https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Master Agents
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
    • Diversity & Inclusion
  • MSSP Insider
  • MSP 501
    • Back
    • Apply Now
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • Videos
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
    • Channel Educational Series
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
    • Channel Convergence
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Content Resources
  • Awards
    • Back
    • 2021 MSP 501
    • Circle of Excellence
    • Excellence in Digital Services
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Master Agents
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
    • Diversity & Inclusion
  • MSSP Insider
  • MSP 501
    • Back
    • Apply Now
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • Videos
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
    • Channel Educational Series
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
    • Channel Convergence
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Content Resources
  • Awards
    • Back
    • 2021 MSP 501
    • Circle of Excellence
    • Excellence in Digital Services
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

Telephony/UC/Collaboration


Internet security

Channeling Security: NSFocus’ Gates Calls For More Multifactor Action

  • Written by Lorna Garey
  • September 9, 2016
Plus: RSA CEO talks post-Dell reality, and Mojo’s Google for Education moves.

Lorna GareyStephen Gates, chief research intelligence analyst for NSFocus, says that while drive-by ransomware attacks are a real and growing problem, extortion happens in other ways, and partners need to keep their eyes on the full panoply of extortion methods — including attackers threatening companies with DDoS attacks unless they pay up and demanding payment for not dumping data online.

“Attackers are still stealing data,” he says. While the value of a username and password combination is low on the black market, it could give an attacker access to other systems due to password reuse.

One answer: More use of two-factor authentication.

Gates has insight into global attack trends and defenses. In addition to its Santa Clara U.S. location, NSFocus has offices in Sao Paulo, Singapore, Tokyo and Uxbridge, UK. The company provides a variety of security products to global carriers including China Telecom, data-center hosting firms, four of the five largest global financial services companies, cloud service providers, MSSPs and large enterprises. It recently celebrated a hat trick, winning the Microsoft Bug Bounty Program for three consecutive years.

Gates says the United States is not alone in too little use of multifactor systems. However, he says the Obama administration’s Cybersecurity National Action Plan, which among other recommendations calls for combining a strong password with a fingerprint or a single-use code delivered in a text message, could be impetus to help customers add this layer of security.

“However, without regulation forcing organizations to move beyond simple username/passwords, recommendations only go so far,” says Gates.

For partners, the opportunity is twofold.

Solution providers can help develop policies for use of multifactor systems among end users. Working with a customer to enable it to issue one-time passcodes to its own customers or employees is more specialized, but worthwhile for financial services and hospitality firms, where the capability is becoming standard. He says a text message is usually the easiest and least expensive way to implement two-factor authentication for users.

Start Small, But Start Now

Gates recommends requiring anyone with an administrator account to use two-factor authentication along with a strong password to log on to the network. Customers should also evaluate employee use of work computers with personal accounts that may be compromised. He cites the Dropbox hack, which gave attackers a trove of 68 million username/password combinations — which are now for sale on the dark web.

Why is that a problem for businesses?

“People tend to use the same passwords multiple times,” he says. And, if a worker logs in to a hacked accounts while at work, it puts the entire organization at risk.

“They’re just one click away from a potential compromise that can easily lead to breach,” he says. “That’s why parts of the U.S. government banned employee access to certain online email services earlier this year. Other organizations should seriously consider doing the same.”

Channel-centric providers including Centrify, Okta and Ping Identity offer multifactor authentication systems – Okta’s Adaptive MFA product starts at $3 per user per month – but Gates warns that partners should check the customer’s data plan.

“Even though almost everyone has free texting, sending hundreds of codes by text message could get expensive,” he said.

Moreover, customers that have not installed web application firewalls should do so.

“They’re specifically designed to keep attackers out of databases,” he says.

NSFOCUS works with its customers and partners on an intelligent hybrid security approach that involves not only cloud and on-premises defenses but real-time access to threat intelligence. The goal is to shorten the window from measure to countermeasure.

“Look at the Wendy’s hack,” he said. “All indications are that someone hung out for six months and planted malware on point-of-sale units to capture credit and debit card data.”

Even so, he says the PCI DSS guidelines have improved and are not just for retailers. Customers without security policies could do worse.

“It’s a good idea for anyone to follow the guidelines in PCI DSS,” says Gates. “We’re not hearing about massive financial institution attacks anymore. Attackers have moved on to easier targets, like health-care facilities. If you look at the statistics, I think it has made a tremendous impact.”

The Other Dell Merger: RSA also joins Dell as part of the EMC buy, and RSA CEO Amit Yoran wants to assure partners and customers that it’s business as usual. In a blog, Yoran promised continued investments in R&D and a renewed channel focus. “It is important to note that Dell Technologies is focused on ensuring the strongest relationship with the partner that our customers prefer to do business with and that each Dell Technologies’ business has an independent partner program and technology ecosystem,” he wrote.

In a related Q&A, RSA refused to speculate on whether it would follow SecureWorks to the IPO stage and said any RSA channel partners that are not part of the Dell reseller program can apply. It added that the merger broadens RSA’s reach and that partners could benefit from cross promotions.

Yoran will stay in his post and report to David Goulden, CEO of the EMC Infrastructure group.

Get Your Mojo for K-12 Wireless: Partners serving the education vertical may want to check out Mojo Networks’ Mojo Enforce, a cloud-based service that transfers credentials and policies for network access and device management from a customer’s Google for Education cloud to its Wi-Fi network, potentially saving time and money.

With the system in place, only devices registered in the school’s Google domain are able to connect to the school Wi-Fi network. Enforce and the integration into Google for Education will be available in Q4 2016, with other integrations coming in 2017. The open beta will begin shortly, and Mojo is signing up beta users now.

Note that the system requires Mojo cloud-managed access points, but as we discuss in this free report, there are worse moneymakers than a managed Wi-Fi offering.

Got WordPress? Unless it’s Version 4.6.1, released Wednesday, it’s vulnerable to several attacks, say researchers. Upgrade now.

2016 Cybersecurity Index: If you have customers (or friends and family) who could use a reality check about the cyber-threats they face, you may want to direct them to a new interactive 2016 Cybersecurity Index site, based on a detailed survey carried out in last month by Kaspersky Labs in 21 countries across the globe.

The index takes three key indicators that are measured every six months and combined estimate the degree of risk to the average internet user: The Concerned Indicator shows the percentage of people who believe they may be targeted by a cyberattack. The Affected Indicator identifies how many people have actually fallen victim during the reporting period. The Protected Indicator shows the number of users who have installed a security solution on the device they use to access the internet.

According to the data, only 21 percent of respondents think they have anything to worry about.

Zero-Day Alert: If you resell Veritas Infoscale and run the Operations Manager software, note that Digital Defense disclosed this week two new vulnerabilities that may allow a cybercriminal to potentially take control of the managed hosts, gaining access to sensitive data and causing significant disruption to operations. Veritas has issued patches; for instructions on how to obtain and apply the updates, contact Veritas technical support.

DDI notes that it offers a free 21-day trial of its vulnerability scanner.

Rapid7 Spots SNMP Flaws: Meanwhile, Dark Reading reports that Rapid7 has discovered that many of the network-management systems partners use to discover and monitor customer gear are vulnerable to attacks via SNMP. The affected vendors are Spiceworks, Ipswitch, Castle Rock, ManageEngine, CloudView, Paessler, Opmantek, Opsview and Netikus.

Agree? Disagree? Let me know, either in comments or direct. Follow editor in chief @LornaGarey on Twitter.

Tags: Agents Cloud Data Centers Mobility & Wireless Regulation & Compliance Security Telephony/UC/Collaboration

Related


  • Judge and Gavel
    Judge: Charter Must Pay Windstream $19 Million for 'Egregious,' Deceptive Mailer
    The judge said Charter "intentionally and wrongfully" interfered with Windstream's customer contracts and good will.
  • Business handshake
    Ujet, Peerless Network Enter Master Agent Agreements with PlanetOne, Intelisys
    Ujet’s channel partner program supports strategic business partnerships, master agents and integrators.
  • Channel Chief Nameplate
    AT&T, Telarus, MicroCorp Vet to Lead RSI's Channel
    The MSSP entered the channel in early 2019.
  • Merge road sign
    Agents Voice Concerns, Hopes for Master Agent Consolidation
    Subagents weigh in on how mergers and acquisitions could impact them long-term.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Granite Unleashes Microsoft Teams Integration, Merged Voice Services
  • Convergence in the Channel: Is It Happening, and What Does This Mean for MSPs?
  • SASE Takes: Service Providers Mull SD-WAN Complexity as Comcast, Versa Enhance AI Capabilities
  • T-Mobile 5G Network to Augment Lumen's Edge Computing Platform

Galleries

View all

Biden Administration Issues Russian Sanctions in Response to SolarWinds Hack, Election Interference

April 16, 2021

Industry Perspectives

View all

Why Digital Transformation Is the ‘Invisible Hand’ of Our Time

April 19, 2021

SD-WAN Supports More Purposeful Shift to Cloud

April 16, 2021

How Tech Is Transforming Public Safety–and the Implications for Channel Partners

April 15, 2021

Webinars

View all

What to Look For: 2021 Threat Report

April 22, 2021

Health Care and SD-WAN: A Seller’s Guide

April 27, 2021

How MSPs Can Leverage SOCaaS to Improve Security & Grow Revenue

May 4, 2021

White Papers

View all

Carbonite Data Protection and Cyber Resilience

April 15, 2021

Top Tips: How Resellers Can Leverage Rackspace to Enhance Customer’s Cyber Security Protection with Microsoft 365 Security

March 30, 2021

Top Tips: Optimize Your Microsoft 365 Investment with Rackspace Technology

March 30, 2021

Upcoming Events

View all

MSP Summit

November 1, 2021 - November 2, 2021

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Channel Evolution Europe

November 30, 2021 - December 1, 2021

Videos and Fastchats

View all

5 Reasons Diversity, Equity and Inclusion Is Important

Five9 Shares Insights on Implementing a DE&I Strategy

April 13, 2021

FASTCHAT: How Fortinet Reduces Complexity Through Networking, Security

March 31, 2021

Strong Customer Experience Needs Strong Partner Experience

December 22, 2020

Twitter

ChannelFutures

.@Avaya Cloud Office by @RingCentral further expands globally, includes new features. #UCaaS dlvr.it/Ry1QMg https://t.co/sVTkX6u4SO

April 19, 2021
ChannelFutures

.@attcyber and @SentinelOne teamed up around endpoint #security. dlvr.it/Ry1GMh https://t.co/LGV3RjpUBK

April 19, 2021
ChannelFutures

#Kubernetes expertise will help #channelpartners win big in move to cloud, says @Infoblox. dlvr.it/Ry16sP https://t.co/8lB4T93fuN

April 19, 2021
ChannelFutures

.@CambiumNetworks unveils new #partnerprogram focused on health care. dlvr.it/Ry12RG https://t.co/uGNMBQyQUa

April 19, 2021
ChannelFutures

.@solarwinds pays top executives more than $65 million despite massive hack. #cybersecurity dlvr.it/Ry0tXf https://t.co/1XjFpk7WMl

April 19, 2021
ChannelFutures

.@DruvaInc now valued at $2 billion. What does this mean for #Compass channel partners? Find out what we know.… twitter.com/i/web/status/1…

April 19, 2021
ChannelFutures

Learn how you can make apps and #cloud work for you. @VMware #appmodernization #digitaltransformation… twitter.com/i/web/status/1…

April 19, 2021
ChannelFutures

We're dedicated to bringing important ideas & perspectives that will enlighten & empower our audience at #CPExpo an… twitter.com/i/web/status/1…

April 19, 2021

MSSP Insider

Business advice for MSSPs and news from the broader security channel.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X