• Dell TechCenter

    Federal Cybersecurity Sprint: Patch for the Known, Prepare for the Unknown

    Federal CIO Tony Scott’s 30-day Cybersecurity Sprint in July called on government agencies to make substantive progress in four specific areas. Last week I discussed the first directive: federal agencies must immediately deploy indicators provided by DHS regarding priority threat-actor techniques, tactics, and procedures to scan systems and check logs. Let's now discuss the second.

    The Second Cybersecurity Directive

     “Patch critical vulnerabilities without delay. The vast majority of cyber intrusions exploit well known vulnerabilities that are easy to identify and correct.  Agencies must take immediate action on the DHS Vulnerability Scan Reports they receive each week and report to OMB and DHS on progress and challenges within 30 days.”

    How did this one go?

    DHS Secretary Jeh Johnson has said that agencies patched or remediated about 60 percent of their critical vulnerabilities during the Sprint. And at the Nextgov Prime conference on government cybersecurity in Washington on September 9, CIO Scott said, “The good news is I think we are making progress. The bad news is, incidents that do occur, mostly occur because we failed even the most basic preventative measures.”

    So there’s still much work to be done. The Sprint was just one segment of a marathon effort which doesn’t necessarily have a finish line.

    Dell Software is here to help agencies continue their press forward. October is National Cybersecurity Month, and we’re presenting a four-part knowledge series of half-hour webcasts on the Sprint directives. The second on-demand webcast, on patching critical vulnerabilities is available and features Robert Osborne, Dell Software Senior Enterprise Technologist. We’ll review Dell Software solutions for scanning and patching, including KACE systems management appliances and network security solutions from Dell SonicWALL.

    The complete knowledge series includes:

    • Deploy DHS threat indicators to scan systems and logs
    • Patch critical vulnerabilities without delay. 
    • Tighten policies and practices for privileged users. 
    • Dramatically accelerate implementation of multi-factor authentication, especially for privileged users.

    Please join us for the second knowledge series webcast.

    Jeffrey Honeyman

    About Jeffrey Honeyman

    Jeff Honeyman manages messaging and content for government and education for Dell Software. He is also a saxophone and clarinet player and science fiction reader.

    View all posts by Jeffrey Honeyman | Twitter

  • KACE Blog

    Under the Hood with Windows 10 Security, Part 1 [On-Demand Webcast]

     New Windows 10 features are getting ink in the tech press, but it’s Windows 10 security that’s top of mind for most system administrators.

    When we conducted a webcast called Under the Hood with Windows 10 Security, more than 2,300 sysadmins, IT managers and network administrators registered. We saw we had a live one, so we decided to distill the highlights of the webcast into this series of three blog posts on the main enhancements to Windows 10 security, focusing on what’s new for the enterprise.

    In this first post, I’ll describe Windows 10 enhancements for endpoint security – preventing your desktops and servers from being infected by malware.

    It’s a good sign that Microsoft is taking aim at malware because the endpoints are where the bad guys are winning the most. Windows 10 fights back through new hardware components and drivers because that’s what it takes to keep malicious code from running on your endpoints.

    Untrusted font blocking (6:10 into the on-demand webcast)

    Fonts are known as “complex data structures,” which translates to “big, juicy targets just waiting to be exploited.” Fonts are notorious for buffer overflows that allow privileges to be elevated and arbitrary code to run.

    The biggest danger is that fonts can be embedded in documents and sent all over the place. That is an ideal way for bad guys to deliver malware to an endpoint, then get the endpoint to run it.

    Untrusted font blocking, an option under Group Policy, is a new Windows 10 security feature. If you activate it, and if the dubious font is not already installed on the device, then Windows won’t use it. It helps limit damage from anything that uses fonts like email, Web content and document files.

    Device Guard (7:40)

    Device Guard is more than any single feature. It’s a comprehensive way to lock down the code that executes in the kernel. The more you’ve standardized on specific configurations of hardware and drivers in your company, the more you can take advantage of Device Guard, which is oriented toward enterprise devices and Windows versions rather than toward consumer and BYOD. Device Guard runs much deeper inside the OS than AppLocker does.

    Secure Boot is a part of Device Guard that depends on UEFI, the new replacement for BIOS in hardware, which checks firmware and your boot files.

    Windows 10 features a highly controlled boot process, integrated with the Trusted Platform Module (TPM) chip on the motherboard (if present). Before turning control over to boot loader, Windows hands boot files to TPM, which validates them to ensure that your system has not been compromised. After verification, Secure Boot allows the OS to boot.

    That defends against rootkits and makes sure that Windows starts from trusted, un-tampered code. Secure Boot was supported in Windows 8 and Windows Server 2012; the biggest changes for Windows 10 are the new requirements for hardware manufacturers, like UEFI and TPM.

    Code Integrity (17:50)

    Code Integrity is part hardware, part software. In mobile terms, you can say that it makes Windows more like an un-jailbroken iOS system or an unrooted Android system, but with more freedom and control from the enterprise point of view.

    Whereas AppLocker starts late in the boot process and runs in user mode, Code Integrity takes control as soon as the OS begins to boot and runs in kernel mode deep within the OS. You can customize the Code Integrity Policy for every OS and specify only the code that has been signed by someone you trust. Not even a local administrator can override it.

    Code Integrity looks at the way every executable on your device has been signed and compares it to a golden system. For unsigned programs like line-of-business apps you’ve built, there is a Package Inspector. Code Integrity is a big step toward endpoint security for point-of-sale systems because you can implement it in kernel mode if administrators have control over the hardware, or user mode if they control only the installed apps. Even if you don’t have complete control, you can still use Code Integrity’s audit mode.

    Virtualization-based security (29:30)

    Virtualization-based security (VBS) enlists Hyper-V to protect sensitive parts of Windows even on endpoints. It inserts a hypervisor between the metal and the Windows 10 kernel, then moves local security authority (LSA) and kernel mode code integrity (KMCI) to quasi-virtual machines, or the secure world.

    Before virtualization-based security, both LSA and KMCI ran in kernel mode. Normally, that’s a safe place to run, but device drivers run there too, and they come from all over and are not always secure. Once they’re in the secure world, LSA and KMCI are inaccessible to everything else including the kernel, the apps and any kernel mode malware.

    To prevent code injection exploits, KMCI keeps memory pages in the kernel from being maliciously changed to execute mode. That means that even if an attack manages to inject malware to the kernel, KMCI will prevent it from running.

    Malware (36:10)

    With Windows 10, Microsoft has acted to slow down attacks. Consider that the OS now has three different, overlapping technologies to let you control application usage:

    • Software Restriction Policies go back a long way in Windows.
    • AppLocker saw its debut in Windows Server 2008 R2 and Windows 7 as a way to help administrators control how users access executable files. Windows 10 enhances AppLocker with service white-listing, mobile device management and Windows Management Interface (WMI).
    • Code Integrity now ties application control to both software and hardware.

    If you’re really serious about taking advantage of Device Guard and the full spectrum of malware-defeating technologies built into Windows 10, you’ll discover that the hardware you buy really matters. You’ll want TPM and UEFI built into your endpoints.

    Under the Hood with Windows 10 Security – On-demand webcast

    Take a few minutes to listen to Randy Franklin Smith’s webcast, Under the Hood with Windows 10 Security. I’ve included the time stamps so you can fast-forward to the topics of most interest to you.

    My next post will cover what’s new in authentication and data protection in Windows 10, so subscribe to this blog to be sure you don’t miss it.

    Christopher Garcia

    About Christopher Garcia

    A ten-year Dell veteran, Chris has had experience in various marketing roles within the organization. He is currently a Senior Product Marketing Manager.

    View all posts by Christopher Garcia 

  • KACE Blog

    Building a Secure Mobile Enterprise at Pepperdine University

    As I’ve explained in my previous blog posts, mobile devices have quickly evolved into critical enterprise tools that open the doors to better productivity, innovation and competitive advantage. At the same time, they have increased IT complexity and raised critical security and privacy concerns. I’ve offered several recommendations for ensuring security with both personally owned and corporate-owned devices. But what strategies actually work in the real-world? For example, what do educational institutions actually find most effective?

    To find out, I’ve asked Kim Cary, CISO of Pepperdine University, to discuss the challenges of enabling mobility while maintaining security. Here’s our Q&A:

    Q. Tell us a little bit about endpoint security from your perspective as CISO at Pepperdine.

    A university needs a different network than the typical business. For one thing, we don’t own all the endpoints on our network — students, conference guests, invited speakers and contracted services all use systems we don’t own. Further, for those endpoints we do own, it isn’t appropriate to use a simple “only what the company installs on it” strategy for security, particularly with faculty. So our endpoint strategy in security is much more of an “innocent until proven guilty” approach.

    The way this plays out is that we use role-based access. For devices we don’t own, we limit access to well-maintained and monitored services. For devices we do own, we make sure that they are patched and their assigned users have good security training available.

    Q. Why is endpoint security so important in terms of your overall security strategy?

    As one of our vendors puts it, “Your network is only as secure as the devices that are connected.” This means that at the end of the day, after all the firewalls, IDS/IPS, security education and anti-virus have done their work, if someone’s workstation is weak, it can still become a cybercriminal HQ on your network. The resulting data breach would not be good for the students, community or university.

    Q. What does Pepperdine do to manage and secure endpoints?

    We use a NAC to provide role-based access. We evangelize security training and software patching aids for systems we don’t own. For systems we do own, we automate patching of the statistically most exploited software: the operating system, the productivity suite, and the web helper apps — Java, Adobe Flash Player, Adobe Acrobat Reader and the like.

    Q. What endpoint security solutions do you use and find most valuable?

    For systems we own, what is determined to be security baseline must be mandatory. We have found that automation is required, since every other form of maintenance — including posture checking, user education, technicians with flash drives, and even concierge service for executives and high-profile faculty — has been shown to fail to provide a baseline of security.

    We’re using Dell KACE to automate third-party patching and security configuration for systems we own. We’ve also found it useful for tracking down and helping eradicate zero day infections that have gotten past our anti-virus. Beyond security, the KACE solution lets us provision systems campus-wide. When finance went paperless and we needed Acrobat on every workstation, KACE installed the licensed software in days. When we needed to retire XP before April 2014, KACE gave us an inventory of the 400+ systems to target, and enabled us to upgrade those systems to Windows 7 overnight, instead of having to pull them in to the workbench and interrupt our colleagues’ work.

    Our NAC is critical system for providing role-based access and for informing people of what to do when their BYOD system is blocked for signs of infection or copyright infringement. Being able to both isolate and inform in one operation has saved tons of help desk calls and more importantly, tons of student frustration.

    Q. What advice would you give other IT security executives and managers about managing and securing endpoints?

    Don’t accept that security is not possible if a traditional method of control is not available. Take ownership and find another path; be proactive in innovation; publish measures of your success. Invest in automation of the baseline tasks — your users and even technicians were not hired to spend time on these basics. Automation enables these colleagues to focus on things more important to the business than patching and configuration, such as making the most of their technology tools and designing new solutions for business problems.

    Learn more about building a secure mobile enterprise

    As Pepperdine University illustrates, enabling mobility while ensuring security is a worthy and attainable goal for any organization. I’d like to thank Kim Cary for sharing his insights and advice, and I hope you’ve found them helpful as well.

    To learn more about achieving a secure mobile enterprise, read our whitepaper, “The Secure Mobile Enterprise.”

    Christopher Garcia

    About Christopher Garcia

    A ten-year Dell veteran, Chris has had experience in various marketing roles within the organization. He is currently a Senior Product Marketing Manager.

    View all posts by Christopher Garcia 

    Kim Cary

    About Kim Cary | Chief Information Security Officer at Pepperdine University

    Kim's current work is focused on security training, business process consulting, security policy, mission-friendly security system implementation, security event analysis, incident handling and system operations.

    Kim completed his Ed.D. at Pepperdine in 2004 and holds current major security certifications from ISC2 as CISSP and from GIAC as Firewall, Intrusion and Forensics Analyst and Incident Handler. He received his M.Div. at Biola in 1986, and his bachelor's degree in biology at the University of California, Los Angeles in 1979.

  • KACE Blog

    Dell KACE Wins Two Platinum Awards in Redmond Reader’s Choice Awards 2015

    KACE is a top choice among Redmond readers!

    Redmond Reader's Choice Awards

    We are excited to inform you that Dell KACE won two Platinum Awards for License Management and Patch Management within the Infrastructure Management category. The award winners are determined by the readers of Redmond Magazine based on their responses to the annual survey on the largest hardware and software providers surrounding the Microsoft ecosystem.

    Dell won the largest number of awards in 46 categories.


    • Application Performance Management - Dell Foglight/Foglight for Virtualization – Gold
    • Systems Performance Management - Dell Foglight for virtualization Enterprise Edition – Silver
    • License Management - Dell KACE Software License Management Solution – Platinum
    • SharePoint tools/Services - Dell Migration Suite for SharePoint – Silver + Dell Change Auditor for SharePoint – Bronze
    • Migration Tool - Dell Migration Manager for Active Directory - Silver + Dell Migration Suite for Exchange - Bronze
    • Patch Management - Dell KACE K1000 Management Appliance – Platinum
    • General Network Monitoring Tool - Dell OpenManage Network Manager - Silver
    • Remote Monitoring and Management - Dell PacketTrap - Platinum
    • Remote Client Management - Dell Desktop Authority Remote Support Center - Bronze
    • Asset Management - Dell Asset Manager - Platinum
    • SQL Tool - Dell Toad - Platinum
    • Software Distribution - Dell Desktop Authority
    • Software Packaging - Dell ChangeBASE - Platinum
    • Scripting Tool - Dell PowerGUI - Gold
    • Application-Conflict Testing Tool - Dell Desktop Authority - Platinum


    • Compliance Tool - Dell Change Auditor- Gold + Dell In Trust – Bronze
    • Group Policy Manager - Dell Active Administrator – Gold
    • Security Auditor - Dell Security Explorer - Gold
    • Active Directory Provisioning/Administration - Dell Spotlight on Active Directory Pack – Platinum
    • Hardware-Based Firewall - Dell SonicWall Next-Generation Firewall Series - Gold
    • Two-Factor Authentication - Dell Defender - Platinum + Dell Digital Persona Suite - Bronze
    • Spam/Content Filters - Dell SonicWall Email Security - Platinum
    • Identity Access/SSO Software - Dell Cloud Access Manager - Platinum


    • Backup Software - Dell AppAssure – Platinum
    • Storage Management Software - Dell Foglight for Storage Management – Gold + Dell OpenManage Server Administrator Storage - Silver


    • Virtual Business Continuity and Disaster Recovery - Dell AppAssure – Gold
    • Virtual Management/Optimization - Dell vFoglight – Gold
    • Virtual Server Add-Ons - Dell AppAssure Replay Hyper-V – Gold
    • Application Virtualization - Dell Wyse vWorkspace - Silver
    • Virtual PC - Dell Wyse Workstation - Silver
    • VDI Solution - Dell Wyse vWorkspace - Silver


    • Cloud Management Tool - Dell Cloud Manager – Gold
    • SaaS-Based Application Provider - Dell Boomi - Gold
    • PaaS Provider - Dell Boomi - Silver
    • IaaS Provider - Dell - Silver


    • Server Manufacturer - Dell - Platinum
    • Storage Hardware Provider - Dell - Platinum
    • Thin Client Device - Dell Wyse - Platinum
    • Windows PC Vendor - Dell - Platinum
    • Windows Tablet Provider - Dell - Gold

    To view the complete list of award recipients you can register with Redmond Magazine.

    Lolita Chandra

    About Lolita Chandra

    Lolita is a Product Marketing Manager for Dell KACE. She has over 10 years of product marketing experience with IT software and infrastructure-as-a-service solutions.

    View all posts by Lolita Chandra

  • KACE Blog

    Secure Mobile Management that Doesn’t Bring IT to its Knees: Getting the Single Pane of Glass You Need

    In my two previous blogs, I’ve talked about two key requirements for any mobility program: secure mobile workspaces to enable BYOD and effective mobile device management to prevent data breaches on corporate-owned devices. As an IT professional, you might be saying, that all sounds great, but how am I supposed to deliver all that security with my complex IT environment and limited IT staff?

    These concerns are completely valid.

    Today’s mobile environments encompass a wide range of devices.

    Your IT team is likely managing a large number of personally owned and corporate-owned smartphones, tablets and laptops, and dealing with multiple versions of both Apple iOS, Mac OS, Windows and Android operating systems. That complexity will only increase in the coming years. For example, a Dimensional Research survey sponsored by Dell found that most organizations expect both the number and variety of devices to continue to grow in the next few years.

    Managing that growing complexity — no matter your IT staff’s experience and expertise — requires an effective window into your mobile infrastructure enterprise. While most IT organizations do use systems management tools (often three or more of them!), only about half say their tools can support all the platforms, operating systems and device types they must manage. That means systems management has moved beyond management of traditional computer endpoints and into a new world where “anypoint” systems management will be the imperative for securing and tracking virtually anything with a network connection.

    A better approach is to manage all mobile devices, as well as their applications and content, from a single pane of glass. An overwhelming majority (89 percent) of organizations that lack such a consolidated view would like to have one. Let’s explore some of the key features of such a tool:

    • Visibility — First, you need to know what’s out there. Confidence in visibility into corporate networks was always low, but now is measurably dropping. The Dimensional Research survey found that only 11 percent of organizations were confident they knew about all devices and applications on their corporate networks, down from an already low 16 percent just a year earlier. You need an effective way to discover and inventory all hardware and software network-wide, including laptops, desktops, servers, tablets, smartphones, Chromebooks, and network connected non-computing devices.
    • Automation — Automation is also critical to ensuring that everyone gets the things that they need to do their jobs. You don’t want have to open up an IT trouble ticket every time a user needs the new version of Visio or PowerPoint; you want automated policy and application deployment to proactively provide users with the tools they need according to their roles and group memberships. You also need automated patch management (and a world-class patch library) to ensure that all devices are kept up to date. Similarly, you can’t afford to be bogged down with manual software license management; you need tools that streamline software inventory, license optimization and compliance reporting.
    • Encryption — You also need a comprehensive encryption solution that enables you to enforce policies on devices enterprise-wide from a single administrative console. Look for a solution that can encrypt data at the file level so it can be controlled even if a user copies it to a cloud-based free file sharing site or a USB memory key.
    • Flexibility — Finally, you need this single-pane-of-glass management tool to be mobile itself. Whether you’re in the office or on the go yourself, you need to be able to review and respond to real-time, mobile service desk notifications, examine inventory details, deploy software and more.

    Learn more about building a secure mobile enterprise

    Nearly every organization today wants to reap the benefits of modern mobile technologies — without sacrificing security or overwhelming IT. Secure mobile workspaces, effective MDM, and single-pane-of-glass management are critical components of a successful BYOD strategy. To learn more about achieving a secure mobile enterprise, read our whitepaper, “The Secure Mobile Enterprise.”

    Christopher Garcia

    About Christopher Garcia

    A ten-year Dell veteran, Chris has had experience in various marketing roles within the organization. He is currently a Senior Product Marketing Manager.

    View all posts by Christopher Garcia 

  • KACE Blog

    5 Best Practices for Mobile Device Management (MDM)

    There’s no question that mobility offers a wealth of benefits to organizations, from better productivity and collaboration to improved IT agility and competitive advantage. But as I explained in my previous blog, implementing a mobility program requires careful attention to security. There, I detailed why secure virtual workspaces are the best way to enable users to access corporate resources from their personally owned devices.

    Now let’s look at another piece of the mobile security puzzle — preventing security breaches on corporate-owned devices. How can IT keep mobile devices up-to-date and secure, both when they’re in the hands of authorized users and in the event that the device is lost or stolen?

    The answer is effective mobile device management (MDM).

    A sound MDM strategy will include the following best practices for keeping data from being compromised:

    • Remotely manage apps and content on mobile devices — Secure remote inventory, distribution and management of apps and content enables IT to keep corporate mobile devices provisioned with the apps that users need according to their job responsibilities; ensure that all applications are up to date with appropriate patches and security fixes; and quickly remove applications and content that are deemed to be a security risk.
    • Know where each device is geographically — Keeping tabs on each device’s geo-location will help alert you to possible instances of loss or theft, so you can take appropriate action quickly to protect corporate data.
    • Be able to remotely lock and wipe mobile devices — If you have reason to believe a device has been lost or stolen, you need to be able to remotely lock it and, if necessary, wipe all data from the device.
    • Enable user self-service — A policy-driven, self-service portal enables users to perform tasks based on their individual roles or group memberships. For example, users should be able to view their current devices and register new devices; reset their own passwords; locate, lock and wipe their devices without waiting for help from IT; and view and request changes to their access permissions.
    • Get real-time reports, alerts and analytics – Security clearly requires real-time, exception-based alerting on critical issues. In addition, organizations need reports and analytics that help them achieve and demonstrate compliance; maintain and review detailed audit trails of all user and admin functions; and understand trends and anticipate future requirements.

    Learn more about building a secure mobile enterprise

    Effective MDM complements the secure virtual workspace, helping organizations create, implement and grow their BYOD strategies. To learn more about achieving a secure mobile enterprise, read our whitepaper, “The Secure Mobile Enterprise.”

    Christopher Garcia

    About Christopher Garcia

    A ten-year Dell veteran, Chris has had experience in various marketing roles within the organization. He is currently a Senior Product Marketing Manager.

    View all posts by Christopher Garcia 

  • KACE Blog

    Tap KACE Experts for Maximum Practical Learning at Dell World Software User Forum

    Systems management is a tough job, and it’s not getting any easier. Along with managing all of the PCs, Macs and servers in your organization, you now have to secure and maintain mobile devices and address the BYOD phenomena, all while having to plan strategically for the control of all sorts of newly connected devices. The need for “anypoint” systems management has arrived. Are you ready?

    Attend Dell World Software User Forum October 20-22 and address these challenges and more head on.

    You will get direct access to “anypoint” systems management expertise through a broad offering of KACE educational sessions, all designed for maximum practical take-home learning. Here you’ll uncover more about the newest and most popular KACE features and capabilities that you can put to work right away. KACE experts will be out in force in Austin, all in one location!

    From its origins as the KACE Konference, and now encompassing all that Dell World has to offer for one affordable fee, Dell World Software User Forum is simply the premiere learning opportunity of the year. Here, you along with your IT peers, can up your game by enhancing your KACE appliance knowledge, while exploring the added benefits of the wider Dell Software product portfolio. Immerse yourself in the future of “anypoint” systems management, and  leave knowing more about the latest trends in big data, cloud management, advanced analytics, and the ins and outs of secure network access.

    The Agenda Builder is live, so once you’ve registered, you can create a personalized Dell World Software User Forum experience that best meets your needs and aspirations.

    Featured and favorite KACE sessions include:

    • Enhanced Security and Compliance with Your K1000

    Endpoint security is at the top of everyone’s priority list, and the K1000 management appliance includes a number of features that address these security needs. Find out how to improve endpoint security through K1000 security best practices.

    • Software License Compliance and Governance

    License management can be a daunting task. Learn how the K1000 management appliance, integrated with the Dell Application Catalog makes your job easier. Also discover the new functionality from the most recent K1000 release.

    • What's New with the K2000

    A lot has changed with the K2000 deployment appliance in the last year. Stay up to date with the latest and greatest. In this session you will learn what's new from K2000 product experts to make OS deployments easier and faster.

    Why should you attend?

    • Choose from more than 75 in-depth educational sessions, nearly half KACE related
    • Participate in interactive discussions and gain access to KACE product engineers and experts
    • Learn about KACE software product direction and roadmaps
    • Network with like-minded KACE users who have solved real-world problems
    • Hear visionary keynote presentations from Dell visionaries and industry experts
    • Visit the Dell World Solution Showcase with complementary partner demos

    Leverage All KACE Capabilities

    Your Dell KACE appliances are already at work helping you keep your systems up to date and secure. Why not leverage all of the KACE capabilities – some of which you may not have explored or had the time to learn yourself? Your registration includes admission to all Dell World general sessions, solutions showcase, and the big opening night concert. And don’t forget: the BOGO (buy one, get one) offer is still valid. Each paid registrant can bring a colleague free of charge.

    Register for Dell World Software User Forum!

    About Stephen Hatch

    Stephen is a Senior Product Marketing Manager for Dell KACE. He has over eight years of experience with KACE and over 20 years of marketing communications experience.

    View all posts by Stephen Hatch

  • KACE Blog

    The Most Secure Way to Implement BYOD? Secure Mobile Workspaces!

    Mobility is one of the most transformational technologies available today.

    In just a few short years, mobile devices have evolved from cool consumer technology into mission-critical enterprise tools. Accordingly, organizations left and right are adopting bring-your-own-device (BYOD) policies to enhance productivity and collaboration while opening the doors to business transformation, competitive advantage and improved performance. In fact, a Dimensional Research survey sponsored by Dell found that 84 percent of organizations already support mobile devices on their networks.

    Security is critical to a successful mobility program

    Of course, the benefits of BYOD do not come free; rather, BYOD brings a host of technical challenges. Chief among them is security: 44 percent of the 1900+ global organizations surveyed in Dell’s recent Global Technology Adoption Index (GTAI) listed “fear of security breach” as the primary barrier to expanding mobile technologies within the organization. Clearly, reaping the substantial benefits of BYOD requires a carefully considered plan for network and data security.

    The first hurdle is providing users with easy yet secure access to the corporate network from their personally owned smartphones and tablets. One approach is the traditional model: have IT manage all devices that access the corporate network. That way, the organization can ensure that all devices are properly maintained with current security software, browser updates and so on.

    This old-school approach can work well for corporate-owned devices, but it has important drawbacks for personally owned devices, especially in verticals like education. In particular, it fails to protect the privacy of user data — the organization can see everything on a user’s personal device, from personal texts and emails to Facebook posts and browser history. Even though our culture seems to be growing ever more comfortable with sharing personal information online, most people aren’t comfortable giving their employers this unfettered window into their personal lives. As a result, this approach tends to hamper BYOD adoption, if not bring it to a grinding halt.

    Secure mobile workspaces are the most secure way to implement BYOD

    Fortunately, there’s a better option: secure mobile workspaces. By downloading a free app to their phone or table, employees (and other authorized users, such as partners or contractors) can establish a VPN-like connection to the corporate network. A customized workspace provides each user with access to only the resources authorized by policy, while keeping personal and corporate data separate and secure.

    Specifically, a secure mobile workspace can enable authorized users to access:

    • Email – A secure mobile workspace enables users to easily manage their corporate email, including attachments, from their smartphones or tablets. They can stay productive even when they’re not connected to the network, since any changes they make to the mail folder will be synchronized when they reconnect.
    • Calendars – Integrated calendar functionality enables users to keep track of their meetings, manage calendar requests, create and edit meeting notices, receive notifications, and view attachments from their mobile devices.
    • Contacts – Users can view and update their corporate contacts and reach out by email, voice or messaging.
    • Intranet resources – Users can securely access corporate applications and data behind the firewall from a secure browser and securely store any files they download. They can find, manage, create and edit documents even when they are offline, without compromising security.

    Learn more about building a secure mobile enterprise!

    This secure virtual workspace is a key ingredient in a broader mobile strategy — what Dell calls the secure mobile enterprise. To learn more, read our whitepaper, “The Secure Mobile Enterprise.”

    Christopher Garcia

    About Christopher Garcia

    A ten-year Dell veteran, Chris has had experience in various marketing roles within the organization. He is currently a Senior Product Marketing Manager.

    View all posts by Christopher Garcia 

  • KACE Blog

    Patch Management, Configuration Management and Vulnerability Scans – Adding to Your First Line of Defense

     Effective Patch Management

    The threat landscape has been evolving at a rapid pace, requiring enterprises to be highly vigilant and stay on top of new tools and processes that effectively protect them from cyberattacks. According to a recent study on data breaches, 90 percent of exploits targeted apps for which patches had been available for six months or longer, and 50 percent of systems had at least 10 vulnerabilities that had patches available, but were not installed.

    Needless to say, patch management is an integral component of any effective defense-in-depth strategy and is a valuable first line of defense to minimize your endpoint risk. System hardening with security configuration management and vulnerability assessment and remediation are two important controls that go hand-in-hand with patch management.

    Security Configuration Management

    Over the years Verizon’s annual Data Breach Investigations Reports have indicated that weak configuration management and inadequate system hardening factor into most data breaches. Developing configuration settings with strong security properties is a complex task that requires knowledge and analysis that is beyond the scope of the user.

    Installing a strong configuration is not enough.  You must continue to manage it to maintain its security properties to ensure it is not compromised over time as a result of changes or new events, such as new security vulnerabilities or software updates. In order to manage all the systems, operating systems and applications in your environment, you need a centralized solution that gives you a holistic view of your endpoints, and the ability to install and update standard configurations across your entire environment.

    Such a solution will empower you to enforce a consistent endpoint configuration policy, as well as continually monitor and tweak it to ensure that it stays effective long term.

    Vulnerability Scanning and Remediation

    Vulnerability scanning is another integral component of an effective security strategy; without it, you would be unable to discover and address flaws that could potentially give hackers a way to get into your network and systems. Also, vulnerability analysis can help you assess the effectiveness of proposed countermeasures.

    The Open Vulnerability and Assessment Language (OVAL®) is a well-known standard that gives you a repository to check for software vulnerabilities, configuration issues, programs, and/or patches on your endpoints. The OVAL repository for vulnerability tests is continually updated by the community, which reviews and vets new definitions before adding them to the repository. For more information and a helpful list of controls, check out our new white paper, Protecting Your Network and Endpoints with the SANS 20 Critical Security Controls.

    Enterprises today must take a very active role in defending their organizations and managing risk, and you play a key role in helping your organization achieve this through patching, configuration management and the use of vulnerability scans. This is no easy undertaking, but a centralized solution can make your life a lot easier.

    Gain more insight into developing an effective patch management strategy that meets your organization’s needs.

    Lolita Chandra

    About Lolita Chandra

    Lolita is a Product Marketing Manager for Dell KACE. She has over 10 years of product marketing experience with IT software and infrastructure-as-a-service solutions.

    View all posts by Lolita Chandra

  • KACE Blog

    Patch Management - Empower IT and Keep Users Happy

    In our previous blog we talked about simplifying the patch management process and how automating patch management can greatly ease the burden of managing your IT environment. We touched upon three key elements of effective patch management:

    • Gaining visibility into your network
    • Scanning your network
    • Implementing a centralized solution

    Here we will talk about the impact an effective patch management strategy has on both IT admins and users, and some of the elements that contribute toward that experience.

    Significantly Improved Productivity and Job Satisfaction for IT Admins

    A centralized patch management solution allows you to coordinate patch updates across large user populations in a more timely and efficient manner, while providing detailed visibility into each of the patching phases. This eliminates the headaches associated with using multiple solutions, making for a much better user experience and allowing you to focus on more strategic projects. Here are ways you can streamline the patch management process and gain greater control over each step in the process:

    1. Get the “undo” button

    The ability to roll back or “undo” patches is an important feature that gives you peace of mind. It’s especially valuable in those instances when a patch gets rolled out unintentionally, errors are found after deployment, or the vendor issues a recall. Rollbacks simply make your life a lot easier. With this capability you no longer have to spend excessive amounts of time on rigorous testing that can lead to delays, or even a failure to close security gaps in a timely way.

    2. Use a phased approach

    Leveraging a phased release approach to patch management helps you avoid bottlenecks and delays. This is especially important in organizations with large, complex and distributed user populations. Using a phased approach, you can schedule deployments based on criteria best suited to your organization, such as department or geographical location. A phased approach allows you to push out critical patches immediately to systems that need them the most, while rolling out less critical patches subsequently.  Such a systematic approach is more easily communicated to end users, setting realistic expectations while minimizing disruptions.

    3. Deploy to remote sites without clogging up the network

    It is critical to deploy patches to remote sites without consuming excessive network bandwidth. A robust solution will give you the ability to deploy an image once from the central site to the remote site, and then have the image deployed to all the systems in the remote location using the local network. This minimizes the impact on network bandwidth, and is much more efficient than deploying images from the central site to all of the remote systems.

    4. Set up reports and alerts to notify you of issues

    Detailed reports and alerts quickly identify issues so you can focus on the systems that need your attention right away. Reports identifying non-compliant computers, alerts notifying admins of failures, and other such tools make life a lot easier. They allow you to take action quickly and identify issues needing your immediate attention.

    Using an automated, centralized patching solution that gives you these capabilities allows you to  save a significant amount of time and hassle, gain increased visibility into your environment, eliminate errors and exercise a lot more control over your  systems. By doing your job more effectively and efficiently, you’ll have time to move on to value-added tasks that result in improved productivity and greater job satisfaction.

    Engaged, Productive and Happy End Users

    Now let’s see what impact a centralized patch management solution has on end users. It is only natural for employees to get upset when their PC suddenly reboots in the middle of the work day, losing unsaved work.  Here are some ways a centralized patch management solution can improve the patch management experience for end users:

    • Having the ability to automate updates and control when and how patches get rolled out makes it a lot less intrusive on your users, which in turn allows them to be more productive; they don’t have to stop working on their machines for patches to get rolled out.
    • You can design a good patching experience for end users by giving them some control over the process, such as setting patch installation deadlines while offering them the flexibility to do so within a window of time. This is especially applicable to remote users who spend a limited amount of time on the network, as it enables them to select the best time to install patches requiring reboots.
    • Effective patch management leads to performance improvements for users’ systems and applications while eliminating problems caused by malware, including downtime, network congestion, and the inability to access critical systems. Fewer disruptions and improved performance makes for happier and more productive users.
    • Effective communication also leads to a better user experience. Proactively informing employees ahead of time that patches are available reduces negative impact, user downtime and frustration. A good patch management process automates the communication process, greatly improving the user experience and making your job a lot easier.

    To learn more, read our white paper, “Nine Simple (but Critical) Tips for Effective Patch Management,” to gain more insights into developing an effective patch management strategy that meets your business needs. Stay tuned for blog #3.

    Lolita Chandra

    About Lolita Chandra

    Lolita is a Product Marketing Manager for Dell KACE. She has over 10 years of product marketing experience with IT software and infrastructure-as-a-service solutions.

    View all posts by Lolita Chandra