the “as a Service” (aaS) model, and specifically Windows 10. Windows 10 is delivered leveraging the Windows as a Service (WaaS) model. Unlike Operating Systems of the past that would have a pre-defined life-cycle and interim updates to maintain stability and security, this means that Windows 10 will be perpetually updated on an on-going basis much like we experience with other technology platforms such as our smartphones. In my opinion, this is a largely positive move as it will provides far greater control on which version(s) can exist; and by ‘exist’, I mean ‘be supported’. It enables Microsoft to introduce new features incrementally, ensuring ongoing support for technological changes can be satisfied. But, as we have seen, the operating system improvements in sophistication and complexity also means an increase in the size of updates required to service and maintain the core system. One area where this has presented a challenge in the Enterprise space is understanding how organisations will maintain this ongoing change, and a key aspect of this is the systems used to managed and maintain these systems today ConfigMgr.

As they also recognise that simply deploying more hardware isn’t going to work anymore, Microsoft has been working hard to provide alternatives to the traditional ‘just deploy more hardware’ solution. They are opting to adopt software-defined solutions to help organisations with this technology change.

That’s a good thing, right? Well… yes. However, I also believe that Microsoft is also driving these solutions in the knowledge that adopting software-defined solutions will be the most effective way for organisations to adopt and embrace a Win10 (WaaS) operating platform.

The Good the Bad and the Ugly (you decide)

From my point of view, there are now three clear alternatives to deployment of traditional infrastructure (hardware-based distribution points) and these are:

1. Branch Cache

Branch cache technology was originally introduced into the Windows Server platform as a way for file servers to cache recently accessed files providing faster load times for end-users to access files and content. More recently, this tech has also been integrated into ConfigMgr allowing administrators to leverage this caching solution for software-based content at each site where it doesn’t necessarily stack up to deploy a traditional Distribution Point. Unfortunately, there are some drawbacks to this method with the primary one being that this solution is largely a ‘black box’ with very few options for configuration and, more importantly. no easy way of monitoring what content is cached.

Pros:

  • Easy to set-up
  • Can handle non ConfigMgr content types
  • Supports de-duplication

Cons

  • No management or reporting interface (difficult to know what content is cached)
  • Requires separate cache location for ConfigMgr for content storage (duplicated cached content)
  • Doesn’t natively support WinPE out of the box
  • Limited to Subnet based discovery broadcasts (problematic in wireless networks where broadcast may be disabled)

2. Peer Cache

Microsoft’s recent integration enables ConfigMgr clients to share content with other Peer cache enabled clients. This now utilizes the LEDBAT transport to efficiently manage network activity during a caching event to ensure that the network doesn’t become saturated when sharing content.

Pros

  • Directly integrated in ConfigMgr, so any enabled device can perform this function
  • Supports partial content download, so client can serve content as soon as the first blocks are available
  • Utilizes the efficient LEDBAT data transfer technology to reduce network congestion

Cons

  • Client peering scoping is limited to ConfigMgr client site boundary groups which can become complex to manage due to the number required and can limit peering capabilities down to smaller groups of end-points
  • ConfigMgr scheduled deployments can cause multiple end-points peering from origin sources, reducing the peering efficiency achieved

3. Delivery Optimization

Microsoft’s integrated peering solution introduced into the Windows 10 platform is a peer-to-peer client update service that uses both local and remote end-points (via the internet) to deliver Win10 updates and Windows store applications.

Pros

  • Integrated directly into the OS, easy to enable / configure
  • Standalone solution not requiring ConfigMgr integration (great for SMB’s)
  • No upfront costs

Cons

  • Only supports Win10 endpoints
  • Limited ‘use case’ for content deployment (only supports Updates and Store Apps)
  • No centralized management (no reporting or analytics)
  • No control over content
  • Requires extensive boundary configuration

No such thing as a free lunch

Now don’t get me wrong, the Microsoft tools and integrations to solve the challenge of providing efficient deliveries while reducing and simplifying your ConfigMgr infrastructure are very effective, but as you might start to see, no single solution can act as holistic solution to solve this problem. In fact, from many discussions with customers and working at the coalface on this, I have come to realise that you will most likely need to implement all these technologies in parallel as point solutions to achieve a successful outcome.

Well that’s alright. After all, they are free to use?

You have probably heard the phrase “No such thing as a free lunch” and when we are presented with this potential offer, we should be thinking “what’s the catch”?

All of us in both our professional and personal lives are offered free (at the point of use) software, services and offers. However, sometimes we need to consider ‘does free really mean free’? Often what we need to do is take a step back and examine the bigger picture to the problem we are trying to solve. If we accept free services do these have a catch and/or a drawback? When evaluating these free solutions, I recommend considering the following aspects:

  • Does the solution provide all the capabilities and features we require to address the problem?
  • Are there going to be hidden costs further down the line?
  • Is the solution going to require additional work or effort on our side?
  • Do we have enough time, knowledge and resources to support the additional effort required to manage any functional deficits?

The Toolbox Vs. the Contractor

Given the above, we can all sometimes solve a problem by ourselves utilizing a ‘Do It Yourself’ approach. In my personal life, I have been going through a house refurbishment, so I’ll use that analogy here. I have often asked myself “Do I just DIY this, or do I need to bring in the professionals?”. I go through a very similar thought process to consider the upsides and downsides to each option. Some considerations when pondering the DIY approach:

  • Up-skilling – Will I need to build my knowledge around the area of work I’m looking to take on?
  • Time – Do I have the time to invest in doing the job myself, as it will take me more time than a professional to achieve the same task?
  • Outcome – Will I be happy and/or satisfied with the result? Will it be delivered to the standard required?
  • Risk – Are there significant risks associated with undertaking the work? Would a professional with proven experience mitigate these?
  • Cost – Considering the possible mistakes and/or overlook of the previous considerations, will doing the work myself really save me money?

So, it certainly makes sense to me that we make the same evaluations in our commercial / professional lives. Yes, we can do a job ourselves, but we may not achieve the desired outcome or to an acceptable standard, and this I think is certainly true when considering the free Microsoft solutions. Do you muddle through and hope for the best outcome whilst increasing your operational overheads and perhaps not achieving your strategic goals, or do you engage and procure a premium solution that delivers all the functionality and capabilities required to ensure a successful outcome? Sometimes, letting the professionals take care of it can add immense value to your organisation by leveraging their many years of expertise and importantly delivering all the functional specifications in a single ‘one stop shop’ solution.

Closing summary

There are many options to consider when re-defining your ConfigMgr infrastructure. What is clearly apparent is that a traditional approach of simply deploying more and more Distribution Points won’t help to scale your infrastructure to meet the demands of the modern workplace, WaaS and the on-going servicing and maintenance demands these changes will make on your environment.

The post ​Branch Cache Vs. Peer Cache Vs. Delivery Optimization Vs. Distribution Points appeared first on Kollective Technology .

To view our Partner blog, click here

​Windows 7 is Dead: Prepare for Cloud-Based Windows 10

CMMA Blog

Mark the date — on January 14, 2020, Microsoft is officially sending Windows 7 to the big server in the sky and ending included support for its popular operating system. This move will put a stop to vital security updates and patches that thousands of organizations still rely on worldwide.

Once a respectful period of mourning has been observed, businesses who don’t opt for the expensive stop gap, will have to turn their attention to migrating to the Windows 10 system, which will work in a drastically different way than before.

Moving to the ‘as a Service’ model

Described as the ‘last windows operating system’, Windows 10 will operate ‘as a Service’ with users being required to update regularly, instead of the previous process of migrating to a whole new OS every few years.

Research shows that 96% of businesses have already started the transition to Windows 10; however, making this process as quick and pain-free as possible will be crucial to IT operations.

This new ‘Windows as a Service’ model will come with a unique set of challenges. Monthly quality updates or bug fixes will normally be under 1GB; whereas bi-yearly feature updates can be up to 5GB. Due to the increased frequency and size of these updates, IT teams will have limited time for testing and distribution.

Currently, 79% of organizations don’t install updates immediately, and a further 53% wait at least a month before they’re able to install vital operating system updates across their entire network.

Tricky transitions

Simply ignoring this distribution problem could be disastrous for businesses, creating an exponential build-up of outdated machines that creates serious security liabilities. Being vulnerable to cyber-attacks and data breaches is a risk that organizations simply cannot take in the modern era.

The nuclear option is to rip out the entire network and start from scratch. In the long term this will help with the speed of your updates, however in the short term it can cause huge disruption to your IT infrastructure — taking budget and resources away from more immediate concerns.

IT professionals need an answer to this problem that’s both cost-effective and quickly implementable.

Software to the rescue

Luckily, there is another way. Using a Software-Defined Enterprise Content Delivery Network (SD ECDN), businesses can streamline the delivery of updates for Windows 10.

In brief, a SD ECDN uses a peer-to-peer system that evenly distributes bandwidth. The higher the number of peers, the faster the network can deliver content, meaning even existing hardware can contribute to ensuring you have the crucial security patches you need for Windows 10.

And, you won’t have to overhaul the entire network. With the Kollective SD ECDN, enterprises can speed-up software distribution, smoothly transition to Windows 10 and be future-proofed against other cloud-service updates — all using your existing infrastructure.

Our software has many other benefits beyond just helping you survive the Windows 7 apocalypse, but being prepared for this critical change should be a major priority for organizations who want to keep data secure and IT services up to date in the cloud-service era.

Ciena solves software delivery headache with Kollective for ConfigMgr.

In less than 6 months, Microsoft will end included support for Windows 7. One-fifth of large enterprises have yet to complete their migration to Windows 10. Learn how to prepare for the end of Windows 7 and manage the regular cadence of Windows as a Service updates.

The post ​Windows 7 is Dead: Prepare for Cloud-Based Windows 10 appeared first on Kollective Technology .

To view our Partner blog, click here

A Day In the Life of a Kollective for ConfigMgr Admin

CMMA Blog

Do you have trouble delivering software and OS updates, patches, and applications to remote corners of your enterprise network? Are you tired of tying up the network when large packages are pushed? We think there is a better way. Follow along as we take you on journey to show you what your network could be. A journey we like to call “A day in the life of a ConfigMgr Admin.”

“Set it and forget it” with K4CM

Your company recently installed Kollective for ConfigMgr (K4CM). The Kollective integration is enabled through SCCMs Alternate Content Provider API, also known as ACP. Once our publisher is installed on your site server and our agent on your endpoints, it is “set it and forget it.”

Let’s imagine your organization went live with our system yesterday, and you hit send on a software update package at the end of the workday. When you get to the office this morning, you are anxious to see how your package delivery performed. You login to the Kollective platform and here is what you see:

imgo

The package has been distributed across the network by utilizing Kollective For ConfigMgr, our cloud-based content delivery solution, which requires no additional hardware, professional services, or lengthy setup. In the past, this delivery may have taken days to complete, but now it happens within hours. You can easily see where your package was delivered geographically, to how many machines, and how much bandwidth was saved.

Terabytes of bandwidth savings

The Kollective for ConfigMgr agent shows 79% peering for this delivery. For the 2134 machines that were targeted, what would normally require 4.835 GB to deliver the package, only used 1.015GB. This is a 79% reduction in the amount of bandwidth required and is accomplished by transferring the load from the WAN to the LAN.

This is a relatively small package; imagine the bandwidth savings and network effects on a 4GB Win10 Quality update. The savings from just that one delivery will be measured in terabytes. How many deliveries like this do you do a month? Someone in your organization is likely accustomed to calculating how much additional bandwidth will cost – this is a rare opportunity to calculate how much bandwidth can be saved, and what that equates to in dollars saved.

Intelligent mesh peering means no “single point of failure”

One factor to keep in mind is that you no longer require a distribution point for many of these locations, and have thus removed a “single point of failure”. With Kollective, machines coordinate with one another to transfer content over the WAN once and then share the content with one another using our mesh peering technology. In addition, our real-world experience shows that a K4CM customer can expect a 90+% reduction in software delivery related helpdesk tickets, leading to significant workplace efficiency gains due to a reduction in time spent chasing down failed deliveries. Allowing your employees to do their job rather than fixing problems is significant in terms of employee satisfaction and real cost savings.

Screen Shot 2019 06 13 at 7.57.30 AM

Have a remote office in Alaska that you are concerned about? As you can see in the image above, this package was safely delivered on the LAN side in the Anchorage office and got there without shutting down mission-critical traffic due to the agents’ ability to dynamically throttle when it detects higher priority traffic. You won’t receive frantic calls from your Network Team that the package you are managing is shutting down the network. The machines in this office, just like the machines in every other office, are sharing the package data amongst themselves using our intelligent mesh-peering solution.

The Kollective process allows a machine to get content from the nearest acceptable peer and is broken up into blocks. Here is how it works: imagine an employee has a machine that is downloading content over the WAN and then “serving” other machines as the “LAN leader” (in the background, and unbeknownst to her). She decides to grab her machine and head out for the day. Another Kollective agent will immediately resume the WAN download and begin serving that content to other peers.

Are you considering adopting Cloud Management Gateways for remote users or “Internet Only” remote offices? at some of these remote offices? As a 100% cloud-based solution, Kollective for ConfigMgr can support peering when using a CMG, providing the ability to manage clients on the internet outside of the traditional organization network perimeter. Since the Kollective Agent doesn’t require network mapping or boundary groups, groups of users in remote locations can effectively peer with one another las if they were within your network boundaries. This allows for far more efficient and effective software delivery.

All of this happens automatically, and the agent gets smarter over time. The days of boundary group mapping are over. There is no need to create or maintain boundary groups, as the agent will automatically go find the content it needs from the nearest peer that has it. After a few deliveries, each agent will remember where it got the content the last time and look there first. Thus, the agent gets “smarter” over time, making deliveries more efficient and saving more bandwidth. It is not unusual to see peering rates of over 90%, which leads to some amazing savings when you factor in the number of machines targeted and the size of the packages.

Drilling down into the details

Where did the package go? Let’s take a look… Gone are your days of pulling logs to see what happened. K4CM allows you to start from the top and get broad information about where the package was sent. From there, you can drill down to easily find out what countries were targeted, what offices, and even what machines.

Screen Shot 2019 03 08 at 2.27.18 PM

You can also determine what machine was serving as the LAN leader, what machines were pulling content from that leader, and figure out if a machine or office is acting outside of expectations.

As the GM for Kollective for ConfigMgr, I’m pretty excited about what our product can offer you. From the costs savings and workplace efficiencies to real and useful network insights, Kollective can help you distribute packages without hassle, freeing you up to focus on other mission-critical tasks.

Now that you have witnessed a day in the life of a ConfigMgr Admin, why not give us a spin to see if K4CM is right for you with our 60-Day Free Trial .

Ciena: Customer Case Study

Learn how Ciena uses Kollective for ConfigMgr to managing software distribution on a global scale.

Get The Case Study

Ciena: Customer Case Study

Learn how Ciena uses Kollective for ConfigMgr to managing software distribution on a global scale.

Get The Case Study

Related Blog Posts

The post A Day In the Life of a Kollective for ConfigMgr Admin appeared first on Kollective Technology .

To view our Partner blog, click here