Don't forget to decommission employee credentials….

By

Ari Tammam, VP Channels

It should be part of standard procedures when terminating an employee's tenure at a company. However, more and more cases have been reported about employees who have stolen data or money from their company to avenge what they perceive as unfair dismissal.

 

This has to be one of the most avoidable problems in any company if strict polices are implemented concerning the termination of employees.  All access to any of the company's databases, e-mail system, intranet and any other repositories of sensitive information should be terminated in parallel with notifying an employee of his/her dismissal.

 

A report in SC Magazine this week talks about a California water services company insider who managed to transfer $9 million to offshore accounts the same night that he resigned from his post. One would think that when a person resigns, at least access to the company's premises would be blocked, much less to the IT system. Not in this case. The suspected employee went back late that night to execute his nefarious activities and then disappeared.

This story demonstrates the continued lack of priority companies place on security and insider threats. While many IT publications try to emphasise the importance of internal security, it seems as if many companies are slow to heed the advice. Warnings from all security sectors have increased about the rise in internal theft by disgruntled employees following the economic crash.

In the midst of companies cutting costs by either freezing or reducing salaries and terminating expendable workers, the temptation for financial gain through unethical or criminal activities on the part of employees has increased tremendously.

Companies must realize, before it is too late, that implementing simple measures and following documented best practices can deny these insiders the ill-gotten rewards they seek. But you don't necessarily need an IT solution to address this problem. These are the sort of problems that can be resolved without spending any money.

Reducing Costs While Improving Security

The title sounds a bit misleading but it is true and even more so in the most secure organizations. With all the doom and gloom surrounding the economy and companies cutting back budgets in order to save jobs and keep their businesses afloat, it is no wonder that IT organizations are left with no money to invest in new solutions. The fact is more and more companies are taking the perspective of not throwing more money at IT security needs but rather to consider better management of security tools in place.

However, there are definitely some solutions out there that will help companies make the most out of what they have and free up more of their IT staff's time to complete other urgent tasks. This is even more appropriate to companies that have deployed multiple security measures and invested in many different technologies to ensure the safety and security of the data and the the networks they are stored in.  I say this with full confidence having visited a number of customers in the banking and finance industry. These customers have employed every level of security for web applications, users and the machines they use, databases and data storage facilities, email and network access. However, when Promisec came along to show them their clientless endpoint management solution, none of them were really interested until they saw it work.

All of them saw the value in being able to scan all of their network endpoints and servers in a matter of minutes but even more compelling was the amount of information the application returned in such short time. The clientless architecture of the technology meant that the demonstration took no more than 30 minutes to show results. Once the results were seen, many of the participants wanted to see more and what more could be done with the application.  All of these once potential customers became customers or users of the Promisec technology for the simple reason that they could use this clientless application to verify and validate the composure of their endpoints and servers on a continuous and on demand basis.

After the demonstration most of these companies stated that they often had to re-enable clients that had gone down for one reason or another or would have to physically check that updates and service packs had been deployed correctly. These two tasks alone could consume a number of work hours for IT staff.  Further comments were made regarding maintaining the compliance stature of endpoints in the organization without the need to use heavy NAC (Network Access Control) audits.  Of the few customers using the Baseline feature included with the application, many stated how easy it was to use them to keep junk of their systems. The same junk that accumulates over time is easily identified by Promisec's application as anomalies and removed. This alone significantly prolongs PC life and reduces the need to re-image machines.

Promisec INNERspace and Promisec Spectator both enable companies to increase the return on their investment (ROI) of their existing products and itself demonstrates very quick ROI through more efficient use of resources and increasing the productivity of users, IT staff and by increasing the lifespan of equipment in use.

Why Promisec INNERSpace is Essential for your Network

By

Isaac Brecher, CISSP

 

I worked for eleven years as a desktop manager for a large Wall Street firm, and would like to share with you some thoughts regarding the usage of Promisec InnerSpace within a large organization.

 

Large organizations have in place some type of software distribution solution, most of which will do the job they were bought for: to distribute software to the user’s computer.   Most Software Distribution platforms have very few out-of-the-box client configuration capabilities, and because of that, all client side changes must be done with custom written scripts requiring a well-trained and skilled administrator spending considerable time writing and testing those scripts.

 

When we attempted to use the existing distribution platform to produce asset inventory or software reports we faced several issues: the desktop agent triggered the CPU utilization to very high levels forcing the users, in many cases, to reboot their PC; In other cases we found out that the agent wasn’t able to report back since it was in a down/unavailable state. Because of the negative impact to the user community, our system administrators were hesitant to perform regular network scans leaving stale or incomplete information in the database therefore making the work of other teams tedious and inaccurate.

 

My team battled hard to keep our desktops compliant with the antivirus solution in place, a good percentage of the effort was ineffective because we couldn’t rely on the data provided by the software distribution system.  When trying to clear virus attacks, the information given to the desktop team was inaccurate and the effort to clean a virus was much longer and more complicated . We experienced the same frustration when dealing with 'Inventory Control'; machines that were decommissioned remain as “active” in the database for at least a couple of months even though they were not connected to the network. 

 

One of the strengths of Promisec InnerSpace is the short learning curve, instant access to all common administration functions with innocuous impact to users and to network resources.  Promisec InnerSpace is ideal for organizations that require extensive client management, threat detection, inventory reporting and quick problem remediation.

 

Promisec InnerSpace and 'Software Distribution' platforms each have their own place in a well managed network.  While Software Distribution does a superb job getting the required software to the desktop, Promisec InnerSpace has an intuitive set of no-scripting desktop administration features that provides the desktop teams access to accurate and up-to-date information reducing remediation time

Conflickr, Downadup, Kido It's Out There and it's Causing Trouble!

By

Ari Tammam, VP Channels

 

So far it hasn't deleted any files or caused any financial theft but what ever you call it, Conflicker, Donwnadup or Kido, it has been causing problems almost everywhere and it's already infected more than 10 million PC's and shows no sign of stopping. In fact, most security analysts are concerned that a secondary payload, still to be released, may be the real threat with the ability to cause real damage in the machines and networks it has infected.

 

Initial infections were caused by unpatched machines that had not yet installed the KB958644 hot fix (MS08-067) from Microsoft that patched the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability. Once the worm got into a system it laid dormant for a number of days before using a 3 or 4 methods to propagate itself to other machines in the network. In some cases it would create autorun.inf files on all mapped drives so that it can execute as soon as the drive is accessed enabling it to propagate across entire enterprise networks.  It also has a password cracker enabling it to break into shared networks with weak passwords and is being passed on through infected USB drives.

 

So the first question raised is, why are there still so many unpatched endpoints out there? Secondly, with all the advice on best practices and using strong passwords why are people still using ridiculous easy to crack passwords like "123456".  Most of the infections from this worm, if not all, could have been avoided if companies enforced their security best practices/policies on all their employees and the machines they use. Now, because of the rapid infection rate and the incredible amounts of traffic that the worm generates, companies are closing down whole departments. Demonstrating that even a relatively harmless virus can be a costly nuisance.

 

It really needs to be said again and again, especially to users who seem to think that there actions have no consequences, that contravening your company's security policy or best practice policy can cause expensive repercussions. These simple rules are there for a reason and this is one of the areas where Promisec really shows its value in the visibility it provides network administrators. With Promisec's clientless technology monitoring your network, user's fallibility is easily identified and repaired whenever they try to abuse the security policy. For most of Promisec customers, identifying Downadup, even before it activated itself, was relatively easy. Firstly a simple inspection of all the machines to identify those missing the Microsoft patch as suspect machines. As a dormant worm it listed itself as a new service on a machine. This Promisec was able to detect through its Services Monitor which showed an anomaly to the Services baseline.  Once the worm was activated, Promisec was able to identify infected machines by the changes made to, otherwise static, registry values, termination or blocking of Anti Virus update services and  creation of new autorun.inf files.

Promisec's technology because it is clientless is able to perform its identification and remediation work without being hampered by the worm itself because there is no agent to tamper with and is therefore more successful than traditional anti virus agents to do the job. In fact at a number of customers they had their AV vendor's engineers come in to physically help them eliminate the problem but were not able to do so 100% and some cleaned machines became re-infected.  Promisec managed to not only identify all components and remnants of the worm but also to completely remove them.  This was mostly achieved thought the Baseline Monitors that would keep identifying new objects created by the worm.

 

Promisec is offering a free inspection audit for anyone infected by the Conflickr, Downadup, worm to identify problematic machines. Contact our Infirmary on:-  (212) 743 9916

 

Are You Bold or an Ostrich! Address Internal Threats or Bury Your Head in the Sand

By
Ari Tammam, VP Channels

This dilemma faces many IT administrators and even CIOs. Depending on whom the culprit is, whether a senior executive or a low level employee, many enforcers of IT security are unwilling to confront non compliant employees head on. If keeping your job is the concern then my advice is to use HR (Human Resources) that is their job and if disciplinary measures are needed then provide them with the evidence of any breach or wrong doing and let them deal with it.

Behaving like an ostrich and burying your head in the sand will do no good for anyone and if the problem caused is serious and causes costly repercussions then your job may well be on the line for not identifying or reporting the problem. If research and analysts are to be believed then most of the internal threats are accidental and hence avoidable.  All you need is to have a comprehensive monitoring system that quickly identifies any deviation from policy (security, corporate, usage etc..) and gives you full visibility to what is running or not running on the devices connected to your network.  Even if you're a CIO who doesn't want to rock the boat, you still need to report to your CEO with status reports or at least inform the CEO of problems you perceive. Remember the authorities do not accept excuses like "We didn't even know there was a problem" or "We don't have the ability to monitor users' activities like this".  You are responsible and required, especially if regulated, to invest in technology that provides this information so that you can identify problems and fix them when they arise.

Occasionally when I speak to some peers they tell me "You've got some great technology at Promisec with its clientless inspections but I'm too scared of what I might find. If I run one of your inspections it could open up a whole Pandora's box of problems".  Well that's exactly what its for!

If you have no visibility to the problems on your network then how the hell are you ever going to keep it secure and worry free?

Taking the ostrich approach helps no one and eventually you will get caught with your pants down, excuse the expression. If most of the problems are avoidable, then simple periodic inspection of you network will give you that edge.  How many articles have been written about users who knowingly, but not maliciously, breach corporate security policies just to get a task completed quicker or to reach sites they shouldn't?  Even with strict policies in place users fail to adhere to them.  If it’s the senior executives you are afraid of upsetting then identify and fix the problems created by lower level employees and with the executives just provide a report. At least that way you have done your job and left the onus on either your CEO or the HR department, but don't think that by avoiding the problem you are resolving it.  All you are doing is leaving your network wide open or letting some other upstart administrator fear less of the consequences to identify a problem and expose your lack of diligence which also may cost you your job.

Download the above story here:
Download Bold or an ostrich

Getting the most Bang for your Buck!

By
Ari Tammam, VP Channels

The economic crisis is taking its toll on everyone, everywhere and IT security, with its traditionally tight budgets, is no exception. The problem is no one can predict how far it will go and how long it will stay with us. Every week either a new scandal is reported or more bailouts are requested to save major corporations from going bust. The UK is considered the worst in Europe with the Germans, very amusingly, making fully clear the contempt they have for the British Prime Minister's economic rescue plan. Tony Blair did well to get out when he did. He obviously knew there was trouble ahead and decided to take the easy option of being a special envoy. Some people will always have an easy life even in a recession.

Not quite for the IT guy in any organization.

He, or she, still have to face the daunting task of getting their almost impossible jobs done with even less resources, human and financial, that they ever had before. I use the term IT guy because with all the cut backs, it's hard to know who a company will keep from its IT staff. If those cutbacks take out the expensive directors and CIO, CSO, CISO positions then it certainly becomes the underlings left to review new products that can streamline and automate some of their work. If it’s a general cutback across the board, the need for efficient systems that require little maintenance becomes more important.

IT staff have to be able to sift through vendors' and salesmen's waffle and verify if a solution is going to accomplish a number of time consuming tasks or not. With limited budgets comes a tighter selection process but you need to be sure to get the most functionality for every dollar spent. List out all of the major problems that need to be dealt with on a daily or weekly basis, prioritize them into severity and evaluate solutions that can deal with at least more than one of your problem areas. Automating problem identification and providing automatic or remote remediation will certainly free up time spent on these tasks but not if they only address one of your problem areas.  Also take into consideration the time needed to set up any of these solutions and their ongoing management. Any solution that is time consuming to set up or requires regular interference to operate efficiently will defeat your whole purpose of getting more for less.

Try using the following rules of thumb to get the most from your next solution purchase.

•    Address many problem areas with a single solution.
•    Does not require intensive human intervention (a few hours a week, no more).
•    Provides remote remediation for many problems.
•    Has a scheduling feature to automate problem identification.
•    Does not require lengthy or resource intensive deployment.
•    Is easy to operate compared to other solutions

If all of these conditions are met then the solution will easily demonstrate a real ROI and the minimized IT staff will certainly be able to do more with the limited resources they have.

Download the above story here:

Download Gettin most bang for your buck

Promisec’s Latest Study Shows How and Why Major Branded Antivirus Software Not Always Reporting When Software is Working; Statistics Show 25% of All PCs with AntiVirus Software is Missing or Disabled

By

Alan Komet,

VP of Marketing

Last week, we announced that our latest study conducted on thousands of endpoints points to the fact that antivirus management consoles from leading vendors are not accurately reporting when their software isn’t working.  

This study was conducted from June 08 – November 08 and marks the second survey done this year.

We scanned 100,000 computers across a number of industries, and found that more than one-fourth of all computers were found to have missing or disabled antivirus software.  Furthermore, network administrators weren’t being alerted to the problem by the vendors’ management consoles.

We are Promisec, are committed to conducting this type of research as a way to help our customers understand  the potential exposure their networks could be at risk, and as a way to help them establish security measurability policies aimed at mitigating the chances of having missing or disabled antivirus software.

Leading media covered the story in Dark Reading, InternetNews.com, and Redmondmag.com.

You may download the press release here:

Download Promisec antivirus release v7

Watch Your Back, Economic Crises Fuels Crime When Good People Turn Bad

By
Ari Tammam, VP Channels

It is no secret that in times of recession crime increases and in IT the opportunities for a rewarding criminal act are endless. Especially if you are an employee who knows that your neck is on the line. Insiders have long been the main culprit of treachery and harmful attacks inside a corporate network but with financial hardships hitting almost everyone, even normally good, law abiding users may be tempted to cross the line. I caught a piece in Network World last week about how the recession can make good people do bad things which describes the reasoning behind the phenomenon. 

As  the recession starts to bite, most of us will have a lot less cash to spend than we used to, some of us are going to fall behind with payments and others are finding themselves in a deep hole of debt with no way to repay it. These are the scenarios that play into the hands of crime.  Those of us with strong values and scruples will suffer and try to cope as best we can but unfortunately not everyone will be thinking like this. When an opportunity arises or is offered to an individual to gain financially from a criminal act, the temptation may be too strong to withstand. This may be even more likely with users who don't perceive the requested action to be a criminal act because they may simply be asked to download a harmless executable for an external third party.

There is no shortage of cybercriminals who would pay a reward to individuals willing to disable security or install a security compromising software application inside their company. There may even be users who would actively look for this type of recompense in order to offset their growing cash deficit.

Another aspect of the recession turning good people into bad is vengeance.  In the last few weeks I have heard from a number of colleagues and associates that they have been laid off or that their company has forced a pay cut on all employees.  Again most may simply accept the forces of a free market but some, and there always will be some, will want revenge and take the law into their own hands. Logic bombs, malware and other methods to bring down the company via its electronic network are not uncommon.  Companies have to be smart in the way they cut back their workforce or reduce salaries.  Informing an employee that they are being laid off before you cut their network access is just asking for trouble. A similar approach should be adopted when cutting salaries. Since you cannot cut off their network access because they still have a job to do you need to make sure they do not react adversely and do something they wouldn't normally do.

In this environment Promisec becomes an extremely useful asset, primarily because of its agentless monitoring capabilities but also because of the speed at which it can identify a new problem if introduced to your system. You also do not need to worry about spending a fortune to acquire the Promisec technology.  If the price is too high to lay out now, then select a service provider to do the monitoring for you with Promisec's technology and find out who is trying to damage your network. It's clientless so none of your users will know you're monitoring their machines, its non-intrusive so it won't compromise any privacy laws by looking inside emails or document content. However, it is very fast and will provide you results at a rate of under 5 seconds per machine. Either way now is the time for you to see how Promisec can help you minimize any adverse activity in your network before it is too late. Try the Promisec Promise if you think you have a clean network, if we don't find anything harmful you can get the product free for a number of months with absolutely no commitment.

Now is the time for you to use Promisec's Clientless endpoint management solutions because you never know what your users might do next and it won't cost you a fortune to do so.

Download the above story here:

Download economic_crisis_fuels_crime.doc

Continuous Education is the key!

By
Ari Tammam, VP Channels

If it's been said once, it's been said a thousand times.  Education, Education, Education.

There is no amount of technology that can substitute education when it comes to corporate security, both physical and electronic. Employees and other users of your corporate network have to understand the ramifications of using the network and how their actions may impact the network.

Usage and security policies defining what is and what is not allowed to be done on the network should be reviewed and updated regularly and conveyed to all users on a frequent basis. This is the only way to avoid unnecessary errors and avoidable misuse by users who are ignorant or uncaring about IT security.

The way this education is delivered is also a key factor in how successfully the information is absorbed and adhered to. If you just rely on electronic transfer (email, IM, voicemail etc.) to educate your staff then don't be surprised when they all claim not to have received it.  How many times have we received a company mail only to merely glance at it and put it aside for later reading?

Education has to be delivered personally and reviewed at least twice a year to address policy changes and reinforce the message.  When users are exposed to how conscious their company is about security, they will think twice about doing something against the policy, especially if they are aware of it.

This takes care of the accidental user and their unintentional misuse of corporate equipment.  It may also take care of another type of user, the intentional but not malicious user, who may disable a security feature to complete a task quicker or gain access to data they shouldn't. These make up approximately 80% of all internal network threats, according to many research reports. A significant chunk of the problem.

No amount of education will fend off intentional, malicious and often planted attackers.

This is where technology comes in but who's technology is better, your or the attacker's?

Download the above story here:

Download Education.doc

Welcome to “The Promisec Promise.” (And Much More)

By Alan Komet
VP of Marketing

Today, we’re launching a new initiative that we hope you will not only embrace, but pass along to a colleague. 

We’ve just posted two new videos on YouTube.  The first one asks important questions that you need to know the answers to, in order to secure your network from internal threats.  The second is a quick demonstration of our three core products.

Important Questions to Ask - And " The Promisec Promise":

Product Overview:

As you can see in the first video shown above, we’re issuing a call to action for what we call “the Promisec Promise.”  Our offer is simple and compelling:  give us just 60 minutes of your time to demonstrate our agentless solutions and inspect your network. If we don’t find at least one potential threat on any endpoint in your organization, you can have Promisec Spectator for six months at absolutely no charge.

The second video quickly demonstrates Promisec Spectator, Promisec  INNERSpace and our newest entry, Promisec Asset Manager.  The videos feature our VP of Sales, Ari Tammam, who’s done a great job of taking the role of our public spokesperson.

Thanks for viewing and help us spread the word about our solutions!