Ivanti Blog: Posts by

Implementing the ACSC Essential 8: Top Considerations

Wed, 03 Aug 2022 20:29:14 Z

2022 saw the number of cyber incidents and their scale and impact grow exponentially.

After a two-year pandemic where many businesses have suffered to some degree, with looming financial uncertainty, maximising return on investment is a key driver for many on their security journey.

We all know skilled resources are hard to find, hard to hold on to and hard to budget for, so supporting their work through automation is a key strategy to do more with less.

Enter the ACSC Essential 8 – a security framework when implemented appropriately and using the correct tooling, can have three major outcomes:

Improving your security posture by protecting against 86% of targeted threats.
Reducing manual effort to complete common cyber hygiene related work.
Minimising the impact of security measures on user experience and productivity.

Ivanti provides solutions to help organisations perform asset discovery/management, and 7 of the Essential 8 controls

Understanding what you are protecting

Each organisation looking to adopt the ACSC Essential 8 needs to understand what they are trying to protect; from the applications that exist in their environment to the devices they are trying to secure. Maintaining a full real time asset inventory and performing a risk assessment of those assets is a key step to implementing the framework.

Understanding the level of maturity you are aiming for, the controls you need to implement and ensuring they are a good fit for your organisation, is fundamental to your planning.

Many basic tools used to complete patch management or application allow-listing come as part of the Microsoft toolset and enable customers to achieve a basic level of maturity for select controls. However, customers typically tell us these tools come with a large management overhead and associated operating costs.

When you need a more advanced level of maturity or to reduce workforce effort and operational costs when implementing and maintaining ACSC Essential 8 compliance, Ivanti can help.

Our solutions are designed from the ground up to automate, simplify and provide great user experiences, and reduce operational costs, all while driving higher compliance and maturity.

Which controls and how to implement?

The ACSC recommend s that when deciding how to implement the controls organisations should consider the threat that concerns them most. We will look at two common ones here:

Targeted cyber intrusion

When an organisation is targeted due to the sector they operate in, the IP they hold or the sensitivity of the information they work with, preventing malware delivery and execution while limiting the extent of any incident is a key strategy.

Ivanti helps our customers implement Application Control to ensure only approved applications, scripts and binaries can execute on machines, reducing the chances of malware and macro attacks.

For over 20 years, Ivanti’s solution has reduced implementation and ongoing maintenance workload for thousands of organisations.

This is done with a focus on reducing the manual effort to manage lists of approved items, providing flexible and contextual policies and empowering users by providing simple exemption workflows when required.

Patching applications is key to limiting many targeted attacks that use known vulnerabilities, especially in commonly used third-party applications. Adversaries know these applications exist on many machines but are not routinely updated or patched to the same cadence as Microsoft and other operating systems.

Ivanti provides a full catalogue of third-party application updates, allowing you to patch hundreds of applications with almost no manual steps, reducing the cost and time to deploy, and has been securing assets for nearly two decades – assisting thousands of customers and OEM partners worldwide.

Ransomware

For many the fear of a ransomware attack is very real. We all have stories of ransomware attacks etched in our memories. Ransomware is an attack vector that not only disrupts but destroys and sometimes leaves an organisation crippled with months of work to rebuild their business.

The recent collapse of a local housing development company listed a cyber-attack as one of the key triggers behind their demise.

Ivanti helps protect you by ensuring only approved applications can run and users only have the privileges they need to complete their job. So, whether ransomware is introduced by email, download, macros or external devices those executions are denied with no excessive privileges available for compromise.

Many ransomware attacks use known vulnerabilities to attack and later, to move laterally. Protecting against this through regular patching is another key strategy.

Do you know which CVEs are associated with ransomware? Do you know if and where those CVEs are exposed in your environment?

Ivanti’s unique risk-based approach to patching OS and third-party apps shows you where to focus first to protect your most important assets from the biggest risks. Reducing your attack surface by prioritising your team’s focus to achieve quick wins means a better security posture with effort optimised.

Our platform provides visibility of patches that close ransomware exploits and where they need to be applied, leaving your team to automate remediation with a few clicks.

Why Ivanti for the ACSC Essential 8?

If you would like to know more on how Ivanti can help you to implement 7 of the ACSC Essential 8 all from one vendor and help you gain real time visibility to the assets on your network, please have a look at our ACSC compliance site and check out our videos, case studies and testimonials.

You’ll find information on:

Reducing cyber exposure against common threats.
Limiting and reducing manual effort of implementation and operational overhead.
Reducing user impact.

Managing Security Threats Using a Risk-Based Approach

Thu, 19 May 2022 09:23:07 Z

Since the pandemic began its felt like life has been viewed through the lens of continual risk management, “Should I go to the store/pub/shops/cinema”. What’s the risk? What’s the value of taking the risk, how do I mitigate as much of the risk as possible?

With the covid rules relaxing in Australia live in-person conferences are now rolling out so it was with excited anticipation I recently attended the CISO Sydney event to talk about risk!

The topic was not covid risk unsurprisingly but rather: ‘Gain Compliance Using a Risk-Based Approach with Less Effort’. In this blog I’m going to detail how you can achieve this.

Addressing the Skills Shortage with Automation

We have a massive shortage of cyber security professionals in Australia, it’s estimated we need 18,000 in the next four years! For those looking it’s tough to find new hires, it’s also a competitive market so holding onto the skills you have is a challenge, plus they are expensive resources so most organisations can’t afford nearly as many as they need.

So, the logical approach is to do more with less, a topic that really resonated with the conference attendees as we discussed how to prioritise their vulnerability management (VM) programs.

Most of the CISO’s in the audience advised they used one or more VM scanners to identify all the weaknesses in their environment, the challenge came in trying to respond to what was found. The common story being the list gets longer every month and the team can’t keep up, and the work is not that rewarding. It’s a common theme resulting from the impact of covid on the workforce, that unhappy workers tend to find interesting work elsewhere if you can’t satisfy their needs.

What’s the Vulnerability Challenge?

There are 250k vulnerabilities in the National Vulnerability Database (NVD). What’s actually important is how these can be exploited:

Less than 20% of those are actually weaponised and could be used to breach your organisation.
Less than 3% use remote code execution (RCE) and privilege escalation (PE) exploits which are the really dangerous ones, 80% of all breaches use these types of attacks.
If ransomware is your biggest fear only 255 CVEs relate to its use, are you sure you know which they are?

So what’s the takeaway from all these facts and figures?

Well, the problem is if you don’t focus in the right area, you can spend a lot of time, resources and money remediating vulnerabilities that your organisation is very unlikely to be breached by, and you won’t reduce your attack surface significantly.

Apply a Risk-Based Lens to the Problem

Risk Based Vulnerability Management (RBVM) was the number two security project for 2021 based on Gartner insights, with the point being to “focus on vulnerabilities that are actually exploitable”.

Below I have included some data from a customer we’ve recently worked with.

The top analysis shows data that comes from their VM scanner, it illustrates that they had over 27,000 Critical and High severity items to resolve, an insurmountable task for their security team, the reports to the Senior Executives were worse every month and people were burnt out with no progress being made.

Compare this to the results when they used a risk-based approach to prioritise based on those that were weaponised, had RCE/PE exploits, were trending, or, had ransomware exposure. The customer could focus on the Critical and High 6,240 items that were their biggest risk. This meant a huge 75% reduction in their workload, so they could focus on reducing the actual attack surface of the organisation which made a significant impact.

Is Ransomware our Biggest Threat?

At the CISO conference one of the topics spoken about by the Minister for Home Affairs Karen Andrews and the head of the Australian Cyber Security Centre (ACSC) was the threat ransomware poses. This was detailed in a report available on the ACSC website: 2021 Trends show increased globalised threat of Ransomware.

If you look at your VM data through this risk-based lens and you can prioritise based on threat, you can gain visibility into exactly where you are vulnerable to ransomware attacks and should focus effort to improve your security posture.

In this example the security team can provide visibility to their executive team to illustrate the limited exposure they have to ransomware attacks. Of the 10,000 vulnerabilities in the environment across 7,000 devices, only 206 devices and 21 vulnerabilities need attention. It’s also possible to see in green the stats the team achieved to improve protection against ransomware.

Our Prioritisation Offer to You

If you are struggling in a world of too many vulnerabilities and prioritisation with an ability to automate workflows, assignment and service ticket integration doesn’t meet your requirements while your attack surface continues to expand then please get in touch. The only solution isn’t to increase the size of your security team.

Ivanti has proven with customers worldwide that we can help reduce cyber risks with less manual effort.

Provide the Ivanti team an output from any vulnerability management tool and within a few hours we can show you how we can prioritise it, giving you three key outcomes:

Reduce your workload by up to 80% by focusing on risk
Reduce the cost to deliver your vulnerability management program through risk-based prioritisation
Reduce your attack surface faster to reduce the risk of breaches and ransomware infections

Reach out via email to contact-anz@ivanti.com

What Does Adversaries Weaponising Operational Technology Have to do with the ACSC Essential 8?

Mon, 30 Aug 2021 22:10:01 Z

I recently read an article from Gartner, Inc. about attackers weaponising your Operational Technology (OT) environment to physically harm people. That really stood out to me. It would be a total shift in the cyberattacks we are used to, which mainly impact big corporations for financial gain. “Who cares” say the public, sometimes forgetting our personal data is being stolen in these attacks.

Examining recent attacks focusing on these types of environments including a ransomware attack on a pipeline in the U.S., that led to thousands stock piling petrol in the fear it would run out (some putting it in carrier bags, potential for human harm?). Also a water treatment facility in the USA where attackers tried to increase the level of sodium hydroxide to poison the water supply. Cyber attacks directly affecting peoples lives and possibly health and well-being!

The question for many organisations responsible for managing this kind of critical infrastructure is changing:

How do I protect this system from compromise?
How do I protect our business from reputational damage?
How do I protect our customers from potential physical harm? (a pre cursor question in Australia to a Notifiable Data Breach)

According to the article I mentioned above, Gartner predicts that by 2023 the financial impact of attacks on OT networks will reach $50 billon.

Defence in Depth Frameworks

For a long time, we have spoken about defence in depth frameworks, having several layers and processes to help protect us against attack so if one control is penetrated, we are still protected.

In that Gartner article, it talks of 10 key security controls /processes that are recommended to be implemented/documented in OT environments. Unsurprisingly, there are several of the ACSC Essential 8 controls defined as recommended by the Australian government.

I wrote a blog last year on 10 years on from Stuxnet one of the most infamous OT breaches that all stemmed from a USB device with a piece of malware on it. Could that be executed in your OT today? Could that have gone slightly differently and caused a real incident to harm people?

Fast & effective patching is still a real struggle in 2021. Due to the volume and severity of vulnerabilities many organisations are starting to look at a risk-based prioritisation. This can mean checking two or three vulnerability scanners, trawling threat feeds and cross checking a bunch of spread sheets of assets to work out a plan, let alone deploy a patch in the recommended 48 hrs.

Having said all that, based on conversations I have had with organisations most do have many of these security controls in place at differing levels of maturity and success.

If organisations have these critical security controls in place what’s the issue?

The security controls implemented are often fractured, siloed and integration can be difficult when there are so many point solutions and vendors involved in the security strategy.

A support issue can have three vendors trying to sort out whose technology is at fault or often who can I point the finger at. Upgrading any one of those five-point solutions may break the integration, so I can’t upgrade anything for fear of what might happen.

The point here is its too complex, too expensive and still too manual.

How can Ivanti help secure your operational technology?

The breadth of Ivanti solutions can provide customers defence in depth across a range of capabilities. We deliver seven of the ACSC Essential 8 Controls plus supporting controls like asset management and inventory. We can also support six of the ten security controls Gartner recommends for an OT environment.

With Ivanti’s acquisition of RiskSense we can provide Risk Based Vulnerability Management. If you have multiple vulnerability scanners for infrastructure, network and applications and can’t see the key risks that pose the greatest threat, and, you don’t know where to focus your efforts and prioritise based on risk of exploitation and ransomware – then we can help.

Here are the security controls aligned with those recommendations that Ivanti can support you with.

If your vision and strategy align to the following three key outcomes, then partnering with Ivanti is going to be of value:

Less vendors to deal with to reduce cost and complexity
Integrated security solutions and outcomes
Automation of common security operations

If you want any more information check out our security solutions page on the website, or if you are looking for some basic foundational controls check out our ACSC Essential 8 page. Or reach out and ask me a question james.ley@ivanti.com.

¹Source: Gartner, “Gartner Predicts By 2025 Cyber Attackers Will Have Weaponized Operational Technology Environments to Successfully Harm or Kill Humans,” 21 July 2021.

Vaccinating against the Ransomware pandemic

Wed, 28 Apr 2021 11:53:15 Z

Just as our physical world has suffered from a devastating health pandemic, over the last 3 years the digital world has been suffering a ransomware pandemic that grew 7 times in 2020 compared to the same time in 2019.

While we have vaccines for our health crisis what are our options to help protect us against this digital threat?

Many vendors claim deep protection against ransomware, we hear about the ‘Next Gen’ & ‘Machine Learning’ approach to mitigating the risk of ransomware. The truth being they are one layer in the defense against this and another vendor in the stack to deal with.

Here at Ivanti our goal is being a strategic partner to our customers delivering value in multiple disciplines. Giving you fewer vendors to deal with, fewer contract negotiations, integrated outcomes, and better ROI.

Some Key Layers

There are many layers that can help you Identify, Protect, Detect, Respond and Recover from a ransomware attack. Here are some of the controls where Ivanti are working with our customers to help them protect against ransomware, note it’s not a point solution.

Understand & Catalogue Assets

Identifying & understanding the hardware and software on your network is key to being able to Protect it. The Australian Cyber Security Centre (ACSC) Essential 8 advise before implementing any other control, assets must be identified and risk assessed. Attackers are looking for that one unmanaged asset they can exploit to gain a foot hold.

Remediate vulnerabilities in your environment.

Ransomware uses many vulnerabilities that have long since had patches. One report by RiskSense found that of the 57 vulnerabilities targeted by ransomware over 30% were published earlier than 2015. For all your assets protecting them with regular patching is essential, especially those that are internet facing.

Application Control

Educating users on phishing and identifying malicious websites is an essential strategy, but there are always those that will accidently be tricked. Phishing as a delivery mechanism for ransomware is once again on the rise. When the inevitable happens and a user is compromised it’s essential the payload be it, executable, script or binary is evaluated, identified as not trusted code and prevented execution rights. Application Control will protect against zero-day threats and known threats. Using delivery mechanisms including macros, emails, infected documents, USB keys, drive by downloads and more.

Minimise User Privileges

It has been widely shown that minimizing the privileges users run with can hugely reduce the damage an exploit can do. Ransomware runs in the context of the user and the privileges the user has. 94% of critical vulnerabilities Microsoft identified in 2016 could be mitigated by removing administrative privileges. Its these types of vulnerabilities that ransomware threat actors love to exploit. Minimize the privileges minimize the pivot.

Segment Your Network

If you get infected with ransomware the last thing you want is for it to rip through departments and the data centre uncontrolled. Unless you are segmenting your network, that is what can happen. This is what some organisations have experienced. Using Zero Trust Network Access controls you can ensure that devices, apps and data can only be accessed when compliance is adhered to. This will limit the damage and how far an infection or intruder can spread.

Zero Trust Access

In this complex digital world, we have hybrid cloud environments, on prem and cloud applications, managed and unmanaged networks and corporate owned and personal devices. Having a Zero Trust framework where you can ensure the access to an application, network, service or data is verified before being trusted and remains compliant allows you to reduce the risk for compromise. Stolen credentials appear in more than 80% of breaches, how about basing trust on something you have, something you know and something you are, using technologies such as MFA, biometrics and certificate-based authentication.

How can Ivanti Help?

Ivanti have solutions that deliver all these core capabilities to help you protect against ransomware attacks. Providing you the layers of defense that truly give you a defense in depth strategy against ransomware.

If you would like to know more about any of these capabilities or an end-to-end solution then please give anyone at Ivanti a call or reach out directly to me james.ley@ivanti.com.

With the dawn of 2021, does Information Technology change again?

Tue, 09 Feb 2021 14:19:47 Z

With the chiming of the clock and a quiet NYE celebration, 2020 was in the rear-view mirror and 2021 was the open road ahead, all possibility. We have multiple vaccines to the pandemic and a true way forward for life to return to normal (well some time).

By this point most customers I speak to have the view that we are not going back to how we worked pre-2020. The world has changed, business had to pivot quickly and adapt to continue doing business. For many, a new way of working had some unexpected results:

The need for large expensive offices may not be essential, we can do more with less
Many users can be productive remotely that were previously thought unsuitable for remote work
Managing devices during a pandemic, natural disaster or unexpected event can be a challenge

As we enter 2021 and move beyond the break/fix solutions of 2020, businesses are looking for the next steps of how to make these changes strategic and drive successful outcomes. Common questions I hear are how organisations can:

Ensure a great user experience regardless of location, network or device type
Manage a sprawling everywhere workplace
Reduce the cost to deliver a remote IT model

Ensure a great user experience

Whether a user be in an office, at home or stuck in hotel quarantine they expect to be able to use services securely, predictably and to be supported as if they were in their workplace. It’s the job of the organisation and ultimately IT to try and make that a reality.

For many in EUC, devices are invisible until on the corporate network or VPN. This means once remote, being able to provide the same level of service is challenging. This causes great frustration on both sides.

Being able to provide real-time visibility & support capabilities to any device on any network, on prem, in the cloud or at the edge delivers a massive step up in ability to deliver a great secure user experience. Using IoT technology with a cloud first model, Ivanti can deliver this unique approach of always on connectivity & support.

Manage the everywhere workplace

The services we deliver to users are sprawled everywhere: on prem, in cloud and XaaS. The way we provide connectivity to these services is also disparate. Users could be on ADSL, NBN or 5G, on or off a VPN. Their device could be corporate owned, BYOD, or totally untrusted.

We have now entered the era of the Everywhere Workplace, and how we manage that will dictate how successful IT can be. Success comes in contrasting measures. Successful at securing and protecting the business, delivering a great user experience & service, and managing a financially responsible organisation.

Reduce cost to deliver IT

One thing the pandemic did was squeeze budgets, and in some cases eradicate them. The question is always ‘how do we do more with less?’ One way to accomplish this is by picking a few essential partners to strategically work with rather than having lots of point solutions.

Here at Ivanti we are in the unique position to deliver 3 cornerstones of IT:

Ability to fully manage, secure & service any device on prem, in the cloud or at the edge
A security platform built on security principles from the ACSC to provide confidence & compliance
A Gartner MQ leading Service & Asset Management platform for all sizes and maturity level

This means customers can work with fewer partners, with better pricing, less complexity, and integrated solutions for increased value.

How can Ivanti help you in 2021?

Through the modern device management approaches taken by Ivanti and the breadth of capability, we support our customers in managing the Everywhere Workplace.

Ivanti helps drive several business outcomes. If any of these are of interest let us know:

Adhering to security frameworks for compliance, such as the ACSC Essential 8
Reducing your risk and exposure by managing & securing not just laptops, desktops & servers but phones, tablets and IoT devices
Providing modern support and service to users regardless of location, device or network
Reducing the cost of IT by shifting left and beyond to resolve more support issues through automation & integration
Providing cost savings through asset visibility and life cycle tracking

For more information on how Ivanti can help you drive the Everywhere Workplace check out www.ivanti.com.au

Ten Years Since Stuxnet and Has It All Changed?

Mon, 26 Oct 2020 15:14:03 Z

As I grow older, things that happened ten years ago feel like they come more frequently, maybe because I can remember them happening. I reflect and really can’t believe another decade has passed. Time does fly. A lot has changed in the world we live in and yet so much has not progressed at the pace expected.

It was ten years ago that the world first heard the word Stuxnet, but for many, what they heard was a nuclear facility was under a cyber-attack. It was a scary headline and the stuff of movie scripts.

Stuxnet 101

For those who didn’t follow this story, a piece of highly sophisticated malware was introduced to an Iranian nuclear facility on a USB drive. That malware was a worm that exploited a zero day vulnerability.

The malware was designed to spin the nuclear centrifuges faster and faster until they failed. The failure was not meant to cause a disaster, just financial and time impacts on the nuclear program.

The worm was never meant to leave the OT network, however due to the aggressive nature, it did get to the internet. It spread rapidly and researchers started to analyse it, and the links to physical Siemens controllers for nuclear centrifuges identified.

Widely believed to be state based malware built by cooperating governments, some officials have claimed this as a success of their tenure in government.

How could this attack of been prevented?

Many would argue that when facing a state-based attack with the resources, skills, and focus for the outcome, it is very hard to protect against this type of attack.

Let’s just imagine for one second that I am the IT manager for an OT or secure network. I am not being targeted by a state-based attack but do want to provide myself a great baseline of protection that can safeguard me against similar attacks.

Device Control – By applying control policies for third-party devices, I can ensure that only approved devices could be plugged in and used to copy code/data onto or off the network. This control is highlighted by the ACSC as a critical control against malicious insiders.

The ACSC Essential controls are also a great place to start for basic cyber hygiene:

Application Control – OT environments typically have dedicated devices with dedicated functions, so applications are fairly static and updates less frequent than many environments. Enforcing policies so only approved known executions occur will protect against unknown introduced code.

Patching – Although Stuxnet exploited a zero day, it was not long until that zero day was available to patch. In September 2020 we saw the Zero Logon vulnerability that has a patch but is now being exploited in the wild as organisations have not patched a known critical vulnerability within the 48 hours recommended by experts.

It’s a multi layered defense in depth approach that helps to prevent against these or similar types of attacks. The best place to start is foundational security controls as recommended by the ACSC and other institutions.

How Ivanti Can Help

We work with many customers protecting their OT environments up and down the east coast of Australia. Many of you reading this blog will not know that Ivanti helps to protect your utilities every day.

Ten years may have passed since Stuxnet but many organisations I talk to are still struggling to implement these basic cyber security controls to support protecting themselves against attack. The tools are available, but for many, the overhead and work required to implement and manage such controls is perceived too big a task.

Be it application whitelisting, OS and third-party patching for Windows or Linux and device control, Ivanti has solutions to help protect not only OT environments, but desktops, laptops, servers or your cloud environments.

All these solutions are built on three core values:

Deliver value quickly by being simple to quickly roll out
Low cost of management overhead moving forwards, even automating tasks to reduce costs
Context aware to cater for modern flexible working/use cases

If you want any more information on how any of these solutions can help you secure your environment, please visit our website at www.ivanti.com.au.

Integrating & Automating Patch Management: 5 Ways Ivanti Can Help

Fri, 28 Aug 2020 00:57:46 Z

Our technical teams at Ivanti ANZ have been speaking to customers about reducing their costs and manpower requirement for Patch Management over the past two years.

Typically, a Patch Management process spans multiple teams including, Security, IT ops, and Change Mgmt, all using differing technologies to achieve a successful outcome. For example:

Patch research and tools such as Rapid 7, Qualys or Tenable for vulnerability scanning
Service management for Change and CI tracking
Manual health checking pre or post patching to ensure stability and success
Deployment of patches both manual and automated

All of these elements are critical to achieving a Unified Automated and Integrated Patch Solution.

What’s the challenge?

Organisations find themselves reacting to a constant stream of information coming daily on threat feeds, patch releases, bulletins. This constant stream of information requires significant time, cost, and attention to manage effectively.

For many organisations ensuring they are secure and stable is not only a business requirement, but a legislative requirement. In Australia many find themselves accountable to implementing the ACSC Essential 8 security controls, 2 of which focus on vulnerability remediation.

The enemy to doing this, systems that don’t communicate, manual processes and no single source of truth.

5 Ways Ivanti Can Help

The breadth of capability and market wide integrations in the Ivanti platform allows us to deliver a truly integrated, and automated vulnerability management solution.

Using Patch Intelligence we are able to provide customers threat data for thousands of patches, where you are vulnerable and if we have seen any stability issues caused by the patch that may affect you.
We can integrate with your vulnerability management tool to import a list of CVEs and tell you the patches they correspond to, removing typical manual tasks.
We can complete automated scans of Windows, Linux, Unix or Mac and drive the results straight to a change request in Ivanti Service Manager or your service management tool of choice.
You go through the change & approval process, this then starts an automated routine.
The automation & orchestration engine performs pre patch health checks, patches, reboots and checks health post patching returning all results to Service Manager. All results are then tied to the specific CI. So, if a machine has an issue IT can see that patches were recently deployed to it and the results of the health check.

Where’s the value?

This approach to continuous vulnerability management delivers a few key values to our customers:

Better ROI from existing investments such as Rapid 7, Qualys or Tenable. Also better integration with Ivanti Service Management or your service management tool.
Reduce manual effort from patch process leading to reduced costs.
Better visibility of how patches affect your assets and reacting to issues to improve user experience.
Automated health checks to highlight issues before users identify them and maximise user satisfaction and avoid downtime.
Improved security posture by delivering patches faster to resolve known threats and vulnerabilities.

How can I get more information?

We have a short demonstration of the capability from the point of view of any IT worker. The key takeaways, they never have to leave the service management tool, they don’t need to know anything about patching and they can do everything from a browser or mobile phone app.

Please take a look and if you would like to know more contact anyone at Ivanti.

The Ivanti Product You Never Knew You Owned

Wed, 10 Jun 2020 01:57:29 Z

Everyone loves free! Especially in a time like this when due to Covid we see budgets tightening and, in many cases, demands on IT increasing. Many Ivanti customers aren’t aware they own an Ivanti solution called Xtraction, so here is a little history and detail on what Xtraction is and the value it can deliver in your organisation.

What is Xtraction?

In 2015 Ivanti acquired the Melbourne company Xtraction, the reason for this was the rich and flexible dashboarding platform that allowed any user to create meaningful real time dashboards. No scripts, no business analysts, with 20 minutes training anyone could build a dashboard.

The platform plugs in to any database and allows you to run real time queries against it and graphically display the results. No waiting a week for someone to write you a report to find out its not quite what you wanted. The platform has connectors to many sources including Service Now, BMC, Active Directory, SCCM, HP tools and VMWare to name a few.

The plan for Ivanti was to have one place to get dashboards and reports for all Ivanti products in an HTML 5 web enabled application. Every solution on the market has its own reporting tool, people don’t want to go to specific tools to get data, they need a central hub, that hub is Xtraction.

What is the value?

The value can be summed up in 3 simple points:

Consolidated in depth visibility when you need it to make informed decisions
Simple for any users to use with little training required
More value from your existing Ivanti investment

So, you said something about free?

Every Ivanti customer is licensed for Xtraction when they buy a product, and this year Ivanti raised the allowance from 2 analyst licenses to 5! So, you can have 5 users logged in to Xtraction building and viewing dashboards at any one time. The only caveat is you are limited to view only Ivanti data with the free version, it plugs in to the likes of Service Manager, Asset Manager, Endpoint Manager, User Workspace Manager, Security Controls, actually any Ivanti solution.

If you want to connect to a non Ivanti data source like Service Now or SCCM you need to upgrade to an enterprise license and buy the relevant connector.

How do I get started?

We have tried to make that easy, we made a short 15 minute video that guides you through the pre requisites, getting your license, the install and importing the out of the box dashboards.

That’s it then you are ready to go! If you have any more questions on Xtraction please reach out to any member of the Ivanti team who will be happy to help.

Remote Support During a Crisis

Tue, 17 Mar 2020 20:18:11 Z

The Challenge

With the current health crisis being faced across the globe, businesses are looking at how they can activate their disaster recovery and business continuity plans to support most of their workforce being remote. The current global situation has put a spotlight on every organisations ability in a health crisis or natural disaster to carry on functioning.

Ivanti is in the position to help organisations deliver continued support to their workforce, maintain security compliance and provide secure file access from anywhere.

Ivanti Cloud

A software as a service (SaaS) fully managed platform hosted from Australian data centers.

Ivanti Cloud provides IT teams unique capabilities to support and work with their remote users, including:

Perform diagnostics on a user’s machine with no remote session
Check the location of a user’s machine if lost or user is non contactable
Enable/disable or start/stop windows components, services and application remotely
Ability to network isolate and repair compromised remote devices
Perform scripted PowerShell tasks on a remote machine initiated from the cloud
Maintain visibility to security, health and inventory of your remote fleet
Covers Windows, Mac and Linux

As a SaaS offering the only thing you need to do is deploy the cloud sensor to your devices after cloud tenant provisioning. The sensor can be deployed via SCCM or provided to the user as a compiled installer to self-install. There is no professional service required to get this running, it’s turned on and you are ready to go.

Ivanti Security Controls

Ivanti offers industry leading patch platforms for remote and on premises patching featuring centralised reporting for both. The challenge faced by organisations is how to keep Microsoft and 3^rd party applications updated when many remote devices may not return to the corporate environment for weeks or months.

Using the Ivanti Protect Cloud, customers can patch machines via the cloud gateway. This means machines stay up to date with the latest security patches while they are disconnected from the corporate network. Importantly they automatically report back their compliance securely, so your organization maintains visibility of its current risk profile.

Security Controls does require an on premise/Azure/AWS install, but this can run on a Windows server virtual machine and can scale to thousands of remote devices. Devices must have the patch agent installed, this is managed through an automated email invitation. Detailed monitoring statistics are available for integration with solutions such as Splunk.

Typically, this configuration can be stood up in less than half a day, with little to no professional services.

File Director

With so many remote workers, ensuring they have secure access to key corporate data to do their job is imperative. This access when remote is commonly provided by a corporate VPN. With so many users accessing these VPNs during a crisis, some customers may find their VPN solutions reaching saturation.

Ivanti File Director provides simple, secure file syncronisation from Windows, Mac, IOS or Android devices. An on-prem virtual Linux appliance acts as a file proxy for the users to access both corporate file shares and cloud storage solutions. This access is available for all platforms including browser-based devices.

There is no requirement to move any data or change any file permissions. File Director integrates directly with Active Directory and provides granular data policies, and data wipe functionality. Detailed monitoring statistics are available for integration with solutions such as Splunk.

The virtual appliance can be uploaded to an existing hypervisor (VMware. Hyper-V) and configured in around 30 minutes.

What’s the Value?

Being able to deliver your users a consistent level of support, and full user experience is key in enabling them to successfully do their jobs, while working remotely for an extended period of time.

Ivanti solutions will deliver value in 5 key areas:

Ability to manage your users remotely & maintain business continuity and keep the lights on
Maintain the security compliance of your devices
Provide visibility to your remote fleet and their health, security and performance status
Subscription licensing to allow flexible, instant access to these solutions
Rapid deployment of these solutions can be achieved typically with no professional services

Next Step

Securing End-of-Life Windows Platforms

Tue, 15 Oct 2019 19:38:52 Z

In the ever-evolving world of technology, Windows platforms are released, heavily adopted, and customized. Business is built around them—and then they go end of life (EOL).

We witnessed it with Windows XP and 2003 in 2014, and as the merry-go-round continues, Windows 7 and 2008 will reach EOL in January 2020.

When support ends, cyber adversaries will target these platforms. As with Windows XP, there is buzz in the security media that attackers are already storing their zero-day attacks and getting malware ready. Attackers will target Windows 7 betting that organizations have unpatched vulnerabilities they can take advantage of.

What does end of life mean?

In three simple statements it means:

No technical support
No software updates
No security updates

To avoid security risks, Microsoft recommends customers upgrade to Windows 10 and Server 2016.

“I need to keep Windows 7 / Server 2008. What can I do?”

If you are using Windows 7 Professional or Enterprise or a server 2008 platform, you can purchase extended support from Microsoft through January 2023. This will get you security updates, but at a cost of between $25 & $50 per device in year 1, doubling each year until 2023.

There is no substitute for patching

The reality is there is no substitute for patching operating systems. It’s listed in the Australia Cyber Security Centre (ACSC) top 4 cyber threat mitigation strategies for a reason. No cyber security professional would recommend not extending support and those key security patches. However, for some organizations it’s just not financially viable.

Alternatives or additions to extended support

Due to the significant risk and focus for attackers that an out-of-support platform brings, many will look to bolster the security around these devices.

Delivering a defense-in-depth set of controls to these devices will allow an organization to increase the security posture of these devices and reduce the risk they pose to the wider enterprise.

Ivanti is in a unique position to assist our customers with this, delivering the remaining three of the ACSC top 4 controls from the ‘Security Controls’ platform.

Application whitelisting

Ivanti® Application Control provides a simple-to-deploy, low-management-overhead approach to application whitelisting, enabling organizations to ensure that only IT-approved software and content is ever allowed to run, thus thwarting file-based attacks and many attacks that are file-less originated.

This is achieved using Trusted Ownership—a unique approach to application whitelisting employed only by Ivanti. The basic premise is that the Microsoft NTFS owner of a file is checked at run time. If the file was placed on the disk by a trusted user then the file can execute, otherwise it’s blocked by default. This means any software delivered as part of the SOE/Gold build or delivered by SCCM / Ivanti Endpoint Manager can run by default, with no lists to manage.

This approach provides such a low cost of ownership that customers with fewer than 2,500 managed endpoints tell us they can manage it with a quarter of an FTE. (References available upon request.)

Third-party application patching

All endpoints have third-party applications installed—some as middleware, some as applications within their own right. Many of these applications contain most of the vulnerabilities identified in software. Reports show that’s up to 86%.

Ivanti’s patching is market leading and mature, and it features the largest catalog of more than 100 vendors whose patches you can simply click and deploy from our agentless patch platform. Deploy patches regardless of whether machines are in the network or outside. Automate the deployment and reporting of critical patches within the ACSC-specified guidelines of 48 hours.

Removing administrator privileges

There are many reasons why users have administrator privileges. For many organizations, end-of-support platforms have likely been whittled down to only those machines that are stuck there. Ensuring that users only have the minimum privileges they need on these devices—and no more—is key.

Using Application Control, IT can elevate individual applications, control panel applets, or services as required. By leaving the logged-on session running as a standard user, the lowest level of privileges is available to the exploit in the event the machine is compromised.

How Ivanti helped a customer succeed

Over the years, Ivanti has assisted many customers who find themselves in the difficult position of needing to manage out-of-support platforms. For example, one customer in the ANZ region was a large government department with a highly sensitive application that ran on Windows XP only.

There was no way to migrate the application off XP prior to the end of support, and the customer wasn’t able to invest in the extended support. Using Ivanti Application Control, they were able to roll out whitelisting to the devices in days, on their own, and secure the devices, with confidence that users couldn’t run any software other than the solitary line-of-business application left on the platform.

After this project, the customer saw so much value and simplicity in the solution that they rolled it out to the supported production fleet to improve their security and ACSC compliance.

Read the data sheet on Ivanti Application Control for Windows Servers. You can also request a demo on our application control capabilities.

The Power of One – ASD Top 4 in a Box

Tue, 21 May 2019 22:10:25 Z

When it comes to ASD top 4 compliance, most organizations think it’s easier to put off the pain. The reality is investing in top 4 compliance is far more cost effective than the alternative, dealing with a breach.

During an audit of three federal government agencies in 2018, it was highlighted that only one of them was ASD top 4 compliant. This audit was however a very small view of the issue. From audits over the last four years only 29% of agencies were compliant.

With federal government agencies being mandated to implement these controls since 2013, what’s the issue? Looking at data collected by Ivanti in 2018, this pattern also exists in the corporate world.

What’s the issue?

It’s just too hard nobody can do whitelisting
There are too many moving parts
Our users are unique
We can’t impact the users
The business is risk averse
We don’t have the resources to manage it
Its more consoles, agents and vendors

These are all very common statements I have heard in the 7 years I have been talking about ASD compliance with customers. However, it doesn’t have to be that way, if you choose to work with a vendor that looks at security from a different perspective you may just see why.

What makes Ivanti different?

When we talk about security at Ivanti we talk about ‘Operational Security’. We talk about how we can operationalize security and make it a core fundamental part of your approach to IT. How we can make security an enabler for IT and not a draconian control they are forced to deploy and manage at their expense and their user’s satisfaction.

All Ivanti security solutions have a top 4 of their own:

Empower users don’t just restrict
Low cost management overhead
Be fast to rollout and realize value
Continually change the game

Let’s look at those in a bit more detail:

Empower users – Often users are the last thought when it comes to how security controls affect the organization, do this at your peril. If your security controls allow users to function the way they need, in a more secure way they are less likely to work around you. Most whitelisting solutions allow or block, with Ivanti if a block happens we have multiple mechanisms to get the user working again, quickly and easily with a small disruption to their productivity.

Low management overhead – All of the Ivanti solutions have features and designs such that management overhead moving forwards is super low reducing cost. That may be in automated patch scanning and deployment with integration to your vulnerability scanner and change management system, or dynamically whitelisting any IT installed software with no manual whitelist updates. Or remote machines that never return to HQ patching themselves remotely and securely reporting back their patch status.

Fast to rollout – With limited resources both human and financial, getting ROI is important. Ivanti solutions can be stood up quickly and value realized fast. Using our patching you can be closing vulnerabilities in 20 minutes from download, it’s that quick.

Changing the game – We may not have Next Gen in the name of every one of our products, but we are changing the game and going Next Gen! Patch Intelligence from Ivanti Cloud will deliver our customers success and failure stats for patches from our global customer base, that’s over 25 million patched endpoints! This will help you build a patch strategy and mitigate risk, based on data, not guess work! This approach will help to start streamlining patch testing and the costs associated.

What is the power of one?

This year we released our Ivanti Security Controls product, this brings our customers ASD Top 4 compliance from one product, one console, one agent and one vendor. Yes, to repeat everything from one product, one console, one agent and one vendor. The power of one!

This brings our customers those top 4 Ivanti principles when deploying the ASD top 4 security controls.

The power of one allows our customers to have fewer management points and technologies to support, helping to reduce overhead and training requirements. Better integration between the capabilities to provide more value and a lighter footprint on the endpoint. Faster deployments to reduce project costs and get protection faster. Wrapping all this is working with one vendor, reducing the cost of software, simplifying support procedures and only having to manage one vendor relationship.

For more information on how Ivanti can help you implement the ASD top 4 security controls take a look at the home page, or if your are ready to start your journey download a free trial.

Are You Ready for the New WannaCry? You Better Be!

Wed, 15 May 2019 18:30:01 Z

After the carnage and financial damage caused by WannaCry in 2017, here we go again. Yesterday Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, identified and reported to Microsoft by the UK’s National Cyber Security Centre.

This vulnerability is wormable, meaning it’s a pre-authentication and requires no user interaction and can jump from vulnerable machine to vulnerable machine. It is inherent in the RDP (terminal services) protocol and only affects Windows XP, 7, 2003, 2008 and 2008 r2. Modern operating systems are unaffected.

This vulnerability was seen as so severe, Microsoft took the uncommon step of releasing patches for unsupported operating systems.

Unlike WannaCry, this threat is seen as extremely easy to exploit. It took a leaked NSA tool to exploit the WannaCry vulnerability, whereas the fear with this one is that it will be much easier to take advantage of.

With a patch now available you can bet there are cyber adversaries out there reverse engineering the patch while I write this blog, getting ready to exploit organizations and individuals alike.

In Australia the problem looks like this today from a desktop OS standpoint: 21% of machines still run an affected OS.

It’s much harder to ascertain from a server OS standpoint what the exposure size is, as most servers are not internet-facing to get these stats. If the customers I speak to on a daily basis are anything to go by, there are still many pockets of these 2003 and 2008/r2 servers around.

Many of these older servers are Citrix server-based computing environments which will all be running RDS. I was listening to my favorite cyber security podcast last week (Darknet Diaries), and the host was talking to a penetration tester who did internal pen tests. He said when he is in an environment and he finds Citrix, that becomes his primary target. It’s a hub of applications, tools and privileges. If you have one of these legacy environments, make sure it’s patched!

A Rapid7 blog showed how internet scanning engine Binary Edge identified 16 million endpoints publicly available on port 3389 and 3388 typically reserved for RDP. With 67,338 endpoints internet facing for RDP as of July 2017. It’s not clear what OS these exposed servers were running.

So what’s the answer? You better get patching, ASAP!

With the latest versions of MS SCCM not supporting Windows XP and Server 2003, the job is going to be more difficult. Does this mean manual patching? Not necessarily.

Ivanti Security Controls provides our customers the ability to patch both XP and Server 2003, in an automated approach with complete visibility to status. Know if you are exposed rather than waiting on manual analysis and reports you don’t trust 100%.

If you want more information on how we can help protect you now, call +61 283787201.

Managing Your IT Security With One Multi-Layered Approach

Thu, 25 Oct 2018 19:03:42 Z

As the prevalence of directed cyber-attacks increase at an exponential rate, it has never been more important to monitor your IT security defences, effectiveness and policies in real time. How to go about it though when different areas of defence are controlled by different applications and different processes.

How would you quantify your security posture?

The ASD Top 4 strategies to mitigate cyber-attack would be a suitable place to start.

So, what is the ASD Top 4?

The Australian Signals Directorate top 4 strategies to mitigate targeted cyber intrusions, they consist of Application Whitelisting, Patching Applications, Patching the Operating System and Minimising Local Admin Privileges.

Application Whitelisting

By definition, only allowing known, clean applications to run in the environment and stopping all others from running. Depending on the tool, this can be maintained with a unique hash, allowing executables from known manufacturers to run or the simplest method by allowing only programs with trusted ownership to run. Without whitelisting in an organisation, a hacker can send a targeted email to a recipient ie. (An attached file labelled as an invoice to someone responsible for processing invoices, they double click on the file and run the malicious code), with whitelisting the code will be stopped instantly and the threat contained.

Patching Applications Software

An Application is any software that is not part of the core operating system. Application patching is far more challenging than patching the operating system as there is a vast number of manufacturers and each may have a unique way of applying or configuring their patches. It is essential that these patches are kept up to date as failure to maintain compliance can drastically increase the potential for cyber intrusion into the network. US-CERT, the United States computer readiness team have released the top 30 targeted high-risk vulnerabilities and they are some of the most commonly used applications in business. Don’t keep these patched with the latest releases and your company is a prime target for cyber-attack.

Patching Operating Systems

The Operating System is the core on which all other systems and software are dependent, unless this is stable and secure then all other security functions are pointless. Patching of the OS then underpins all other security considerations, patches and/or Service Packs must be applied in a timely fashion relative to their importance. Automation of this process is integral to maintaining a consistently secure environment. The most publicised attack aimed directly at an OS would have to be the WannaCry attacks of 2017, these were devastating for the businesses that they infected. It infiltrated systems through an exploit in older Windows systems. Although Microsoft had released patches to close the exploit, WannaCry infected machines that had not been patched and the reported total damage was estimated in the hundreds of millions if not billions of dollars.

Restricting Admin Privileges

When systems are targeted, the perpetrator will firstly look for user accounts with Admin rights since they have an elevated level of access to the organisation’s ICT system and can cause the most damage. Reducing administrative privileges to an absolute minimum while maintain access and rights to users required for them to carry out their duties should be a focus of all IT security managers. How many local admins in your organisation? Australian National University’s IT systems were infiltrated by someone who managed to acquire account credentials of an Admin account which gave them access deep into the organisation, the attack believed to have originated in China was aimed at access to key defence research projects.

Security Live View

No one application can manage all of the ASD Top 4 strategies so how then can one dashboard display all the relevant information?

At Ivanti we have a tool called Xtraction which can connect to multiple data sources simultaneously giving a live data feed to disparate data sources in a single dashboard. Refresh cycles can be adjusted from 5 seconds to 10 minutes complete with customisable alerts that can fire on any anomalies that may occur. Regular reports can be scheduled through the in-built reporting engine and can be distributed via email, file share or server access without the need for any manual processing.

Not only can Xtraction show the company’s security posture at this point in time but by storing key data over a period of time can show trends such as unpatched machines, average time to patch and critical patches not applied. This gives the business a clear view of the success of patching initiatives and how their processes stack up against industry standards.

In addition, Xtraction has pre-defined data models eliminating the need for any coding as well as pre-built Out Of The Box dashboards that can be tailored for any organisation. Here, Xtraction is displaying information related to each of the ASD Top 4 Strategies in a single pane of glass giving a live view into the organisation’s security posture at any moment in time. With this visibility, maintaining an acceptable security posture is within the grasp of any organisation.

How Does Your ASD Maturity Compare to the Market?

Fri, 28 Sep 2018 18:29:58 Z

As we come to the end of our annual ANZ Interchange unplugged conferences, a big thank you to all the customers and partners who took the time to come listen and interact with us.

We were lucky to have most of our senior executive team here including Steve Daly our CEO, Steve Morton our CMO, Tom Davis our CTO, and Duane Newman our VP for product management. Customers were able to interact with the leadership team, give feedback, and ask questions. You do not get that with many global software vendors!

Cyber Security Survey

As part of the Interchange conferences, we held an anonymous cyber security survey. The survey was designed to provide insight on responding organizations' maturity levels against the ASD top 4 and their journey to the ASD essential 8.

Winding back a moment, for those not aware, the ASD (Australian Signals Directorate) has 4 cyber threat mitigation strategies that—when implemented—will mitigate 85% of targeted cyber threats.

ASD also provides a maturity model for organizations to use on their journey to improve their security posture. This maturity model helps organizations have goals and stepping stones for improvement.

The model has 5 maturity levels for each of the ASD essential 8 security controls, targeted at server and workstation environments.

Maturity Level Zero: Not aligned with intent of mitigation strategy
Maturity Level One: Partly aligned with intent of mitigation strategy
Maturity Level Two: Mostly aligned with intent of mitigation strategy
Maturity Level Three: Fully aligned with intent of mitigation strategy
Maturity Level Four: For higher risk environments.

As a baseline, the ASD recommends that organizations should aim to be level 3 on the maturity scale, with high risk environments aiming for level 4.

At Ivanti we talk a lot about the ASD frameworks. After all, these these experts know what they are talking about.

What were the results?

For application whitelisting, half the respondents said their ASD maturity level for whitelisting was 0; we don’t do it. As the ASD number 1 cyber threat mitigation strategy, that’s huge! But to be honest, based on my conversations with customers, that did not surprise me.

I also believe the 25% who are maturity level three may come down to the fact that this data is coming from Ivanti customers who already use our Application Control whitelisting technology or the figures may have been lower.

*Maturity levels are 0 – 4 from top to bottom for all charts

When asked about patching the OS, 65% were only at maturity level 0 or 1, and this one did surprise me. With technologies such as SCCM and WSUS being so widely used, I expected patching the OS to be more tightly managed. What’s the reason it takes so long to patch the OS? Change control? Fear of breaking something? People don’t think it’s important?

For patching of third party applications, 36% only made it to level 0 and a further 36% only made it to level 1. With third party application being responsible for such a large proportion of identified vulnerabilities, this highlights a real risk and a door organisations are leaving wide open to be exploited.

When looking at admin privileges almost 60% of people were only maturity level 0 or 1. Looking at the notifiable data breach Q2 report, it shows that 77% of malicious breaches were caused by compromised credentials this highlights a concern, and a real drive to run a least privilege model.

For the remaining 4 controls from the ASD essential 8, we went a little more overarching and just asked respondents if they were actively aligning to the controls. With spear phishing and malware in macros still being such a common attack type, the fact only 26% of people actively managed macros was another surprise.

As a breakdown of what industry verticals responded, here is the data. What this shows me is even making data anonymous IT people still don’t trust you with 25% not wanting to say their industry vertical.

The Takeaway

The majority of organisations are starting to align themselves to a security framework. This data set does indicate they are still at an early stage of their journey, with some way to go in achieving the recommended baselines from the security experts.

The data backs up what I commonly hear from customers when I speak to them, and little of it was too surprising.

Here at Ivanti, using our security solutions targeted at the ASD top 4, we are able to help our customers improve their security posture and achieve the recommended level 3 maturity. All while improving user satisfaction and productivity, causing little management overhead and in the case of patching, automate the process to save IT time and cost!

See the Swinburne university case study where Ivanti were able to help them meet their ASD essential 8 mandate.

For more information visit our ASD top 4 and essential 8 site.

What is the most valuable resource for any organisation?

Tue, 04 Sep 2018 21:41:29 Z

It’s the people.

The employees of any organisation are the driving force behind its success. They design and build a product, they promote the product in the market, the sales team sell the product and a team of employees support customers using the product. Without people there is no organisation.

With that in mind those delivering IT services need to ensure this valuable resource is empowered, enabled and their productivity is optimal.

Many organisations have been delivering IT services the same way for years.

Buy some hardware
Install a gold build on that hardware
Install extra software such as design programs or finance programs
Apply some Group Policy to extend the configuration
Apply some logon scripts to configure the user environment

These steps and customizations typically take a modern piece of hardware and make it slow, difficult to use and frustrates users. A study at the university of Warwick in the UK showed that happy users are 12% more productive!

“Why is this so hard? At home this just works. Why are logons so slow?

A common frustration faced by users is slow logons, they begin to creep in, and over time get worse and worse.

Users are left with a logon lasting anywhere from 30 seconds to several minutes. What do users do when they know the logon is going to take time? Most commonly they leave their desk.

Between the 2 minutes it took to logon, and the 5 minutes the employee is gone, their computer has sat unlocked and unsecured. During this time anyone could sit down and run applications or access potentially sensitive data. This is a direct breach of laws such as the Notifiable Data Breach (NDB) scheme, this could have potential financial ramifications for an organisation.

The reality is we want our users to be presented with their familiar look and feel desktop, ready to launch applications in seconds.

When users face issues caused by poorly performing computers, they will typically become less productive. They may:

Call the IT service desk to complain

We all have those repeat offenders that have issues and the first thing they do is drag other users in to it, then call the IT service desk to complain. This disrupts other users and adds extra stress to your service desk function.

Try rebooting because that fixes everything

When users strike issues, and a task is taking longer than they expect, pressing the power button to hard boot the device seems like a good idea. Often it causes more problems than it solves.

Ask a colleague how to get around security, or introduce new software/hardware (Shadow IT)

If a user is inhibited from doing their job, by a security product or the lack of a service IT have delivered. Typically, users are wise enough to find a way around it. Someone in their team knows how to disable the security product, a user knows someone who has some Adobe license keys they can use to install the software they need.

All these outcomes stop users doing what they are supposed to be doing, and potentially cause more harm to user computers resulting in real support issues and tangible risks to the business.

Traditional approaches to IT Management

In any typical organisation complexity is king, the use of technologies such as laptops, desktops, tablets, server operating systems and virtual desktops are common place.

Traditional approaches of Microsoft Group Policy and logon scripts are slow, inflexible, inefficient and difficult to manage for IT.

To give users the best user experience and make them instantly productive, we need to rethink how we configure and apply policy to endpoints.

Having a laptop that applies all its policy when a user logs on is ineffective in our modern digital society. A user may logon their laptop on day one and rarely logout unless forced, the laptop may leave the office and never come back. We need to able to apply policy to that user and device contextually based on the situation the user finds themselves in at any given time. We at Ivanti call this dynamic contextual policy.

organisations need a unified approach to manage user experience across this sprawling estate. With that unified approach IT can prioritize having the most productive and happy users, to drive that business to success.

Ivanti have the right IT Solutions for your organisation

Dynamic Contextual Policy

Ivanti Environment Manager policy (EMPO) provides IT teams with an advanced lightweight toolset to manage any Windows platform, be it physical or virtual, server or desktop from one console.

EMPO is simple and fast to roll out, it’s just a console, agent and a small policy file all of which you can manage from Microsoft SCCM or Ivanti Endpoint Manager.

No more logon scripts

EMPO can help your organisation eradicate the use of slow and complex logon scripts, allowing any member of your IT team to automate tasks in a simple GUI. No scripting skills needed, one error in the logon process does not bring the users to a grinding halt. Run logon tasks during logon, a new network connection, the desktop being locked or even an application starting. Configure the desktop in a truly context aware nature.

End the GPO slow down

organisations can move hundreds of Group Policy configurations running sequentially in AD, to run in parallel from EMPO, sometimes saving minutes on a user logon, every logon.

Don’t just apply GPO to a user, machine or OU. Apply based on the context, as users roam through your environment adapt the policy and apply GPO based on device type, IP address, what applications are running or even the day of the week!

Make happy users

Through its advanced policy engine EMPO is able to consistently deliver logons of under 20 seconds, maximizing user productivity and elevating user experience, making happy users. It achieves this by allowing logon actions to be applied simultaneously, rather than one-after-the-other, to minimize the time it takes to logon. In addition, actions typically applied at logon can now be distributed to apply on-demand, throughout the user session instead, removing the burden on the logon process.

It’s easy-to-use graphical user interface, negates the need for advanced scripting skills, reducing the complexity of managing and maintaining legacy logon scripts or complicated Group Policy inheritance, freeing up IT for more important tasks.

Outcomes

Better managing your desktops and creating a great user experience is not only good for the users. IT benefits as well:

Reduced risk surrounding NDB and GDPR

Minimize security impacts by users leaving their computers unlocked during logon
Stop users needing to work around IT limitations and security products

Fewer support calls

Empowered users with a well performing desktop and the right policy have fewer reasons to call the service desk. Their desktop is adapted to their current situation making it context aware.

More time to Innovate

With less time spent solving desktop challenges IT have more time to innovate and drive IT forward not just keep the lights on.

If simplifying desktop management, and ensuring you have happy and 12% more productive users is important to your organisation, check out this whitepaper on the Ivanti website.

State-Sponsored Hacking out of the Shadows and Into a Business Near You

Thu, 26 Apr 2018 23:13:01 Z

Last week the Minister for Law Enforcement and Cyber Security made a media release placing responsibility for a wide-scale cyber incident firmly at the feet of Russia. Governments around the world allege Russian state-sponsored hackers infected Cisco routers globally, targeting government agencies and critical infrastructure providers.

The incident is thought to have targeted up to 400 Australian businesses; was yours one of those?

Which countries lead hacking efforts?

State-sponsored hacking is widely associated with major players like Russia, China, and the USA. The reality is the bar is so low now that even developing countries are getting involved. They have a lot more to gain than others: technology they don’t have, bulk personal information, or upcoming foreign investment. And while Russia takes the headlines, these countries can often fly under the radar.

Figures published in 2017 showed the top 5 countries originating cyber-attacks were:

USA
China
Brazil
India
Russia

Three of the names on that list I am sure most people would pick; the other two, not so much.

What do state-sponsored cyber hackers want?

Why are we targeted? What do they want? Sometimes it’s money, but when it comes to state-sponsored hacking it’s intellectual property and knowledge, including foreign policy details, large government/private sector projects going to tender, business processes, contracts, research, and plans for a new product or technology.

The reality is anything can be valuable in the right context.

The slogan for the Australian Signals Directorate (the ASD, tasked with helping to protect Australian government and business from cyber threats) is Reveal Their Secrets – Protect Our Own. This simple slogan shows the true value placed on Australia’s intellectual property and that of other countries.

What’s the target?

While the highlighted attack was targeting hardware, in 2017 the human attack surface reached 3.8 billion people, making humans the targets now and not machines. The 2017 threat report from the Australian Cyber Security Centre (ACSC) showed an overwhelming number of the reported incidents were user targeted, with malicious email and spear phishing leading the stats.

ACSC Threat Report 2017

How do you protect yourself?

The ACSC report details how implementing foundational cyber security controls is a true business investment:

"Prevention is better than a cure. The initial cost of implementing robust cyber security mitigation and incident management strategies, such as ASD’s Essential Eight, may seem high for some organisations, however, it represents an important investment, reducing long term costs and risk."

Ivanti can help our customers implement 6 of the ASD Essential 8 security controls using just one vendor.

Essential 8 Control		Ivanti Solution
Application whitelisting	Block zero-day malware and ransomware	Ivanti Application Control
Patch Applications	Protect against the known vulnerabilities	Ivanti Patch
Patch the Operating System	Protect against the known vulnerabilities	Ivanti Patch
Restrict Admin Privileges	Protect against lateral privilege attacks and slow down successful attacks	Ivanti Application Control
Configure MS Office Macros	Only allow trusted known good macros	Ivanti Environment Manager/Application Control
User App Hardening	Block or disable vulnerable features or integrations	Ivanti Environment Manager
Configure daily backups	Restore critical data in a disaster
Multi Factor Authentication	Ensure the user logging on is who they say they are

Operational security?

With a keen focus on what we consider ‘operational security,’ Ivanti has best-of-breed solutions and a suite of technologies aimed at fast and simple deployment with a low cost of management going forward.

Based on our 30 years of experience in the desktop market we understand the desktop, what users need, and how they expect IT to support and empower them.

For more detail on how Ivanti can help your organization implement the ASD Essential 8 security controls, please see our dedicated web page.

Leverage Your Investment in Office 365 and Simplify Windows 10 Migration

Fri, 20 Apr 2018 05:01:15 Z

Many organizations have moved to Office 365 and many more are making the move. Office 365 includes 1TB per user of free OneDrive for Business cloud storage.

The challenge organizations face is how to make that storage accessible to their users in a simple-to-consume mechanism.

Training staff and changing their workflows is a big headache and can lead to spikes in support calls. It’s possible not all endpoints will have OneDrive software installed, and as a result, users can’t access their critical data on some machines, causing confusion.

The Solution: Ivanti File Director’s OneDrive for Business

Ivanti File Director’s OneDrive for Business connector provides a simple solution. It automatically syncs user files from local, in-situ folders such as the Desktop, Documents or Pictures folders to OneDrive for Business cloud storage. This allows users to access their corporate files with no change to their workflow, from any device, Microsoft or otherwise.

IT gains complete control over how and where this storage is consumed. Migration of local data to OneDrive for Business cloud storage is fast and pain free, eliminating the problem of data sprawl, where users save file locally to multiple endpoints.

For more information on how you can better leverage your investment in Office 365, provide your users a better user experience, and simplify migrations to Windows 10 and cloud storage, visit the Ivanti website.

Is Your Organisation Ready For The Data Breach Notification Changes?

Fri, 06 Apr 2018 21:55:59 Z

Nobody wants to contact a customer, and be the one to deliver the news:

“sorry, we got hacked, and your personal records were stolen”.

Anybody getting that news is not likely to be a customer much longer. The next thing they are likely to do, is jump on social media, and ‘thank you’ publicly.

Then, when the media hears about it, you may just find your company name on the front page of the news for the wrong reasons.

If you fail to secure access to customer data, 2018 is the year when you have to notify customers if you have a data breach.

Fundamentals the Notifiable Data Breach Scheme

From February this year, changes to the Australian Privacy Act, mandate organizations must notify affected parties when their data has been accessed by an unauthorized party.

Where an organization, be it government or private. Maintains a repository of customer data. When that data is accessed by any unauthorized party, and harm is likely (more on this later), the individual/s must be notified.

Who is covered by the scheme?
Any organization who is today bound by the Australian Privacy Act, will also be subject to the Mandatory Data Breach Notification Scheme.

This includes any government organization, private business or non-profits generating over $3 million in revenue per year.

Will I really have to notify anyone?
Based on the very specific wording of the act, if customer data is accessed by any unauthorized party. Be it an internal employee who should not have access to a system, or an external entity. The same process must be followed to investigate and decide if notification is required.

The Data Breach Notification Scheme hinges around two key points on your requirement to notify.

Can you remediate the situation and ensure all accessed data is secure?
Is harm likely to the individual based on the access?

For this article, we will focus on unauthorized access to data by an external party.

Can we remediate?

Imagine a mobile phone or laptop was lost. The device was encrypted and to access it a complex password is required. An organization could form a case, to say the issue has been remediated by your strategic decision to encrypt and secure that device, and you are confident nobody can access any local data.

Now imagine one of your employees opens an email, and clicks a link from Australia Post. That email was not really from Australia Post and it downloads a malware payload. The cybercriminal now has a backdoor to your organization, and through that door they exfiltrate data looking for anything they can use to sabotage, blackmail you with, or sell to the highest bidder.

In this scenario, you have lost control of customer data that you will never gain access to again.

This is a common situation faced by organizations every day, with cyber criminals targeting users through social engineering and phishing techniques with the sole aim of exfiltrating your data. With the changes to the Privacy Act. You are now bound, if harm is likely, to notify anyone whose data was lost.

Is harm likely

The definition of harm from the Office of the Australian Information Commissioner (OAIC) covers physical, psychological, emotional, financial, or reputational harm as being reasons to notify of data breach.

A few examples may include loss of data regarding:

A therapist who has notes on a patient’s job dissatisfaction and stress
A quote for a customer who is looking to change service providers in a sensitive market
Travel details for a customer including passport information
Medical test results to be sent to a customer
Details of a credit check sent in by a customer

In each of these scenarios the information contained becoming public knowledge, could lead to serious harm to someone in numerous ways.

Preparing for Data Breach Notification: Prevention is Better

The reputation of any organization is directly linked to its success and ability to expand and grow. The best way to protect this reputation is ensure you safe guard yourself against unauthorized access of customer data.

The Australian Signals Directorate (ASD) are charged by the Australian Government to provide a security framework to help our government protect themselves against cyber threat.

The ASD detail 4 key strategies that will help an organization protect themselves against 85% of targeted cyber threats, these 4 strategies in priority order are:

Application Whitelisting
Application Patching
Operating System Patching
Minimize Administrative Privileges

(https://www.asd.gov.au/infosec/top-mitigations/top-4-strategies-explained.htm)

Ivanti are in the unique position in being able to support our customers in implementing all 4 of these strategies. Implementing all 4 strategies with one vendor brings the benefit of technology integration, less vendors to deal with and of course, price.

At Ivanti we have a diverse number of state & federal government and private organizations using our technologies today. Through the simplicity and ease of deployment. Organizations are able to protect their users, and the business, against cyber threats using the Ivanti endpoint security platform.

Moving in to 2018 this will protect organizations against having to deliver that difficult communication to a customer, to tell them their data was lost.

What Next?
Now you know a bit more about the new Privacy Act, it’s time to act, and protect yourself.

Contact Ivanti and we can provide a tailored demonstration of how we help organizations better protect their endpoints in line with security frameworks such as the ASD. Or, take a look at our dedicated Ivanti ASD compliance page on our website

You may just avoid damaging your reputation forever.