What Is Sandboxing?

What Is Sandboxing?

What do you need to know about sandboxing?

  1. Benefits of sandboxing
  2. Examples of sandboxing
  3. Sandboxing solutions

Sandboxing is a cybersecurity term that involves putting a suspicious code in an isolated environment — also known as a sandbox — to observe its behavior and activity. This way, it can safely be detonated to see if it’s malicious or not. This method can help you prevent threats from getting into your network. To help you understand what sandboxing is, keep on reading to learn more.

Benefits Of Sandboxing

Cybersecurity professionals use the sandboxing method to detect potentially malicious files and applications. This way, if a security problem or error occurs, it is contained in one area. This can prevent a virus from compromising your device or operating system. Aside from that, sandboxing is also used by software developers to test a new code.

The internet is not short of threats. You or your employees could mistakenly download malicious files or access suspicious websites that can lead to a data breach. Most security tools can only detect known malware. This is why sandboxing is often used on top of traditional measures to detect cyber threats.

Without sandboxing, you’re giving a program free access to all your system resources and data. This is risky if you encounter a threat that doesn’t match any known malware signatures — are also known as a “zero-day threat”. As new threats are appearing continuously every day, sandboxing is an effective method to help you detect these problems before they can do any damage.

Examples Of Sandboxing

Sandboxing is used for situations where you need to execute a potentially problematic code. For example, plenty of web browsers nowadays are designed to automatically run in a sandbox. This way, it can prevent problems when a website exploits the vulnerability in the browser. Several applications and operating systems also use sandboxes by default to protect computers from untrusted code. A sandbox is also utilized to quarantine email and file attachments.

Virtual machines are another example of sandboxing. By installing a copy of your operating system on your computer, you can use potentially risky programs in a separate environment. This way, if malware infects the system, it won’t spread beyond the virtual machine.

Sandboxing is also an important component of the secure access service edge (SASE) model. This model combines Software-Defined Wide Area Networking and security functions in one cloud platform. This way, an organization won’t have to purchase multiple point solutions. Sandboxing is one of the security technologies used alongside secure web gateway, firewall as a service, VPN, and more.

Sandboxing Solutions

Plenty of security tools and programs include sandboxing on their list of threat protection features. This can help users detect malware in documents, email attachments, and other data.

If you’re interested in implementing sandboxing practices in your organization, there is a long list of IT solutions you can use. This way, you can utilize it with other security measures to make your network safe from threats. Here are some suggestions:

Citrix Secure Internet Access

With most companies having a hybrid or purely remote workforce, it’s getting more difficult to secure employees’ online activities. They could accidentally download malicious files or access websites that can introduce malware to your network.

To prioritize productivity and security, one good option is to use Citrix Secure Internet Access. It inspects all the traffic from the internet and runs them into a database of known threats. To detect new threats, files are also put into a sandbox.

Cisco Secure Email Advanced Protection

When it comes to business, email is one of the most important communication tools. Due to that, it has also become an attack point for security breaches. This can be done through spoofing, where a cybercriminal attempts to disguise their emails to look like it’s sent by a legitimate source. When left unaddressed and without proper cybersecurity training, corresponding with such phishing emails can spread malware through malicious links and attachments.

Cisco Secure Email Advanced Protection can help combat malware through its Malware Defense and Cisco Threat Grid feature. It uses methods such as file reputation scoring and blocking, sandboxing, and retrospection to analyze threats continuously. This way, you can identify malware that evades initial detection and catch new threats.

Trend Micro Cloud App Security

Office 365 provides companies access to applications such as Word, Excel, PowerPoint, and Outlook. But other than that, it also has multiple features that can improve productivity, enable a mobile workforce, and more.

For additional protection of your corporate files, you can utilize Trend Micro’s Cloud App Security. Aside from machine learning, it also leverages sandbox malware analysis to detect unknown threats. This way malware and other threats coming from remote workers, partners, and mobile devices won’t migrate through cloud file sharing.

Trend Micro Connected Threat Defense

For network-wide protection and detection of threats, another solution offered by Trend Micro is the Connected Threat Defense. A threat could be stopped at the protection stage after running it through its advanced security techniques.

For unknown threats, it uses a sandbox to identify if a file is malicious. After analysis, it uses the Central Visibility feature to pinpoint users who also received the same file — therefore allowing organizations to respond fast before it spreads through the network.

Key Takeaway

Sandboxing is a cybersecurity practice often used with other methods so you can detect and respond to unknown threats. By putting a potentially malicious file or application in an isolated environment, you can observe its behavior and activity. This way, when malware is detected it won’t spread throughout your network.

If you have additional questions on what sandboxing is, you can send us a message here at CT Link. We can help you find and implement the right IT solutions that can boost your organization’s network security.

4 Information Technology Problems In The Healthcare Industry

What are some information technology problems in the healthcare industry?

  1. Increasing need for data storage
  2. Vulnerabilities to ransomware
  3. Risk of data loss
  4. Telemedicine and BYOD

With the advancement of technology, the medical field has grown by leaps and bounds. But despite that, there are still information technology problems that the healthcare industry continues to face. Medical devices are still exposed to vulnerabilities, there is a growing need for long-term retention of patient records, and many others. This article discusses these problems and the best ways to mitigate them. Read on.

Increasing Need For Data Storage

Over time, healthcare facilities accumulate an increasing amount of files in their system. With higher-quality laboratory imaging files, data from medical devices, and a growing collection of patient records, the need for larger storage capacities is vital.

But the main challenge for most healthcare facilities is how to quickly scale up without exorbitant price requirements. Most hospitals utilize on-premise data storage but the cost of getting physical servers can be overwhelming. Add to this the cost of maintaining power supply, cooling mechanisms, and more.

That’s why numerous healthcare institutions move towards a more cost-efficient option—cloud storage. This requires less capital investment because organizations can scale up and expand depending on their needs. They can start with a smaller space and gradually increase it as the need for storage grows. Cloud storage solutions also lessen management costs through simplified monitoring and reduce the need for on-premise hardware.

Vulnerabilities To Ransomware

Healthcare data and applications are necessary so healthcare employees can provide proper patient care. Cybercriminals know this, which is why they target these in exchange for ransom. Ransomware is a type of malware that blocks users from accessing data and applications until payment is sent to the criminal. For instance, you might encounter encrypted files and will only be given a decryption key upon settling the ransom.

This type of malware can spread in a system in a variety of ways. Employees could accidentally download it when accessing compromised websites or when clicking on phishing email attachments. These messages try to duplicate legitimate organizations, so users might click on them without checking or verifying their authenticity.

To combat this problem, it is vital to train healthcare employees on how to avoid malicious sites and files. Other than that, IT security measures are also critical in order to detect and isolate suspicious files.

For example, anti-ransomware solutions like Deep Discovery Email Inspector from Trend Micro help detect ransomware from malicious email. Detection is done at the entry point so that the attacks can be blocked before they can even begin. This is made possible through custom sandboxing and other techniques to facilitate the blocking or isolation of such emails.

Another challenge in the healthcare industry is the vulnerability of operational technology (OT) systems and devices — such as CT scans and ultrasound machines — to threats. Since patient outcomes heavily depend on these devices, a disruption could be problematic. Malware could enter the devices and compromise the facility’s computer systems. Fortunately, Trend Micro’s OT solution, the TXOne, can help protect these machine’s entry points from any such threats that can hamper their functionality without downtimes.

Risk Of Data Loss

Because data is crucial to healthcare facilities, many take steps to prevent data loss. But this could still happen due to human error, computer viruses, and hardware destruction. This could affect patient care and lead to downtime. Data loss could also affect the reputation of an organization and trigger legal action from patients.

This is why aside from having additional storage, having backups of important files and data is necessary. Recovering lost data can be expensive, time-consuming, and impossible to completely do. But with a backup, files and applications can be restored faster for smooth continuation of operations.

In some cases, however, criminals also target backups. Fortunately, solutions like Unitrends doesn’t just offer backups, but also ransomware detection and recovery. Backup data is stored in an immutable format, which means that it can’t be accessed by ransomware. This way, it remains safe and ready for recovery. Aside from that, Unitrends also utilizes artificial intelligence to analyze ransomware infections during every backup.

Telemedicine And BYOD

Gone are the days when pagers were the main communication device for healthcare workers. Today, smartphones are the gadget of choice to interact with team members, streamline workflows, and access patient information. By allowing medical workers to use their own devices, healthcare facilities can enjoy huge savings while benefiting from increased work efficiency.

With the pandemic not ending anytime soon, outpatients and physicians can have virtual consultations too. This means that health workers need to have access to their facilities’ electronic health records remotely. This way, they can document e-visits properly and provide continuous care for their patients.

One of the best ways to make telemedicine possible is through the power of cloud computing. This allows health workers to access applications and files that can make work from remote locations possible. With cloud security solutions available, healthcare organizations could secure endpoint devices so physicians can work efficiently whether they’re at the hospital or at home.

A reliable way of accessing the cloud is by using Citrix Virtual Apps. With this, doctors can do work on their tablets while on their rounds and access work from their computers at home. From getting patient information, collaborating with other doctors and patients, and providing patient care anytime — health care workers can do all of these remotely, on the field, or at the hospital. These can all be achieved with regulatory compliance and meeting all HIPAA (Health Insurance Portability Accountability Act) standards.

Key Takeaway

With an increase in data, ever-present cyber threats, risk of data loss, BYOD protocols, and telemedicine on the rise, the need for advanced IT solutions is vital for the healthcare industry. These can help organizations reduce the risk of downtime and provide high-quality care for their patients.

If you want to solve these information technology problems in the healthcare industry, CT Link can help you! You can send a message here today so we can assist you in choosing an IT solution that is fit for your needs.

What Is Hybrid Cloud Computing?

What is hybrid cloud computing?

  1. A combination of public and private cloud
  2. Has multiple benefits for an organization
  3. Offers enhanced security for companies
  4. The go-to solution for many businesses

A public cloud provides plenty of benefits for organizations, but some companies still have apprehensions when moving all their workloads to this platform. The good news is, hybrid cloud computing provides you an option where you can choose to put your company’s workload either in the public cloud or your local data center. What is hybrid cloud computing? Keep on reading to learn more!

A Combination Of Public And Private Cloud

With cloud computing, you can access computing services such as storage, servers, databases, networking, and more, over the internet. These are typically implemented through the public or private cloud.

A public cloud is managed and offered by a cloud provider to multiple customers. This gives organizations the benefit of less server management and cost savings because a third-party provider manages the service itself. On the other hand, a private cloud is hosted in a company’s own data center, allowing companies to use and manage it themselves.

Hybrid cloud computing allows organizations to integrate their local data center with the public cloud. This acts as extensions of their own data centers, giving businesses flexibility and the ability to have greater control over their data.

A hybrid cloud is often confused with a multi-cloud strategy, where you have workloads on multiple public clouds such as Azure, AWS, and Google Cloud Platform. In a hybrid cloud solution, both private and public clouds can be managed in a single platform.

Has Multiple Benefits For An Organization

With a hybrid cloud solution, you are given the flexibility to choose the applications and data you want to keep in your private and public clouds depending on your needs. For example, an organization can keep sensitive information on their private cloud while taking advantage of the large storage and computing capacity offered by a public cloud.

A hybrid cloud solution also provides rapid scalability to its users. When computing needs extend beyond the capabilities of your on-premises data center, you can use the public cloud for computing, storage, and other resources to scale up your capacity. This will help you save time and money on the purchase and maintenance of new servers.

Aside from these benefits, hybrid cloud computing also gives companies increased support for remote employees. It provides on-demand access to data wherever they are without having to be in one central location.

Offers Enhanced Security For Companies

Apart from the flexibility, scalability, and reduced costs, hybrid cloud computing also provides enhanced security for your data and applications.

Finance, banking, government, healthcare, and other organizations that are consistently scaling their processes might need a hybrid cloud computing solution. This is because the solution provides them greater control and better monitoring of data while complying with privacy protection regulations. Sensitive information can be kept in a hybrid cloud setup without compromising data safety and security.

Hybrid cloud setups make this possible because they provide more advanced and enhanced security compared to what businesses typically implement on their own. Even then, businesses must learn to properly configure the platform to prevent attacks. This is because attacks on hosted servers may be caused by platform misconfigurations such as using weak passwords or failing to secure the cloud container.

Fortunately, there are also features offered in hybrid cloud security solutions that allow you to keep your data and applications secure. For example, the Trend Micro Cloud One offers faster detection and protection from malware, vulnerabilities, and unauthorized change in your hybrid cloud setup. Some of its features include machine learning and virtual patching to protect from multiple cybersecurity threats. It provides continuous monitoring of misconfigurations and sends these alerts to the user for added protection.

The Go-To Solution For Many Businesses

Who uses hybrid cloud computing strategies? Aside from industries that need to fulfill regulatory compliance, more and more companies adopt this solution to become more flexible and agile. With the rapid scalability and other benefits that it offers, organizations can select and combine cloud setups according to their needs. Compared with a strictly public or private setup, a hybrid cloud provides the most flexibility.

Hybrid cloud computing is suitable for companies that need to handle large amounts of data and use various IT services. It is also recommended for organizations that have highly changeable workloads because of a significant increase in demand during peak seasons.

With the ability to respond quickly to changing needs and demands, organizations that utilize hybrid cloud computing have the competitive edge. Workloads can be expanded conveniently into the cloud so that testing and launching new products is quicker.

If you want a flexible, scalable, reliable, and cost-effective cloud computing solution, hybrid cloud computing is the best option for you.

Key Takeaway

Hybrid cloud computing combines the private and public cloud to give organizations flexibility, scalability, and reduce costs depending on their current and changing needs. With its numerous benefits, countless companies are migrating to this setup to keep up with dynamic workload demands.

Now that you know what hybrid cloud computing is, you can experience its benefits in your organization. If you’re interested in implementing this setup, you can contact CT Link! As a hybrid cloud solutions provider in the Philippines, we can help you choose the right product for your needs. Send a message here so we can help you today.

Improve Visibility and Detection Beyond Endpoints with Trend Micro XDR

The threat landscape is always evolving, making it hard for traditional security measures to adapt to it. This has become even more prominent ever since the pandemic; threat actors have been taking advantage of the increased attack surfaces that remote work has provided. However, if you are only securing the endpoint side, you only see a part of the malicious activity and would not be able to properly find the source and cause of it.

Another thing that must be put into consideration is that not all companies have a dedicated security team to make sense of all the alerts that an organizations security solution may notify them of. If you have no one to analyze the alert or if your team can’t respond fast enough due to the number of alerts, you leave your network vulnerable to threat actors.

This is where a security solution like Trend Micro’s XDR can help.

Better visibility of threats to your network

Trend Micro XDR has a reference of indicators of compromise (IoC) that is capable of scanning not just endpoints, but also across emails and network servers, giving your IT team more security visibility of your infrastructure.

Investigating across your organization

Trend Micro XDR allows your IT team to find threats that may have bypassed your security before and also allows you to investigate threats that have already been blocked to find their origin.

Extending your security team

With Trend Micro Managed XDR, you are able to outsource experts from Trend Micro to help interpret the security reports and alerts to quickly remediate threats to your network. This is helpful in both situations in which you have a dedicated security team, as it helps free their time to do other tasks, and those who cannot afford to have a dedicated team.

Machine learning and signatures

Machine learning is used to ensure that files you download are safe through sandboxing to ensure no malicious actions are done once it is running. Signatures on the other hand help quickly distinguish known malicious files and immediately blocks them once detected.

Virtual patching

Once an exploit is found, you need to apply the necessary vendor patch to ensure your business-critical server is safe. However, as we know this is usually easier said than done as patching requires your operations to stop. With Trend Micro, you are able to virtually patch your machine to protect you from the exploit while you slowly patch your business-critical servers.

These are just some features of the XDR suite that Trend Micro Offers, if you are interested in learning more on Trend Micro XDR or other security solutions, you may fill out the form below and we will contact you as soon as we can!

Security Advisory: Zerologon, a level 10 Critical Vulnerability

It was recently discovered that a new Critical vulnerability, named Zerologon, has been found for windows which is so severe that the Common Vulnerability Scoring System (CVSS) has given it a score of 10 out of 10 and Microsoft itself has rated it as a severe vulnerability.

What is Zerologon?

The vulnerability was found in Netlogon which is the protocol used by Windows systems to authenticate against a Windows Server running as a domain controller. The vulnerability in Netlogon allows for attackers to:

  • Impersonate the identity of any of computer on your network during an authentication attempt on a domain controller
  • Disable security features in the Netlogon authentication process
  • Change a computer’s password on the domain controller’s Active Directory

The only limitation for the vulnerability is that the attack can only be done if the threat actors already have gotten into your network.

What can I do?

Firstly, it is highly recommended that you update your Microsoft security to avoid this vulnerability. This is the most important step into making sure that your network is not affected by this critical vulnerability. You can find the Microsoft security advisory CVE-2020-1472 here.

If patching cannot be done immediately, one way to help mitigate an attack is to prevent attackers from getting into the network. As stated above, the limitation of this attack is centered on them getting inside the network, however, once they do, it means that they will be able to take control of your whole network.

Trend Micro Solution

For our Trend Micro customers, Deep Security or Apex One can be used to do virtual patching to help mitigate the attacks to help ensure that your network is safe. Below are the IPS rules that may help you strengthen your defense if patching cannot be done immediately:

IPS Rules

Deep Security and Cloud One – Workload Security, Vulnerability Protection and Apex One Vulnerability Protection (iVP)

  • Rule 1010519 – Microsoft Windows Netlogon Elevation of Privilege Vulnerability (CVE-2020-1472)
  • Rule 1010521 – Microsoft Windows Netlogon Elevation of Privilege Vulnerability Over SMB (CVE-2020-1472)

Please note that both rules are already set to Prevent.


Other Inspection / Detection Rules

Deep Discovery Inspector

  • Rule 4453: CVE-2020-1472_DCE_RPC_ZEROLOGON_EXPLOIT_REQUEST
  • Rule 4455: CVE-2020-1472_SMB2_ZEROLOGON_EXPLOIT_REQUEST

For those interested in learning more about the attacks, Trend Micro is also hosting a webinar this coming September 29, 2020 to talk more in detail about the vulnerability. You can register for the free webinar here.

If you have any questions with regards to either Zerologon or the Trend Micro solution to help prevent the attacks, please just contact us via email (rcruz@ctlink.com.ph) or through our landline 88939515 and we would be happy to answer your inquiries!


Texture vector created by macrovector

ECQ Success Stories: CT Link Managed Services Remotely Secures Client’s WFH setup

With the suddenness of the declaration of the ECQ, most companies were unable to give their workforce the tools that they may have needed to work effectively at home. This left many employees to find their own ways to complete the tasks that they do on a daily basis at home. Many of which ended up using their own devices and installing the apps from work or apps and connecting to thru the company VPN.

Client Challenges: Unsecured Personal Devices connecting to Corporate VPN

One of our customers from the Public Sector encountered this dilemma during the start of the ECQ. They have about 500 employees who need to Work From Home (WFH). They were unable to give all employees resources in which to accomplish their tasks so opted to allow employees to use their personal devices. However, the Infosec Team is concerned that malwares from the personal devices could enter thru the VPN connections.

Solution: CT Link Managed Endpoint Security

As a CT Link managed service customer, we deployed Trend Micro’s Worry-Free Business Security Services (WFBSS), which is a cloud-based Endpoint Security Solution. We provided the link for installing of Trend Micro Agents to end users and assisted them in deploying this on their endpoint devices.

As a cloud-based solution, we were able to be with them every step of the way during this process and helped with problems that occurred during installation of some devices while also monitoring the threats found by WFBSS. This has proved as an effective measure for them as presently WFBSS has detected over 3,000 suspicious and malicious activities from the endpoints.

Security as a Service

Having Managed Services for security helped our client worry less about the security from personal devices connecting into their network and freed up their time to concentrate on other important tasks at hand during the ECQ. This meant that we handled the troubleshooting of the installations of the endpoint devices and monitoring of malicious activities reported by WFBSS. This service is also not reserved for only enterprise accounts as our services are actually very beneficial as well to small and medium businesses that do not have their own dedicated IT team.  Below are a few key features in which you can expect to get when subscribed to our managed services:

  • Keep outside threats like malware from getting in and sensitive data from going out
  • Filtering potentially dangerous or inappropriate websites
  • Preventing phishing and social engineered attacks from getting to your users
  • As a cloud-based solution, support is done remotely
  • Supports WFH setups to ensure your network is safe
  • Ease of deployment with little to no IT skills required
  • Centralized monitoring through one dashboard accessible through the cloud

If you are interested in learning more about our CT Link managed services or WFBSS, contact your CT Link AM or reply to this email and we will get back to you as soon as possible!


Images were provided by Vecteezy (1,2,3,4,5)

Cloud One: A Trend Micro Solution for Cloud Builders

With cloud technology advancements, more businesses are now connecting to the cloud to solve their IT needs.  This is why the cloud infrastructure services market is now filled with different vendors, this has also caused many stakeholders to become involved in these infrastructure decisions.  This has made cloud security even tougher.  To be able to maximize the benefits of the cloud, you need to be able to balance both your business objectives and cloud security to ensure the least amount of complexity.

Cloud One, a security services platform for cloud builders, delivers the broadest and deepest cloud security offering in one solution, enabling you to secure your cloud infrastructure with clarity and simplicity.

Cloud One will be able to help provide you by providing a powerful security which leaves you leverage to take the benefits and efficiencies that the cloud has to offer to your business.  Being designed with multiple services to make sure that specific cloud security needs are addressed, Cloud one gives you the leg room you need to solve your present challenges while still being able to help you with future cloud needs.

With support for all major cloud platforms, and solutions that integrate directly into your DevOps processes and toolchain, Cloud One is designed to provide the flexibility you need without slowing down your business or application delivery.

Benefits of Cloud One

Automated

Security as code lets your DevOps teams bake security into their build pipeline to release continuously and frequently. With built-in automation, including automated discovery and deployment, quick-start templates, and our Automation Center, secure your environment and meet compliance requirements quickly.

Flexible

Builder’s choice. Security for your hybrid cloud, multi-cloud, and multi-service environments, as well as protection for any vintage of application delivery—with broad platform support.

All-in-One Solution

One platform that has the breadth, depth, and innovation required to meet and manage your cloud security needs today, and in the future.


To learn more about Cloud One and other Trend Micro Solutions, you can contact us at 8893 9515 and we would be happy to answer your inquiries!

Cloud Security: The Shared Responsibility Model

Have you ever asked yourself what the biggest threats are in the cloud?  The answer may not be what you’d expect it to be.  Rather than big named malware or cyber attacks, the biggest risk in the cloud happens due to service misconfigurations.  Despite the cloud’s clear operating model, teams continue to make simple mistakes or overlook the simple task of properly configuring the services they use in the cloud.

Security in the Cloud is a shared responsibility as both customer and provider has their respective responsibility, these are usually based on the Shared Responsibility Model.  The model defines which segments each are responsible for.  At a glance, are you doing your part?  Or did you assume it was handled by your provider?

One common misconfiguration misstep comes from pre-configured deployment services.  Most misunderstandings arise from thinking that after being given the configurations that they too will handle update patching and even maintenance of said configuration.  It falls on you the user to do these responsibilities and make sure that your system is safe!

Another common cause of misconfiguration is from human error.  As per our nature, we are bound to make errors along the way when working even if we take as much precaution as we can.  This is where automation can help make sure that these errors don’t occur.  Let’s say the operating system your team uses for your systems has a new patch that needs to be deployed. Instead of someone patching each of the production virtual machines, that team member should patch the original template of the virtual machines and a build system should redeploy production.

For safety measures as well, it is always in best practice to verify that your providers are doing their part in keeping you secure.  This is not to say that your provider is not doing their job, usually the 3 big cloud providers have an overwhelming amount audit evidence you can browse, its always just better to keep the habit of counter checking when security is involved.


Interested in learning more about our Cloud Security Solutions?  Contact us at 8893-9515 and we would be happy to answer your inquiries!

Ransomware Hits Florida Town, Costs them $500,000 in Ransom

No matter how big or small your organization is, security is always something that should be considered when it comes to securing your business data.  This is especially so if you are mostly handling confidential data such as data from customers.  Unfortunately, a town in Florida learned this lesson the hard way as they were recently hit by a ransomware attack.  As their operations was put to a standstill, they had no choice but to pay the asking price of cyber criminals, 42 bitcoins (equivalent to $500,000).

This wasn’t the only attack that happened in Florida as well, another municipality ended up paying cyber criminals $600,000 when the attack severed their connection to important data.  The mayor of the town even stated that he could not believe that in such a small town they would encounter such attacks.  They aren’t alone however, during the past years many other organizations such as major hospitals were hit by ransomware and were forced to pay to gain access to business-critical data.

“Ransomware is the canary in the coal mine,” said cyber-security expert Kevin Beaumont, who argued that the spate of attacks showed organizations needed to get better at basic IT security.

What can you do to prevent this?

As stated above, one preventive measure is to make sure that your employees are briefed on basic IT security as to make sure they don’t fall to attacks such as phising to prevent criminals from getting into the network.

Another would be to have data protection measures up, you may even start with a simple back up set up.  This is to ensure that during time of attacks or system failures, you will have a starting point to recover instead of trying to get whatever you can from your infected systems.

You may also consider advanced security protection from vendors such as Trend Micro which can help detect and quarantine suspicious files and activities from the Server level or even on your multiple endpoints.

To learn more about these solutions and how we can help you, you may contact us at 893-9515 and we would be happy to find the best solution for you company!

Security Advisory: Microsoft Alerts Customers to Patch BlueKeep Vulnerability ASAP

In case you didn’t hear, another big vulnerability was reported by Microsoft on May 14, 2019 known as “BlueKeep” which takes advantage vulnerabilities of Remote Desktop Services (RDS), Remote Code Execution (RCE), and Remote Desktop Protocol (RDP).  However, BlueKeep only affects older version of Windows, so users of Windows 10 and 8 can rest easy.  The severity of the vulnerability though has forced the hand of Microsoft and they have actually made and released a security patch for its unsupported versions.  They have classified this vulnerability as a critical level threat.

This is why as of June 4, 2019, Microsoft once again urged its customers to apply the patch as soon as possible as more than 1 million devices are still vulnerable to the attack.  This is to avoid another widescale malware attacks like those of the WannaCry ransomware attack back in 2017.  Many companies were affected by the attack and caused many business operations to stop, more notably hospital operations.

What can you do to avoid being affected?

Microsoft has already provided the solution to BlueKeep, make sure you download the latest security patch for your corresponding OS (you can find the patches here).  You may need to reboot your servers to ensure the patch is running properly.

For those who are Trend Micro users, specifically those who use Deep Security, if you are unable to apply the patch due to other reasons, such as being unable to reboot your servers, please make sure that you apply the correct policy for the virtual patching of Deep Security to ensure the security of your servers.  Below is the Deep Packet Inspection (DPI) rule:

  • 1009749 – Microsoft Windows Remote Desktop Services Remote Code Execution Vulnerability

You can view the official Trend Micro article on it here.

For those who are looking into a longer-term solution, you can consider solutions such as Citrix Gateway and Virtual Apps to secure your remote connections to Windows servers.

To learn more about these solutions, you can contact us at 893-9515 and we will help introduce you to different options that you have to help prevent these kinds of vulnerabilities!