Industry News
Ed Cartier's monthly roundup of industry news
Articles relating to asset management, technology, security and cloud computing

Industry News - Dec 2020


Keeping Your Tech Updated Could Save You A Lot Of Money In A Data Breach

A recent report by Kaspersky emphasizes the importance of keeping a firms IT assets updated. The study found that the economic damage resulting from a data breach is often significantly greater in organizations using obsolete or unpatched systems. The report noted that businesses that don t make timely updates lose nearly fifty percent more money from a data breach than firms that make regular updates. Nearly half of all organizations using some form of out-of-date technology, despite the risks of using obsolete and unpatched software. Companies rationalize the practice by citing compatibility issues, employee reluctance to use newer tools, and resistance to change by members of the c-suite. Firms can easily identify unpatched or obsolete systems, and reduce their overall risk, through use of their IT asset management solutions.

Click here to read more

The Pandemic and Cyber Security

Use on an IT asset management solution that can inventory remote systems can provide IT management with a view of how home office systems are configured and managed.

Click here to read more

How to Protect Windows 10 PCs from Ransomware

Windows 10 users don t need to be a victim of ransomware. Microsoft has built ransomware protection into Windows 10, and it s easy to use. IT managers still need to employ the basic precautions against malware, such as running anti-malware software and never downloading attachments or clicking links sent from unknown senders. Microsoft s anti-ransomware feature is built directly into Windows 10; and has been included in all versions of Windows 10 released since October 2017. (CIOs c an use their IT asset management tools to identify systems with older versions of the OS). The feature is called Controlled Folder Access. It protects systems by letting only safe and fully vetted applications access your files. Unknown applications or known malware threats aren t allowed through. However, the feature is not turned on by default and must be activates. Users can customize exactly how it works by adding applications to its whitelist of programs and adding new folders to the ones that it protects by default. This article details exactly how the feature acan be activated and customized.

Click here to read more

Securing Work-From-Home Devices

An IT asset management solution that can discover and inventory and remote assets can be an effective tool to assist in managing and securing WFH systems.

Click here to read more

5 Challenges Every Multi-cloud Strategy Must Address

Operating an IT environment employing multiple cloud providers and services poses distinct challenges. Using the fright ITAM tools, cloud-based assets can be managed in a manner similar to premises-based assets. The right ITAM tool can discover cloud assets in the same way that it discovers networked assets. In doing so management can identify duplicate contracts, services providing excess server or storage capacity and contracts initiated by individuals (a.k.a ghost IT ) that are being charged to the IT budget. This information can be used to eliminate or reduce costs, while not impairing operations. Similarly, the system can discover more information about the cloud assets from service APIs such as GCP, AWS, Azure, thus providing It management with a clear picture of what services are being provided, utilization and capacity. In addition, the right ITAM system can integrate with other tools and webservices that contain detailed information about the company s cloud assets.

Click here to read more

Industry News - Nov 2020


Is Encryption the Answer to Data Security Post Lockdown?

Working from home (WFH) brings a number of challenges to data protection. Increased risks include a growth in external attacks and employees relaxing security practices when working from home. It stands to reason that corporate information will always be more vulnerable than when it is safely secured on a corporate network. To compound matters many employees will use personal devices when working from home. In addition, businesses have come to rely on unsecured video conferencing tools, or document sharing services. In any case it is critical that businesses take action to secure company information before WFH scenarios put data at additional risk. One survey found that of companies with an WFH information security strategy, not quite half per cent said they permitted only corporate IT provisioned/approved devices and have strict security measures in place to enforce this with endpoint control. In additionally, less than ten percent disallowed the use removable media, but fad no technology in place to prevent this. If businesses want to secure data accessed remotely it is critical that encryption and endpoint control is applied to all devices. An IT asset management solution that can identify and inventory remote devices is a. Critical tool in accomplishing this goal.

Click here to read more

How To Ensure Your NIST Cybersecurity Framework Implementation Isn t Too Little, Too Late

The NIST framework identifies five main functions cybersecurity activities i: identify, protect, detect, respond and recover. The first two, identify and protect, include proactive cybersecurity measures. Through the identify function companies can develop an "organizational understanding to managing cybersecurity risk to systems, people, assets, data, and capabilities." Activities in this function include creating an accurate IT asset inventory, identifying the criticality of specific assets, and assessing, quantifying and prioritizing risk. A robust IT asset management solution can be an invaluable asset in properly implementing the identify phase of the NIST Cybersecurity Framework.

Click here to read more

Software Lacking Built-In Privacy Violates EU Law, Board Says

According to guidance from the EU Data Protection Board, firms must use software with built-in, default privacy settings in order to comply with the GDPR law. Data anonymization and minimization must be standard components of personal data processing, software. The Board said in recently released guidance that this requirement also applies to systems that pre-date the 2018 General Data Protection Regulation. London-based Bird & Bird Attorney Matthew Buckwell noted that The guidelines make it clear that legacy systems are clearly in scope in the same way as new systems, and if the legacy system does not meet GDPR obligations then it cannot be used to process personal data. He also noted that legacy systems are a key risk companies face in potentially violating the terms of the GDPR and the changes may add considerable cost for companies that rely on older, integrated systems that are not easily updated or removed. Firms can use their IT asset management solutions to identify legacy systems that may result in non-compliance and use the information to take remedial actions.

Click here to read more

The Cybersecurity Implications of an Evolving Work Environment

Some short-term risk factors impacted organizations immediately. Organizations that deployed misconfigured or unpatched emergency remote access solutions enabled attackers to compromise the firm s IT environments. In other cases management bought laptops off-the -shelf and sent them out to employees with the standard enterprise laptop image. However, these platforms were designed to operate within the safety of an enterprise not in unsecured personal home networks. Many of these devices became targets of cybercriminals which infected the enterprise environment with malicious payloads. In the aftermath, firms cam use their IT asset management tools to inventory and manage remote devices and identify vulnerabilities or non-standard configuration.

Click here to read more

10 Tips for Modernizing Legacy IT Systems

According to a report entitled The State of Modern Applications in the Enterprise released by cloud solutions provider Ahead, most CIOs realize that modernization is critical to deliver software faster, to have improved control over operations, integrate advanced more security, and to quickly meeting the needs of the business. However, according to IDG and tech company Insight, only about a quarter of organizations are at the beginning stages of IT modernization, and less than a fifth have made only moderate progress. In order to create a successful modernization strategy CIOs need an accurate inventory of all the technologies running in the business. Unfortunately, consultants and analysts note that many CIOs don t have a full inventory of all their IT systems and the functions that those systems perform. Thomas Klinect, a senior director and analyst with Gartner, noted that Without that, you re just going to spend a lot of money and have very little to show for it at the end of the day CIOs must understand the whole cradle-to-grave flow of data. An effective IT asset management solution is a critical component of any modernization effort, and is the best first step to geta plan underway.

Click here to read more

How to Take Better Control of Applications Running On Your Network

reviewing their network for user accounts and software no longer in use, reviewing the applications installed on mobile devices and reviewing what devices that should remain supported in the network. A software asset management solution can play a key role in conducting these reviews and will contribute to better network and infrastructure controls.

Click here to read more

Industry News - Oct 2020


Telework Essentials Toolkit Executive Leaders Drive Cybersecurity Strategy, Investment, Culture

In response to COVID-19, organizations have started planning for more permanent and strategic remote work practices. The Cybersecurity and Infrastructure Security Agency (CISA) has published several recommendations to support organizations to strengthen their cybersecurity practices as they transition to long-term telework solutions. CISA notes that it is important for firms to determine the cybersecurity risks associated with moving organizational assets beyond the workplace where processes such as printing, and the use of personal devices or equipment are not accessible by the organization s monitoring and response capabilities. The agency recommends that firms develop, implement, and inforce enterprise-wide policies that include requirements for staffers to securely configure and update corporate devices, personal devices, mobile devices, and home networks. An IT asset management system capable of monitoring remote devices will aid in the implementation of such policies.

Click here to read more

With Tech Budgets Clipped, CIOs Should Prepare To Cut And Cut Again

A recent Forrester report indicates that CIOs should prepare for a protracted U.S. downturn, along with significant IT spending cuts in 2020 and going into 2021. Andrew Bartels, Forrester VP, principal analyst and author of Forrester's U.S. Tech Market Outlook for 2020 and 2021 noted that "What's starting to happen now is shifting from a pandemic recession to a traditional recession. More sectors of the economy are now going to start to feel pain." Of the three tech=spending scenarios developed by Forrester, it feels the most likely (70% probability) to be one where a 6.3% decline in 2020 U.S. tech budgets from 2019 levels occurs. The report indicates that CIOs should be looking at what cuts they may need to make in areas like hardware and new project spending. They should also prepare for what cuts they would make to software, outsourcing, telecommunications or even changes in staff. A comprehensive IT asset management solution can be helpful in identifying under-utilized, surplus and obsolete equipment and software that can be eliminated with minimal impact on the organization.

Click here to read more

How To Negotiate Software Costs As IT Budgets Are Slashed

Vendors are sometimes more willing to move on those sorts of things, and the services can often provide more value than would the discount on the software. said McKay.

Click here to read more

Remote Working Reality Leaves UK Businesses More Vulnerable Than Ever To Cyberattacks

With so many employees working from home, businesses are at ra much higher risk of a cyberattack than they were with people working in a business office environment. A new report from cybersecurity firm Keeper Security, claims the over 40 percent of firms have suffered a data breach in the last 12 months. Most breaches are a result of compromised or stolen employee devices. With employees working from home using their own devices, IT security departments are facing additional challenges, including unsecured home networks, infected personal devices, shadow IT and more. Use of a It asset management tool that can scan remote devices will help immensely in managing employee owned devices that a e conne3cted to the corporate network or databases.

Click here to read more

Following Scrutiny, Zoom Enables End-To-End Encryption to All Users

E2EE design disables some Zoom functions users can "toggle" the feature on and off depending on their meeting needs. E2EE is an optional feature, Zoom users have the default encryption standard enabled. System administrators can implement E2EE on account or group levels.

Click here to read more

10 Cost-Cutting Tips to Help Businesses Bounce Back In 2021

Chris Ganly, senior director analyst at Gartner, recently noted that strategic budget management is necessary to transform from cost-cutting measures to value creation According to Gartner one key method in managing reduced IT budgets is to simultaneously address the variable and fixed budgets. By doing so companies can capture an overall view of where cuts can be made. Variable costs can be eliminated and reduced as they change. Fixed costs should be reduced through elimination. The article recommends that firms concentrate on identifying the larger cost elements and the easier cost elements when reducing IT budgets. Understanding the consequences of costs and how to manage possible downfall are keys to overall success. Planning and measuring success will help determine the best approach to budget cuts. An effective IT asset management solution can provide invaluable information when identifying obsolete hardware and software, over-licensed software and unnecessary maintenance costs.

Click here to read more

78% Of Microsoft 365 Admins Don t Activate MFA

According to recent survey by CoreView, on average half of Microsoft 365 users are not managed by the platform s default security policies. The survey indicated that over 75% of Microsoft 365 administrators do not have multi-factor authentication (MFA) activated, despite the findings that 99% of data breaches can be prevented using MFA. The data shows that, on average, US enterprises ely) utilize oer 1,000 different productivity and operations applications. While productivity and operations apps helps improve productivity, unsanctioned shadow IT apps have varying levels of security represent a significant security risk. Using an IT asset management system, IT managers can identify unauthorized software and cloud apps and remove them prior toa. Security incident.

Click here to read more

Windows 10 Security: Are You on The Right Version?

Firms running older versions of Windows 10 version should consider deploying feature releases faster. Enterprises that chose the Long-Term Servicing Branch (LTSB) version won t obtain security enhancements included in new feature releases bring. Consequently, LTSB is probably not the greatest choice for a end users workstations. Workstations, running LTSB have upgrade path from LTSB to the normal releases of Windows 10 and must be rebuilt to gain asses to those upgrades rebuild the machines. The fall release od Windows 10 is designed to be no more disruptive than the monthly cumulative updates. It can be quickly deployed inn firms that have implemented the prior spring release. Otherwise the installation of 20H2 will mimic a normal feature release in its deployment timing. Firms with older versions of Windows 10 should review the decisions made that kept you on older platforms that lack the needed security. IT managers can use their IT asset management solutions to easily identify workstations needing an upgrade

Click here to read more

Industry News - Sep 2020


Productivity Tops Next Year Software Budget Priorities, Survey Says

Businesses can find themselves facing the true cost of software ownership when a majority of their workers are remote. Prior to the pandemic crisis which created the work-from-home (WFH) model, companies may have had part-time workers sharing software licenses. However, when firms are needi to enable a large remote workforce and send a computer home with each end user, they will need to install the true number of licenses for those instances. In addition, normally the end-of-support cycle for a software platform incents companies to upgrade before vulnerabilities or outages impact key business processes. To that end, Microsoft plans to end technical support and security updates for Microsoft Office 2010 by October 13. A comprehensive IT asset management solution is invaluable in managing a remote workforce to maintain software license compliance and manage software upgrades.

Click here to read more

Varying BYOD Policies May Leave Some Firms More Exposed Than Ever

Bring your own device (BYOD) policies aren t new, but they aren t consistently found in the small and midsize law firms where the majority of U.S. lawyers work. However, due to the work-from-home (WFH) environment created by the COVID-19 pandemic, many smaller firms are implementing more robust BYOD policies. Lack of a BYOD policy could expose client data to increased cybersecurity threats. BYOD vulnerabilities were exacerbated when firms sent lawyers home in March, without corporate software, hardware or mobile phones. The WFH initiative came on so fast that many companies were struggling to get devices and software to employees. After six months of WFH more companies are enforcing BYOD practices with telework agreements and clear rules on what BYOD is appropriate, and what protections are required.

Click here to read more

Micro Focus Tops Poll of Least Helpful Software Publishers

A recent survey of ITAM Review readers indicated that software publisher audits are up during the global pandemic. Of the companies conducting the audits Micro Focus was reported to be least helpful and Microsoft was the most helpful. The preliminary results are from the ITAM Review s community survey. Of the respondents about Around 20% saw significant increase in audit requests 27% reported a slight increase and 40% saw no marked difference in audit levels. The full results will be published in an upcoming ITAM Review.

Click here to read more

Healthcare s Password Problem and The Need for Management, Vaults

Reports indicate the most commonly used passwords are the easiest to hack. Passwords like such as 123456, qwerty, abc123, 11111, and password are easiest to hack. However, even when a password is deemed secure, defenses become irrelevant when users often reuse personal for personal accounts in the workplace. Password breaches drive the need for organizations to employ two-factor authentication (2FA). With 2FA in place, even if a hacker obtains user credentials, they are limited in what they can to access. To that point, Microsoft reported MFA blocks 99.9 percent of all automated cyberattacks. It has been noted that employing 2FA on all endpoints that provide system access from outside the network can protect the organization. The IT teams must also provide employee training on passwords. The education can provide real value to the employees for their personal accounts as well.

Click here to read more

Securing the Super Users Of The Remote Workforce For The Long Term

Corporate decision-makers at all levels are coming to realize that different work-from-home (WFH) users have very different needs. What may be totally adequate levels of security and performance for general users are inadaquate for power users, and for super users, could constitute a serious breach vulnerability. Super users need consistent, reliable, high-performance connectivity and the same level of security security ina WFH environment as they had in the office. The level of the information they process is the same whether they work from home or in the office, so neither should the level of security. Super users working from home require a secure environment within their own home network and wired and wireless connectivity that is completely firewalled from the home network and which connects securely to the office. These users also require higher connectivity, forward error and an LTE modem to load balance the exiting broadband. Lacking this type of network within a network, users home networks are subject to possible easy breach through a laundry list of different IoT devices. Having mission-critical corporate resources sitting unprotected on a generic home network is not advisable.

Click here to read more

Zoom Update Delivers A Huge Security Upgrade

Zoom video conferencing service is enabling Two-Factor Authentication (2FA). This change will require users to provide two separate pieces of identification information to log in to Zoom. Along with a password or pin number, users will need to have one of a number of extra credentials, which could consist of including a smart card or mobile device, or biometric information including a fingerprint or voice recognition. 2FA adds an extra layer of protection so businesses can erduce security breaches and identity theft. Zoom says by using 2FA s users will no longer have to continually juggle multiple logins and password information..

Click here to read more

Large Cloud Providers Much Less Likely Than Enterprises to Get Breached

A new study suggests by Security assessment vendor Coalfire indicates that large cloud services providers are about half as likely to experience a data breach as compared to large enterprise IT infrastructures. Data from 800 penetration tests that emulated cyberattacks on customer networks showed that major cloud services providers are more resistant to data breaches than large enterprise organizations. Just under 20% of the vulnerabilities that Coalfire encountered on infrastructures of large cloud providers fell into the high-risk category. That number compared to 35% similar vulnerabilities in large enterprise networks. Similarly, only 25% of vulnerabilities discovered on medium-sized cloud providers' platforms were high-risk, compared with nearly 40% on networks operated by to medium-sized businesses

Click here to read more

Exploit Code Prompts CISA Alert to Microsoft Netlogon Vulnerability

According to a Department of Homeland Security Cybersecurity and Infrastructure Security alert, a recent public exploit for an elevation of privilege vulnerability found in Microsoft s Netlogon will make unpatched systems a prime target for cybercriminals. The CVE-2020-1472 flaw enables a hacker to establish a vulnerable Netlogon secure connection to a domain controller through the Netlogon Remote Protocol (MS-NRPC). In a successful exploit the threat actor can run a specially crafted application on a network device. Microsoft provided a patch as part of a two-part rollout for the flaw in August, which modifies how the Netlogon handles the use of secure channels. The second part of the Windows update will be released in the first quarter of 2021. Unfortunately, hackers have released a public exploit for the flaw, increasing the risk of exploit if the organization has failed to apply the first patch and or recommended mitigation steps. IT managers are urged to use their IT asset management tools to identify unpatched systems

Click here to read more

CISA Orders Agencies To Patch Dire Window Flaw

the Cybersecurity and Infrastructure Security Agency ordered that a critical vulnerability in Microsoft Windows had to have been patched by midnight on Sept. 21. Unpatched systems needed to be unplugged. CISA warned in an Sept. 18 emergency directive that The flaw affects core authentication capabilities, Without the patch unauthorized attackers could access and take over domain controllers' identity services. In an August notice Microsoft said that the problem could enable an attacker, once they get inside, to elevate their domain privileges within the network without authentications. The unauthorized access could be used to compromise other federal networks. Microsoft issued a software upgrade for the server vulnerability on Aug. 11 and plans to issue an additional update in the first quarter of 2021. IT managers can use their existing IT asset management solutions to identify any unpatched servers.

Click here to read more

Industry News - Aug 2020


Researchers Warn Of An Achilles' Heel Security Flaw For Android Phones

Digital signal processors (DSP) have been described as a "complete computer in a single chip." However, researchers at Check Point warn that DSPs are vulnerable to hackers. One researcher examined the Qualcomm Snapdragon chip, which is used in nearly half of all Android devices He found over 400 vulnerabilities. A skillful hacker could create a malicious app that exploits these vulnerabilities and bypass the built-in security measures and steal a wide variety of data. The identified vulnerabilities also could allow a malicious app to record calls, turn on a device's microphone, brick devices and to hide other malware on phones, all without people knowing about it. CIOs may want to use the IT asset management solution to inventory the phones in use by remote employees and warn affected users against using their mobile devices for business purposes.

Click here to read more

FBI Issues Warning Over Windows 7 End-Of-Life

The Federal Bureau of Investigation issued a private industry notification (PIN) to the US private sector regarding the dangers of the use Windows 7. Microsoft terminated support for the OS earlier this year. The FBI noted that it has observed cyber criminals targeting computer network infrastructure after an operating system achieves end of life status. It added that Continuing to use Windows 7 within an enterprise may provide cyber criminals access in to computer systems. As time passes, Windows 7 becomes more vulnerable to exploitation due to lack of security updates and new vulnerabilities discovered. The agency warned that " cyber criminals will continue to consider Windows 7 as a soft target. CIOs are urged to use their IT asset management software to identify devices running Windows 7 and upgrade the as soon as possible.

Click here to read more

Prevent-ilation: Airing out the Myths of Preventing Cyber Attacks

The 2019 CrowdStrike Global Threat Report noted that over half of cyber-attacks arise from malware-free intrusions whereby a hacker doesn't use a malicious file or file fragment to break into a system. The study suggested that traditional cyber-security practices are not sufficient to deter all attacks. It recommends that firms identify and replace vulnerable legacy systems, insure the use of VPN and limited data access by remote workers and a move to cloud computing and storage. CIOs can used their IT asset management tools to identify vulnerable older systems, insure remote worker configurations meet corporate standards and to determine those applications and data files that can be moved to the cloud.

Click here to read more

7 Traits of Tech In The New Work Reality

Take away an employee's remote work gear laptop, phone, headset and their ability to perform is likely down to zero. Companies have centered their work processes around technology in years past, but that trend accelerated as the pandemic hit. We're using our devices as a medium for everything," she said. "We need the physical assets to connect with our people and need a channel to connect with users." CIOs can use their IT asset management tools to determine what assets they have and match them to the operational requirements of the new normal. That data can be used to drive what technology will needed to optimize operations in the future.

Click here to read more

7 Steps to Securely Shutting Down Business Units

In the current business environment, many companies are restructuring and closing at least some parts of their business. As part of the process management needs to know what assets it has where the sevices are located, and what data is stored on those systems. If that information isn t available there is a risk of leaving intellectual property, confidential information, personal data or user accounts exposed without controls or monitoring in place. If the dependencies with other parts of the business aren t understood, operations for the remaining business could be interrupted. David Sun, digital forensics and cybersecurity partner at Advisory Services Group BlumShapiro noted that In an ideal world, the CISO already has a map and inventory, something laid out of what its assets are in a detailed manner. If you're shutting down a system or division, inventory and map and recognize where all your risks are. Corral all that intellectual property into one location where access is restricted so that's not scattered all throughout [the business]. A fully functional IT asset management solution provides management with this critical information.

Click here to read more

Wormable DNS Flaw Endangers All Windows Servers

Microsoft recently released a patch for a Remote code execution vulnerability that affects its implementation of the Domain Name System (DNS) server on Windows The company and urged organizations to deploy the fix as soon as possible. Remote code execution vulnerabilities can affect the core networking components of operating systems and are among the most dangerous flaws that can lead to the mass exploitation of computer systems. The vulnerability, labeled CVE-2020-1350, was discovered by researchers from Check Point Software Technologies. The flaw received the maximum CVSS severity score of 10, making it critical. In addition, according to Microsoft, it's wormable. Microsoft explained that "Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction. Windows DNS Server is a core networking component. While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible." CIOs can use their It asset management toolset to identify vulnerable and unpatched devices.

Click here to read more

The Coming Cyber Pandemic: Part II

Cyberattacks are like wildfires, and have the same the potential for devastating loss of life and property. Consequently, protection against them is considered a matter of national security. U.S. Government i technical guidance has been created to aid agencies and organizations for, detecting and recovering from a cyberattack. The guidance a few basic steps, including holding cybersecurity training programs, using strong spam filters, scanning emails, blocking known malicious IP addresses, implementing regular patch management, and installing anti-malware programs. Business continuity preparation also figures largely in the guidance, including regularly backing up and securing data and conduction periodic penetration testing and vulnerability assessments. Implementing an It asset management solution can help to identify vulnerable systems, check for patches and identify systems without anti-malware software.

Click here to read more

Work from Home Microsoft Licensing Compliance

In the new work-from-home (WFH) environment, organizations may need to review their Microsoft licensing to address changes in how their end users are accessing the organization s network. Along with licensing penalties for non-compliance, firms can also be vulnerable to security threats originating from an end user s device that may not have the proper software security updates needed to ensure the protection of the organization s environment. Firms that are unsure of what their Microsoft licensing allows, but don t want to alert Microsoft that they may be out of compliance, should Miro Consulting. Miro can conduct a comprehensive review of the assets, entitlements, contracts and purchasing documents to help the firm remain in compliance with Microsoft. CIOs are urged not contact their Microsoft reseller for help with licensing, as they re contractually obligated to report any licensing inconsistencies to Microsoft.

Click here to read more

Access Denied? COVID-19 Complicates Revoking Ex-Employees' Data Privileges

As COVID-19 forces many firms to embrace work-from-home (WFH), it s also creating a wave of layoffs. Those factors are creating a potential security risk for many organizations. As remote employees are terminated personal electronics used for work in a decentralized workforce could make it difficult for companies to revoke data access and retrieve their IT equipment. In the WFH environment, revoking a remote employee s access to corporate data requires assessing and obtaining all the corporate data in the employee s possession. If an employee-owned device is being used for work, it could place an even bigger burden on employers. It is important that companies review their policies, procedures and controls regarding remote or personal devices being used for corporate business. Using an IT asset management solution that can inventory remote devices can provide critical information in the device and data retrieval process.

Click here to read more

IBM Finds Vulnerability In Iot Chips Present In Billions Of Devices

A security flaw in a series of IoT connectivity chips manufactured by Thales could leave billions of IoT connected devices open to cyber-criminals. The flaw in the EHS8 module family was discovered by IBM's X-Force Red hacking team. EHS8 modules are designed for use in. industrial IoT machines used in factories, the energy sector, and medical roles. The modules are designed to create secure communication channels using 3G and 4G networks. An attacker targeting an EHS8 module can exploit it remotely and gain total control over the affected machine Thales has been working with IBM and has released a security patch for affected devices, which includes Thales' BGS5, EHS5/6/8, PDS5/6/8, ELS61, ELS81, and PLS62 modules as well. The threat posed by this flaw is a serious one and underscores the need for effective patch management. An IT asset management solution can be a key tool in identifying patched and unpatched devices.

Click here to read more

Industry News - Jul 2020


Microsoft Releases Emergency Security Updates for Windows 10, Server

Microsoft recently released two emergency security updates to address remote code execution bugs in Microsoft Windows Codecs Library. The updates, addressed a critical-severity flaw (CVE-2020-1425) and important-severity vulnerability (CVE-2020-1457). They were sent out via Windows Update and affect several versions of Windows 10 and Windows Server 2019. According to the updates, the vulnerabilities allow remote code execution in the way that Microsoft Windows Codecs Library handles objects in memory. Microsoft included a complete list of the Windows 10 and Windows Server distributions affected in its advisories, but it did say that there are no mitigations or workarounds for the vulnerabities. IT managers are urged to use their IT asset management tools to identify un patched devices.

Click here to read more

The New Business Technology Priorities Of 2020

Conserving costs can be simple as turning off an unused service. IT managers can utilize the information generated by their IT asset management solutions to identify cloud services and accounts that result in budget waste.

Click here to read more

Working Remotely? Here Are 4 Often-Overlooked Steps That Secure Your Data

Private sector businesses should mimic the federal government s process for telework, especially as it pertains to assets and devices. Teleworking federal employees are generally issued a federal laptop or tablet. The laptop is given an agency-specific image that includes antivirus (AV) software and an approved access portal. If a firm cannot issue a standard device to each employee, management should require each employee to have an approved antivirus subscription. The IT department specify an AV program that best interfaces with the company s network configurations. Having multiple AV subscription on any device can cause problems for the device. The benefit of distributing company-owned devices is that the company can control the who, what and how of its employees touching the network. Additionally, the data on the device can be collected, even remotely and archived on a secure server. The IT group can leverage the company s IT asset management toolset to interrogate employee-owned devices to insure that the AV software and access portal software comply with company standards.

Click here to read more

Microsoft Warns of Critical Windows DNS Server Vulnerability That s Wormable

Microsoft is advising all systems administrators to patch a critical Windows DNS Server vulnerability that it has classified as wormable. The flaw could enable attackers to create special malware that remotely executes code on Windows servers that could result in a company s infrastructure being breached. Microsoft said that this vulnerability is not currently known to be used in active attacks, however it is essential that customers apply Windows updates to patch this vulnerability as soon as possible. A patch to fix the exploit is currently available across all supported versions of Windows Server. today, but the race is on for system administrators to patch servers as quickly as possible before malicious actors create malware based on the flaw. Systems administrators can utilize the information generated by their IT asset management solution to identify vulnerable servers.

Click here to read more

Industry News - Jun 2020


How to Start, Optimize, and Elevate your ITAM program

2020 has presented businesses with a set of diverse challenges. IT departments have worked to provide safe remote working environments and have enabled organizations to implement new products and customer experiences. Now, as the economy starts to open up again, they need to manage a new hybrid working environment. During the crisis the focus has been on rapid deployment instead of cost and risk management. Now IT groups need to focus those elements of IT governance. ITAM is well-positioned to drive success against those objectives. This article provides a structure for starting, optimizing, and elevating a firm s ITAM program.

Click here to read more

Antivirus, Firewalls Top Security Solutions For Remote Work

This year nearly 5% of organizations had three-quarters or more of their workforce working remotely on a regular basis. However, according to a recent survey of more than 400 IT security decision-makers, the coronavirus pandemic pushed 75% of companies to allow most of their employees to work remotely. The survey also showed that over half of respondents intend to continue increasing their work-from-home (WFH) security budgets. Antivirus and firewalls solutions were the top WFH security solutions. SSL-VPN, multifactor authentication and backups rounded out the top five. To insure the security of remote devices, IT managers will also need a means of discovering and inventorying remote devices to determine compliance with mandated configurations.

Click here to read more

Microsoft Fixes 129 Bugs in Largest Patch Tuesday Release

Microsoft issued updates for June 2020, fixing 129 vulnerabilities across its products and services. This is the company's largest monthly security release and the fourth consecutive month of more than 100 common vulnerabilities and exposures (CVEs) patched. Eleven of the bugs addressed are categorized as Critical, and 118 are classified Important. The vulnerabilities exist in Microsoft Windows, Internet Explorer, Edge browser, ChakraCore, Office, Office Services and Web Apps, Windows Defender, Microsoft Dynamics, Visual Studio, Azure DevOps, and Microsoft Apps for Android. None are publicly known or currently under active attack. IT managers are urged to use thier IT asset management solution to identify any unpatched systems.

Click here to read more

Abandoned Apps May Pose Security Risk to Mobile Devices

Mobile security firm Wandera recently warned that many mobile users are using applications on their mobile devicves that are no longer in active development nor offered on major app stores. The company found a "significant number" of obsolete applications on employee's devices during its regular scanning for security threats. Michael Covington, vice president at the firm noted that these applications pose security risks because any vulnerability found in the code will never be patched. He said that "These abandoned applications are on worker devices: they are outdated, and they are not maintained. When the developer stops updating, then vulnerabilities go unpatched, and that is a security issue." IT managers should determine if their IT asset management tools can inventory mobile devices and use those tools to identify obsolete apps.

Click here to read more

UPnP Flaw Exposes Millions of Network Devices to Attacks Over the Internet

UPnP has opened users to a variety of attacks. An Internet-wide scan found that UPnP was making more than 81 million devices visible outside the local networks. The finding was unexpected because the protocol isn't supposed to communicate with outside devices. The vulnerability, along with a list of affected devices (see link below for the list) was reported the Open Connectivity Foundation, which maintains the UPnP protocol. The foundation has updated the underlying specification to fix the flaw. Users can check with developers and manufacturers to determine if or when a patch will be available. A significant percentage of IoT devices never receive updates from manufacturers, which will extend the life of the vulnerability om unpatched devices.

Click here to read more

Overcoming IoT Complexity with Flexible Device Management

Comprehensive management of a firm s IoT device estate, whether it is managed directly at the edge or in the cloud, is critical. Open standards, interoperability and a system-wide approach to security are core requirements to efficiently and securely manage the dynamic landscape of an organization s IoT devices. This new playbook explores how meeting these design objectives can enable the choice and flexibility of devices, data, and clouds while ensuring a secure network of devices.

Click here to read more

How to Build an Effective Cloud Management Practice

This whitepaper outlines how to build an effective Cloud Software Asset Management practice to ensure that a firm s cloud foundation is safe, secure, and cost-effective. The paper explains how companies can minimize 'Cloud Shock', (unexpected, unbudgeted cost increases related to delivering IT services via public cloud), track cloud-related cost and risks, migrate existing on-premises processing and applications to the cloud and manage cloud optimization processes. Click on the link below download the document.

Click here to read more

New Malware Campaign Targets Unpatched Windows Vulnerabilities

Palo Alto Network Unit 42 research team recently identified a new malware campaign known as Lucifer, which targets a long list of unpatched, high and critical Windows vulnerabilities. Hackers are leveraging long list of exploits that include CVE-2017-0144 and CVE-2017-0145 found in the SMBv1 server of some Microsoft Windows platforms, CVE-2017-8464 found in some Windows Server versions, and Apache Struts flaw CVE-2017-9791, among others. Patches for these vulnerabilities are currently available once again senfing a message to all organizations why it s critically important to keep systems up-to-date whenever possible, eliminate weak credentials, and have an active layer of cyber-defenses. IT managers are also reminded that their ITAM solution can be used to identify vulnerable systems.

Click here to read more

Put Yourself in a Winning Position

Due to the transition to work from home due to the Covid-19 pandemic, organizations may have needed to buy extra IT assets to accommodate employees without adequate computing devices at home. These included hardware assets, software assets, and mobile assets, all of which were necessary during the work-from-home period. Now that states are beginning to open up those IT assets may become surplus assets. Resolving this situation is something. in which IT Asset Managers will play a key role When these assets come back to the organization with the employees, the ITAM professionals will be key in finding a way to make those unused assets beneficial to the organization.

Click here to read more

The Great Cloud Migration

Click on ther4 link below to download the white paper.

Click here to read more

Industry News - May 2020


Lockbit, The New Ransomware For Hire: A Sad And Cautionary Tale

Ransomware is one of the top threats facing large organizations. An infection by a fairly new strain called LockBit recently ransacked one company s poorly secured network in a matter of hours, leaving management with no viable choice but to pay the ransom. Attackers started out by researching potential targets with valuable data and the means to make big payouts. The attackers used a list of words attempting to gain access to one of the accounts. Eventually, they found an administrative account that had access to the entire network. The weak account password, combined with the lack of multifactor authentication protection, gave the attackers all the system rights they needed. Unlike other ransomware software that rely on live human hackers whospend large amounts of time surveying and surveilling a target s network and then unleash the code that will encrypt it. LockBit it is completely self-spreading. The attacker needs to be inside the network for a few hours.

Click here to read more

Office 365 May Be Popular Target for Bad Actors, But Difficult to Hit

The report utilized information obtained from 950 cyber incidents that Baker & Hostetler consulted on in 2019. In over 30% of the cases examined, cyber-criminals initiated an Office 365 account takeover after the initial breach. Deployment of ransomware was the next most common step followed by the installation of malware.

Click here to read more

Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking

Security researchers known that Intel's Thunderbolt interface as a potential security issue. It offers faster speeds of data transfer to external devices and direct access to a computer's memory ports, which can lead to security vulnerabilities. A collection of flaws in Thunderbolt known as Thunderclap indicates that plugging a malicious device into a computer's Thunderbolt port can quickly bypass all of its security measures. Security researchers have recommended that users take advantage of a Thunderbolt feature known as "security levels." This feature disallowd access to untrusted devices or even turns off Thunderbolt altogether. That would turn the vulnerable port into a mere USB and display port. IT managers can scan their network for affected devices using their IT asset management solutions.

Click here to read more

IT Asset Management (ITAM): A Centralized Approach To Managing IT systems And Assets

IT asset management (ITAM) coverds practices and strategies for managing and optimizing company-owned IT systems, including hardware, software processes and data. As part of an ITAM strategy, IT departments implement, track and maintain IT assets. They also assess if those IT assets can be optimized, replaced or be upgraded. These insights into an organization s IT assets enables IT executives visualize the ROI on IT assets. The information also provided information other key stakeholders regarding how those assets directly benefit the company s business goals. A successful ITAM strategy requires a complete IT inventory that gives organizations a quick view of every IT asset within the company. That includes data centers, software, hardware, networks, employee or user workstations and any other related technology. The main goals of ITAM are to optimize budgets, track assets, improve control over the company s IT environment, bring more structure to the IT lifecycle management process and reduce waste by managing the disposal of IT assets.

Click here to read more

You Need to Update Adobe Acrobat for MacOS Right Now

Protected Mode is turned off by default, so users will need to take a few steps after updating Acrobat to the latest version. To enable protected mode users will need to Open Acrobat, go to the Edit menu, select Preferences, and from the Categories section, select Security and click the checkbox that says Enable Protected Mode at Startup (Preview).

Click here to read more

Three Years After WannaCry, Ransomware Accelerating While Patching Still Problematic

An important lesson from the WannaCry incident that impacted companies worldwide three years ago is that vompanies that use outdated systems and do not rigorously patch those systems are at risk from data breaches and attacks by ransomware. Too many y companies continue to use out-of-date software that is vulnerable to destructive attacks. According to Jacob Noffke, senior principal cyber engineer at Raytheon Intelligence & Space, in a statement sent to Dark Reading, companies with weaker defenses will be a prime target for cybercriminals looking to capitalize on WannaCry-inspired attacks. IT managers can easily identify unpatched system by running detailed discovery reports onn their IT asset management software.

Click here to read more

Chrome 83 Released with Enhanced Privacy Controls, Tab Groups Feature

Google recently released version 83 of its Chrome web browser. It is one of the most feature-packed Chrome updates released since the browser's initial launch. The v83 release includes a slew of new including enhanced privacy controls, new settings for managing cookie files, a new Safety Check option, support for tab groups, new graphics for web form elements, a new API for detecting barcodes, and a new anti-XSS security feature..

Click here to read more

Industry News - Apr 2020


Holy Water Watering Hole Attack Targets Visitors of Certain Websites with Malware

Kaspersky recently reported on the behavior of several watering hole websites established through a malware campaign dubbed Holy Water. In a watering hole attack, cybercriminals identify websites that are visited by particular groups of people and then infect hose sites with malware. When a user visits an infected site, a piece of malicious JavaScript automatically loads to determine if the user is a potential target. Next a second JavaScript piece loads a plugin that launches a fake Adobe Flash update popup window. By accepting the update the victim unknowingly downloads a malicious installer that sets up a backdoor caledGodlike12. This malware provides the attacker dfull remote access to the infected computer where they can change files and steal confidential information.

Click here to read more

Over 350,000 Exchange Servers Exposed to Serious RCE Bug

Over 350,000 Exchange servers worldwide remain exposed to a critical vulnerability that was patched by Microsoft in February. The vulnerability is being exploited in the wild, according to Rapid7.The vulnerability, labeled CVE-2020-0688, enables remote code execution on unpatched systems if the Exchange Control Panel (ECP) interface is accessible to the attacker sand they have a working credential for it. aAtackers can gain access an Exchange server with a simple user credential or old service account. This issue further underscores why changing passwords periodically and patching systems in a timely manner are good best practices. IT managers can utilize their automated IT asset management resources to identify unpatched servers.

Click here to read more

New White Paper - Create Secure Work from Home Machines

With thousands of end-users using Work From Home (WFH) computers, companies need to determine that those WFH computers are not creating security risks when they access corporate or government networks. As WFH devices are not located within the organization s firewall and need to be better protected than the organization s on-premises machines. NIST and the CIS have established specific WFH security controls firms can follow with confidence to minimize the security risks for their WFH machines. The whitepaper "Create Secure Work from Home machines", describes how to accomplish this with standardized controls from NIST and the CIS. Click on the link below to download a free copy.

Click here to read more

Security for Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Solutions

This bulletin summarizes highlights from NIST Special Publication 800-46 Revision 2, Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security, which helps organizations protect their IT systems and information from the security risks that accompany the use of telework and remote access technologies. To download a complimentary copy of the bulleting click on the link bwlow.

Click here to read more

Hacking Against Corporations Surges As Workers Take Computers Home

Hacking activity against corporations more than doubled im March as cyber criminals took advantage of security weakened by pandemic work-from-home policies, researchers said. It is more difficult for corporate security teams to protect data when it is distributed on home computers with widely varying setups and on company machines connecting remotely. Even remote workers using virtual private networks (VPNs are adding to the problem. VMware cybersecurity strategist Tom Kellermann noted that There is a digitally historic event occurring in the background of this pandemic, and that is there is a cybercrime pandemic that is occurring. It s just easier, frankly, to hack a remote user than it is someone sitting inside their corporate environment.

Click here to read more

Google Launches BeyondCorp Remote Access for Virtual Workers

Google LLC updated its BeyondCorp security framework to enable companies to secure their most important applications and data at a time when many workers are working from home due to the COVID-19 pandemic. BeyondCorp is a zero-trust security framework that moves access controls from the perimeter to individual devices and users It allows employees to work securely from any location without the need for a traditional VPN. BeyondCorp assumes that users are requesting access from inside the network are just as untrustworthy as those seeking remote access. Consequently, access requests are granted based on details about the particular users, their jobs and the security status of their devices. That s the zero trust model, and Google claims it is far more effective than traditional network security controls.

Click here to read more

New iPhone Text-Bomb Bug: Just Receiving This Sindhi Character Notification Crashes iPhones

The latest version of Apple's mobile OS, iOS 13.4.1, will crash if device running the OS simply receives an app notification with a particular string of characters in the Sindhi language. This 'text bomb' bug can potentially cause widespread problems for iOS users. The crash can be triggered by a notification from any app, including Messages, WhatsApp, and social-media apps like Twitter. It can affect thousands of users simultaneously. 9to5Mac reports that the crash-inducing characters have been going viral on Twitter and that it seems to have originally been shared on a Telegram group. After the Sindi character in a text or other message the iPhone freezes, can't be turned off, and will eventually crash.

Click here to read more

Symlink Race Bugs Discovered In 28 Antivirus Products

In a recent report Security researchers from RACK911 Labs said k that they found "symlink race" vulnerabilities in antivirus products. The report notes that the bugs can be exploited by an attacker to delete files used by the antivirus or by the operating system. The result would be crashes that would render the computer unusable. The RACK911 team has been researching the presence of such bugs in antivirus products since 2018 and found 28 products across Linux, Mac, and Windows to be vulnerable, and notified vendors as time went by. The researchers said that "Most of the antivirus vendors have fixed their products with a few unfortunate exceptions." Some vendors acknowledged the issues in public advisories while others appear to have rolled out silent patches. The RACK911 team did not identify the unpatched products.

Click here to read more

New Licensing Changes in Latest Oracle Java Update


Click here to read more

Industry News - Mar 2020


Microsoft Discloses New Windows Vulnerability That's Being Actively Exploited

Microsoft disclosed that it discovered a new remote code execution vulnerability that is found in all supported versions of Windows. The company said the vulnerability is currently being exploited in limited targeted attacks. In a successful attack hackers could theoretically remotely run code or malware on the victim s device. The flaw involves the Adobe Type Manager Library, which helps Windows render fonts. The vulnerability has a severity level of critical, which is the company s highest rating. Updates to address security vulnerabilities are usually released as part of Update Tuesday. The next Update Tuesday is scheduled for April 14th. IT managers can verify then patch was installed by using their IT asset management toolset.

Click here to read more

Avast Disables JavaScript Engine In Its Antivirus Following Major Bug

"Despite being highly privileged and processing untrusted input by design, it is un-sandboxed and has poor mitigation. Any vulnerabilities in this process are critical, and easily accessible to remote attackers." Exploiting this type of bug is trivial and only requires a hacker to send a user a malicious JS or WSH file via email, or tricking a victim to access a boobytrapped file with malicious JavaScript code.

Click here to read more

MALWARE ALERT! Do Not Open Email from World Health Organization!

Researchers at IBM X-Force have discovered that the HawkEye malware is being distributed to the public using a World Health Organization e-mail address from Director-General Tedros Adhanom Ghebreyesus. Upon opening the email victims are asked to click and open up a link that is attached to the e-mail which launches a password-and-bitcoin harvesting malware on Windows. IT managers are urged to alert their users to this threat.

Click here to read more

Microsoft Issues Emergency Windows 10 Patch for Leaked Vulnerability

Microsoft released an unscheduled patch for a security bug that it disclosed during the release of its March 2020 patch. The vulnerability, which difficult to exploit, is "critical" because it could allow malicious code to automatically spread from one machine to another. With the fix Microsoft is working to avoid a chain reaction scenario such as the one that occurred with the WannaCry and NotPetya viruses. The vulnerability exists in Microsoft's Server Message block (SMB) protocol on recent 32- and 64-bit versions of Windows 10 both on the client and server sides. IT managers can use their It asset management software to determine if the fix has been installed.

Click here to read more

UPDATED: Get Your Free Cybersecurity Tech to Cope With Your Coronavirus Chaos

In light of the Covid-19 crisis, some companies are making some of their services available for free. If your users don t already have a password manager or two-factor authentication, you might be wise to advise them of some of these current offers. Cisco is allowing customers of its Duo Security tool go above their user limit as their employees increasingly work from home. New customers can get a free license. Duo Security s primary service is a two-factor authentication tool that can be added to web and mobile apps. Canadian company 1Password has removed the 30-day trial period on 1Password Business, making the first six months are free. (The normal cost is $7.99 per user.) Its password manager keeps all of a user s logins in one spot so they don t have to remember them. If your company doesn t already have a password manager, it s not a good place to start.

Click here to read more

AT&T Suspends Broadband Data Caps During Coronavirus Crisis

AT&T is the first major ISP that it will be suspending all broadband usage caps as millions of Americans work at home in order to slow the proliferation of COVID-19. Consumer groups and a coalition of legislators are now pressuring other ISPs to do the same. While many AT&T users have no usage caps, others see usage caps ranging from as little as 150 GB to 1 terabyte per month. Users that exceed those limits face penalties upwards of $10 per each additional 50 gigabytes consumed. As millions of US citizens are forced to work, videoconference, and learn at home, overage costs could increase the financial burden on consumers. US consumers already pay some of the highest prices for broadband in the developed world.

Click here to read more

Google And Microsoft Are Giving Away Enterprise Conferencing Tools Due To Coronavirus

To help companies cope with the coronavirus outbreak Google and Microsoft have said, to make it easier for people to work from home, they will provide free access to their more robust teleconferencing and collaboration tools that are typically only available to enterprise customers. Both companies are only offering free access for a limited time. Google announced that it would be offering free access to advanced features for Hangouts Meet to all G Suite and G Suite for Education customers through July 1st. This will organizations to host meetings with up to 250 participants, live stream to up to 100,000 viewers within a single domain, and record and save meetings to Google Drive. Google typically charges $13 extra per user per month for these features in addition to G Suite access under its enterprise tier, which bring s the cost to $25 per user per month. Microsoft is offering a free six-month trial globally for a premium tier of Microsoft Teams Business The tier was originally designed to enable hospitals, schools. When signing up for it, users be prompted to work with a Microsoft partner or a member of Microsoft s sales team to get it set up. Microsoft will also roll out an update to the free version of Teams that will lift restrictions on how many users can be part of a team and allow users to schedule video calls and conferences.

Click here to read more

Almost Half of Mobile Malware Are Hidden Apps

The malware waits up to eight hours before showing the fake notification in an effort to separate the warnings from installation. The malware, first identified in May 2019, has been spreading globally.

Click here to read more

To download the McAfee report go to: https://www.businesswire.com/news/home/52182589/en

Security researchers reported that an Android malware strain can steal one-time passcodes generated through Google Authenticator. Google Authenticator is a a mobile app that is used as a two-factor authentication (2FA) layer for many online accounts. Google launched Authenticator as an alternative to SMS-based one-time passcodes. Google Authenticator codes are generated on a user's smartphone and never travel through insecure mobile networks and are considered more secure than those protected by SMS-based codes. Security researchers from mobile security firm ThreatFabric identified an Authenticator OTP-stealing capability in recent samples of Cerberus, an Android banking trojan that launched in June 2019. The ThreatFabric team said "Abusing the Accessibility privileges, the Trojan can now also steal 2FA codes from Google Authenticator application. When the Authenticator]app is running, the Trojan can get the content of the interface and can send it to the command-and-control] server." IT managers are urged to use their IT asset management, anti-malware and MDM software to protect their user s devices.

Click here to read more

ITAM and Coronavirus: What s the Impact?

During the current Coronavirus (COVID-19) outbreak it s worthwhile considering the impact it may have on ITAM organizations. The sudden need for many companies workforces to start working from home puts pressure on IT in various ways, particularly in the licensing and compliance aspects of the practice. Three areas of note are: processes not being followed, becoming under-licensed and becoming over-licensed. Many of processes will have been forgone during the effort get people up and running in their newly created home offices. To keep things functioning at as normal a level as possible may mean bending/breaking/ignoring processes. The most likely result of processes being ignored is becoming under-licensing. Giving people access to software and sorting the licenses out later is the most common approach. However, later rarely comes and firms become out of compliance. On the other end of the spectrum the higher than average need for many software programs requires companies to buy more licenses. The obvious titles are remote working programs such as Zoom/WebEx/GoToMeeting/Teams etc. Previously just a portion of the organization who used these applications, but now potentially close to everyone will need them. Consequently, more licenses are required. Additionally, the increased number of users might put a firm into the next pricing bracket, making your existing users more expensive as well.

Click here to read more

Creating an ITAM Clean-Up Action Plan

Creating an ITAM clean-up action plan will mean that, after any major ort unexpected change a company will have a checklist of steps to methodically take stock of the situation. Firms need to be able to identify likely areas where and out-of-compliance situation may exist and then work to identify the new situation. Key areas include hardware re-inventory, software location and SaaS discovery. Although this list was compiled with the 2020 Coronavirus pandemic in mind but applies to a wide variety of scenarios. Firms need to current on what devices they have, where are they, and what s on them. With work-at-home increasing many additional laptops may have been deployed. IT management will need to know where they ve been deployed, who has them and, what data they hold, and what software is installed on them. Re-examine the servers and determine if new software been added. Then review your contracts to insure you are not non-compliant. If the software no longer needed, remove it and if it is needed, determine what may need to be purchased/negotiated. What apps are being used now? Do you have a tool or system that enables you to see this? It s highly probable that the firm utilized duplicate instances of certain types of SaaS software, especially video conferencing software. Most may be on free plans, but some might be paid and It managers should work to identify any double spending where corporate licenses already are in place.

Click here to read more

Industry News - Feb 2020


Stop What You re Doing and Delete These Android Apps Right Now

VPNPro has loisted 24 apps dealing with everything from weather to calendar and camera functionality, that are malware-laden and/or request a wide range of potentially nefarious permissions. Google has removed them from the Play Store, but not before they were million downloaded over 375 million times. VPNpro, noted that Our research has uncovered that they re asking for a huge amount of dangerous permissions, potentially putting users private data at risk. These dangerous permissions include the ability to make calls, take pictures and record video, record audio, and much more. apps in question come via a Chinese company that has a history of malware, rogue-ware and unethical practices. IT managers should access the report and use their MDM or IT asset tools to identify and remove them from company-owned devices.

Click here to read more

How Could ITAM Help Travelex Restore Service?

Foreign currency exchange provider Travelex has been down since ransomware attack on December 31st, 2019. Travelex has not paid the ransom demanded by the hackers and that they re rebuilding their IT estate from scratch. Travelex has taken quite a bit of time to repair it s IT infrastructure. Could their ITAM team be helping them to restore service more quickly, or prevent the attack? It has been widely reported that the ransomware was deployed to their network via unpatched Virtual Private Network (VPN) software. ITAM teams could be reporting the level of potentially vulnerable software deployed on the network. To restore service, the IT group first need a detailed understating of what the infrastructure was comprised. ITAM will have discovery and inventory data which can help, especially id it in a cloud-based solution partner vs cloud hosting model for your ITAM tool.

Click here to read more

One of the Most Destructive Botnets Can Now Spread To Nearby Wi-Fi Networks

Over the past five years, the Emotet malware has become a leading Internet threat that empties bank accounts and installs other types of malware on its victims systems. Recently, Emotet operators were caught using a new version that uses infected devices to enumerate all nearby Wi-Fi networks. Using a programming interface called wlanAPI, it profiles the SSID, signal strength, and use of WPA or other encryption methods for password-protecting access. Next, the malware uses one of two password lists to guess commonly used username and password combinations. After gaining access to the Wi-Fi network, the infected device enumerates all non-hidden devices that are connected to it, which the malware also infects using the same technique. To combat the Emotet malware, IT managers can use their It asset management solution to identify all Wi-Fi routers and then insure they use complex password and username combination ns.

Click here to read more

75% of SAM Projects Fail. Why?

According to a well know IT consultancy, three quarters of all Software Asset Management (SAM) projects go over budget and do not meet their business goals. This whitepaper examines the SAM process and demonstrates where and why so many SAM projects run into major problems that impact performance and over budgets. Click on the URL below to download the whitepaper.

Click here to read more

Ransomware - How to Stop It

Ransomware has affected all types of public and private organizations on a worldwide basis. These attacks will likely continue as long as attackers can easily perform successful ransomware attacks and get paid,. However these attacks can almost all be pre-vented by implementing cyber defense best practices, such as those recommended by the Center for Internet Security (CIS). Click on the URL below to download the whitepaper.

Click here to read more

The Secrets to ITAM Technology Success Community Survey

To participate in the survey go to: https://itamreview.typeform.com/to/jFEdmM

Click here to read more

Gartner Report: SaaS Management

Truly effective Software Asset Management (SAM) requires more than a thorough understanding of licensing rules, ITIL processes and an effective SAM tool. For a SAM program to deliver all of its goals and drive IT efficiency, the soft skills of Software Asset Management are also required. SAM managers need to engage with other stakeholders outside of the SAM team and assist the wider business to understand the importance of Software Asset Management.

Click here to read more

How to Help Finance Your ITAM Program With The Assets You Manage

A good ITAM program should catalog the configuration of every item it discovers in a database. By using a sustainable ITAD (IT Asset Disposition) partner, IT managers can derive the maximum value from their retired IT assets. This tracking allows them to determine what assets they have in total and to decide which ones can be sold. Naturally the revenue derived from the sales of retired technology will not cover the cost of the ITAM program. However, any value recovery will increase the ROI of the program by reducing the net spend.

Click here to read more

Cybersecurity Warning: Almost Half Of Connected Medical Devices Are Vulnerable To Hackers Exploiting BlueKeep

Connected medical devices are twice as likely to be vulnerable to the BlueKeep exploit than other devices on hospital networks. BlueKeep is a vulnerability in Microsoft's Remote Desktop Protocol (RDP) service which was discovered in 219. It impacts Windows 7, Windows Server 2008 R2 and Windows Server 2008. Microsoft issued a patch for BlueKeep after the vulnerability was discovered in May of 2019. Security authorities, including the US National Security Agency (NSA) and the UK's National Cyber Security Centre (NCSC), issued urgent warnings about patching vulnerable systems. Healthcare IT managers can use thier IT asset management tools to identify unpatched systems.

Click here to read more

Ransomware Victims Thought Their Backups Were Safe. They Were Wrong

The UK's National Cyber Security Centre (NCSC) said it has now updated its guidance by emphasizing that offline backups are required as an effective defense against ransomware. The agency observe4d that "We've seen a number of ransomware incidents lately where the victims had backed up their essential data (which is great), but all the backups were online at the time of the incident (not so great). It meant the backups were also encrypted and ransomed together with the rest of the victim's data." The NCSC has continuously recommended offline backup be part of a data security practice. However, it said that the key to mitigating a ransomware attack is to ensure that companies maintain up-to-date backups of important files. Organizations should ensure that a backup is kept separate from their network, wither offline or in a cloud service. IT managers can use their UT asset management tools to idedity where their back-up files are located and stored.

Click here to read more

Industry News - Jan 2020


Microsoft Patches Windows 10 Security Flaw Discovered By The NSA

The bug is a problem for systems that depend on digital certificates to validate the software that machines run. This could result in far-reaching security issues if left unpatched. The NSA is recommending that enterprises apply any available patches it immediately. Microsoft is now in the process patching the flaw. Following release of the patch IT managers can use their IT asset management tools to identify patched and un-patched systems.

Click here to read more

Antivirus Vendors Push Fixes for EFS Ransomware Attack Method

Researchers have discovered how an EFS attack initiated by ransomware leaves systems relying on signature-based antivirus solutions open to attack. Major cyber-security software vendors are actively developing and releasing fixes. as a result. Safebreach Labs revealed an how the Windows Encrypting File System (EFS) can be abused by ransomware. A lab-based exploration of EFS found that major antivirus solutions might not protect the system. Safebreach Labs found that after testing three major anti-ransomware solutions, all three failed to stop attacks. IT managers can utilize their IT asset management tools to determine if any available patches to their cyber-security software systems have been applied.

Click here to read more

Why Does Asset Management Matter for Cybersecurity?

IT asset management and Security are becoming more closely associated. The delineation between keeping information safe and providing and managing the IT tools necessary for daily operations is no longer clear. This white paper explores why asset management, which was once considered a pure IT play matters for cybersecurity. It also explores how both IT and security teams can benefit from cybersecurity asset management. Click on the link below to download the whitepaper. )Registration required)

Click here to read more

European Court of Justice Rules That Under-Licensing Is IP Theft

The Court of Justice of the European Union has ruled for of French software firm IT Development, which brought a case against its customer, Free Mobile, for copyright infringement. IT Development brought proceedings in June of 2015 against Free Mobile for infringement of the copyright of one of its software package as free mobile was under-licensed and creating new forms in the application, both of which violate3d the terms of the software license agreement (SLA). It argued that the licensee no longer had any licensed rights because the application was under-licensed and illegally modified, and consequently infringing firm IT Development s intellectual property (IP) rights. Robin Fry, legal director at Cerno Professional Services said the ruling means that software firms can effectively treat under-licensing as copyright infringement.

Click here to read more

Hidden MacOS Threat: This Is The Sneaky Malware Most Likely To Infect You

The Shlayer Trojan is the nearest thing to a viral plague affecting devices running the MacOs. According to Kaspersky, 10% of all the systems running their security on-device software detected the malware at least once. The Shlayer Trojan has accounted for almost one-third of all its Mac detections since first detected in 2018. Shlayer deceives users into downloading its payload by hiding on popular legitimate sites. The malware s operators pay partners to host links on these sites. Kaspersky reported more than 1,000 partner sites distributing Shlayer. IT managers should use their IT asset system to insure that the most current versions of cyber-security software is installed on each macos system accessing the network.

Click here to read more

Should ITAM Job Titles Be Standardized?

Examining the software asset management roles, there are apparently no recognized experience requirements or career progression ladders for the position. There are also a multitude of ITAM job titles that aggregate people with a few months worth of experience with people who have years of experience. Within the SAM industry there are a few recognized certifications, such as CSAM, PITAM, and ITIL However the related courses can only cover the base layer of SAM. There are also some vendors who offer some SAM training, but the reality is that only experience can answer the questions ITAM professionals face.

Click here to read more
Super-Safe web apps — we don't use cookies in our web applications.

_text_

_desc1_
_desc2_
_desc3_