xAssets Industry Information Resource
Links to Useful Articles Relating to Asset Management and Cloud Computing

Industry Resource - February 2017


5 Cybersecurity Tools Your Company Should Have



No business can afford to ignore cyber security. According to a recent Verizon Data Breach Investigations Report, over half of cyber-attacks target easier to breach small businesses. SMB's can take proactive steps to prevent cyber-intrusions, including the use of secure computing hardware, installing software to block spy-mail and ransomware, train employees to identify security threats, utilize 'always on SSL" in websites and maintain an ongoing inventory of their network and software assets

Click here to read more

Report: 75 Percent of Organizations Have Been Hit By Malicious Adware



According to Cisco's 2017 Cybersecurity Report, cyber threats are evolving rapidly to stay ahead of cyber protections. For instance, three widely used exploit kits, Angler, Nuclear and Neutrino, virtually disappeared in 2016. They were replaced by Sundown, Sweet Orange and Magnitude, which target Flash, Silverlight and Microsoft Internet Explorer. To combat these malware tools Cisco recommended uninstalling Flash and disabling extraneous browser plug-ins. Cisco also warned IT departments to be aware of adware, which displays ads for malicious purposes. Attackers can combine adware with harmful applications that can change the user's browser settings, track location, or ex-filtrate credentials.

Click here to read more

How to Build a Cybersecurity Strategy For 2017



Most companies fail to deploy security controls to "nodes" connecting to their network.

Employee-owned mobile devices, the Internet of Things (IoT) and cloud computing have altered the types of "assets" connected to networks. Implementing cybersecurity "best practices" across an unstructured and decentralized network constitutes a significant challenge for many companies. Firms have the most control over devices that they purchase, configure, discover and inventory. But as BYOD drives new devices, IT departments are losing control over the devices with which their users and network interact. Companies must reevaluate and establish the context of the users and actions taken on their systems and determine how to apply "best practices" to this new ecosystem.

Click here to read more

Software Licensing Compliance and Cost Optimization



Companies need to balance software license compliance (maintaining licensing that matches usage) with the need to control software licensing costs. Arriving at the properly balanced situation can be difficult for even experienced software asset managers. For instance, motivated employees will, at times, find unauthorized methods of accessing the software resources they need, sometimes without secure the needed license. Lack of compliance can result in unplanned expenses when violations are uncovered during a software vendor audit. While this is a problem, without access to the proper computing tools, employees and teams will not be able to competently perform their assigned tasks. The pressure to provide employees the tools they need at whatever expense is required to stay compliant, or avoid a costly audit, can compel an organization to tilt in the direction of excessive or imprudent spending.

Click here to read more

SAM in a SaaS World



Discovering, inventorying and reconciling devices and software installations is the foundation of SAM. With the continuing adoption of SaaS based solutions ITAM practitioners are being forced to look at the practice in a new way. It is not surprising that some SAM practitioners question the need to manage software assets after they have adopted a SaaS model. The thinking is that there is no device and as such nothing being put on a device to count. his thinking reflects an understanding of the technology, it misses the point that SaaS moves companies from a license tracking model to a subscription service tracking model that incorporates many sof the processes inherent to SAM.

Click here to read more

Do You Trust Your Discovery Data?



Accurate asset discovery data is the foundation for every IT Asset Management program. Too often IT Asset management is accomplished using spreadsheets with manual entries needed to fill in missing information. In addition, many discovery tools are not designed for IT Asset Management, but are intended for patching, or network administration. As a result, these systems may be missing critical information. In addition to understanding what information is collected by the discovery tool, it is essential to understand how that data is collected. Most discovery tools for Windows systems rely on information in the Windows registry or the Windows Management Instrumentation (WMI) file to get hardware configuration information. Software information typically comes from a combination of Add Remove Programs or the executable files on the device. It's important to have a high level understanding of these elements to understand where the system could be breaking down.

Click here to read more

Avoid Overpaying for Software Settlements



Most software audits initiated by the software publisher, or by a third party authorized to pursue copyright infringement claims on behalf of the software publishers (e.g. BSA, SIIA), are settled without litigation. Most of the settlements involve a monetary penalty as part of the resolution.

There are many factors that precede the negotiations and which impact the total payment. As part of the audit, the auditing party works to identify any gaps in software licensing. These gaps may range from a insufficient licenses to having the incorrect license for the software installed. Once the auditing entity determines the number of gaps, it calculates a total settlement based on the information presented. An initial settlement demand establishes the baseline for negotiations. It is critical to ensure that the initial number is accurate before engaging in negotiations. This article explores are several key factors to consider with regard to the settlement demand.

Click here to read more

Experts at RSA Give Their Best Cybersecurity Advice



Even the best security software is useless if users and businesses fail to take the right steps to protect themselves. Experts at the RSA show were polled for their best cybersecurity advice. This article includes advice from Joe Stewart, Director Of Malware Research at Dell SecureWorks (use two factor authentication), Mike Sentonas Vice President Of Technology Strategy at CrowdStrike (define what you need to protect),, Mike Buratowski, Vice President Of Cybersecurity Services at Fidelis Cybersecurity (expect tobe a target), Chris Wysopal, Chief Technology Officer at Veracode (don't trust the ntechnology to be secure), and Jeremiah Grossman, Chief Of Security Strategy at SentinelOne (perform a complete IT inventory).

Click here to read more

Beware Google Chrome Scam That Could Inject Malware into Your Computer



According to cybersecurity experts at Proofpoin, a Google Chrome scam that infects Windows computers with malware poses a reall threat to users. Proofpoint warned that hackers can inject a script,which targets the Chrome browser on Windows. The script and then rewrites the compromised website on the victim's browser to make the page unreadable and creates a fake issue for the user to resolve. A popupcontaining the message "The 'HoeflerText' font wasn't found," propts users to download an update to their computers. The update is actually a malware download.

Click here to read more

Is Your Smartphone Spying On You? Phone Cameras, Microphones At Risk Of Hacking, Expert Says



Analysts are more and more focused on malware that can take over a smartphone's microphone or camera. Security researchers recently discovered that hackers could remotely enable the camera and microphone on the smartphones issued to Israeli Defense Force soldiers. ," Kevin Haley, director at Symantec Security Response noted that the cellphone is the perfect spying device. Using a cellphone a hacker could track people wherever they go, listen in on their conversations and see what they're doing. The process behind this type of infection works the same as most malware. Targets are sent a prompt to download a seemingly legitimate app or are sent to a secondary webpage. These links can often be vague or attempt to gain the user's trust by appearing to be tied to major businesses. Once installed, these programs take over the smartphone's functions through various security holes.

Click here to read more

Industry Resource - January 2017


Cybersecurity Experts Identify 3 Hacking Trends Of 2016



As the number of individuals and businesses who relied on technology increased, hackers expanded their efforts to victimize and exploit nearly everyone with a computer or smartphone.

Experts evaluated which forms of cybercrime were committed the most. Ajay Kumar breaks them down into three categories: Ransomware, IoT hacking, and lawful hacking. Ransomware had cost organizations millions, IoT hacking, using connected devices, shut down internet service provider Dyn in 2016 and lawful hacking split the tech industry when the government demanded that companies help break the security codes they invented to protect their customers.

Click here to read more

Top Cybersecurity Lesson from 2016: Unchecked Insiders



Cybercriminals have many advantages over many IT departments. However, there are two factors that IT groups can control that contribute to the rampant spike in cyber breaches. The first is that employees and contractors often have the ability to access far more data than they require. The second factor is that most organizations do not monitor or analyze how information stored in files and e-mails is used. Whether hackers seize control over a system, or if insiders abuse their either out of ignorance or for malicious purposes, these vulnerabilities on the inside are among the largest threats to any organization. Despite the cybersecurity technology available data breaches continue to increase, largely due to these internal factors.

Click here to read more

Data Breaches Through Wearables Put Target Squarely On IoT In 2017



Forrester predicts that more than half a million IoT devices will suffer a compromise this year. IoT security is an issue because of the sheer velocity of how the distributed denial-of-service (DDoS) attacks spread through common household items. Forrester noted that "Today, firms are developing IoT firmware with open source components in a rush to market. Unfortunately, many are delivering these IoT solutions without good plans for updates, leaving them open to not only vulnerabilities but vulnerabilities security teams cannot remediate quickly." Security is an afterthought for most IoT devices and lack thereof is exacerbated as patching IoT firmware cannot be performed as problems arise using over-the-air patching.

Click here to read more

KillDisk Cyber Sabotage Tool Evolves Into Ransomware



The KillDisk malware has been used in the past to wipe data from computers during cyberespionage attacks. However, the most current versions of the malware now act like ransomware. Rather than wiping the data from the disk, the malware encrypts the data stored on the system and transmits a message asking for 222 bitcoins (over $200,000) to restore the information. There is also a Linux variant of KillDisk that can infect both desktop and server systems. The encryption routine and algorithms are different between the Windows and the Linux versions, and the encryption keys for the Linux systems are neither saved locally nor sent to a command-and-control server. Consequently the attackers can't actually get to them.

Click here to read more

Feds Allege Security Flaws in D-Link Routers, Cameras



The Federal Trade Commission filed a complaint in the federal Northern District Court of California claiming that D-Link routers and internet accessible security cameras have put "thousands at risk" over years of poor security practices. The complaint alleges that those problems included "well-known and easily preventable software security flaws, such as 'hard-coded� user credentials and other backdoors, and command injection flaws, which would allow remote attackers to gain control of consumers� devices." The company denied the FTC's claims in a statement.

Click here to read more

49% of Businesses Fell Victim To Cyber Ransom Attacks In 2016



According to Radware's Global Application and Network Security Report 2016-2017, almost half of businesses were the targets of a cyber-ransom campaign in the past year. The report found that data loss was foremost among IT professionals' cyber-attack concerns, followed in order by service outage, reputation loss and customer or partner loss. Malware or bot attacks hit half of all organizations surveyed. The Internet of Things (IoT) was a major cause of the pervasive attacks. Over half of all respondents reported that IoT ecosystems created more vulnerabilities and complicated their cybersecurity detection measures. Ransomware attacks also increased rapidly with over 40% of respondents reporting that ransom was the top motivator behind the cyber-attacks. they experienced in 2016.

Click here to read more

Leveraging Privileged Access Management to Stave Off Internal Security Threats



Executives and managers concerned about the security of their business critical assets, need to be aware that it is not just the external threats that might jeopardize their IT systems. A significant threat is posed by the people they entrust with their data. Malicious insider frauds can cost a company even more time and money than other external cyber security attacks. Moreover, the most dangerous insiders are often the employees with privileged accounts. Privileged access breaches not only present unique security challenges but may also lead to compliance violations. According to the 2015 Insider Threat Report, nearly 60 percent of cyber-security specialists consider privileged users to be the biggest security risk in their organizations.

Click here to read more

Mobile Is Still the Safest Place For Your Data



The Identity Theft Resource Center maintains a database of personally identifying information breaches that require disclosure under state and federal laws. If mobile devices were a factor into data loss, they would be included in this database. However, mobile-linked breaches haven�t been recorded, despite the nearly universal use of a smartphone. What do show up are paper records, USB drives, laptops, database hacks and successful phishing attempts. None of the lost, stolen, or compromised devices were mobile devices, likely because encrypted devices need not be reported and are presumed safe. iPhones and iPads encrypt their contents, as do professional-grade Android devices.

Click here to read more

Put an End to Software Sprawl



Many companies are still using outdated manual processes to manage their software inventories That practice can cost them time and money. Eric Moll, director of digital transformation at COMPAREX Canada recently noted that "Organizations are turning into software companies and they need to be able to manage their software assets as strategically as their people and products." Effective software management system can facilitate licensing audits, and can free up corporate resources. Rik Schaap, SAM consultant with COMPAREX Canada added that "It�s not a question of whether you will be audited, but when." Software publishers are actively pursuing compliance reviews in today�s marketplace. The outcome for ninety percent audits is overall negative for most firms and CIOs are usually held responsible for costs of a failed audit.

Click here to read more

Software Licensing Lessons from 2016 For A Cloudy Future



Software delivery models have been trending towards the cloud, and subscription models. Experts expect growth in uptake and use of IaaS, PaaS and SaaS to continue in 2017. In 2017 and beyond SaaS adoption benefits and TCO should be extensively evaluated. Procurement and SAM professionals will play a role in determining value through price analysis and the use of SAM metering data to weed out shelfware, create a platform for right sizing and review ther value attained from each software title.

Click here to read more

IT Asset Management Software Market - Global Industry Analysis, Size, Share, Growth, Trends, and Forecast 2016 - 2024



The IT asset management research report provides a detailed analysis of how various organizations use ITAM software solutions, particularly hardware and software. ITAM software helps firms to reduce operational and capital expenditures. In addition, deploying ITAM an enterprise can identify licensing and contractual data related to a particular software title, eliminating regulatory risks. The report covers the factors trending in the market, and technological advancements supporting the growth of ITAM software market.

Click here to read more

10 Ways IT Asset Managers Affect the Top and Bottom Line



As new business technologies are helping all types of organizations to achieve competitive advantages, IT asset management continues to serve as a critical function for IT departments. IT assets include all hardware and software owned, leased and/or licensed by an organization, and a scalable ITAM practice increases in importance as the size and complexity of the organization grows. Insuring software license compliance, mitigating risk, reducing costs, and increasing profitability are the main areas of focus for IT asset managers. IT asset managers are the CIO�s best friend and arguably one of an IT department�s most valuable team members. This article presents 10 ways IT asset managers affect an organization�s top and bottom lines.

Click here to read more

Why Business Departments Choose Their Own Tech



According to a recent survey from Logicalis business departments a have undertaken technology investment independently of the. CIO The Logicalis report, titled "Digital Enablers: The Challenges Facing CIOs in an Age of Digital Transformation," notes that business units are employing their own IT staff, and that CIOs regularly work with these departmental IT pros on strategic goals. It is also common for business managers to acquire tech apps and solutions without consulting the IT department; known as "shadow IT". Some experts feel that this is a natural business evolution where the lines between tech and business become blurred. Mark Rogers, CEO at Logicalis noted that "As digital innovation accelerates, the winners will create new customer experiences, make faster and better decisions through smarter collaboration, and create new digital business models and revenue streams securely. CIOs and IT leaders can play a leading role in enabling that innovation, drawing on skills from insightful partners to help shape their businesses and lead their sectors through the application of digital technologies."

Click here to read more

This Gmail Phishing Attack Is Tricking Experts. Here�s How to Avoid It.



A new phishing scheme targeting Gmail users is getting past even experienced security experts.

In the new phishing attack, Gmail users receive an email that appears to have come from someone they know. It also includes a malware attachment. When a user click on the attachment, a new tab opens up and the victim is prompted to sign into what appears to be Gmail. That copycat site is used to collect login information, and once users log in, their Gmail account is compromised. To avoid being compromised users should take care to look for a green lock icon in their browser address bar (if using Google Chrome) and insure the URL begins with "https://". The copycat Gmail login site begins with "'data:text/html" and should not be trusted.

Click here to read more

Why Slack, Chatbots, and Freelance Workers Have Your IT Department Freaking Out



In a recent study 25% of the companies surveyed organizations said they incurred cyber-thefts of proprietary data. Recent workforce trends, the rise of workplace collaboration tools workers taking advantage of BYOD policies and the use of project-management platforms and apps has risen in order to keep everybody connected have contributed to the cyber-security problem. Among the business tools accessed with employee owned devices, videoconferencing app Zoom, Cisco�s Umbrella, and Slack topped the list. Thus, it's not unreasonable to conclude that those employees are mixing business and play on their own devices, and are using their employers� networks. CompTIA researchers warn that cyber security vulnerabilities are likely to grow with the use of BYOD and shared tools.

Click here to read more

IoT Devices Growing To 46 Billion; Security Breaches Seen



According to a new report by Juniper Research, security risks will increase as the number of connected devices expands. The report cites recent cyberattacks which leveraged compromised IoT devices, creating "botnets" that were used to attack servers. The report notes that current security vulnerabilities of IoT devices will be exploited to carry out more complex attacks in the future. Steffen Sorrell, author of the report said that "Attacks such as those on Dyn last October can be viewed as proof of concepts. "In the medium-term, botnets will be used far more creatively, not only to disrupt services, but also to create a distraction enabling multi-pronged attacks aimed at data theft or physical asset disruption."

Click here to read more

Knowledge Is Power



According to, companies deploy security information and event management solutions to manage threats and insure compliance. However, across businesses of all sizes the focus is on early threat detection. Endpoint management, a component of IT asset management, provides a single point of contact enabling the business to address issues across the enterprise. When a company has an enterprise-wide issue, management wants to initiate an investigation quickly, report on the problem immediately and then remediate as soon as possible. ITRAM and good endpoint management facilitate these operations.

Click here to read more

Cloud Computing: How Software as a Service (SaaS) Growth is Killing Traditional Software Licensing



The editors at 1redDrop noted that the enterprise software segment is already paving the way for SaaS growth to maintain the expected 30% CAGR. Firms such as IBM, Microsoft, Salesforce and Oracle will eventually control the top of the enterprise SaaS market on the strength of their cloud-based software offerings. The company forecasts that days are numbered for the traditional method of selling software as an installed product for a fixed licensing fee. Software as a Service (SaaS) is the new model, and in the near future may end up being the only software is publishe3d and distributed.

Click here to read more