K1000 as a Service
K1000 Systems Management Appliance
K2000 Systems Deployment Appliance
The threat landscape has been evolving at a rapid pace, requiring enterprises to be highly vigilant and stay on top of new tools and processes that effectively protect them from cyberattacks. According to a recent study on data breaches, 90 percent of exploits targeted apps for which patches had been available for six months or longer, and 50 percent of systems had at least 10 vulnerabilities that had patches available, but were not installed.
Needless to say, patch management is an integral component of any effective defense-in-depth strategy and is a valuable first line of defense to minimize your endpoint risk. System hardening with security configuration management and vulnerability assessment and remediation are two important controls that go hand-in-hand with patch management.
Security Configuration Management
Over the years Verizon’s annual Data Breach Investigations Reports have indicated that weak configuration management and inadequate system hardening factor into most data breaches. Developing configuration settings with strong security properties is a complex task that requires knowledge and analysis that is beyond the scope of the user.
Installing a strong configuration is not enough. You must continue to manage it to maintain its security properties to ensure it is not compromised over time as a result of changes or new events, such as new security vulnerabilities or software updates. In order to manage all the systems, operating systems and applications in your environment, you need a centralized solution that gives you a holistic view of your endpoints, and the ability to install and update standard configurations across your entire environment.
Such a solution will empower you to enforce a consistent endpoint configuration policy, as well as continually monitor and tweak it to ensure that it stays effective long term.
Vulnerability Scanning and Remediation
Vulnerability scanning is another integral component of an effective security strategy; without it, you would be unable to discover and address flaws that could potentially give hackers a way to get into your network and systems. Also, vulnerability analysis can help you assess the effectiveness of proposed countermeasures.
The Open Vulnerability and Assessment Language (OVAL®) is a well-known standard that gives you a repository to check for software vulnerabilities, configuration issues, programs, and/or patches on your endpoints. The OVAL repository for vulnerability tests is continually updated by the community, which reviews and vets new definitions before adding them to the repository. For more information and a helpful list of controls, check out our new white paper, Protecting Your Network and Endpoints with the SANS 20 Critical Security Controls.
Enterprises today must take a very active role in defending their organizations and managing risk, and you play a key role in helping your organization achieve this through patching, configuration management and the use of vulnerability scans. This is no easy undertaking, but a centralized solution can make your life a lot easier.
Gain more insight into developing an effective patch management strategy that meets your organization’s needs.
In our previous blog we talked about simplifying the patch management process and how automating patch management can greatly ease the burden of managing your IT environment. We touched upon three key elements of effective patch management:
Here we will talk about the impact an effective patch management strategy has on both IT admins and users, and some of the elements that contribute toward that experience.
Significantly Improved Productivity and Job Satisfaction for IT Admins
A centralized patch management solution allows you to coordinate patch updates across large user populations in a more timely and efficient manner, while providing detailed visibility into each of the patching phases. This eliminates the headaches associated with using multiple solutions, making for a much better user experience and allowing you to focus on more strategic projects. Here are ways you can streamline the patch management process and gain greater control over each step in the process:
1. Get the “undo” button
The ability to roll back or “undo” patches is an important feature that gives you peace of mind. It’s especially valuable in those instances when a patch gets rolled out unintentionally, errors are found after deployment, or the vendor issues a recall. Rollbacks simply make your life a lot easier. With this capability you no longer have to spend excessive amounts of time on rigorous testing that can lead to delays, or even a failure to close security gaps in a timely way.
2. Use a phased approach
Leveraging a phased release approach to patch management helps you avoid bottlenecks and delays. This is especially important in organizations with large, complex and distributed user populations. Using a phased approach, you can schedule deployments based on criteria best suited to your organization, such as department or geographical location. A phased approach allows you to push out critical patches immediately to systems that need them the most, while rolling out less critical patches subsequently. Such a systematic approach is more easily communicated to end users, setting realistic expectations while minimizing disruptions.
3. Deploy to remote sites without clogging up the network
It is critical to deploy patches to remote sites without consuming excessive network bandwidth. A robust solution will give you the ability to deploy an image once from the central site to the remote site, and then have the image deployed to all the systems in the remote location using the local network. This minimizes the impact on network bandwidth, and is much more efficient than deploying images from the central site to all of the remote systems.
4. Set up reports and alerts to notify you of issues
Detailed reports and alerts quickly identify issues so you can focus on the systems that need your attention right away. Reports identifying non-compliant computers, alerts notifying admins of failures, and other such tools make life a lot easier. They allow you to take action quickly and identify issues needing your immediate attention.
Using an automated, centralized patching solution that gives you these capabilities allows you to save a significant amount of time and hassle, gain increased visibility into your environment, eliminate errors and exercise a lot more control over your systems. By doing your job more effectively and efficiently, you’ll have time to move on to value-added tasks that result in improved productivity and greater job satisfaction.
Engaged, Productive and Happy End Users
Now let’s see what impact a centralized patch management solution has on end users. It is only natural for employees to get upset when their PC suddenly reboots in the middle of the work day, losing unsaved work. Here are some ways a centralized patch management solution can improve the patch management experience for end users:
To learn more, read our white paper, “Nine Simple (but Critical) Tips for Effective Patch Management,” to gain more insights into developing an effective patch management strategy that meets your business needs. Stay tuned for blog #3.
IT environments are getting increasingly complex and IT teams are tasked with ever-expanding workloads. The key to effectively managing your IT environment is to keep it simple – especially as it relates to the crucial task of patch management. An automated systems management solution can help you eliminate tedious, time-consuming, manual patch management tasks and free up time and resources for more strategic endeavors. In this blog post, we will touch upon a few key practices that can greatly ease the burden of patch management.
First, it’s important to note that your systems management solution should significantly enhance your security posture. A defense-in-depth approach is absolutely essential for any security strategy to be effective. Typically this includes a robust patch management strategy, along with a combination of other solutions such as antivirus, firewalls, intrusion detection systems, web application firewalls, etc. In this series of three blogs we will discuss key features of an effective patch management system.
Gain visibility into your network
In order to manage and control your IT environment, you need visibility into your network to identify exactly what’s in it – including every computer and every device whether managed, unmanaged or rogue. It takes just one hacker to gain access to a single system to bring your entire network down – so you can’t afford to have any blind spots. It is an extremely tedious, time-consuming, and error-prone process to manually inventory your assets.
The simple way to get an accurate inventory of your entire network is by automating device discovery and inventory assessment. You will also need to manage your increasing number of non-computer devices, such as networking devices, printers, routers, switches, projectors, etc., using the same solution. This removes the complexity and time associated with integrating information from multiple solutions, thus requiring less manual intervention and resulting in less room for human error.
Gain the ability to scan your network
While having visibility into the network is critical, it’s only the start. You need to conduct an automated scan of your network to find and identify all active systems. You must then scan each system to identify the hardware type and software applications. Once they’re identified, you need to conduct a patch assessment to determine which applications are up to date and which ones need patches. With the right tool, you can use a single automated process to quickly determine the current state of your network. You’ll know what you have, and how much patch management work is required. To implement an effective patch management process, you will need to conduct periodic scans and patch assessments for health checks to identify those areas that need your attention.
An effective solution will give you the ability to identify issues by level of severity, allowing you to use a phased approach to resolving issues by targeting the most critical issues first. Using a phased approach to deploying patches makes the entire process a lot more manageable and efficient, improving your overall security posture. We will talk more about this topic in our next blog in this series.
Implement a centralized solution
Implementing a single, centralized solution for all patches, rather than deploying several different point solutions for patching diverse systems, will simplify the patching process. Many IT organizations maintain separate patching solutions for Microsoft, PC based hardware, Mac computers, client systems, servers and for third-party software, such as Adobe and Java.
By centralizing and consolidating the management of mixed operating systems and applications with a single patching solution, you’re able to identify blind spots that point solutions won’t catch – and identifying these vulnerabilities is critical from a unified security standpoint. A single solution also significantly reduces the complexity of your IT infrastructure by eliminating maintenance of multiple patching solutions.
To learn more about how to streamline patch management, read the white paper, “Nine Simple (but Critical) Tips for Effective Patch Management.”
We’ve posted earlier about how hackers get into your systems and steal data from your endpoints, and then how they monetize this stolen information. If you have thousands of unsecured mobile endpoints on your network, it means there are equal numbers of opportunities for hackers to breach your constituents’ information.
As a savvy IT pro, you understand that all of your machines must have the most up-to-date security patches — both OS and application — to prevent intrusion. Still, you might be wondering if there is even more you can do to uncover holes in the armor of these endpoints. The answer is decidedly yes! There are vulnerability standards available that can help advance the goal of vulnerability detection. Scanners built upon these standards can give you predictable results, and they are continually updated as the user community at large discovers more vulnerabilities.
One of the most well-known is the Open Vulnerability and Assessment Language (OVAL®). Before the advent of OVAL, there wasn’t a common way for IT administrators to find all software vulnerabilities, configuration issues, programs, and/or patches on their endpoints. Sure, you can and should use a patching tool to make sure all OS security patches are addressed. But, that is only part of the story. With OVAL there is a standard repository for vulnerability tests that is continually updated by the community. The community reviews and vets new definitions before they are added to the repository.
At the heart of the community is the OVAL Board which consists of members from industry, academia, and government organizations. OVAL is funded by the office of Cybersecurity and Communications at the U.S. Department of Homeland Security and is the summation of the efforts of a broad selection of security and system administration professionals from around the world.
Often, the question arises: can’t hackers use this information to break into my system? Certainly, any public discussion or availability of vulnerability and configuration information may help a hacker. However, there are several reasons why the benefits of OVAL outweigh its risks.
So if you truly want to decrease your exposure to outside threats, you can be proactive by performing vulnerability scans. Doing them based on OVAL definitions gives you the knowledge that the entire security community has your back.
We’ve been discussing the new security landscape, how it’s affecting IT processes and people, and what can be done to further protect your environment and that of your constituencies. For more information and a helpful list of controls, check out our new white paper: Protecting Your Network and Endpoints with the SANS 20 Critical Security Controls.
Let’s face it. Systems Admins have their work cut out for them!
For all 365 days of the year, they have to ensure that performance, uptime, resources, and security of computers managed meet the needs of users. And yet, for all Systems Admins do, they have just one day where they are celebrated for their hard work.
In our effort to show how much we appreciate Systems Admins, we decided should get to know them better. And what better way to get to know them? Well, why not a Q&A!
Q1: How do you celebrate System Admin Appreciation Day or what does the day mean to you?
Casey M. “I send meme/nerd based thank you notes to my fellow Sys Admins. I see it as a day to look back at all the great (and often unnoticed) work that has been done during the year and a chance to offer ourselves a well-deserved thanks. “
David A. “It is a great reminder about the responsibility a System Admin has. It is definitely worth some donuts on that day.”
David H. “Work”
Keith J. “I like to sign in as a user and send myself positive emails praising the speed and reliability of the system.”
Q2: How has your work changed in the last year as a System Admin?
Chryss C. “More systems to manage, less resources to manage them with.”
Cindy K. “The amount of hours and project commitment has escalated tremendously.”
Kimberly S. “I think I attended more meetings this past year than I ever have!”
Timothy S. “I have more grey hairs. Does that count?”
Q3: What is the strangest thing you received a call about as a System Admin?
Bob W. “Wow… That would be a long list. I think one of my favorites was I got a call saying a printer had an error that said "Please Add Water" and the user asked where the water goes. Turned out that a student got into the printer settings and changed default messages so the printer was just out of paper.”
David H. “I got a help desk ticket one day to fix the toilet in the restroom”
Edward G. “As I work in Higher Ed, the strangest would be this: on Labor Day several years ago, someone called the main help desk number and requested me by name. This was not someone that I knew. The question asked was, ‘Do we have classes today?’”
John K. “A woman keep calling the IT Helpdesk phone number after hours and leaving messages thinking we were her psychiatrist. I figured she would figure out on her own she was calling the wrong number, but she didn’t. I had to call the women back and fortunately she didn’t answer and I left a voicemail indicating that the doctor she is trying to reach is not at this number.”
Q4: How many cups of coffee do you have before you’re ready to tackle the day?
Clare T. “One large cup.”
Missy M-B. “At least 2.”
Sarah M. “Don't you mean how many pots?”
Casey M. “None. Soda on the other hand...”
Q5: What’s your favorite geek movie of all time?
Damien C. “Scott Pilgram vs The World”
Jeff H. “Tron!!”
Keith B. “Star Wars, Guardians of the Galaxy lately”
Rob O. “Office Space”
Q6: If you had a comic book hero name, what would it be?
Cindy K. “Microwoman”
Bob W. “Captain Awesome”
John K. “Batman”
Tony V. “Fantasmo”
Q7: Who shot first, Han or Greedo?
Bradley B. “Han”
Edward G. “I would have to check the script”
Kimberly S. “Greedo”
Peter A. “Han of course! How dare you.”
Now let's get to know you! Comment below or tweet @DellSysMgmt with your answer to any of the above questions!
The fundamentals of systems management have changed. IT professionals like you are now faced with managing and securing a growing number of mobile and bring your own devices (BYOD), a variety of operating systems and network connected smart devices, in addition to traditional endpoint management tasks. You must approach “anypoint” systems management as an imperative, and Dell KACE appliances and complementary software can fill this need.
Attend Dell World Software User Forum and address these challenges head on by getting direct access to “anypoint” management experts through a broad selection of KACE educational sessions. In these sessions, you’ll see some of the newest and most popular KACE features and capabilities.
We’re targeting software pros like you who want to up their game by enhancing their KACE appliance use and knowledge, while exploring the added benefits of the wider Dell Software product portfolio. You should come ready to be immersed in the future of “anypoint” systems management. You’ll learn about the latest trends in big data and cloud management, advanced analytics, and the ins and outs of secure network access.
The Agenda Builder is now live, so once you’ve registered, you can create a personalized Dell World Software User Forum experience.
Featured and favorite KACE sessions include:
Do you want to get a peek at what's around the corner with KACE? Listen to KACE product managers talk about the roadmap ahead and what's coming with KACE products. This session is consistently an attendee favorite. It allows you to learn about and plan for the implementation of upcoming key KACE features and enhancements.
Chromebooks are entering business and education at an unprecedented rate. Chromebook inventory information is now integrated with the K1000’s systems management workflows and processes, allowing you to use the K1000 to perform day-to-day management tasks, such as hardware inventory, reporting, and service desk, for Chrome devices. Attend this session and learn how to best manage them with your K1000.
Increase Security with an Effective Patch Process
Patching might have been the easy part...designing a sustainable patch management system with integrated automation and reporting is your real challenge. In this session, you'll learn best practices and different approaches to streamlining all the patching security tasks that are critical to your organization.
“Anypoint” Systems Management: Managing All of Your Connected Devices
The K1000 can manage more than just your laptops, desktops, Macs and servers. In this session, we'll demonstrate how to get your other network-enabled devices into your device inventory using agentless technology, for true "anypoint" systems management.
Your DWUF registration includes admission to all Dell World general sessions, solutions showcase, and the big opening night concert headlined by a name you already know and love.
And don’t forget: the BOGO (buy one, get one) offer is available. Each paid registrant will be able to bring a colleague of his or her choice, free.
We’ve recently discussed how trends such as the Internet of Things and mobility have affected IT security. We’ve also touched on ways that more thorough measures can be implemented to rise to the challenges they create. But what about your role as the IT professional in the face of these burgeoning security challenges? Not only do you need to understand these new challenges, you must also implement the safeguards. How will you need to shift your focus to survive and thrive in a new world of security-obsessed organizations?
The change to the security landscape also means real change in how your organization protects that infrastructure.
There are many more points for intrusion including web services, cloud access and storage, BYO and mobility, making it virtually impossible for any single individual or group of individuals to monitor every possible point of entry. ”Today's WAN has so many doors, we can no longer expect to have a security specialist standing guard at each one,” says Jay G. Heiser, research director at Gartner.
Likewise, what used to be the wheelhouse of the security IT specialist — implementing firewalls, installing anti-virus software and implementing other perimeter controls —have become more of a commodity-oriented task, one that is often now handled by administrators, consultants, and even end users themselves.
That means you can be relieved of some of the operational burdens previously placed upon you. But instead, you must develop new skills that empower your organization and your users to implement intrusion prevention as an integral part of their everyday practice. Instead of investing time addressing problems that have known solutions, your focus should shift to the new problems brought about by greater levels of connectivity and portability. This should include a better understanding of your organizations' risk profiles, in addition to information security.
Some modifications in both thinking and approach for the evolving IT security pro should include:
“Security professionals have so much to offer in providing value and increasing profit through a more mature risk management process,” says Jeff Spivey, international vice president of ISACA and director of Security Risk Management Inc. “Change management, culture, monitoring of risk, mobility and BYOD all demonstrate the accelerated pace of risk due to new and better technologies. The secret is in establishing the correct framework to understand and manage new and evolving risk to the enterprise.”
In the last few posts we’ve reviewed the new security landscape, how it’s affecting IT processes and the people who implement them. What else can be done to further protect your environment and that of your constituencies? For more information and a helpful list of controls, check out our new white paper: Protecting Your Network and Endpoints with the SANS 20 Critical Security Controls.
In our last post, we talked about the Internet of Things, and how the addition of multiple new smart devices to your network can result in more opportunities for hackers to hijack your data and use it for ill- gotten gain. We all try to be vigilant to protect personal data belonging to our employees, customers, patients and other constituents, but what happens when the crooks get a hold of this type of information — what do they actually do with it and how do they make money? And what kind of data is most valuable to them? The logic and businesslike approach of their techniques might surprise you.
Cybercriminals today work in large groups and many of the largest, most complex networks have skills and technology resources that rival Fortune 500 companies, according to Greg Wooten, CEO of fraud prevention technology corporation SecureBuy.
"In general, about a half a million data resources are being breached each day," he says. "The hackers extract the data, house it themselves and analyze it using analytics to match up information the best that they can and then monetize for the highest value possible when they go to wholesale it. This is a job for them, and they are very resourceful."
The data is bundled for bulk sale on black market sites, with prices varying depending on multiple factors, including the completeness of the information, the credit limits associated with the account and whether or not the information may already have been reported as stolen. This information can be sold for as little as a few dollars or more than $100 for a complete set of records.
For larger return from stolen information, the hacker needs to compile complete data sets. These sets, also called fullz, normally include not just an individual's name and Social Security number, but extend to birthdate, account numbers and other pieces of personal data. Here, all that’s needed is the information contained on the credit card’s magnetic strip, a form factor still in use in the US, unlike in most European countries. It’s a relatively simple process to read and transfer the information, but security measures are improving. These instances are typically time sensitive, requiring the thief to incur charges on the card before it is reported lost or stolen.
"It's much more difficult to detect this type of fraud when the fraudsters have all the correct account application answers," Wooten says. "Having access to a full user profile makes it that much easier to pretend you are someone else and take advantage of them."
Again, for IT pros, keeping personal data secure for all of our constituencies should be a priority. There’s a checklist that can help you cover all of your security bases, contained in this white paper: Protecting Your Network and Endpoints with the SANS 20 Critical Security Controls.
In a previous post, we covered some critical components of a security strategy that helped IT pros keep their jobs by preventing a security breach. We discussed topics like configuration management and enforcement, patching, and threat detection as just a few of the ways organizations can take basic security steps to avoid the nasty consequences we see in the news nearly every day. In the next few posts, we’ll drill a little deeper into some related topics that are truly shaking up the security landscape from the standpoint of added challenges and new ways organizations are both coping with and being compromised by malicious attacks.
Internet of Things
The Internet of Things (IoT) has burst on the scene, first in the consumer world, and increasingly in corporate environments. A thing, in the Internet of Things, can be an individual with a medical monitor, any type of unit with a tracking or monitoring sensor, or a smart business device; it is virtually anything that can be assigned an IP address and connected to the network. And according to Cisco, there will be 25 billion devices, or things, connected to the Internet in 2015, with that number predicted to double by 2016.
So here lies the rub for organizations of all types, many still struggling to address the challenges of effective device management and security in the world of mobility and the BYO phenomena. With the advent of the IoT, you as an IT administrator must inventory, manage, maintain and secure any number of new, heterogeneous devices. This is in addition to your traditional managed devices, over which you have corporate control of applications and operating systems. And while these new devices are designed to share critical data to empower the workforce, their innate design also offers up a greater opportunity for attack.
Altering the IT Security Landscape
How so? To enable an internet connection, every device must have an operating system embedded in its firmware. Unfortunately, this firmware is not designed to run security software, and opens the devices to new opportunities for exploitation. Organizations must understand the extra security challenges brought on by this litany of connected smart devices:
It’s clear that the IoT is here to stay and will grow exponentially as more smart devices enter both our personal and business lives. In order to keep your IT environment well managed and as secure as possible, this added layer of complexity and its protection must be given a well-considered risk/reward evaluation, and be added to the macro level schema for the implementation of all broadened endpoint security initiatives.
There are resources and tools to help you and your team create and maintain a secure IT infrastructure. Read our recent whitepaper: Protecting Your Network and Endpoints with the SANS 20 Critical Security Controls.
In earlier blogs, I’ve explained how important it is for systems management solutions to save educational institutions time and money and enhance student learning by keeping devices secure and available. But what about the systems management solutions themselves? With limited IT staff and budget, educational institutions need tools that are easy to deploy and use and that will continue to deliver value as the institution grows — without requiring increased headcount.
Florida’s Seminole County Public Schools, for example, was very concerned about ease of installation and maintenance when it began looking for a comprehensive systems management solution. Some vendors, the district found, proposed solutions that would have required IT staff to install, configure and maintain multiple servers. Moreover, some products had multiple components that needed to be integrated, making the solution much tougher to deploy district-wide. These choices were simply too complex and expensive to maintain, the district decided.
These sentiments are echoed by many other schools and colleges, including the San Bernardino County Superintendent of Schools (SBCSS) in California, which was looking for an integrated solution to replace the seven different products it was using to perform inventory, imaging and remote system management. To support 33 school districts across 22,000 square miles, SBCSS needed to be able to install images remotely and with as little manual work as possible, as well as identify and remove malware and unauthorized software when affected machines join the network. Ease of use and automation in systems management, the district knew, were critical to supporting its educational mission and growing digital curriculum.
More broadly, educational institutions also need the flexibility to implement systems management in a way that best fits their environment — physical, virtual or in the cloud. They also need a simple plug-and-play architecture that virtually eliminates installation and maintenance, along with support for a broad range of operating systems and applications.
To learn about how organizations like yours have discovered and implemented systems management solutions that are designed to be both immediately productive and trouble-free for the long term, be sure to read our new solution brief.