AIP Scanner: Automating Data Protection for your Organization

AIP Scanner: Automating Data Protection for your Organization

Organizations these days have large amounts of unstructured data just being left alone in their on-premises data repositories and SharePoint libraries.  With the amount of data usually amounting to terabytes (or even Petabytes in some cases), it can seem like a daunting task which can take long hours to accomplish.  However, with the help of some tools and apps, this seemingly difficult task may not seem that daunting anymore.

This is where Azure Information Protection (AIP) Scanner comes in.  AIP Scanner can scan your on-premises data repositories against the standard Office 365 sensitive information types and custom types you build with keywords and regular expressions.   Once the data is discovered, the AIP scanner(s) can aggregate the findings and display them in Analytics reports so you can begin visualizing your data risk and see recommendations for setting up protection rules based on the content.

Benefits

Below are some key benefits that one organization who is currently using AIP Scanner have mentioned:

Enhanced functionality:  AIP scanner has the capability to not only scan sensitive data, but also to apply labels and encrypt files. PDF and RMS-encrypted files can be scanned as well, given that the operator is an accredited RMS superuser.

Simplified management processes: AIP scanner has an integrated view with centralized logging for the scanner results which make viewing and managing them easier especially when you are scanning large amount of data.

Consistent scan results across the enterprise: With AIP Scanner, you can reuse Office 365 DLP information types meaning that you don’t have to rebuild policies between your cloud scans and third-party products.

To learn more about AIP scanner, you can visit the original article here or you can contact us at 893-9515 and we would be happy to answer your inquiries!

Security Advisory: SWAPGS Attack

Security Advisory: SWAPGS Attack

A new Security Vulnerability was recently announced by Microsoft which can be considered a variant of the old Spectre vulnerability.  This new vulnerability is called the SWAPGS attacks.  Its name comes from the fact that the vulnerability leverages on the “SWAPGS instruction”, one of the predictive executions within the affected processors which helps improve the speed of our computers.

So which systems are affected?

The researchers from BitDefender, the ones responsible for the discovery, have stated that the vulnerability affects all Intel CPUs manufactured from 2012 to the present.  However, Red Hat has also come out with its own security advisory  stating that the vulnerability affects x86-64 systems using both Intel and AMD processors, which AMD itself disputes as its own statement on this matter states they are not affected by the vulnerability.  The advisory also stated that from the industry feedback, they are not aware of a way to exploit this vulnerability of Linux kernel-based systems.

Is this attack easily executed?  Am I the target for these attacks?

With the details of these attacks fully disclosed, the chances of becoming a victim of these attacks are a lot higher.  However, as these kinds of attacks are very time consuming, cyber criminals would be more likely to attack more lucrative targets such as organizations or their key personal rather than target smaller individuals.

“Criminals with knowledge of these attacks would have the power to uncover the most vital, best-protected information of both companies and private individuals around the world, and the corresponding power to steal, blackmail, sabotage and spy,” Gavin Hill, vice-president for datacenter and network security products at Bitdefender warned.

What can I do to prevent this?

Firstly, this vulnerability was already included in the July 9 security update of Microsoft, so if you’ve already up to date with the security patches you don’t have to do anything.

As for existing Trend Micro users, given that this is a local type of vulnerability, Trend Micro IPS rule cannot be created for this. Vulnerability exploitable with only local access requires the attacker to either have physical access or be logged on to the vulnerable system. DPI can only detect attacks over the network.

As stated above, it would be best to immediately update your OS Security Patches, you may find a list below:

For more inquiries regarding this vulnerability, please do contact us at 893-9515 and we will be happy to answer them!

Beyond Office: Maximizing and Securing your investments with Office 365

Beyond Office: Maximizing and Securing your investments with Office 365

Are you Maximizing your Office 365 Investment? How about Securing Your Corporate Data?

So your business has invested (or is looking to invest) in Office 365, you’ve made sure that every user has a subscription and everyone is fairly happy using all the familiar office apps like Word, Excel and PowerPoint.  This however is only scratching the surface of your investment in Office 365, there is much more to office 365 then the office suite. 

Learn first-hand from our experts from Microsoft on how you can maximize your investment into office 365 as we take a look at some lesser used applications from the suite.  We’ll also be briefly be discussing one of the new security aspects in Office 365, Azure Information Protection (AIP), which will help you complete your DLP requirements in this age of digital transformation.

Get in touch with us at 893-9515 to learn how you and your company can register for this upcoming workshop!

Security Advisory: Microsoft Alerts Customers to Patch BlueKeep Vulnerability ASAP

Security Advisory: Microsoft Alerts Customers to Patch BlueKeep Vulnerability ASAP

In case you didn’t hear, another big vulnerability was reported by Microsoft on May 14, 2019 known as “BlueKeep” which takes advantage vulnerabilities of Remote Desktop Services (RDS), Remote Code Execution (RCE), and Remote Desktop Protocol (RDP).  However, BlueKeep only affects older version of Windows, so users of Windows 10 and 8 can rest easy.  The severity of the vulnerability though has forced the hand of Microsoft and they have actually made and released a security patch for its unsupported versions.  They have classified this vulnerability as a critical level threat.

This is why as of June 4, 2019, Microsoft once again urged its customers to apply the patch as soon as possible as more than 1 million devices are still vulnerable to the attack.  This is to avoid another widescale malware attacks like those of the WannaCry ransomware attack back in 2017.  Many companies were affected by the attack and caused many business operations to stop, more notably hospital operations.

What can you do to avoid being affected?

Microsoft has already provided the solution to BlueKeep, make sure you download the latest security patch for your corresponding OS (you can find the patches here).  You may need to reboot your servers to ensure the patch is running properly.

For those who are Trend Micro users, specifically those who use Deep Security, if you are unable to apply the patch due to other reasons, such as being unable to reboot your servers, please make sure that you apply the correct policy for the virtual patching of Deep Security to ensure the security of your servers.  Below is the Deep Packet Inspection (DPI) rule:

  • 1009749 – Microsoft Windows Remote Desktop Services Remote Code Execution Vulnerability

You can view the official Trend Micro article on it here.

For those who are looking into a longer-term solution, you can consider solutions such as Citrix Gateway and Virtual Apps to secure your remote connections to Windows servers.

To learn more about these solutions, you can contact us at 893-9515 and we will help introduce you to different options that you have to help prevent these kinds of vulnerabilities!

Microsoft Office 365: Taking a look at MyAnalytics

Microsoft Office 365: Taking a look at MyAnalytics

As an Office 365 user, you are given a plethora of apps to help make many day to day tasks simpler and easier.  However, most of us are guilty of not making full use of these applications and this is due to not really knowing what they are or knowing how it could help the organization.  We usually just use familiar apps such as the office products and email since these are the apps that we are familiar with, however there are lesser known apps that come with Office 365 that can be just as helpful.  One of such apps would be the MyAnalytics.

MyAnalytics helps you track the time you spend on activities throughout your work days, meaning you find out which activities are consuming your time the most or even who you usually spend time with during meetings.  If you’re wondering how it gets all this data, MyAnalytics is synched with your calendar and email.  The data is also placed in an easy to read dashboard so there is no worry for you not to be able to make use of the data it provides you.

For a better understanding, below is a few key sections of the app that you will use:

Your Time Overview

Gives you an overview of how much time you are spending on certain activities such as meeting hours, email hours, focus hours, and after hours work.

Network

This section shows you the data of the people you work with such as your top collaborators.  You can even include certain people in your organization to see how well you communicate with them (please not that only you will see this and not the other party).

Meetings

This section shows you how long you spend in meetings and your habits during meetings such as multitasking during meetings (yes emailing during meetings are considered a bad habit).

Email

This section breaks down the time you spend on emails and how you and others interact with the emails, this includes how long it usually takes you to reply to an email.  Take note that there is actually an add-in for MyAnalytics (included in the license) that can help give you more insight into emails directly within Outlook.

Focus Hours

This section shows you how much time you have to “focus”.  These “focus hours” are defined by Microsoft as at least two consecutive hours without a meeting.  However, it can’t really keep track of all the other small distractions that we encounter throughout the day, so you can usually think of this portion instead as how long can I potential do work rather than being focused.

After Hours

This shows you much time you spent working after hours. After hours work includes meetings and emails outside your defined working day. If work/life balance is important to you, this can be a real eye opener about how much you’re actually doing outside the office.


To learn more about Microsoft Office 365 applications or MyAnalytics, you may visit our product page or contact us at 893-9515.

Security Advisory: Vulnerabilities found on DHCP and Microsoft Exchange

Security Advisory: Vulnerabilities found on DHCP and Microsoft Exchange

Microsoft released patches for vulnerabilities that were actively being exploited via their regular security release on the last few months of 2018. They released 49 security patches and two advisories for 2019, seven were vulnerabilities rated as critical while 40 were important.

The highlight of these vulnerabilities is regarding to Windows DHCP Client (CVE-2019-0547), this allows a hacker to send commands on a machine by issuing DHCP responses. Alarmingly, most machines have DHCP client enabled across all windows operating systems, therefore applying this patch is a must. Another notable vulnerability is in the Microsoft Exchange software (CVE-2019-0586), this vulnerability could allow hackers to execute code as the system users and potentially can perform various tasks such as view, change, or delete data and even create new accounts.

Luckily for Trend Micro Customers specifically for Deep Security and Tipping point customers, Trend Micro has released virtual patch rules to protect you on those vulnerabilities immediately. While testing on the security patches released by Microsoft, Trend Micro customers can first apply virtual patch rules to eliminate exposure against possible attacks.  Please see below for the recommended virtual patches:

Trend Micro Deep Security and Vulnerability Protection recommended virtual patch rules are as follows:

  • 1009452-Microsoft Windows COM Elevation Of Privilege Vulnerability (CVE-2018-8550)
  • 1009462-Microsoft Edge Elevation Of Privilege Vulnerability (CVE-2019-0566)
  • 1009463-Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0539)
  • 1009464-Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2019-0541)
  • 1009465-Microsoft Edge Memory Corruption Vulnerability (CVE-2019-0565)
  • 1009466-Microsoft Windows Multiple Security Vulnerabilities (Jan-2019) – 2
  • 1009468-Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0567)
  • 1009469-Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0568)

Trend Micro Tipping Point MainlineDV filters to be applied are as follows:

  • 33921: ZDI-CAN-7385: Zero Day Initiative Vulnerability (Microsoft Windows)
  • 33927: HTTP: Microsoft Edge Type Confusion Vulnerability
  • 33928: HTTP: Microsoft Edge Session Boundary Memory Corruption Vulnerability
  • 33929: HTTP: Microsoft Edge Type Confusion Vulnerability
  • 33930: HTTP: Microsoft Edge Use-After-Free Vulnerability
  • 33931: HTTP: Microsoft Windows Kernel Information Disclosure Vulnerability
  • 33948: HTTP: Microsoft Edge Type Confusion Vulnerability
  • 33949: HTTP: Microsoft Internet Explorer ProgId Code Execution Vulnerability

If you have any further inquiries with regards to these vulnerabilities with Trend Micro or as a non-Trend Micro user, contact us at 893-9515 and we would be happy to answer your inquiries!

CT Link Partners with Kaisa for a “Train the Trainer” Program!

CT Link Partners with Kaisa for a “Train the Trainer” Program!

As part of CT Link Systems efforts to give back to the community, we have teamed up with Kaisa Heritage foundation, a non-profit organization advocating Filipino-Chinese cultural and community development, to set up a Corporate Social Responsibility (CSR) program in which computer equipment was donated and sessions are being conducted to help the literacy of computer applications of the attendees.

There were many directions in which the program was headed during inception, however we decided that the best way to give back to the community was through sharing our knowledge that we have gained throughout the years.  The “Train the Trainer” program to expand the trainee’s computer competency, focused mainly on Microsoft Office 365 applications.  Our aim for the training sessions is to help improve the productivity of teachers who more often then not, use the Office 365 in their day to day life.  Another objective of ours was to introduce to them useful collaboration features in Office 365 that they may not be aware of due to the monotonous use of the traditional Microsoft Office suite.

Through the help of Kaisa Foundation, we were able to also partner with different educational organizations such as The Teachers Gallery, a non-profit organization that aims to offer learning opportunities related to inclusive education to both teachers and the broader education community, and AiHu Foundation, a non-profit organization promoting computer education for out-of-school youths.  These organizations provided the program with all of our participating teachers while our employee volunteers acted as the teachers and facilitators for the program.  Sharing the knowledge and skills through this training program has never been more rewarding for our employee volunteers knowing that what they shared will stream down to the teachers’ students.

As part of the CSR program, Kaisa has received 8 units of HP 280MT Desktops with Microsoft Windows 10 OS and HP N223v monitors.  Besides the computer equipment, other necessities were donated to the Angelo King Heritage Center to ensure that the CSR program would be able to be help in Kaisa such as Microsoft Office 365 (Business premium) subscriptions, Cisco Meraki MX64 firewall, Datto AP60 access point devices, 3COM PoE switch, and an internet subscription from Converge.  This was all made possible by the generous help from our vendor partners from HP Inc., Cisco and Microsoft who have helped us through the program.

 

 

Office 365 Update to Help Protect you from Macro Based Malware

Office 365 Update to Help Protect you from Macro Based Malware

We are now in an era where it’s hard not to make use of new technologies such as Cloud Storage.  With your data available anywhere you are through the connection of the internet, this has helped many businesses become more flexible in their operations.  However, we are always skeptical on how safe our data is since our data is stored somewhere we do not know and if these locations are secure from cyber criminals.

Now if you are an Office 365 user, you can rest easy as they have just recently announced that they are now integrating their Antimalware Scan Interface (AMSI) to the app!  AMSI was integrated to Office 365 as a way to help improve security against attacks that make use of malicious macros and scripts that target office documents by detecting them early on or by stopping them from executing.  Below is a quote from the Microsoft Security Team for their reasoning in bulking up security against macro attacks:

“Macro-based threats have always been a prevalent entry point for malware, but we have observed a resurgence in recent years. Continuous improvements in platform and application security have led to the decline of software exploits, and attackers have found a viable alternative infection vector in social engineering attacks that abuse functionalities like VBA macros.”  

If AMSI is familiar to you, it might be because it isn’t something new as it was already being used by Microsoft as early as 2015 when they announced that Powershell adopted it as well for security purposes.  To give a background on AMSI, it is an open interface available on Windows 10 for applications to request, at runtime, a synchronous scan of a memory buffer by an installed antivirus or security solution. Any application can interface with AMSI and request a scan for any data that may be untrusted or suspicious.

If you want a more in depth read on how AMSI is helping protect you from attacks, you can read the original blog post from the security team here or you can contact us at 893 9515 and we will be happy to help you!

Protect Your Critical Data with Known Folder Move!

Protect Your Critical Data with Known Folder Move!

Data is usually rank #1 when asked of users in importance of their endpoints.  So, it is always somewhat strange that when asked if they keep a back up of their files, the answer is usually no.  Data is usually taken for granted by end-users, sometimes event saving them in improper places such as their desktop rather than specific folders.  So, when the time comes that an unforeseen event causes the user to lose their data is when they try all means to retrieve it when all it took was a few clicks to ensure their data was safe.

Knowing this, Microsoft has taken its one drive saving functions event further with Known Folder Move (KFM).  Below is Microsoft’s description of KFM:

Known folders are global pointers in Windows representing a location on the user’s drive. They help users to organize their most important files and access them across different applications. KFM helps you move your docs, desktop, and pictures into OneDrive. Even the Screenshots and Camera Roll folders are included when the Picture folder has opted into KFM.

KFM can help users back up their data by seamlessly integrating into the most commonly used folders (Desktop, Documents, and Pictures) or by using assigned folders set by the end user.  There are now indicators that will tell you whether your folders are in sync with OneDrive or if the data is only in the PC.

Cloud icon represents data is saved on the cloud, while the green check mark means the data can be found on both the PC and OneDrive.

Another feature that will greatly help businesses encourage their users to protect their data with OneDrive would be the feature to “set up protection for important folders”.  With this feature, users will receive a pop-up window reminding them to set up their protected folders which will be synced to OneDrive, if users decide to do it at another time, the pop-up window comes back at a later period but as a smaller window compared to the first one.  This is to ensure that the reminders are not intrusive or distracting to the end user.

To learn more about KFM and OneDrive, you may contact us at 893-9515 and we will be happy to help you with any of your inquiries!

Microsoft To-Do adds New Features Steps and List Sharing

Microsoft To-Do adds New Features Steps and List Sharing

It’s now been over a year since Microsoft has released To-Do, it’s intelligent task management app which was developed by the team behind wunderlist.  With it being integrated with Office 365, the team has been collecting a multitude of feedback from users and have now released them in a couple of updates throughout this year.

One of these updates would be Steps which allows you to create sub-tasks to your main tasks to help break it down to smaller actionable items to help you focus on finishing the said task.  The number of steps will be displayed on the task to help productivity so that you know how far you are in that specific task.

 

Another update which was just recently announced was the feature of List Sharing.  List Sharing allows you to share your To-Do list with others so that collaboration will be easier as others may see your progress on your tasks or update it as tasks or Steps are accomplished.  This can be done through sharing a link to the ones you want to share your list with and once you are finished collaborating with whomever you are working with while still retaining the option to stop sharing it.  Microsoft says that this update will be available for most Office 365 users by mid June.

To learn more about To-Do on Office 365, you may contact us at 893-9515 so we can better help answer your inquiries!