What the SolarWinds Hack Taught Us About the Need for Endpoint Security Reporting & Software Delivery Analytics

Best Practices

By now, almost everyone has heard of the disastrous SolarWinds hack . To re-cap, in March 2020, hackers stealthily installed malwareinto SolarWinds Orion, a network-monitoring software used for IT infrastructure management. This allowed the hackers to gain access to highly sensitive data via a covertly inserted backdoor. The attack went undetected for months and was first publicly reported in December 2020 after being spotted by cybersecurity firm FireEye. Over a period of eight months, at least 24 organizations installed the SolarWinds software laced with malicious code, including various federal, state and local governments and private sector companies

When Microsoft found out they were among those compromised in the hack, they made quick work to remove the digital certificates that the Trojaned files used, announced that it was updating Microsoft Windows Defender, moved to a sinkhole domain and changed Windows Defender’s default action for Solorigate from “Alert” to “Quarantine.” Microsoft’s quick actions lead to neutralizing and killing the malware while gaining control over the malware’s infrastructure from the attackers. 

The SolarWinds hack highlights the devastating impact of software supply chain attacks and underscores the fact that most organizations are unprepared to prevent and detect such threats. When a security breach happens, speed is a critical factor in remediation, but you also need granular insights into software delivery to understand overall system health. 

Best Practices to Avoid and Respond to a Cyber Security Attack 

According to a Cisco report , “Major incidents and losses can be avoided by proactively refreshing the technology used and by learning from prior incidents, through prompt disaster recovery, sufficient security tech, timely incident response and accurate threat detection.”  

You can help defend your company from a cyber-attack by conducting risk assessments, mitigating against risks that cannot be removed, preparing and implementing a breach response plan and implementing cyber security best practices. In addition to scanning your systems on a continuous basis, Gurpreet Dhillon, Ph.D of Virginia Commonwealth University , recommends organizations to 

  1. Install sensors or mechanisms to collect potential hazards  
  2. Conduct automatic searches at regular intervals for potential flaws  
  3. Collect results from different divisions and/or stakeholder groups  
  4. Triage and analyze results on an ongoing basis  
  5. Fix the most critical issues first and develop a priority list  
  6. Report progress and continuously improve  

If your organization falls victim to a cyber-attack despite all of the security measures you’ve taken to prevent it, after you discover the breach: 

  1. Survey: Identify the attacker and find out where the attacker entered 
  2. Limit: Filter traffic and isolate system  
  3. Record: Find effects and identify disruptions  
  4. Engage: Connect with District Attorney and engage with FBI Infragard 
  5. Notify: Notify affected persons and seek legal counsel 
  6. Learn: Document learning points and proactively ensure learning moving forward 

Even when taking the upmost security measures, a data breach can happen to any organization. Reduce your risk of a cyber-attack by implementing and following your organization’s best practices, and if a breach does occur, follow your security response plan.  

Managing Network Health via Security Analytics 

Security reporting leverages a combination of software, algorithms and analytics processes to detect potential threats to IT systems, not just sniff out hacks as they occur.    

“Many organizations do not use security analytics to its full capabilities; often the analysis is relegated simply to identifying network attacks. However, this is only one subset of the types of security analytics that should be deployed. Security analytics provides insights into how well security programs are working. It can also help identify problem areas and can warn of imminent or active attacks” says privacy and security expert Rebecca Herold . 

Ian McClarty, President ofPhoenixNAP Global IT Services , elaborates, Analytics are key to security.As the complexity of IT networks has grown, the inventiveness and sophistication of cyber security threats and attacks has grown just as quickly.” 

Endpoint analytics can also give clues to security breakdowns and help identify policies or hardware issues that may be slowing down devices, so you can proactively make changes without disrupting end users 

Paired together, security reporting and endpoint analytics can help an IT department understand the data flowing in to and out of its network, detect potential threats and monitor user experience and hardware. The safety of an organization’s data and IT systems increasingly depends on having an effective, real-time monitoring security and endpoint analytics solution. 

Kollective for Software Delivery Accelerates Patching & Provides Insight into System Health with Intelligent Analytics Reporting 

According to IBM Cost of a Data Breach Report 2020 , the average cost of a corporate data breach is $3,860,000. Extensive cloud migrations are the number one cause of data breach, with 24% occurring at the end point, 19% due to a system misconfiguration and 16% because of a vulnerability in third-party software. To help avoid a costly breach, increase your endpoint security by reducing network risk with Kollective for Software Delivery .  

Kollective helps minimize the risk of data breach by ensuring 100% delivery of software updates and security patches when distributing content via Microsoft System Center Configuration Manager (SCCM). By leveraging the scale and flexibility of the cloud, Kollective optimizes software updates and patch delivery to minimize downloads and vulnerabilities with faster and more reliable patch distribution. 

Kollective’s solution delivers: 

  • 70% faster software deployment 
  • No impact to network bandwidth 
  • Analytics that provide a full view of your network 

Want to make your SCCM more powerful? Kollective IQ is an advanced analytics platform that gives you deeper insight into all your endpoints. It allows you to easily create dashboards and reports, providing the metrics your organization needs to better understand network performance and verify the success of deliveries.  

With Kollective for Software Delivery you can achieve greater than 95% peering efficiency, and significantly reduce your Wide Area Network (WAN) bandwidth utilization. This means faster and more reliable delivery of ConfigMgr content to the edge of your network. Kollective IQ provides the analytics you need to ensure your network environment is secure and fully optimized.  

To learn more about Kollective for Software Delivery, request to speak with an expert today. 

The post What the SolarWinds Hack Taught Us About the Need for Endpoint Security Reporting & Software Delivery Analytics appeared first on Kollective Technology .

To view our Partner blog, click here

A Day In the Life of a Kollective for ConfigMgr Admin


Do you have trouble delivering software and OS updates, patches, and applications to remote corners of your enterprise network? Are you tired of tying up the network when large packages are pushed? We think there is a better way. Follow along as we take you on journey to show you what your network could be. A journey we like to call “A day in the life of a ConfigMgr Admin.”

“Set it and forget it” with K4CM

Your company recently installed Kollective for ConfigMgr (K4CM). The Kollective integration is enabled through SCCMs Alternate Content Provider API, also known as ACP. Once our publisher is installed on your site server and our agent on your endpoints, it is “set it and forget it.”

Let’s imagine your organization went live with our system yesterday, and you hit send on a software update package at the end of the workday. When you get to the office this morning, you are anxious to see how your package delivery performed. You login to the Kollective platform and here is what you see:


The package has been distributed across the network by utilizing Kollective For ConfigMgr, our cloud-based content delivery solution, which requires no additional hardware, professional services, or lengthy setup. In the past, this delivery may have taken days to complete, but now it happens within hours. You can easily see where your package was delivered geographically, to how many machines, and how much bandwidth was saved.

Terabytes of bandwidth savings

The Kollective for ConfigMgr agent shows 79% peering for this delivery. For the 2134 machines that were targeted, what would normally require 4.835 GB to deliver the package, only used 1.015GB. This is a 79% reduction in the amount of bandwidth required and is accomplished by transferring the load from the WAN to the LAN.

This is a relatively small package; imagine the bandwidth savings and network effects on a 4GB Win10 Quality update. The savings from just that one delivery will be measured in terabytes. How many deliveries like this do you do a month? Someone in your organization is likely accustomed to calculating how much additional bandwidth will cost – this is a rare opportunity to calculate how much bandwidth can be saved, and what that equates to in dollars saved.

Intelligent mesh peering means no “single point of failure”

One factor to keep in mind is that you no longer require a distribution point for many of these locations, and have thus removed a “single point of failure”. With Kollective, machines coordinate with one another to transfer content over the WAN once and then share the content with one another using our mesh peering technology. In addition, our real-world experience shows that a K4CM customer can expect a 90+% reduction in software delivery related helpdesk tickets, leading to significant workplace efficiency gains due to a reduction in time spent chasing down failed deliveries. Allowing your employees to do their job rather than fixing problems is significant in terms of employee satisfaction and real cost savings.

Screen Shot 2019 06 13 at 7.57.30 AM

Have a remote office in Alaska that you are concerned about? As you can see in the image above, this package was safely delivered on the LAN side in the Anchorage office and got there without shutting down mission-critical traffic due to the agents’ ability to dynamically throttle when it detects higher priority traffic. You won’t receive frantic calls from your Network Team that the package you are managing is shutting down the network. The machines in this office, just like the machines in every other office, are sharing the package data amongst themselves using our intelligent mesh-peering solution.

The Kollective process allows a machine to get content from the nearest acceptable peer and is broken up into blocks. Here is how it works: imagine an employee has a machine that is downloading content over the WAN and then “serving” other machines as the “LAN leader” (in the background, and unbeknownst to her). She decides to grab her machine and head out for the day. Another Kollective agent will immediately resume the WAN download and begin serving that content to other peers.

Are you considering adopting Cloud Management Gateways for remote users or “Internet Only” remote offices? at some of these remote offices? As a 100% cloud-based solution, Kollective for ConfigMgr can support peering when using a CMG, providing the ability to manage clients on the internet outside of the traditional organization network perimeter. Since the Kollective Agent doesn’t require network mapping or boundary groups, groups of users in remote locations can effectively peer with one another las if they were within your network boundaries. This allows for far more efficient and effective software delivery.

All of this happens automatically, and the agent gets smarter over time. The days of boundary group mapping are over. There is no need to create or maintain boundary groups, as the agent will automatically go find the content it needs from the nearest peer that has it. After a few deliveries, each agent will remember where it got the content the last time and look there first. Thus, the agent gets “smarter” over time, making deliveries more efficient and saving more bandwidth. It is not unusual to see peering rates of over 90%, which leads to some amazing savings when you factor in the number of machines targeted and the size of the packages.

Drilling down into the details

Where did the package go? Let’s take a look… Gone are your days of pulling logs to see what happened. K4CM allows you to start from the top and get broad information about where the package was sent. From there, you can drill down to easily find out what countries were targeted, what offices, and even what machines.

Screen Shot 2019 03 08 at 2.27.18 PM

You can also determine what machine was serving as the LAN leader, what machines were pulling content from that leader, and figure out if a machine or office is acting outside of expectations.

As the GM for Kollective for ConfigMgr, I’m pretty excited about what our product can offer you. From the costs savings and workplace efficiencies to real and useful network insights, Kollective can help you distribute packages without hassle, freeing you up to focus on other mission-critical tasks.

Now that you have witnessed a day in the life of a ConfigMgr Admin, why not give us a spin to see if K4CM is right for you with our 60-Day Free Trial .

Ciena: Customer Case Study

Learn how Ciena uses Kollective for ConfigMgr to managing software distribution on a global scale.

Ciena: Customer Case Study

Learn how Ciena uses Kollective for ConfigMgr to managing software distribution on a global scale.

Related Blog Posts

The post A Day In the Life of a Kollective for ConfigMgr Admin appeared first on Kollective Technology .

To view our Partner blog, click here

How To Prevent The Next Big Data Breach With Software Patching


No matter which way you measure it, 2017 will be remembered as the Year of the Data Breach. Record highs were hit for almost every type of data breach statistic available:

While it’s easy to chalk up this Breachpocalypse to the evolving sophistication of cyber criminals, the power of new hacking tools and the difficulty of fighting against an international menace, that doesn’t tell the full story. The real shock behind the numbers is exactly how many breaches could have been prevented with an effective software patching process.

According to the Online Trust Alliance’s Cyber Incident & Breach Trends Report , a stunning 93% of reported breaches were completely avoidable. Regular patching, along with paying close attention to vulnerability reports and training employees to avoid malicious emails, could have saved international businesses and their customers billions of dollars in damage.

Despite the fact that patches are freely available, businesses of all sizes continue to struggle to patch devices across their network not only in the days after a patch is release, but quite often years after. Looking back a few years, the Verizon Data Breach Report 2016 showed that most exploits in 2015 came from vulnerabilities discovered in 2007, while vulnerabilities from as far back as 1999 still accounted for a significant amount of exploits.

Looking at 2017, two of the most notable hacks could have been prevented with an effective patching process:

  • The WannaCry ransomware campaign wreaked worldwide chaos, causing more than $8 billion in losses across more than 100 countries. The patch for the vulnerability exploited by WannaCry was available 59 days before the attack.
  • Equifax exposed the data of 143 million people, resulting in an estimated $600 million loss of shareholder value, lost business, remediation costs, and fines, not to mention immeasurable brand value and customer trust. In mid-May Equifax confirmed that attackers gained access to its system through a Apache Struts web-application vulnerability that had a patch available in March.

What keeps a company from promptly patching? Often it’s a combination of prioritization coupled with the difficulty effectively distributing patches across the enterprise. But make no mistake; patching is often the only thing keeping your company secure. The more you can keep your patches up to date, the more likely you’ll be protected against the next WannaCry and less likely you’ll become the next Equifax.


Keep up with Windows as a Service without sacrificing your network.

Related Blog Posts

The State of Software Distribution 2018

  Over the last five years, we have seen cyberattacks hit some of the world’s largest organizations. From data breaches at Verifone, TalkTalk and Docusign, to ransomware attacks on FedEx, Honda and the UK’s National Health Service; it’s becoming increasingly clear…

read more

Page 1 of 1512 3 4 5 10 Last »

The post How To Prevent The Next Big Data Breach With Software Patching appeared first on Kollective Technology .

To view our Partner blog, click here