Category: News and Events

Security Vulnerabilities: A Closer look at a Cyber Criminal’s Window to your System

Arby News and Events , , , ,
Security Vulnerabilities: A Closer look at a Cyber Criminal’s Window to your System

You may be hearing more and more these days of new security vulnerabilities being discovered in the news and may be wondering what exactly it may imply?  Simply, a vulnerability represents the ideal opportunity for cyber criminals to infiltrate your system to compromise your data or to perform data theft.

According to current data now, we can see that these vulnerabilities will be popping up more often as 2017 had a record-breaking year for reported exploitable vulnerabilities, with almost 20,000 security flaws reported over the year.   For the year 2018, the data is still being tallied however, a report from RiskBased Security has already noted that more than 10,000 vulnerabilities have been reported in which 3,000 potential flaws which enterprises have failed to patch.

To better understand vulnerabilities, our friends from Trend Micro has segregated them into types in which to classify them:

Traditional vulnerability – is a programming error or other type of software issue that hackers can use to sidestep password protection or security measures and gain unauthorized access to legitimate systems. These are the most rampant types of security vulnerabilities.

Zero-days – are brand new software issues that have only just been identified and have not yet been patched by vendors.  As Trend Micro explained, “that’s because the vendor essentially has zero days to fix the issue or has chosen not to fix it.”

Undisclosed vulnerability – these are flaws that have been identified and reported, but are not yet disclosed to public users, giving vendors time to patch the issue.

So, what can you do to help address these vulnerabilities?

To help keep your enterprise safe from these vulnerabilities, Trend Micro suggests that you pay attention to current security research so that you can apply the necessary findings to help keep your business safe.  Another would be to make sure that you keep yourself up to date with updates and patches.  However, with the number of vendors and patches, it can sometimes be too much for your IT to patch immediately due to the volume.  Trend suggests the following patching prioritization scheme to help ease the load of your IT team:

  • The severity of the patched issue. Microsoft and other vendors will rate vulnerabilities according to how critical they are to overall risk. More critical patches should be applied as soon as possible, whereas less critical updates can represent a lower priority.
  • Vulnerabilities impacting your enterprise’s particular key software. Similarly, updates for software systems that are used on a daily basis within the enterprise and provide essential functionality should be prioritized over other updates. A patch for a software that is only intermittently used, or only impacts a small number of users in a single department of the company, for instance, can be put on the back burner.
  • Those currently being exploited. It’s important to prioritize patches for vulnerabilities that hackers are currently using to mount attacks.

To learn more, you may visit the original Trend Micro article here, visit our product page here, or you can also contact us directly at 893-9515 and we will be happy to answer your inquiries!

Hyperconverge Workshop: A Test-Drive Awaits!

Arby News and Events , , , ,
Hyperconverge Workshop: A Test-Drive Awaits!

Join us for our upcoming event this coming April 4 at the EDSA Shangri-La Lubang Function Room to learn how you’re IT Infrastructure can become fast, efficient and simple by using HPE Simplivity!

Test drive HPE Simplivity and experience for yourself what the platform has to offer for your organization. That’s not all, join our games such as a drive simulator and win yourself exclusive prizes!

To find out how to register, please contact us at 893-9515!

Our Speaker

Nick Paddon-Row

Pre-Sales Solution Architect, APAC Incubation Hewlett Packard Enterprise

Nick is a senior pre-sales Solution Architect within the Hybrid IT (HIT) business unit of HPE.

Nick came to HPE in May 2017 as part of the acquisition of SimpliVity, a market leader in Hyper Converged Infrastructure (HCI) solutions. Prior to SimpliVity, Nick spent 5 years inside VMWare working with some of the largest virtualization users in the South Pacific region. 

Now Nick is helping HPE customers across the region begin their journey towards a Software Defined Data Centre, his strong technical background and foundational knowledge of virtualization give him a unique insight around hybrid IT and our customers appreciate his ability to align technology to tangible business outcomes. In addition to his extensive technology industry background, Nick holds double degrees in Applied Science.

About HPE Simplivity

HPE SimpliVity is a hyperconverged infrastructure (HCI) solution that offers a range of features designed to simplify the management and deployment of virtualized workloads. It is a product of Hewlett Packard Enterprise, a global leader in technology solutions, and is designed to help businesses of all sizes optimize their IT operations.

The HPE SimpliVity platform combines compute, storage, and networking resources into a single, compact appliance. This approach reduces the need for complex hardware and software configurations, making it easier to deploy and manage virtualized workloads. The platform also includes advanced data services, such as data deduplication, compression, and encryption, which can improve data protection and storage efficiency.

HPE SimpliVity is built on a powerful hardware platform that includes high-performance CPUs, memory, and storage. It uses VMware virtualization technology to create a flexible, scalable, and secure environment for running mission-critical applications. The platform also includes support for hybrid cloud deployments, allowing businesses to extend their data center resources to public cloud providers like Amazon Web Services (AWS) and Microsoft Azure.

One of the key benefits of HPE SimpliVity is its ease of use. The platform is designed to be intuitive and easy to manage, even for users with limited IT expertise. This is achieved through a simple web-based management console, which provides a single view of all virtualized resources and allows users to perform common tasks like creating virtual machines, setting up network configurations, and monitoring system performance.

HPE SimpliVity also includes a range of advanced data protection features, such as backup and recovery, disaster recovery, and replication. These features help businesses ensure the availability of their critical data and applications in the event of a system failure or natural disaster. The platform also includes support for VMware Site Recovery Manager (SRM), which simplifies the process of configuring and testing disaster recovery plans.

Microsoft Office Suites: Office 365 or Office 2019?

Arby News and Events
Microsoft Office Suites: Office 365 or Office 2019?

Are you looking to get Microsoft office for your business but unsure which product you really need between Office 365 or Office 2019?  You aren’t alone, many other users and businesses usually are unsure what the main difference between the two are.  Many consider them the same product and buy Office 2019 since it’s a one-time payment and perpetual license compared to the monthly or annual subscription cost of Office 365.

However, one thing that is not considered is that Office 365 is always updated with the latest version unlike Office 2019 which you would need to update from time to time or even purchase the latest version.  For a better understanding of the main difference, you can refer to the table below for what features are included for both suites:

Below are some videos from Microsoft’s campaign to help show you the benefits of Office 365 over the Office suite:

To learn more about Microsoft and Office 365, you can visit our product page here, or you can directly contact us at 893-9515 and we would be happy to help you!

About Office 365

Microsoft Teams is a communication and collaboration platform designed for businesses and organizations. It allows team members to communicate with each other through chat, audio and video calls, and meetings. Microsoft Teams integrates with other Microsoft services, such as Office 365, SharePoint, and OneDrive, providing a seamless experience for team members to share files and work together on projects.

In addition to real-time communication, Microsoft Teams offers a range of tools for project management, task assignments, and file sharing. It also allows users to customize their workspace with third-party apps and bots, making it a versatile platform for teams of all sizes and industries. Microsoft Teams can be accessed through desktop and mobile apps, as well as through a web browser, making it easy for team members to stay connected and productive from anywhere.

Cyber Security Workshop : Security for your Business Critical Apps

Arby News and Events , ,
Cyber Security Workshop : Security for your Business Critical Apps

Are your Business Critical Applications Secure?

With business critical applications such as SAP, Sentinel RMS, and SCADA (to name a few) being the hub of an organization’s sensitive data, it is no wonder that more and more cybercriminals are focused on attacking these applications.

Makers of such critical applications do prioritize the security of their applications, however they also encourage the use of 3rd party security enhancements to ensure that you get the best protection for your business critical data.

Join us this April 2, at Perfect Pint Greenbelt 2 to learn first- hand from our Trend Micro experts on how we can help you add that extra layer of defense to ensure your data’s safety!

To find out how to register, you may inquire with us by sending an email to rcruz@www.ctlink.com.ph.

About Trend Micro

Trend Micro is a global leader in cybersecurity solutions, dedicated to making the world safer for exchanging digital information. Founded in 1988, Trend Micro has grown to become a trusted provider of cutting-edge security solutions for businesses and consumers alike.

Trend Micro’s comprehensive range of cybersecurity solutions includes endpoint security, network security, cloud security, and security management services. These solutions are designed to protect against a wide range of threats, including malware, ransomware, phishing attacks, and other forms of cybercrime.

One of Trend Micro’s core strengths is its ability to stay ahead of emerging threats. The company employs a team of experts who constantly monitor the latest cyber threats and develop innovative solutions to counter them. Trend Micro’s solutions are designed to provide proactive, real-time protection against both known and unknown threats.

Trend Micro’s commitment to cybersecurity extends beyond its products and services. The company is also dedicated to raising awareness about the importance of online safety and promoting best practices for cybersecurity. Trend Micro regularly publishes research and insights on the latest cybersecurity trends and hosts events to help educate businesses and individuals about the importance of cybersecurity.

Trend Micro Awards CT Link as Partner of the Year for 2018!

Arby News and Events , , ,
Trend Micro Awards CT Link as Partner of the Year for 2018!

On February 26, 2019, Trend Micro hosted their annual Partners Appreciation Night, at the B1 Sports lounge New World Makati, to celebrate the achievements that each partner has contributed to help make 2018 a successful one.  Here they presented CT Link Systems, Inc. with four awards, which included the biggest award of the night, Partner of the Year!  This award is to acknowledge the partner with highest total of new and renewal revenues of all TM products for the year.

Below is the full list of awards CT Link received:

  • FY18 Partner of the Year – CT Link Systems, Inc.
  • FY18 User Protection Champion – CT Link Systems, Inc.
  • FY18 Sales Person of the Year – Malou Cruz
  • FY18 Sales Engineer of the Year – Bren Natal

Trend Micro awarded CT Link with the FY18 User Protection Champion award to acknowledge our efforts in providing endpoint security solutions to our customers.  These solutions include the following:

OfficeScan – provides advanced endpoint and ransomware protection for Windows, Mac and Virtual Desktop Infrastructure

Vulnerability Protection – prevents network-based exploits and zero-day ransomware threats via vulnerability shielding

Endpoint Encryption – secures data with full disk, folder, file and removable media encryption

Integrated Data Loss Prevention – guards private data and intellectual property with integrated modules

Keep your data secure. Contact CT Link Systems, Inc. via our contact form or through our landline 893-9515.

About Trend Micro

Trend Micro is a global leader in cybersecurity solutions, dedicated to making the world safer for exchanging digital information. Founded in 1988, Trend Micro has grown to become a trusted provider of cutting-edge security solutions for businesses and consumers alike.

Trend Micro’s comprehensive range of cybersecurity solutions includes endpoint security, network security, cloud security, and security management services. These solutions are designed to protect against a wide range of threats, including malware, ransomware, phishing attacks, and other forms of cybercrime.

One of Trend Micro’s core strengths is its ability to stay ahead of emerging threats. The company employs a team of experts who constantly monitor the latest cyber threats and develop innovative solutions to counter them. Trend Micro’s solutions are designed to provide proactive, real-time protection against both known and unknown threats.

Trend Micro’s commitment to cybersecurity extends beyond its products and services. The company is also dedicated to raising awareness about the importance of online safety and promoting best practices for cybersecurity. Trend Micro regularly publishes research and insights on the latest cybersecurity trends and hosts events to help educate businesses and individuals about the importance of cybersecurity.

Data Protection: Comparison of Data Backup and Business Continuity

Arby News and Events , ,
Data Protection: Comparison of Data Backup and Business Continuity

Data has always been the key factor in ensuring that business operations are always running.  Once the data is lost however, it may cost you even more than just the lost of that day’s business operations.  As per the Aberdeen Group, a business that experiences downtime loses on average about $164,000 per hour of downtime.

One thing to note as well is that data loss is not only caused due to natural disasters.  About 10% of downtime is caused by natural disasters and almost 50% and 45% of downtime can be attributed to network outages and human error respectively.  Although when looked solely at downtime by data volume, the main culprit would be human error with a whopping 58%.

This is where a Data protection solution can help your business.  Creating a frequent backup of our data is on of the simple ways of making sure that your data is protected from unexpected data loss.  However, there are many other considerations that you must make if you really want to ensure that your data is being protected while still being able to resume business in a quick and timely manner.

Data backup vs business continuity: what’s the difference?

You must have heard the term Business Continuity, so what’s the main difference between it and data backup?  Data Backup answers the questions, is my data safe? And will you be able to restore it in case of a failure or loss.  Business Continuity on the other hand, answers higher-level questions like, how quickly can I get my business up and running again in case of system failure.

Data backup is a good first step if you currently have no data protection strategies in place for your business.  However, business continuity must be a step that must be put in place to ensure that your business is not disrupted by data loss or worse, stalled for a long period of time due to a natural disaster.  Imagine a situation where you server malfunctions and become unusable. 

If you only have a file-level backup, then it would be close to impossible to immediately have your system up and running.  You would have to wait for the replacement server, re-install the system and then reconfigure it back to your settings and preferences.  This process could take days, something that your business may not be able to afford.

When talking about business continuity, we think in terms of Recovery Time Objective (RTO), and Recovery Point Objective (RPO). RTO: The Recovery Time Objective is the duration of time within which a business must be restored after a disruption to avoid unacceptable consequences. RPO: The Recovery Point Objective is the maximum tolerable period of time in which data might be lost due to a disaster. By calculating your desired RTO, you have determined the maximum time that you can be without your data before your business is at risk.

To learn more about Data Backup and Business Continuity, you may visit our page here or you may contact us at 893-9515 and we will do our best to answer your inquiries!

University College London: How Citrix Virtual Desktops Helped Improved their Students Educational Experience

Arby News and Events , , , ,
University College London: How Citrix Virtual Desktops Helped Improved their Students Educational Experience

UCL experiences room problems amidst growing student numbers

University College London (UCL), one of the consistent top ranked universities in the world, attracts multiple students across the world.  With the growth of student numbers increasing in the recent years, its been getting increasingly more difficult for them as space is becoming a problem explains Head of Windows Infrastructure Services Anthony Peacock, “UCL is constrained by its physical space. There’s no room to put up a new building, and a lot of our existing buildings are listed [as Buildings of Special Architectural or Historic Interest]. You can’t just knock one down and build a better one.”

With the expectations of students also growing, Anthony has said that most students usually arrive to school with laptops already, however the software for the course may not be licensed for personal devices or even run on a student’s chosen device.  They are also hindered by the fact that when working off-campus, both students and faculty are unable to access centrally stored files which results to students having to rely on the limited number of on-campus PCs to finish their assignments.

Bringing the desktop experience outside the campus

With the help of Citrix Virtual Desktops, UCL was able to use non-university buildings for teaching by allowing those locations to have the same applications and facilities as the on-campus locations.  Their aim is to give a near-identical experience to students and users on both on-campus PCs and for those on the Citrix virtual desktop on a device off-campus.

Remote access gave UCL the flexibility to use other buildings with no existing infrastructure while taking advantage of the students own personal devices.  With the help of Citrix Virtual Desktops, all students have to do to access the applications on their personal devices is to visit a website then log in their student credentials.  This is an easier process than using a VPN while also granting people working at home an easier time accessing the UCL central file store.  It also gives students who can’t install the software on their devices (example, Mac devices) a chance to use the said application which should only run on a PC.

Demand Spike Management

Virtual Desktops also makes its easier for the university to set up additional computer resources when the demand is at its peak.  Students would often complain that they would not have the resources to complete their assignments or projects due to the lack of available computers which have the software they need.  At the time, UCL was using the traditional model of computer labs, however during peak demand, they would usually be filled up quickly leaving the other students with no other option but to wait.  Now UCL can use Virtual Desktops with the combination of Thin-client terminals to easily set up an additional resource room if required.  Though they encourage students to usually make use of the school WiFi and use their own personal devices to access the application for a more seamless experience.

To learn more about Citrix Virtual Desktop, you can visit our product page here, read the original case study here or you can call us directly at 893-9515 and we will be happy to answer your inquiries!

Microsoft Office 365: Taking a look at MyAnalytics

Arby News and Events , , , ,
Microsoft Office 365: Taking a look at MyAnalytics

As an Office 365 user, you are given a plethora of apps to help make many day to day tasks simpler and easier.  However, most of us are guilty of not making full use of these applications and this is due to not really knowing what they are or knowing how it could help the organization.  We usually just use familiar apps such as the office products and email since these are the apps that we are familiar with, however there are lesser known apps that come with Office 365 that can be just as helpful.  One of such apps would be the MyAnalytics.

MyAnalytics helps you track the time you spend on activities throughout your work days, meaning you find out which activities are consuming your time the most or even who you usually spend time with during meetings.  If you’re wondering how it gets all this data, MyAnalytics is synched with your calendar and email.  The data is also placed in an easy to read dashboard so there is no worry for you not to be able to make use of the data it provides you.

For a better understanding, below is a few key sections of the app that you will use:

Your Time Overview

Gives you an overview of how much time you are spending on certain activities such as meeting hours, email hours, focus hours, and after hours work.

Network

This section shows you the data of the people you work with such as your top collaborators.  You can even include certain people in your organization to see how well you communicate with them (please not that only you will see this and not the other party).

Meetings

This section shows you how long you spend in meetings and your habits during meetings such as multitasking during meetings (yes emailing during meetings are considered a bad habit).

Email

This section breaks down the time you spend on emails and how you and others interact with the emails, this includes how long it usually takes you to reply to an email.  Take note that there is actually an add-in for MyAnalytics (included in the license) that can help give you more insight into emails directly within Outlook.

Focus Hours

This section shows you how much time you have to “focus”.  These “focus hours” are defined by Microsoft as at least two consecutive hours without a meeting.  However, it can’t really keep track of all the other small distractions that we encounter throughout the day, so you can usually think of this portion instead as how long can I potential do work rather than being focused.

After Hours

This shows you much time you spent working after hours. After hours work includes meetings and emails outside your defined working day. If work/life balance is important to you, this can be a real eye opener about how much you’re actually doing outside the office.

To learn more about Microsoft Office 365 applications or MyAnalytics, you may visit our product page or contact us at 893-9515.

Security Advisory: Vulnerabilities found on DHCP and Microsoft Exchange

Arby News and Events , , , , ,
Security Advisory: Vulnerabilities found on DHCP and Microsoft Exchange

Microsoft released patches for vulnerabilities that were actively being exploited via their regular security release on the last few months of 2018. They released 49 security patches and two advisories for 2019, seven were vulnerabilities rated as critical while 40 were important.

The highlight of these vulnerabilities is regarding to Windows DHCP Client (CVE-2019-0547), this allows a hacker to send commands on a machine by issuing DHCP responses. Alarmingly, most machines have DHCP client enabled across all windows operating systems, therefore applying this patch is a must. Another notable vulnerability is in the Microsoft Exchange software (CVE-2019-0586), this vulnerability could allow hackers to execute code as the system users and potentially can perform various tasks such as view, change, or delete data and even create new accounts.

Luckily for Trend Micro Customers specifically for Deep Security and Tipping point customers, Trend Micro has released virtual patch rules to protect you on those vulnerabilities immediately. While testing on the security patches released by Microsoft, Trend Micro customers can first apply virtual patch rules to eliminate exposure against possible attacks.  Please see below for the recommended virtual patches:

Trend Micro Deep Security and Vulnerability Protection recommended virtual patch rules are as follows:

  • 1009452-Microsoft Windows COM Elevation Of Privilege Vulnerability (CVE-2018-8550)
  • 1009462-Microsoft Edge Elevation Of Privilege Vulnerability (CVE-2019-0566)
  • 1009463-Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0539)
  • 1009464-Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2019-0541)
  • 1009465-Microsoft Edge Memory Corruption Vulnerability (CVE-2019-0565)
  • 1009466-Microsoft Windows Multiple Security Vulnerabilities (Jan-2019) – 2
  • 1009468-Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0567)
  • 1009469-Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0568)

Trend Micro Tipping Point MainlineDV filters to be applied are as follows:

  • 33921: ZDI-CAN-7385: Zero Day Initiative Vulnerability (Microsoft Windows)
  • 33927: HTTP: Microsoft Edge Type Confusion Vulnerability
  • 33928: HTTP: Microsoft Edge Session Boundary Memory Corruption Vulnerability
  • 33929: HTTP: Microsoft Edge Type Confusion Vulnerability
  • 33930: HTTP: Microsoft Edge Use-After-Free Vulnerability
  • 33931: HTTP: Microsoft Windows Kernel Information Disclosure Vulnerability
  • 33948: HTTP: Microsoft Edge Type Confusion Vulnerability
  • 33949: HTTP: Microsoft Internet Explorer ProgId Code Execution Vulnerability

If you have any further inquiries with regards to these vulnerabilities with Trend Micro or as a non-Trend Micro user, contact us at 893-9515 and we would be happy to answer your inquiries!

Three Important Questions to keep in mind when securing your SAP environment

Arby News and Events , , , , ,
Three Important Questions to keep in mind when securing your SAP environment

Are you sure you are securing your SAP environment properly?

With the sensitive data stored in most SAP systems (HR, financials, and even more important, customer data), it would not be an exaggeration to say that it would be the main priority of attacks of cyber criminals.  This doesn’t mean that SAP does not prioritize security, this just means that security solutions have been continuously improving with the help of 3rd party enhancements.  In partnership with SAP, there are security solution partners such Trend Micro that ensure that enterprises are secure from attacks such as malware, denial-of-service attacks, cross-site scripting and other advance and targeted attacks.

So if you aren’t sure if you are properly securing your SAP environment, you can refer to this security question checklist below:

What are my security risks? Are you improving your ability to respond to customer feedback by moving customer applications to the cloud? Are you improving supply chain efficiency by opening an application to provide more visibility or communication with partners?

With how business-critical applications are now web accessible, cyber criminals now have more entry points in which they can exploit vulnerabilities in operating systems, web servers and even the business-critical application itself.  Although vendors release patches to fix these vulnerabilities, if they are not implemented on a timely basis, the system will still be at risk within those transition points.

Does my security integrate with my SAP environment?

You also need to consider whether your security can integrate well with your native SAP security.  SAP provides capabilities like the SAP Virus Scan Interface (VSI) as part of SAP NetWeaver ®  to allow certified third parties, like Trend Micro,  to augment native security capabilities.

What are the security requirements for my environment?

Cloud and virtual environments each introduce unique requirements for security. Understanding how your security solution is optimized for those environments is critical to make sure you can easily manage security and reap the expect cost, performance and agility benefits.

If you have any further inquiries on how you can better secure your SAP environment, you may call us at 893-9515 and we would be happy to help!