The Cyber Security Operations Centre (CSOC) of the Australian Government Department of Defence, Intelligence and Security recently identified the top four mitigation strategies to protect Government ICT systems in Australia. Targeted cyber intrusions remain the biggest threat to large enterprise and Government ICT systems and since opening in early 2010, the CSOC has detected and responded to thousands of these intrusions.
The top four mitigations to protect ICT systems as identified by CSOC were:
- Patching applications and operating systems and using the latest versions of software:
A software patch is a small piece of software designed to fix problems or update a computer program. Patching an organisation’s systems encompasses both the first and second mitigation strategies. It is important to patch both operating systems and applications within a two-day timeframe for serious vulnerabilities. Once a vulnerability in an operating system or application is made public you can expect malware to be developed by adversaries within two days. In some cases, malware has been developed to take advantage of a publicly-disclosed vulnerability within eight hours.
- Minimising administrative privileges:
When an adversary targets a system, they will primarily look for user accounts with administrative privileges. Administrators are targeted because they have a high level of access to the organisation’s ICT system. If an adversary gains access to a user account with administrative privileges they can access any data the administrator can access – which generally means everything. Minimising administrative privileges makes it more difficult for the adversary to spread or hide their existence on a system.
- Application whitelisting:
Whitelisting – when implemented correctly – makes it harder for an adversary to compromise an organisation’s ICT system. Application whitelisting is a technical measure which only allows specifically authorised applications to run on a system. This helps prevent malicious software and unauthorised applications running.
sustainableIT’s range of IT efficiency solutions from 1E can enable organisations to bolster their IT security mitigation strategies, particularly those that have deployed Microsoft System Center Configuration Manager (SCCM) for systems management. Brad Anderson, Corporate Vice President, Management & Security Division, Microsoft Corporation said ‘Microsoft System Center 2012 Configuration Manager and 1E’s suite of tools create a powerful way to manage the complexities and expense of today’s IT environment. Together, they give IT managers the tools they need to derive maximum value and efficiency from IT infrastructure.’
In a world where targeted cyber intrusions pose a real threat to IT security, enterprises should seriously consider the following solutions to add value and functionality to their existing SCCM investments:
NightWatchman Enterprise – the WakeUp functionality of NWME enables Wake-On-LAN to function in large complex networks. These environments typically present several challenges, such as blocking wake messages at each boundary (for example at routers). 1E WakeUp uses an intelligent agent to avoid having to relax network security and to report on success or failure. Large scale events are controlled by powering machines in stages, balancing network load by distributing waves of power events.
Key features and benefits include:
- Reduces cost of software & patch deployments by enabling up to 100% distribution success;
- Computer Health monitors PC ‘health’ trends and enables pro-active or automated problem resolution;
- 1E Web WakeUp allows users to power up their office PC remotely ensuring access to resources at all times;
- Integrates with SCCM and supports Intel® Active Management Technology (vProTM);
- Gives complete visibility with reports on power & deployment success and computer health issues;
- Minimises network impact by using staggered distributions;
- Configurable for any type of network, including where subnet-directed broadcasts are disabled.
Nomad 2012 – enables OS releases, software applications and updates to be distributed quickly and efficiently to remote server-less branch offices and to bandwidth-challenged environments, without the requirement for an SCCM 2012 distribution point.
Security patching, updates and even software deployments are very difficult and often impossible in branch office environments. The enterprises most impacted in this area are government departments, large retailers and financial services companies that have significant branch networks, often running on very little bandwidth.
SCCM’s native deployment technology (BITS) is not very bandwidth friendly and hence patching is often turned off to remote locations. Nomad replaces BITS as a content provider and is very bandwidth friendly, constantly backing off to business traffic to ensure that business operations are not affected. The key point here is that Nomad continually uses spare and available bandwidth to ensure that you can get what you need down to your branch sites as quickly as possible without any impact on the business.
Key features and benefits include:
- Seamless integration with Configuration Manager 2007/2012 – Nomad 2012 integrates directly into the Configuration Manager Admin Console to enable Nomad Branch to be set as an alternate download Provider for Packages, Software Updates and Task Sequences;
- Download Prioritization – Nomad Branch supports the setting of the Configuration Manager download priority. This enables a critical download, such as a software update, to interrupt a large download, such as an OS image;
- Progress Reporting – In Configuration Manager, Nomad Branch supports the sending of status messages that report on Package download progress. The frequency of messages and the maximum messages allowed can be configured.
If you want to scale to larger environments, for example 100’s of machines, the Nomad 2012 Multicast option offers the solution. It uses multicast to distribute locally, serving all PCs at once, and reduces LAN traffic and the load on branch PCs. As multicast is limited to the local subnet, no network infrastructure changes are required.
AppClarity - a plug-in to SCCM that helps reduce software licensing costs by intelligently reducing, reclaiming and recycling software assets (including virtualised applications) as well as identifying and automatically de-installing prohibited / black-listed applications in a network.
AppClarity offers an immediate opportunity to reduce software licensing costs by intelligently helping organizations to reduce, reclaim and recycle their software assets. AppClarity financially quantifies software waste by presenting a rationalized inventory of installed applications, applicable license costs and which installations are not being used.
Administrators can set application policies to prevent certain applications from being used within the environment, which supplements and enforces application whitelisting as recommended by CSOC. These application policies can either be global or specific to a group of machines or users. AppClarity lets you define particular products as Prohibited, which effectively means that the product is not authorized for use within the environment. Whenever AppClarity comes across an installation of a Prohibited Product it will attempt to remove it from all systems under management.
Key features and benefits include:
- Find unused software – quickly find all software waste within the organization including dormant installations and ‘shelfware’;
- Quantify software cost – obtain an accurate picture of all deployed applications by filtering out irrelevant software to show only licensable assets and associated costs;
- Reclaim wasted licenses – automatically reclaim licenses related to unused software or reallocate the licenses to other users to reduce financial liability;
- Application compliance – Identification and removal of applications that have been designated as Prohibited;
- Report savings – replace the time consuming process of producing reports for vendor audits with a few clicks. Organize results by financial impact or vendor to quickly focus your compliance and negotiation efforts.
sustainableIT Director Jon James said ‘1E have sold over 20 million individual user licences worldwide over the past 14 years. All of their solutions have a demonstrable and rapid ROI and are designed for quick and easy deployment. The good news for enterprises that have already invested in SCCM is that they can quickly address the top 4 IT security mitigation priorities as identified by CSOC. By deploying NightWatchman Enterprise, Nomad 2012 and AppClarity enterprises can gain additional assurance that their systems are patched, up-to-date and free of prohibited applications, in addition to the many other core benefits offered by each of these solutions.’
More information on sustainableIT’s range of solutions, including product datasheets, videos and customer case studies is available at www.sustainableit.com.au.
Contact us as follows:
Sydney Office: +612 8985 7365 or email@example.com
Posted: 29 October 2012
A REAL WORLD EXAMPLE:
Operating under a distributed deployment model, the Department needed a flexible tool that worked with its existing systems management platform to accommodate the specialized needs of each individual, while eliminating duplication of effort. Since the initial deployment, Efficient IT solutions from 1E have generated significant savings in energy, cost and time for the Department.
Power and Patch Management
With projected savings worldwide of several million dollars per year when fully implemented, the power management initiative now eliminates more than 21,000 metric tons of carbon emissions per year. The Department also automates patch deployment and network scanning during off hours to save system administrator time.
NightWatchman Enterprise helped the Department automate the shutdown of unused workstations while maintaining security and minimizing disruption. Integrating seamlessly with the Department’s Microsoft System Center Configuration Manager (ConfigMgr) platform, it also offers robust reporting capabilities that accurately report power and carbon consumption savings through a highly customized dashboard. In addition, WakeUp™ – the Wake-on-LAN feature of NightWatchman Enterprise – allows Department site workstations to be powered on for patching, scanning, health checks and software installation. These tasks can now be performed during non-business hours, minimizing impact to normal day-to-day business operations.
The Department also needed an effective way to proactively maintain the security of desktops and laptops at remote sites. Based in sensitive locations globally with no IT staff, these sites faced tremendous network constraints. The remote sites relied on bandwidth-challenged 512Kbps satellite links to deliver 400+ MB packages to desktops and deploying servers simply was not a feasible option. In the Spring of 2011, the Department further expanded its initiative with 1E by deploying Nomad Enterprise.
Using spare network bandwidth, Nomad Enterprise securely delivers operating system upgrades, software deployments and patches safely and securely to thousands of PCs and servers day or night with zero disruption. This removes the need for branch servers or desk-side visits – reducing existing server footprint and administrative overhead.
Further details are available on the 1E website.