Tips for a pain-free journey to software-defined infrastructure

By some estimates, 70% of the servers in enterprise data centers are now virtualized, meaning that nearly every company is enjoying the benefits of flexibility, high utilization rates and automation that virtualization provides.

If you’re one of them, you might be tempted to move your network, storage and desktops to software-defined infrastructure (SDI) as quickly as possible. That’s a great long-term strategy. In fact, Gartner predicts that programmatic infrastructure will be a necessity for most enterprises by 2020. But you should move at your own pace and for the right reasons. Don’t rush the journey, and be aware of these common pitfalls.

Have a strategy and a plan. Think through what you want to virtualize and why you want to do it. Common reasons include improving the efficiency of equipment you already have, improving application performance or building the foundation for hybrid cloud. Knowing your objectives will give you, and your technology partner, a better fix on what to migrate and when.

Be aware that many areas of SDI are still in early-stage development and standards are incomplete or nonexistent. This makes mission-critical applications poor candidates for early migration. Start with low-risk applications and implement in phases, being aware that a full migration may take years and that some legacy assets may not be worth virtualizing all. If you’re new to SDI, consider virtualizing a small part of your infrastructure, such as firewalls or a handful of desktops, to become familiar with the process.

For all the flexibility SDI provides, it also introduces complexity. You’ll now have a virtual layer to monitor in addition to your existing physical layers. That’s not a reason to stay put, but be aware that management and troubleshooting tasks may become a bit more complex.

Map dependencies. In a perfect world, all interfaces between software and hardware would be defined logically, but we know this isn’t a perfect world. In the rush to launch or repair an application, developers may create shortcuts by specifying physical dependencies between, say, a database and storage device. These connections may fail if storage is virtualized. Understand where any such dependencies may exist and fix them before introducing a software-defined layer.

SDI requires a new approach to systems management as well. Since new devices can be introduced to the network with little or no manual intervention, it can be difficult to forecast their performance impact in advance. Be sure to factor analytics and performance management metrics into your planning so that you have a way of modeling the impact of changes before making them.

Use standards. Many SDI standards are still a work-in-progress. While most vendors do a good job of adhering to a base set of standards, they may also include proprietary extensions that could affect compatibility with third-party products. To ensure you have the greatest degree of flexibility, look for solutions that conform to standards like the Open Networking Foundation’s OpenFlow and OpenSDS for storage.

SDI relies heavily on application program interfaces for communication. Since there are no universal standards for infrastructure APIs, they are potential source of lock-in if your SDI solution requires APIs specific to a particular vendor. Look for solutions that adhere to APIs defined by industry standards instead.

Double down on security. Virtual connections create certain security vulnerabilities that don’t exist in a world where everything is physically attached. For example, the heart of a software-defined network is an SDN controller, which manages all communications between applications and network devices. If the controller is breached, the entire network is at risk, so it’s essential to choose a trusted platform with the ability to validate any new applications or components. Make sure the platforms that manage your virtual processes are locked down tight.

Don’t forget the human factor. One of the great benefits of SDI is that it enables many once-manual processes to be automated. This will impact the skill sets you need in your data center. Deep hardware knowledge will become less important than the ability to manage applications and infrastructure at a high level. Prepare your staff for this shift and be ready to retrain the people whom you believe can make the transition.

These relatively modest pitfalls shouldn’t stop you from getting your organization ready to take advantage of the many benefits of SDI. Working with an experienced partner is the best way to ensure a smooth and successful journey.

It’s time to rethink cybersecurity.

For many years, organizations have focused their security efforts on endpoint protection. Firewalls, antivirus software, intrusion detection and anti-spyware tools are all effective to a point, but they are failing to stop the vast majority of threats.

A recent ServiceNow survey of 300 chief information security officers found that 81% are highly concerned that breaches are going unaddressed and 78% are worried about their ability to detect breaches in the first place. IBM’s 2017 X-Force Threat Intelligence Index reported a 566% increase in the number of compromised records in 2016 compared to the previous year. FireEye reported that the average time it takes an organization to detect an intrusion is over 200 days.

Endpoint security measures will only become less effective as the number of endpoints proliferates. Smart phones introduced a whole new class of threats, and the internet of things (IoT) will add billions of endpoint devices to networks over the next few years, many of which have weak or no security.

That’s why cybersecurity, in the words of Cisco CEO Chuck Robbins, “needs to start in the network.” The approach that Cisco is championing recognizes the reality that breaches today are inevitable but that they needn’t be debilitating. The increasing popularity of security operations centers shows that IT organizations are shifting their attention to creating an integrated view of all the activity on their networks – including applications, databases, servers and endpoints – and adopting tools that can identify patterns that indicate a breach. For example, multiple access attempts from a certain IP address or large outbound file transfers may indicate an intrusion, and that activity can be stopped before much damage is done.

Fortunately, technology is evolving to support the network-centric approach. Big data platforms like Hadoop have made it practical and affordable for organizations to store large amounts of data for analysis. Streaming platforms like Apache Spark and Kafka can capture and analyze data in near real-time. Machine learning programs, when applied to large data stores like Hadoop, can continuously sort through network and server logs to find anomalies, becoming “smarter” as they go.

And the cloud presents new deployment options. That’s why security is rapidly migrating from dedicated hardware to cloud-based solutions using a software-as-a-service model. Grandview Research estimates that the managed security services market was worth more than $17.5 billion in 2015, and that it will grow to more than $40 billion in 2021. As organizations increasingly virtualize their networks, these services will become integrated into basic network services. That means no more firmware upgrades, no more site visits to fix balky firewalls and no more anti-malware signature updates.

It’s too early to say that the tide has turned favorably in the fight with cyber-criminals, but the signs are at least promising. It’s heartening to see Cisco making security such important centerpiece of its strategy. Two recent acquisitions – Jasper and Lancope – give the company a prominent presence in cloud-based IoT security and deep learning capabilities for network and threat analysis. The company has said that security will be integrated into every new product it produces going forward. Perhaps that’s why Robbins has called his company, “the only $2 billion security business that is growing at double digits.”

DoS Attacks – Understanding & Avoiding Them

In October, a cyber attack on Internet provider Dyn made many web services and sites inaccessible, including several newscasters (Fox News, HBO, CNN, Weather Channel, etc.) and world-class sites Netflix, Paypal, Yelp, Starbucks, just to name a few.

This attack is considered the largest denial of service attack ever made. In order to better understand what happened, we will first of all recall some basic notions of Internet communications. We will continue by talking about botnets and their evolution, before we see the specifics of this recent attack. Finally, we will see how we can guard against such attacks.

Internet Communication Basics

Most Internet communications are of the client-server type. The Internet browser is often used as a “client” and sends requests to the server, asking it to display a Youtube video, for example.

Each server has its own IP address. When navigating on Google, for instance, the server that responds to our request may be different depending on our geographical location. This is made possible by using a Domain Name System (DNS).

These DNS servers will translate an address with the words “www.google.com” into an IP address. This notion is important for understanding the attack that targeted Dyn.

History of botnets

A “botnet” (combination of robot and network) is a network of computers infected by a virus, which turns them into passive entities that remain listening to future instructions. The person controlling the botnet can then send commands to his army of infected computers. For example, ask his robots to send spam or launch distributed denial of service attacks (DDoS). The distributed nature of this architecture makes detection of DDoS attacks difficult.

With the miniaturization and ever-decreasing cost of computing devices, more and more objects become “connected”. This creates an ever-growing network of printers, IP cameras and all kinds of objects that are connected to the web. All these devices are ultimately small computers, and like all computers, they are vulnerable to attacks.

Moreover, since few people take the time to configure these connected objects, most of them are configured with default passwords, making it even simpler for an attacker to compromise and infect them viruses.

We find ourselves in a situation where many objects connected to the Internet are infected by a virus. And these devices, like IP cameras, are constantly on, unlike our computers. During the most recent DDoS attack, this botnet managed to generate up to 1.2 Tb of data per second! This is a data rate equivalent to nearly 2,000 DVD-quality movies sent per second!

Why did this attack hurt so badly?

Denial of service attacks have traditionally targeted servers or websites of companies that are chosen either for activism (or hacktivism) reasons, or for the purpose of extorting money.

The reasons for this attack are not yet known, but what differs from previous ones is the target. For the first time, it was not site servers that were targeted, but the DNS servers of the Dyn company.

The sites of Twitter, Paypal and Netflix, for example, were fully functional. But by preventing us from knowing the address of the servers to connect, this attack made all these sites inaccessible.

How to defend against these attacks?

DDoS attacks often follow a well-established pattern. A first way to protect oneself therefore is to use systems that will detect the signatures of these attacks.

Another way to prevent is to implement redundancy on servers. By using load balancers, you can intelligently route traffic to multiple servers, improving the system’s resilience to high traffic flows.

But that’s not all! We also need to guard against infections, to prevent one of our systems from becoming a botnet member. To do this, you must first protect computers with antivirus software.

However, many connected devices are too simple to install an antivirus. It is therefore essential to analyze the inbound network traffic in your corporate network, both to detect known threats and zero-day vulnerabilities.

It is possible to further minimize the risk of infection of your systems by correlating and monitoring event logs, such as continuous network and systems monitoring, which is part of the services offered by ESI Technologies.

Finally, remember to keep systems updated, in order to mitigate the risk that known vulnerabilities can be exploited and use unique and complex passwords. Password management software exist to make your life easier.

A specialized information security firm such as ESI Technologies will be able to assist you in analyzing your needs and selecting the most effective and efficient solutions to mitigate the risks of botnet attacks on your systems.

Tommy Koorevaar, Security Advisor – ESI Technologies

Cryptolocker: How to Clear the Infection

Cryptolocker is a now well-known type of virus that can be particularly harmful to data stored on computer. The virus carries a code that encrypts files, making them inaccessible to users and demands a ransom (as bitcoin, for example) to decipher them, hence their name “ransomware”.

Cryptolocker type viruses infiltrate by different vectors (emails, file sharing websites, downloads, etc.) and are becoming more resistant to antivirus solutions and firewalls; it is safe to say that these viruses will continue to evolve and become increasingly good at circumventing corporate security measures. Cryptolocker is already in its 6th or 7th variation!

Is there an insurance policy?

All experts agree that a solid backup plan is always the best prescription for dealing with this type of virus. But what does a good backup plan imply, what would a well-executed plan look like? The backup plan must be tested regularly and preferably include an offsite backup copy. Using the ESI cloud backup service is an easy solution to implement.

The automated copy acts as an insurance policy in case of intrusion. Regular backups provide a secondary offsite datastore, and acts as a fallback mechanism in case of malicious attack.

What to do in case of infection?

From the moment your systems are infected with a Cryptolocker, you are already dealing with several encrypted files. If you do not have in place a mechanism to detect or monitor file changes (eg a change of 100 files per minute), damage can be very extensive.

  1. Notify the Security Officer of your IT department.
  2. Above all, do not pay this ransom, because you might be targeted again.
  3. You will have no choice but to restore your files from a backup copy. This copy becomes invaluable in your recovery efforts, as it will provide you a complete record of your data.

After treatment, are you still vulnerable?

Despite good backup practices, you still remain at risk after restoring your data.

An assessment of your security policies and your backup plan by professionals such as ESI Technologies will provide recommendations to mitigate such risks in the future. Some security mechanisms exist to protect you from viruses that are still unknown to detection systems. Contact your ESI representative to discuss it!

Roger Courchesne  – Director, Security and Internetworking Practice – ESI Technologies

What’s the link between coaching youth hockey and managing end users?

In the summer, I enjoy doing volunteer work as a soccer coach for kids and teenagers. I do the same in the winter when hockey season begins. I find it challenging to bring different personalities to work as a group towards achieving common goals as a team. Being a coach doesn’t come without training however. And I remember one trainer commenting on being a coach as he said “if a given player isn’t doing what you asked him to, the first question you need to ask is: did I tell him? The second question is: did the player understand? The third: did I explain it well?” He ended up by saying “if your answer is yes to all three questions, then repeat as often as necessary”.

When I found myself with a client’s network manager talking about how sophisticated phishing campaigns have become, I remembered this wise comment about that coach trainer. This network administrator in particular admitted than even his seasoned team of network managers came close to being caught in one of these sophisticated phishing campaigns. It was a well-designed one using their GoDaddy account. It’s only when someone took the time to check the links that they noticed something fishy. The average user might very well have fallen victim of this. With regards to end users, ask yourself: “if a given user isn’t doing what you asked him to with regards to suspicious emails, the first question you need to ask is did I tell him? The second question is did the user understand the potential consequences? Thirdly, did I explain it in terms the average user understands?”  I end up by saying “if your answer is yes to all three questions, then keep repeating as users will forget over time and new users become part of your community”.

Charles Tremblay, Account Manager

A brief review of the Telecom 2015 Event

Many ESI representatives in sales and technology attended the event of April 21 that was intended for the industry. We noticed that a new trend is becoming increasingly predominant  among the subjects of different speakers; that is cloud solutions. Indeed, several  presentations focused on the subject; whether with IP telephony solutions,  Microsoft Lync or unified communications, participants could attend some very good sessions. ESI was also among the presenters at the event, where we discussed the challenges of securing enterprise data with the increasing usage of mobile devices.

We also noticed that this year, contrary to previous editions, no presentation used the expression “BYOD”, which does not mean the subject was not discussed. Presenters are now instead referring to the concept using the term “mobility”.

Although topics were not identified with the “security” tag, almost all presentations dealt with IT security in the solutions or business cases presented. Security is a must, it is an integral part of all business solutions, and customers and presenters are all aware of it! Convergence, unified communications and hybrid networks were also some of the topics discussed during the 2015 edition of this Telecom Event.

Roger Courchesne, Director – Internetworking & Security Practice

Data Loss Prevention – a business challenge

Confidential, intellectual and sensitive data are the core of businesses. Some organizations have to comply to conformity regulations with their data and must find solutions to better manage their usage. Data loss, whether intentional or accidental, can have disastrous impacts and are becoming more frequent with the massive use of email, public storage solutions like Dropbox or even a simple USB key.
Coffre-fort
Some statistics:
•    64% of business data is lost intentionally
•    50% of employees leave with corporate data
•    35% of data loss is due to negligence
•    29% of data loss is due to system glitches
•    The loss of a single data costs an average of $200

By implementing a document management policy that rests on protection practices inspired by established norms, and by introducing a proven DLP solution, organizations can block undesirable data transfer, warn users and organization of the failed attempts and ensure data encryption when necessary.
You have obligations: you must protect confidential data which you are responsible. And… warn the authorities in case of loss!

Roger Courchesne, Director – Internetworking & Security practice

Is ransomware a myth?

Ransomware-Featured

A couple of weeks ago I was enjoying a business breakfast with a client when things turned bad for him. It seems it was a bad omen to talk about the challenges he was facing with regards to IT security since as we were talking, he received a text message from his staff informing him that they were hit with CryptoLocker. CryptoLocker encrypts a victim’s documents and demands a ransom for the decryption key usually paid in bitcoins. In its Internet Security Threat Report 2014, Symantec “…noticed a significant upsurge in the number of ransomware attacks during 2013. During January Symantec stopped over 100,000 infection attempts. By December that number had risen more than six-fold.”

Not only it is it not a myth, it has become so widespread that according to the same report, “attackers have concluded that US$100 to $400 is the optimum ransom amount, and they will move to adjust their demand to avoid pricing themselves out of the market” and so my client was asked a 500$ ransom. Luckily for him he chose not to pay and opted instead for backups and cleanups as our friends from SourceFire has let us know that once you pay, you are being put on a list of people that are nice enough to pay the ransom, and therefore become subjected to further attacks.

Even though ransomware does not make up a huge percentage of overall threats, it is not a myth as my personal experience shows; and despite working for a company that has the expertise to help with the cleanup operations it is not in such circumstances that I enjoy being introduced the new clients.

Charles Tremblay, ESI Account manager