Filed under: Uncategorized
Many years ago when I was early in my career, I worked for one of the leading market research companies in the San Francisco Bay Area. Shortly after I joined the company it was acquired by DRI, a small subsidiary of McGraw-Hill. After the acquisition, a DRI employee was transferred into our offices to serve as a liaison between corporate and their new acquisition. He was a very bright guy with an exceptionally quirky sense of humor. Among the various things I learned from him, the most notable was a comment he once made: “You don’t have to know everything, but you do have to know how to find everything”.
The first iteration of what our liaison was describing, in a sense, became Google and other search engines. In theory, at least, there is a collection of all relevant information somewhere in the cloud and all you have to do is type in a few words to gain access to it. In short, you don’t have to know everything, but you at least have the opportunity to find everything. There continue to be shortcomings in modern search engines driven by incomplete information, intentional biases from prioritizing some information sources over others, the desire of search engine companies to generate revenue from search, and user limitations in not being to adequately describe exactly what they’re looking seeking. Moreover, as useful as search engines are, they don’t give us the answer we’re looking for – instead, they give us an enormous number of answers that might – or might not – be right. This results in search engines being extraordinarily useful tools, but not really a panacea to finding what we need to know.
What would be useful, then, is a way to do two things: a) have access to every bit of knowledge and information that is possible to have on a subject, and b) get the answer that is most likely to be right in as short a time as possible. That, in essence, is what IBM Watson does. Using natural language processing, “reasoning” capabilities, and voluminous amounts of data, Watson sifts through enormous amounts of data in a manner somewhat akin to a search engine, but it does so using natural language inputs. More importantly, Watson is focused on delivering the answer that is most likely to be correct. It’s not always right, of course, but it has demonstrated the ability to be mostly right – for example, on Jeopardy and in a contest with various members of the US House of Representatives.
Why is Watson important? Simply because it can receive inputs using natural language and process vast quantities of information to come up with an answer in a way that humans might if they had the capacity to sift through hundreds or thousands of terabytes of data in a very short amount of time. There are numerous potential applications in a wide variety of fields like medicine and law, among others. In the communications and collaboration realm, Watson could be used for things like analyzing who in a company is most likely to commit fraud by asking who is being abused verbally by their managers and correlating this with employee sentiment expressed in social media, email, text messages and the like.
In short, Watson could be enormously useful in providing direction for a wide variety of business activities like investigations, early case assessments, eDiscovery, fraud detection and mediation, and host of related types of efforts. While we will never know everything, Watson will help us get closer to being able to find everything.
Filed under: Uncategorized
Our research, as well as that of many other firms, has revealed that malware infiltration has impacted most organizations and that the problem is getting worse over time, particularly for small and mid-sized businesses (SMBs). While it is essential that every potential ingress point for malware be monitored, many organizations have holes in their defenses that could allow malware to enter the corporate network. Here are a few areas to address, although the list is by no means exhaustive:
- Personal Webmail
Many users employ personal Webmail when they need to send files that exceed the mailbox-size quotas that IT has established for the corporate email system, or when the corporate system goes down. While both are valid reasons for using a personal alternative to continue sending emails, doing so bypasses corporate scanning defenses and can allow malware to sneak onto employees’ computers, such as in a phishing email.
- Non-business-grade file sync and share
Tools like Dropbox are widely used by employees so that all of their relevant content can be available from every device they use. These tools are incredibly useful for traveling employees, those who work from home, and those who want their files handy from a mobile device when they’re away from a desktop computer. However, they can also provide an entry point for malware. For example, if an employee’s home computer is used to work on a Word or Excel file, gets infected and then is synced via Dropbox to the employee’s work computer, malware can enter the corporate network without ever having been scanned for malicious content.
- Mobile devices
Any mobile device – whether supplied by an employer or one owned by an employee – is a potential source of malware infiltration. One of the ways this can occur is when employees download applications that have not been developed with security as a critical design consideration. Another way for data leakage, but also malware infiltration, to occur is if employees download copycat apps thinking they are downloading bona fide apps.
- Web surfing
The Web has become an essential tool for individuals to do their job – and the primary way that malware infiltrates a corporate network. There are numerous ways that malware can infiltrate an organization through the Web, including browsing to valid but infected sites as in a watering hole attack, through drive-by attacks or via compromised search engine queries.
- Social media
Tools like Twitter and Facebook can be used to distribute malware through short URLs or Facebook chat, among other ways. Social media can also be an invaluable tool for cybercriminals to gather intelligence about their potential victims who are intent on spearphishing high profile victims like corporate CFOs.
So what do you do about it? Here are four things:
- First and foremost, understand what your users are doing, the tools they’re employing and why they are using these tools. Personal Webmail may be used only because of inadequacies in your corporate email system; Dropbox may be used because employees want to be more productive when they’re working after hours.
- Next, develop policies about the use of personally owned devices, cloud applications and mobile applications. While a policy will not guarantee that a particular cloud service or app will not be downloaded or used, it will reduce the number of these potential malware ingress points available on your network.
- Train users about what to do and what not to do with regard to things like phishing attempts, mobile apps and cloud applications. Follow this up with regular refresher course and reminders, and test users to see if they’re really learning anything.
- Provide useful alternatives to the applications that users need to do their job. This means doing things like replacing consumer-focused file sync and share tools with enterprise-grade alternatives that will enable more secure management of corporate data.
Finally, deploy very good anti-malware defenses from a leading vendor that can support its tools with excellent threat intelligence.
Filed under: Uncategorized
There are a number of ways to justify the cost of an archiving solution. We have just published a new white paper in which we present three “before and after” scenarios that will cover a variety of scenarios for archiving and how they can help to reduce corporate costs. Here is one of the examples we included in the white paper.
End users sometimes delete content that they will need at a future date, such as word processing documents they have taken a considerable amount of time to write, an email with an important communication from a customer, or a presentation. Let’s again assume a 500-person organization and each employee needs to recover just one document each month. This results in a total of 6,000 documents that need to be recovered each year (500 employees x one document per month x 12 months). We will also conservatively assume that IT requires an average of only 15 minutes to recover each document from a backup tape.Assuming that IT might even have the bandwidth to recover all of these documents, IT staff members will spend a total of 1,500 hours annually (6,000 documents x 15 minutes per document) recovering this content. The total IT cost of document recovery, therefore, will be $75,000, the equivalent of three-quarters of a full-time IT staff member.
We will now assume that an archiving solution has been configured to allow individual users to access their own content. Assuming that five minutes will be needed to recover a document and that the average employee salary is identical to that of IT staff members ($50 per hour), then the total cost of employees recovering their own documents will be $25,000 annually (6,000 documents x five minutes of recovery per document x $50 per hour). The total annual savings compared to IT recovering the documents will be $50,000. Factor in the cost of the archiving system (average of $20,000 per year) and the cost savings from end-user access to the archive is still a significant $30,000 annually.
While many consider an archiving solution to be a primarily defensive tool – allowing organizations to support eDiscovery or regulatory compliance efforts, for example – it can also be a tool to enhance employee productivity and provide other benefits that can actually pay for the archiving solution in a relatively short period of time.
You can download the white paper here.
Filed under: Uncategorized | Tags: airgap, defense-in-depth, ids, ips, malware, web security
The Web is a dangerous place. A recent Osterman Research survey found that 73% of mid-sized and large organizations have had malware infiltrate their corporate networks through the Web during the previous 12 months. By contrast, malware has successfully infiltrated through email in 59% of organizations and through social media in 17%. Our data is corroborated by Palo Alto Networks’ research that finds 90% of malware attacks come through Web browsers.
What should you do to protect your corporate network from the bad stuff that can be (and probably will be) delivered through your Web browser? The traditional approach is to adopt a defense-in-depth approach of intrusion detection, intrusion prevention, URL filtering, anti-virus, sandboxing and other technologies that will create something of a gauntlet through which bad stuff must pass before reaching users. This works to a great extent, but is by no means a guarantee that all malware will be stopped.
Another approach is offered by Spikes Security, a new company that isolates Web traffic in a centralized server. Instead of trying to detect malware or pass through only “safe” content to Web users, the solution makes the assumption that all content is bad and so passes through nothing. Instead, the AirGap solution converts Web traffic to compressed and optimized pixels that are then delivered to users who view them through a lightweight client that the company claims installs easily, requires no special configuration, and offers good video and audio performance. In essence, Web users are simply viewing a video feed of Web content instead of the actual Web content itself. AirGap provides end-to-end encryption for Web traffic and claims that its proprietary client/server protocol cannot be compromised by malware. Each user session is isolated via a hardware-assisted virtual machine.
Pricing for AirGap ranges from $5.13 to $9.00 per user per month depending on the number of users (sessions) and the length of the software license.
The concept of AirGap is a simple one and should be completely effective at preventing attacks that come through Web browsers. The only downside – and it might be a significant one for some organizations – is that at this point only the AirGap client can be used to view Web traffic, not individual browsers via a plug-in. While this won’t be a showstopper for most organizations, it could be for some that depend on plug-ins for some Web functionality.
All in all, AirGap is a fairly elegant approach to the increasingly perilous issue of Web-borne malware.
Filed under: Uncategorized
Obviously, information security and risk management are critical issues for any organization, regardless of its size or the industry in which it participates. But maintaining the security of your information and others’ information that you possess, as well as mitigating the risk associated with data breaches, is difficult and getting tougher all the time. This is particularly true in an era in which employees and contractors increasingly use their personal devices and applications to create and store corporate content.
There are some important questions about your organization’s information security status and practices that you should be asking – and that you should be able to answer quickly:
- Do you know how many users in your organization have installed and are using Dropbox, Microsoft OneDrive, Google Drive or a similar solution to store work-related documents? If so, do you know what data they are storing there? If so, does your corporate IT department have ready access to this content if, for example, an employee leaves the company?
- Are some of your employees sexually harassing other employees or sharing ethnic jokes through the corporate email system, instant messaging or social media? If so, can you readily identify these people in real time or near real time and take appropriate steps to ensure that it stops immediately?
- Are any of your employees sending sensitive or confidential information to your competitors?
- When the corporate email system goes down, do your employees use their personal Webmail accounts to continue sending work-related emails? If so, are these emails and their content easily recoverable by your IT department so that they can be scanned and archived in compliance with corporate policies?
- When employees leave the company, is there a formal and reliable process for decommissioning their access to corporate resources, including their access to personally managed repositories that store corporate content?
- Do ex-employees still have access to your corporate systems and/or data assets?
- Do users employ very strong passwords to access corporate resources? Do they change them periodically? Are corporate passwords managed by IT?
- When users need to send files that are larger than can be sent by your corporate email system, do they use a corporate-managed solution to do this?
- Do users encrypt emails when necessary, such as when sending customers’ personal financial information or employees’ protected health information?
- Have employees received formal training about protecting themselves and the organization from phishing or spearphishing attacks? If so are they tested periodically to determine if the training has been effective?
- Is your organization archiving business records to satisfy eDiscovery, regulatory or other obligations? If so, are you archiving them in email only, or in every venue they might be found, such as instant messaging, social media, Dropbox, Salesforce Chatter, etc.?
- Is the content from employee’s smartphones and tablets – whether company or personally owned – archived on a continuous basis?
These questions are the just the tip of the iceberg with respect to the types of questions you need to be asking – and that you should be able to answer quickly and accurately.
Filed under: Uncategorized
In late May 2014, Osterman Research conducted an in-depth survey of 164 organizations and their archiving system migration plans. We surveyed primarily mid-sized and large organizations across a wide range of industries. Key findings from the research include the following:
- The typical archiving solution has been in place four years and eight months (median is 36 months).
- There is not a high level of satisfaction with current archiving solutions. For example, only 60% of organizations are “pleased” or “extremely pleased” with the current archiving solutions’ ability to place legal holds on content, only 52% are this pleased with the speed of the solution’s search performance, and only 44% are this pleased with the ability to delete content when necessary.
- Moreover, we found significant differences in the level of satisfaction with archiving solutions based on their age. For example, organizations with archiving systems that are more than three years old are nearly twice as likely “not to be pleased at all” with their ability to place legal holds on content (14.5% for older systems vs. 7.6% for more recent systems), the ability to establish different retention policies (16.7% vs. 11.0%), and the scalability of the system (15.2% vs. 11.2%).
- We also discovered a significant difference in the penetration of cloud-based archiving based on the age of the system: organizations with an archiving solution no more than three years old have placed 33.4% of their archived content in the cloud compared to only 13.2% for older solutions.
- Finally, we found that 7.6% of the organizations will “definitely” replace their archiving solution over the next 18 months while another 27.2% will “probably” do so, as shown in Figure 1. Not surprisingly, organizations with older archiving solutions in place are much more likely to definitely or probably replace their archiving solutions during the next 18 months (39.8% vs. 30.1%).
We published a white paper that goes in-depth on archiving migration that you can download here.