Infinet

datoo

Datto BDR

Keeping your business safe is always your first priority – and making sure the data under your charge is backed up properly and fully secured is a specialty of Datto. Instant Virtualization technology works locally and remotely to ensure you have a complete backup and disaster recovery solution at your fingertips.

Datto BDR Read More »

partner ingram

Is DevOps Automation of IT Security a Better Move?

At a recent Security Roundtable that took place at Search IT Operations, one of the topics discussed was when a company should migrate their IT security to DevOps. Should it only be when IT departments are understaffed and have to resort to technology policing itself, basically, or should it be used only when there is competent staff on hand to monitor it? Some argue that it is a much better choice, to be able to “set and forget” cloud-based security parameters, with only intermittent monitoring required by IT staff members who can then quantify and track other more “hands-on” areas of IT operations. Others say that a company’s IT security and cyber threat assessment shouldn’t be left to such an “abstraction”.

Devops IT Security

Choosing Hands-Off IT Security

Many in IT circles are discussing just what “DevOps maturity” means for their company data centers and networks. The arguments go back and forth – some in favor of having a cloud-based security watchdog which can detect and auto-filter out cyber threats and other data breaches, and some saying that it’s leaving too much up in the air by basically having machines watching the machines. It appears IT security pros are pretty evenly split, with some leaning more towards seeing the benefits of having DevOps “beyond the cloud,” and some “server huggers” seeing human-controlled infrastructure as the best basis for ongoing security in data networks.

Experts Weigh In

The benefits of Amazon Web Service’s CloudTrail allow server huggers and less hands-on IT department staffers to be able to log all kinds of information that a human just wouldn’t have the capacity or time to. said Sven Skoog, information security officer at Monotype Imaging Inc., a design firm in Woburn, Mass, had this to say about it: “There are a lot of metadata asset tag changes that indicate whether [an action] was employee activity or if [the system] was externally compromised, so I might like to have that information on record.” Mark that a “Yea” vote for the DevOps security tool. IT firm Alert Logic sees it slightly different, preferring the hands-on checker of “acceptable-use alerts” to handle being the watchdog, with “chief security evangelist” Stephen Coty commenting, “Ninety-nine percent of the time, it was a false alarm. But that 99% of the time, nobody knew I was actually touching the box. With CloudTrail, you know.”

DevOps “In the Cloud”

Recently-innovated tools have pushed DevOps in the Cloud to the viable stage of being an abstract, learning situation that can allow the cloud-based tool to scan and parse alerts and decide if they are sensitive or threatening enough to cause a shut-down of user permissions within a given IT network interface. Ever-newer models are allowing more and more IT departments to realize “hands-free security”. Many new-fangled terms are being tossed around to describe the novelty of abstract security, such as service-oriented architecture (SOA), modular computing, and Web services, but they all roughly amount to the same thing – leaving cloud-based security in its own hands.

Implications and Solutions

Whether you agree or disagree with “DevOps in the cloud” thinking, the fact is that you can use this issue as a litmus test for an IT services firm that’s cutting-edge. If you ask them about this and they say “Huh?” perhaps it’s best to move on to one that can get you closer to viable, hands-off cloud-based security. InfiNet Solutions is the leader in providing managed IT services in Omaha.  Contact our expert IT staff at (402) 895--5777 or send us an email at [email protected], and we will be happy to answer your questions.

Is DevOps Automation of IT Security a Better Move? Read More »

Office 365 Users Beware: A Bold New Ransomware Threat Emerges

If you had to make a list of the most pressing threats that Internet users face today, ransomware would undoubtedly be right at the top. Now, thanks to a massive zero-day attack by a particularly tricky group of hackers, Microsoft Office 365 users in particular need to be incredibly careful moving forward.

Ransomware Office 365

What is Ransomware?

At its core, ransomware operates a lot like a traditional computer virus with a particularly sinister twist. When a rogue piece of software is downloaded and executed on a user’s computer, it snaps into action and actually encrypts the contents of that drive almost immediately. Encryption essentially “scrambles” information, making it impossible to get at a particular block of data without the appropriate encryption key.

Because only hackers have the encryption key, this essentially locks a user out of their own data. Their only choice is to pay a predetermined “ransom” to get access to the keys and to get their information back, but even this is not a guarantee.

Why Office 365 Users Should Care

Previously, ransomware only targeted files stored locally on a computer’s hard drive – meaning that anything that was stored in Microsoft Office 365 or another cloud-based service would be unaffected. According to a new report published by Avanan, however, this is no longer the case. Even though Office 365 has a number of sophisticated security tools built-in designed to prevent exactly this type of thing from happening, new variants of the “Cerber Ransomware” strain are now going after Office 365 email users in particular.

This means that if you were previously counting on Office 365 to alert you to any vulnerabilities and to prevent this type of thing from occurring, you’re out of luck. It is now more important than ever to follow Internet safety best practices and, if you’re a business owner, to educate your own employees of the same.

By far, one of the best ways to avoid becoming a target of ransomware is to avoid downloading files from senders that you are not already familiar with. If you get a random email out of the blue that has a file attached, do NOT download it and execute it on your computer. Also be on the lookout for clear signs of phishing and other types of SPAM email that could have these files hidden inside.

Regular backups to a secure, off-site location are also important as if you DO fall victim to a ransomware attack, these could be your only way to get things back up and running again when you come out safely on the other side. Even if your entire hard drive is encrypted, you can still wipe the entire operating system and start from scratch. You can then restore your system using the most recently available backup copies, circumnavigating the ransomware’s encryption and picking right back up where you left off.

This will only work, however, if the backups are stored in a secondary location NOT connected to the host computer. If they are only stored in a separate location on the same hard drive, they too will be compromised during the attack.

At InfiNet Solutions, we’re incredibly proud that you’ve chosen us as your go to source for all of the technology tips, tricks, news and other information that you need to run the type of business you’ve always wanted. If you’re looking for more information about this or any of the other important industry topics that we’ve covered, please feel free to send us an email at [email protected] or to give us a phone call at (402) 895--5777 today to speak to someone in more detail.

Office 365 Users Beware: A Bold New Ransomware Threat Emerges Read More »

Call Now Button