Rojoli Services Blog

Rojoli Services has been serving the Peachtree Corners area since 2008, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

A Crash Course in Security Management: Learning the Keys to a Better Security Posture

A Crash Course in Security Management: Learning the Keys to a Better Security Posture
Organizations struggling to manage resources across multiple environments and protect growing attack surfaces from increasingly sophisticated threats face a variety of security challenges related to lack of visibility, ineffective response capabilities and IT complexity. The eBook shows how to adopt a more intelligent security management approach with improved visibility, control and guidance.
Original author: Rojoli Services
0 Comments
Continue reading

Salesforce will adopt Microsoft’s cloud, as the companies cozy up again

105232777-Handout_Microsoft_Nadella_Salesforce_Benioff_140505

Salesforce will adopt Microsoft’s cloud, as the companies cozy up again

https://image.cnbcfm.com/api/v1/image/105119178-Jordan_Novet_IMG_4402a.jpg?v=1523299470&w=60&h=60");">
KEY POINTS
  • Salesforce will deploy its Marketing Cloud service on Microsoft’s Azure public cloud infrastructure.
  • Salesforce already uses Amazon Web Services, and the company announced plans to use Google Cloud Platform in 2017.
  • Microsoft and Salesforce have a complex history, including acquisition talks.
Handout Microsoft Nadella Salesforce Benioff 140505
Microsoft CEO Satya Nadella and Salesforce CEO Marc Benioff in 2014.
Source: Microsoft

Salesforce said Thursday it will move its Marketing Cloud service to Microsoft’s Azure public cloud, putting aside the rivalry between the two companies.

Microsoft’s share of the public cloud market remains smaller than market leader Amazon Web Services but has gained wider adoption from customers under CEO Satya Nadella. Last month, Microsoft won a contract to provide the Pentagon with cloud-computing services in a deal that could be worth as much as $10 billion, and in July, Microsoft announced a cloud agreement with AT&T.

 

Salesforce and Microsoft have had a complicated relationship over the years, with executives taking occasional public potshots at each other. They compete in multiple areas, including Salesforce’s core business of customer relationship management: Salesforce has the Sales Cloud and Microsoft fields the less popular Dynamics 365 cloud service.

In a 2014 detente, the companies signed a product partnership. Salesforce founder and CEO Marc Benioff credited Nadella’s collaborative approach as driving the turnaround and even invited him to a prime speaking position at the company’s Dreamforce conference. In 2015, Microsoft considered buying Salesforce, but talks broke down over price.

Then in 2016, the companies got into a fierce bidding war over LinkedIn, which Microsoft ended up winning, and Benioff’s rhetoric soured. “You know, maybe the new Microsoft is actually the old Microsoft,” he told CNBC’s Jim Cramer.

Now, Salesforce has chosen Microsoft’s cloud infrastructure to run one of its products around the world. Under Nadella, Microsoft has also previously allied with competitors like Red Hat and VMware.

LIVE, NEWS-MAKING DISCUSSIONS
UNIQUE, IN-PERSON EXPERIENCES

In addition to adopting Azure, Salesforce will also develop technology to integrate its Sales Cloud and Service cloud products with Microsoft’s Teams communication app. Teams competes with Slack, and Salesforce has its own social network for internal business discussion called Chatter. The idea is to enhance interoperability between Chatter and Teams, according to a person familiar with the matter.

 

Salesforce currently depends on Amazon’s cloud to help run its online services, and in 2017 it said it would also use Alphabet’s Google Cloud Platform to deliver services. Salesforce to date has run Marketing Cloud on its own internal infrastructure, a spokesperson told CNBC.

Representatives of the two companies declined to talk about how much Salesforce will spend on Azure.

Continue reading

How to navigate cybersecurity in a 5G world

5g

How to navigate cybersecurity in a 5G world

by   

With 5G comes a larger attack surface and more devices accessing the network. Companies must ramp up security strategies to stay protected, an AT&T Cybersecurity report finds.

AT&T Cybersecurity released a report on Monday identifying the major security gaps organizations must address with the rise of 5G networking

While 72.5% of security professionals worldwide rated their level of concern for the 5G's impact on security as high or medium-high, only 22% said they believed their current policies are ready for 5G, the report found. 

The AT&T Cybersecurity Insights Report: Security at the Speed of 5G surveyed 704 security practitioners from North America, India, Australia, and the UK to determine how prepared larger organizations are for the security implications of 5G.

5G promises increased bandwidth, higher speeds, with low latency, but it also brings an influx of cybersecurity concerns. The majority of respondents (76%) said they expected completely new security threats to surface from the 5G world, the report found. 

Nearly all respondents expect to make 5G-related security changes within the next five years, with 35% saying they will start in the next one to two years. Regardless of timeline, 78% of security professionals said their policies would need to be changed because of 5G, according to the report. 

Top 5G security concerns 

To help professionals understand potential new threats, the report identified the following major security concerns surrounding 5G:

1. Larger attack surface due to the massive increase in connectivity (44%)
2. Greater number of devices accessing the network (39%)
3. The extension of security policies to new types of internet of things (IoT) devices (36%) 
4. Authentication of a larger number and wider variety of devices (33%)
5. Insufficiency of perimeter defenses (27%)

While these concerns are legitimate, the report found bigger concerns exist surrounding the other technologies utilized in the deployment of 5G. 

The first technology is virtualization, which includes software-defined networking (SDN) and network functions virtualization (NFV). As stated in the report, "enterprises will need to take advantage of virtualization to make the network nimbler and more responsive, with the ability to provide just-in-time services."

While virtualization is crucial for 5G, only 29% of respondents said they planned to implement security virtualization and orchestration in the next five years. But, the power of virtualization allows virtualized security to be quickly deployed to various network locations and automatically respond when new attacks are discovered, the report found. 

"Security virtualization could be the most crucial advancement related to 5G security, for both the provider and their enterprise customers. Enterprise IT is becoming more distributed, and through virtualization networking is following suit. Security needs to follow that trend," according to the report.

Endpoint security is also a concern for 5G users. As more 5G devices are connected to the network, such as Multi-access Edge Computing (MEC) nodes, authentication and certification becomes paramount. However, only 33% of respondents said they planned to implement tighter network access controls in the next five years, and only 37% said they were creating new systems for device authentication, the report found. 

A zero-trust security model could help address these concerns, as it would continually check a user's presence and behavior, regardless if the user is a human or machine. Enterprises are embracing zero-trust, with 68% saying they have implemented it or are in the process, but only 33% said they have multifactor authentication (MFA) in place, the report found. 

The last area of concern includes vulnerability management. Only 33% of organizations said they had implemented asset discovery and management and 30% said they had put into effect vulnerability assessment and remediation. Another 33% of respondents said they had added network security threat analytics, which is a crucial tool for the complexity of 5G networks, according to the report. 

Steps for a more secure 5G network 

To help organizations tackle all of these concerns, the report identified the components of a solid 5G network security plan: 

  • Virtualized, automated security controls: The increased surface area of a 5G network calls for automation to help manage the environment. Automated remediation and virtualized security controls can help enterprises mitigate these risks. 
  • Machine learning and threat detection: The increase of 5G and MEC on the network will generate a large amount of data. Threat detection and threat intelligence will need to be driven by machine learning and artificial intelligence (AI) to keep up. 
  • A zero-trust environment: Security practitioners must consider more sophisticated strategies for identity and authorization on a 5G network, and a zero-trust approach is one of the best bets. 
  • A shared security model: While 5G does have some built-in security features, they won't cover all threats. 5G deployment will be a joint effort between network operators and enterprises, which means a shared responsibility for security exists between the two. A managed service provider can help organize security responsibilities for short-staffed organizations. 

As more 5G devices enter the network, organizations must prepare for the onslaught of added security threats, according to the report. 

For more, check out How cybersecurity will evolve in a 5G connected world on TechRepublic.

https://www.techrepublic.com/article/how-to-navigate-cybersecurity-in-a-5g-world/

Continue reading

Microsoft works with researchers to detect and protect against new RDP exploits

Microsoft works with researchers to detect and protect against new RDP exploits

  • Microsoft Defender ATP Research Team

On November 2, 2019, security researcher Kevin Beaumont reported that his BlueKeep honeypot experienced crashes and was likely being exploited. Microsoft security researchers collaborated with Beaumont as well as another researcher, Marcus Hutchins, to investigate and analyze the crashes and confirm that they were caused by a BlueKeep exploit module for the Metasploit penetration testing framework.

BlueKeep is what researchers and the media call CVE-2019-0708, an unauthenticated remote code execution vulnerability in Remote Desktop Services on Windows 7, Windows Server 2008, and Windows Server 2008 R2. Microsoft released a security fix for the vulnerability on May 14, 2019.

While similar vulnerabilities have been abused by worm malware in the past, initial attempts at exploiting this vulnerability involved human operators aiming to penetrate networks via exposed RDP services.

Microsoft had already deployed a behavioral detection for the BlueKeep Metasploit module in early September, so Microsoft Defender ATP customers had protection from this Metasploit module by the time it was used against Beaumont’s honeypot. The module, which appears to be unstable as evidenced by numerous RDP-related crashes observed on the honeypot, triggered the behavioral detection in Microsoft Defender ATP, resulting in the collection of critical signals used during the investigation.

Microsoft security signals showed an increase in RDP-related crashes that are likely associated with the use of the unstable BlueKeep Metasploit module on certain sets of vulnerable machines. We saw:

  • An increase in RDP service crashes from 10 to 100 daily starting on September 6, 2019, when the Metasploit module was released
  • A similar increase in memory corruption crashes starting on October 9, 2019
  • Crashes on external researcher honeypots starting on October 23, 2019
0 Comments
Continue reading

Monday Tech Tip: 4 Reasons Businesses Should Make the Move

Monday Tech Tip:  4 Reasons Businesses Should Make the Move
Are you considering moving to the cloud? As global competition heats up and customers demand more innovative solutions, businesses are adopting cloud services at an increasing pace. What if you could lower your costs, increase productivity and enhance security? Explore this eBook to discover four reasons small businesses should make the move.
Original author: Rojoli Services
0 Comments
Continue reading