Vulnerability risk assessment: See three questions that cut risk down to size

hackers

hacker 2

It is often said that the first step in solving a problem is to admit you have one. This may well be sound advice, but in terms of IT vulnerability risk management, it is much better stated as, “The first step is to figure out which risk you’re facing.”

Typically, risk-related issues bubble up because something specific goes awry. Sensitive information pops up in a city dump or a Wall Street Journal article, or — as was the case with one recent client — a piece of decommissioned equipment shows up on eBay thanks to a lack of policy for disposal.
Whatever the risk in IT, there are fundamental best practices for finding, fixing and protecting against unusual and common vulnerabilities your organization’s data, applications, networks, systems and other components. This tip offers advice on how to create a vulnerability assessment process.
hackContinue reading

What is Obfuscation?

obsfucation

Obfuscation is the practice of making something difficult to understand. Programming code is often obfuscated to protect intellectual property and prevent an attacker from reverse engineering a proprietary software program. Obfuscation may involve encrypting some or all of the code, stripping out potentially revealing metadata, renaming useful class and variable names to meaningless labels or adding unused or meaningless code to an application binary. A tool called an obfuscator can be used to automatically convert straight-forward source code into a program that works the same way, but is much harder to read and understand.

Another reason for obfuscating code is to prevent it from being attacked. Programs written in software languages that are compiled, such as C or C++ lend themselves to obfuscation. Unfortunately, malicious code writers who want to hide or disguise their code’s true purpose also use obfuscation to prevent their malware from being detected by signature-based antimalware tools. Deobfuscation techniques, such as program slicing, can sometimes be used to reverse engineer obfuscation.

Source: TechTarget

IT cheers new SharePoint mobile apps

share point

Microsoft customers are excited about new SharePoint updates that will help IT better provide collaboration and file sharing to mobile users.

Microsoft will offer new native SharePoint mobile apps for iOS, Android and Windows. Until now, users had to access SharePoint via mobile device browsers, which could be a cumbersome experience. IT pros anticipate a much better interface on the mobile apps.
sp“A native app experience is going to make everything easier to access from all devices,” said Jeff Janovich, a software analyst at Carlisle Construction Materials, a SharePoint shop in Carlisle, Pa. “I am very excited for the apps they are starting to build.”

SharePoint is included in Office 365 licenses, which may sway Microsoft customers to use the platform, even though it competes with a growing number of collaboration services, such as Box and Slack.

“We are an Office 365 shop, and if SharePoint is included in Office 365, why pay extra?” said Steven Powers, IT manager at Millar, a medical technology provider in Houston.
Continue reading

Mobile identity management gets a makeover

Mobile mgt

 

IT’s job is getting easier thanks to new mobile identity management and single sign-on technologies.

These tools have become more prevalent as IT tries to streamline how it controls access to the wide variety of services that mobile workers use. Identity management allows IT to verify who the user is, and then implement policies regarding data and application access. Single sign-on (SSO) grants users access to all their applications with one login and no need for further authentication in each app. Enterprise mobility management (EMM) providers MobileIron and VMware AirWatch recently added these kinds of capabilities, and Box and Okta Inc. expanded their existing partnership to incorporate SSO.

 

Carlisle Construction Materials adopted Okta’s identity management platform just before the vendor added integration with enterprise file-sharing service Box in March. The manufacturer has more than 2,500 employees across 15 locations in the United States, including many employees who work remotely.

“We want to incorporate as much as we can to be single sign-on,” said Jeff Janovich, a software analyst at the company in Carlisle, Pa. “We want to take it as far as we can go.”

sso

 

 

 

Okta’s SSO feature now allows users to access the Box mobile app through Okta’s app store. It also provides users access to their IT-approved apps, without requiring them to enter usernames or passwords every time they log into an app. Users enter just one PIN to access all their apps, rather than entering one login for Okta and another for Box.
Continue reading

BYON brings its own security challenges.

BYON

When users create their own networks to access corporate data on their mobile devices, they alHot Picksso create security problems for IT.

An offshoot of the bring your own device trend, bring your own network refers to when users provision their own network services for Internet access, workgroup communications and information sharing, printer sharing and other functions.

Bring your own network (BYON) implementations are generally built around a residential-class Wi-Fi router, with backhaul implemented via an authorized connection to an existing wired network or a wide area wireless connection. Many wireless routers support USB cellular modems, making BYON simple and cost-effective.

BYON eliminates the need for IT to provision access for certain authorized workgroups seeking isolation — typically contractors, field auditors and special projects that management has determined will benefit from being separated from checkpointmainstream network activity.

Many view BYON as just another example of IT consumerization. Given the performance and power of consumer-grade devices today, with little to no compromise in function, performance or mission, BYON can indeed provision network services equal to those otherwise available on the big network.

At first glance, there’s really nothing unusual going on. BYOD is now firmly established as a valid, if not the preferred, mobile device provisioning methodology. Many professionals, such as plumbers, carpenters, network analysts and consultants, always bring their own tools to the job site. Isn’t the network just like any other tool?

But it’s not unreasonable to view the network differently, primarily due to one insoluble challenge facing all IT shops everywhere: security.

Sanctioned BYON activity must comply with organizational security policies on authentication, authorization, encryption and identity management. Given the isolation inherent in BYON, however, the potential for unauthorized exposure of sensitive information is usually reduced — one of the primary justifications for authorized BYON.Continue reading

Adopt social collaboration tools with a purpose

sharepoint

When my brother and I were kids, and my father thought we were doing something particularly stupid — like hiding all of my sister’s Hungry Hungry Hippos marbles inside the base of a basketball hoop — he would say, “Don’t be an idiot for the sake of being an idiot.” That advice really rings true when it comes to adopting social collaboration software in the enterprise.

These kinds of platforms, such as SharePoint, Slack and Yammer, offer messaging, communications and content sharing features that help foster teamwork among employees. But IT shouldn’t add a social collaboration platform just for the sake of having a social collaboration platform. Admins need concrete goals such as providing a place for users to share information or work on documents, and they must communicate those reasons to users. If they don’t, the platform will fail.
Mobile digest
With the right goals, social collaboration tools can bring huge benefits. Some platforms have blogs or wikis where users can post something for the entire company to see, making it easy to disperse important messages or other content. Others allow users to create targeted groups and include relevant team members. Users can also share with each other how to make simple tech fixes, so IT admins don’t waste time on small problems such as forgotten passwords.

Continue reading

Can tablets replace laptops in the Enterprise?

front page

The personal computer has changed dramatically over the last decade. Desktops haven’t disappeared, but they’ve been replaced in popularity by laptops, which in turn are now threatened by tablets. All of these devices are computers, but they have different priorities. Productivity is considered the domain of desktops and some laptops, while tablets are used as consumption devices.

CaptureContinue reading

Microsoft Advanced Threat Analytics For IT Security

Introduction

There are several methods for identifying unusual or anomalous user activity. Traditionally these methods have required certain events be logged to the Windows event logs on workstations, servers, and Domain Controllers (DCs) and these events need to be forwarded to a central collection system. The drawback to this approach is numerous: the data logged may not catch certain “known bad” behavior, the sheer number of events that require logging is numerous, and the log data requires large amounts of storage for processing and recall.

Microsoft announced a new product at the Microsoft Ignite conference in May 2015. Microsoft Advanced Threat Analytics (ATA) is an on-premises product to help IT security professionals protect their enterprise from advanced targeted attacks by automatically analyzing, learning, and identifying normal and abnormal entity (user, devices, and resources) behavior. ATA also helps to identify known malicious attacks, security issues, and risks using world-class security researchers’ work regionally and globally. Leveraging behavioral analytics, this innovative technology is designed to help enterprises focus on what is important and to identify security breaches before they cause damage.

ATA

How it works

Microsoft Advanced Threat Analytics (ATA) provides a simple and fast way to understand what is happening within your network by identifying suspicious users and device activity with built-in intelligence and providing clear and relevant threat information on a simple attack timeline.

Microsoft Advanced Threat Analytics detects:

Capture4

  • Security issues and risks:
    • Leveraging world-class security researchers’ work, ATA identifies known security issues and risks.
  • Malicious attacks:
    • Diagnostic engine detects known attacks almost as instantly as they occur.
  • Abnormal behavior:
    • Behavioral Analytics leverages Machine Learning to uncover questionable activities and abnormal behavior.

Steps:

Continue reading

Why Technology has refused to grow in Nigeria

depositphotos_6104113-Growing-Green-Technology

Nigeria became a technology country dating back 2 decades. We have had the good, the bad and the ugly of technology since its inception in the most populous black nation of the world. We have also seen huge investment by foreign company. In Nigeria the adoption of technology solutions in business and the government has been relatively slow, maybe it is because the economy has been bad but I doubt that.

Continue reading