21 Jul

Veritas NetBackup Forum, Lisbon June 2017

Just before I went on holiday (which is now a distant memory) I attended the Veritas #netbackupforum event in the beautiful city of Lisbon.   Located in the Marriott hotel, never before have I attended an event where the main auditorium was in a converted car park underneath the building!!  What a great venue and idea (photo below).  The event itself gave some fantastic insight into the Veritas strategy and products moving forward and some valuable technical sessions focussing on the technology solutions important to our mutual customers.  The event was attended by a mix of customers from all over EMEA and partners alike.  Although centred around NetBackup, the more recent ‘wrap around’ solutions across the veritas stack were very well received by the audience.  If you had a perception that Veritas were ‘just the backup guys’ then think again.  They have far more to offer.

The power of information is not to be underestimated and this is what Veritas is all about.  Some of the biggest businesses in the world such as Uber/AirBnB/Amazon are only a matter of a few years old and have built their business on the power of turning access to data into meaningful powerful Information to grow and run their Business. Knowing where your information is, at any given time and more importantly, understanding what that information is and the value to the business is crucial.  If you’re not addressing your data management issues, your competitors sure are.

To ensure you stay ahead of the competition, understand what and where  your data is and to become GDPR compliant (May 2018), please talk to us about how Consilium UK, working with the Veritas technology stack,  can transform your unstructured and unmanaged data into a comprehensive data management strategy that can transform and drive your business forward.

Converted car park

Steven Brown, Consilium UK.

Share this
15 Feb

So…what exactly is ‘Digital Transformation’ then?

I can’t seem to go to a seminar or a conference or even every other customer meeting without the words ‘Digital Transformation’ being bandied about.  So what is Digital Transformation?  It seems that different people have different interpretations of what it means.  In the business world, I prefer to use the term ‘Digital Business Transformation’ (DBT).  Many perceive DBT as simple process changes such as shifting away from traditional marketing towards digital marketing or taking a standard paper bill and converting it into a PDF version that now arrives in your email.  Yes, OK, this is a part of DBT but that’s really just the surface of what it’s all about.

We may think technology has made our lives easier but it’s created a whole new layer of complexities for businesses striving to complete in a globalised and everchanging market.  Digital transformation is fundamentally changing the way your business or organisations processes work.  One of the complexities of DBT is the ever changing technology landscape.  Your DBT strategy needs to be developed where people and technology are the driving force behind your business transformation and continuous process improvement. All aspect of your business need to be considered including standard business functions such as HR and operations, admin, logistics.  As it stands, people are what makes the world go round so people have to be at the heart of any transformation process.  When considering your DBT strategy, just a few of the basic questions you need to consider are:

 

  • How do we (internal and external customers) use technology and how will we use technology in the future?
  • Has my DBT strategy considered shifts in technology trends and how people will access data and information moving forward?
  • How can I bring together all aspects of my business into a combined coherent digital strategy?

 

It’s a massive change for traditional businesses.  Businesses that refuse or are slow to change simply will not survive in this new age.  We can all cite poor customer experiences (poor service/ supply chain/ communication etc) with many well known online retailers who’s traditional models are high street retailing.  Yes, they now have an online shop but they still operate with legacy backend systems, poorly connected applications and data disparately spread across their organisation.  This isn’t digital transformation.  This is making a small change without any real transformation.  One of the perfect examples of a fully digitally transformed business is Amazon (some may argue it never needed to transform as it was always digitally based).  Amazon started in the digital age so has a distinct advantage in the market.  Their operation is extremely slick compared to most other businesses trying to operate in that space.  Why?  Because every aspect of their business considers how people use technology, how people want to use technology and they can easily adapt to technology changes as their business has been built with that constant technological evolution in mind.

I blogged about GDPR (General Data Protection Regulations) a while ago and adhering to GDPR guidelines and creating a DBT strategy are all part of the overall puzzle businesses need to solve.  The bigger and more complex the business the bigger the DBT challenge.  Large organisations are appointing DBT teams.  Smaller businesses can’t afford such luxuries and Consilium UK often talk to businesses of all shapes and sizes about making the changes to a digital age.  We consult in many technologies to help our customers stay ahead so talk to us about your thoughts and concerns.  It’s fair to say some business need to move quicker than others but to ensure continued business success everyone needs to be considering how the world is changing and how their business needs to adapt to this constant change.

Consilium UK is proud to be represented at the Digital Transformation event in Edinburgh on Thursday 23rd of February at Dynamic Earth.

http://www.digifutures.co.uk/

We look forward to seeing you there.

Steven Brown

Share this
06 Feb

The first proper solution to protect against ransomware

There is finally a proper solution to protect against Ransomware!

Palo Alto Networks, a 6 year Gartner leader for Enterprise firewalls, have leveraged their expertise and cloud platform to create a class leading endpoint security platform.

Traps is an advanced endpoint protection solution that can (and should) replace your current AV. Whilst you may think your AV has protection against malware and viruses; it doesn’t. Zero Day attacks can evade virus signatures and the additional malware protection on current AV solutions aren’t robust enough to afford the right level of protection.

Traps uses multiple methods of prevention. Traps checks everything that is run on an endpoint against a whitelist in the cloud called Wildfire. When Traps encounters code it hasn’t seen it detonates that code in Palo Alto Network’s cloud and either denies if it is deemed a threat or adds it to the whitelist going forward. That whitelist is shared with all Traps customers amounting to a huge repository used by all Traps installations. In addition Traps has a number of other tools as it’s disposal including

Static Analysis via Machine Learning

  • Policy Exclusion Restrictions
  • Cloud Detonation
  • Application Whitelisting
  • Lightweight Client
  • SaaS or Traditional Licencing Model

Not only is Traps effective, it’s also fast. As there is no active scanning it’s superior in terms of performance on the desktop. Some customers move to Traps purely for the benefits in performance for their desktop and VDI users.

Contact us today for a FREE trial or to sign up for webex to learn more. We will even give you a FREE drone for attending

 

http://www.consilium-uk.com/products/traps/droneoffer/

We are also running events in Glasgow and Edinburgh in February for our Scottish customers

http://www.consilium-uk.com/events/

 

Share this
10 Jan

The New General Data Protection Regulations – Are you GDPR Ready?

Brexit or no Brexit, the regulations for data protection in the UK change on the 25th of May 2018.  The Government has confirmed that the decision to leave the EU will not affect the introduction of the GDPR.

So, what is the GDPR and who does it apply to?

I could really bore you here but in simplistic terms, the GDPR is a new ‘one stop shop’ set of regulations governing the access and control of cross border data and will replace the current legislation (Data Protection Directive) of 1995. The aim is to crate a consistent approach (European wide at least) to manage and protect people’s data.  The rules will also govern how the data is transferred out of the EU.  They apply to any organisations that control, retain or process personal information relating to any EU citizen in both the public and private sectors.

If you’re looking for some hefty bedtime reading or simply suffer from insomnia, I suggest having a good read through the information Commissioners dedicated GDPR pages here:  https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/

We work with organisations of all shapes and sizes, public and private and many have expressed concerns that, as it stands, they don’t meet the regulatory guidelines from May 2018. What can they do?  The first step has to be knowing where and what your data is and how it is transferred in, around and out of your organisation.

If you don’t know what or where your data is, how can you report on it?  You can’t!

We conduct ‘Dark Data’ assessment for clients and often the results are staggering.  Organisations backup a ridiculous amount of data unnecessarily increasing storage, retention and recovery costs and the volume of data being retained and backed up is increasing exponentially.  We often hear ‘it’s easier to throw more storage at the problem that it is to address the problem’.  This must change and the GDPR may just be the catalyst to change.

If you are legally obliged to retain data for x years, you must be able to report on your data.  If you don’t have appropriate retention/archive and delete policies you could be retaining data considerably longer than you are legally obliged to.  OK, so what’s the big deal with that?  Well, even if you are not legally obliged to retain the data, if you have it, you must be able to report on it.

Our relationship with VERITAS is key to identifying and understanding where and what your data is, creating information management solutions and helping you down the joyous road towards GDPR compliance.

VERITAS GDPR:

https://www.veritas.com/product/information-governance/general-data-protection-regulation

VERITAS Data Insight:

https://www.veritas.com/product/information-governance/data-insight

Check out the Data Insight and GDPR pages at VERITAS and talk to us today about how we can help.  The clock is ticking.

Steven Brown

 

Share this
16 Dec

Office 365 Roadmap

One of the benefits of course of being on Office 365, is the rapid release of new features.

Microsoft maintain a list of new features, and their expected release date on their roadmap.

Many of these are fairly small, however of good news to many of our customers will be the update of mailbox sizes in the popular E3 plan to 100GB!

A nice wee xmas present for some of you there.

Share this
12 Dec

Legacy Antivirus is just that. Legacy

 

The threats we see on a daily basis include attacks specifically designed to skirt around traditional antivirus defences. Ransomware is a multimillion Pound industry, and before an attacker launches a ransomware campaign they confirm that the AV doesnt see their attack, and makes sure they also exploit widely used applications such as PDF readers and Web browsers.

 

The attackers can also buy Exploit systems with support online. So they dont need to know the technical elements before they launch.

 

I recently created a Demonstration video showing zero day threats against Palo Alto Networks Traps. This is an advanced endpoint protection product and in my eyes the best replacement for traditional endpoint AV. The key is not to what we know is a threat, but we must know what is good, threat and most importantly unknown. Consilium can deploy this in the traditional on-premise ESM Server as well as a managed service for smaller organisations.

 

Contact Us for more information and a FREE trial of our managed Palo Alto Network’s TRAPS service.

Share this
08 Dec

Forget MRSA, Windows XP is the NHS’s ticking time bomb. Don’t let it be yours

XP is a security disaster. Unpatched and unsafe.

  • 90% of the NHS is still using XP according to recent freedom of information requests from Citrix.
  • 42 out of 63 trusts responded. 24 trusts expressed a desire to move to VDI. Not sure the rest have a plan.

 

Organisations with XP need to address security as an immediate concern as XP is full of security holes that can be exploited. Our recommendation is to deploy Palo Alto Network’s TRAPS which not only provides next generation anti-virus, anti-malware and anti-exploit but by its nature acts as a desktop hardening solution that will stop unwanted applications in their tracks. TRAPS supports everything from XP to Windows 10 and server from Windows Server 2003 to 2016.

Thereafter the aim should be to upgrade. For that we believe the best solutions to be either a fat client Windows 10 deployment or Citrix XenDesktop.

There are pros and cons to both. Citrix provides an elegant server centric access method that lends itself to any device / any location access but organisations need to be aware that there may be investment in thin clients or re-provisioning PC’s as a secure conduit from which to launch Citrix.

Citrix is one way of moving away from the never-ending cycle of desktop upgrades. It can also help move the endpoint to a more op-ex based investment as opposed to the large capital expenditure required to buy new PC’s every few years. It centralises administration more and it streamlines support services; reducing the need for desktop visit.

The other option is a straight forward Windows 10 deployment. Consilium has a huge wealth of experience doing enterprise desktop deployments with technologies such as MDT and SCCM.

Contact us to ask about how we can reduce your security concerns and migrate your environment before an issue occurs.

Consilium is a certified partner of Microsoft, Citrix and Palo Alto Networks

Share this
05 Dec

A win against online criminals. Yay!

Avalanche is a notorious online criminal network specialising in Malware, Ransomware and money laundering. They have hundreds of servers working daily, causing havoc to organisations worldwide.

Law enforcement agencies from the USA (FBI), EU (Europol) and the UK (NCA) seized around 40 servers and took a further 200 offline. In addition, they shut down over 800,000 domains with malicious workloads. All in, over 20 different flavours of malware were found. Whilst this won’t help people already infected by Avalanche it’s still a great win for the authorities.

Hacking groups such as Avalanche constantly flip IP addresses and domain names to evade investigators. The authorities used something called sinkholing which redirected network communications from infected PC’s back through their own servers for analysis; sifting through over a hundred terabytes of data to help track down the criminals involved.

Avalanche might be defeated today but unfortunately there are lots of disparate groups engaged in similar criminal endeavours; whether it’s theft through social engineering or via zero day malware attacks.

At Consilium we are pushing hard to speak to organisations about some of the next generation security products that are available. We are accredited as partners for both Palo Alto Network’s Traps and Microsoft Advanced Threat Protection. These products, used individually or in tandem, provide a huge increase in protection over traditional Anti Virus that is now inadequate; indeed, we commonly see malware and ransomware attacks in organisations with traditional AV already installed.

Contact us today to see how we can protect you from malware and ransomware attacks. We offer free trials of Palo Alto Network’s Traps (a next generation AV solution from Palo Alto Networks; a gartner leading enterprise security vendor). We also specialise and partner with other advanced malware protection companies including Malwarebytes and Symantec in addition to offering online backups via Veeam Cloud Connect to further protect your data should you fall victim to a ransomware or malware attack.

Share this
29 Nov

Azure Active Directory

We’ve been talking to and deploying a few azure technologies to our clients over the last few years as the ‘cloud’, specifically Microsoft Azure, slowly pushes itself into every organisation’s infrastructure. Obviously, as more and more services are offered by Azure and implemented by larger enterprises, there always seemed to be a common question asked regarding how Azure manages the same user accounts or identities for the many services it offers.

Well, the answer is quite simple. It’s done by the same Active Directory we are all familiar with, only in the cloud, or more aptly named Microsoft Azure Active Directory (Azure AD).

Is it the same as on premise Active Directory? Well, Yes and No. Azure AD builds on all the usual functions offered by normal Active Directory and provides additional benefits unique to Azure services to increase security, identity manageability and most of all make life simple for end-users.

For example, one of its core benefits is the single sign-on feature that allows a single identity’s set of credentials to access the many Software-as-a-Service applications offered by Azure. After all, we all know how difficult it can be to remember multiple set of credentials for different applications, right?

What about security? Well, having a single identity per end-user means manageability of that identity becomes much easier. For starters, you can force multi-factor authentication as per your company’s security guidelines, as well as provide or restrict access to various applications and azure features. All of this, however, is just the tip of the iceberg as there is so much more you can do in Azure AD from device registration to auditing and alerts, but the general idea is to give you as much control over an identity as possible, which can in turn secure cloud based applications, streamline IT processes, assist in cost cutting plans and generally allow you to comply with corporate goals.

So how do you begin using Azure AD? Well, you may already be doing so. If you use Office 365, an Azure application or Dynamics CRM Online then all the user identities you have created thus far will be stored in an Azure AD tenant behind the scenes and can be accessed in the classic Azure management portal with the right Azure subscription. In addition, to make matters even simpler, you can synchronise your existing on premise active directory user accounts to Azure AD eliminating the need to create separate identities for each end-user in the cloud.

Therefore, it is easy to see why Azure AD is a great Azure service that provides a simple platform to manage complex requirements, and as such it will only continue to grow as a key presence, especially in larger enterprises, as the cloud continues to take more of a centre stage in the years to come.

Share this
22 Nov

Tesco Bank Cyberattack. A lesson to us all.

Tesco Bank had to temporarily suspend online banking operations for current account customers after thousands were affected by hacker fraud on the weekend of 5th November 2016. The bank has confirmed that small amounts of current accounts were subject to online criminal activity resulting in money being withdrawn fraudulently in some cases.

The bank has so far given no clear details of how the fraud was committed. Typically, cyber fraud is carried out by using various methods of stealing customer credentials or copying bank card details to make duplicate cards. This in turn enables cyber criminals to access online bank accounts to carry out fraudulent transactions.

The cyber criminals involved in the Tesco Bank attack may have found a way to create duplicate cards, due to claims that in some cases card withdrawals have been made from other countries. The crafty part of the theft from Tesco Bank accounts was not the ‘hack’ but doing it over a weekend when banks are typically understaffed, and will respond much slower to issues.

The crime being a remote technical hack via a network intrusion is a slim possibility. Far more likely is the action of human error or weak process management control resulting in confidential information being leaked.

Tesco issued the following statement

“We apologise for the worry and inconvenience that this has caused for customers, and can only stress that we are taking every step to protect our customers’ accounts,”

“While online transactions will not be available, current account customers will still be able to use their cards for cash withdrawals, chip and pin payments, and all existing bill payments and direct debits will continue as normal.”

“We continue to work with the authorities and regulators to address the fraud and will keep our customers informed through regular updates on our website, twitter and direct communication,”

“We can reassure customers that any financial loss as a result of this activity will be resolved fully by Tesco Bank, and we are working to refund accounts that have been subject to fraud as soon as possible,”.

The banking sector is one of the most highly targeted by cyber criminals. According to the consumer group, only 5 of 11 high streets banks have adopted two-factor authentication methods to protect customers.

The banks “consistently scored poorly” in their security measures over the four years they had been monitored and had failed to invest in the proper security systems that would keep their customers safe from fraudsters, the report said.

How you can protect yourself

1. Verify any emails or telephone call you get about fraudulent activity on your bank account. Do this by contacting your bank separately using a different web page, rather than clicking on links in emails, or by calling them from a different phone to the one you were contacted on.
2. Never share PIN or log-in details for your personal accounts.
3. Use complex passwords for online accounts, featuring upper and lower case letters, numbers and symbols.
4. Familiarise yourself with current frauds techniques and scams and how they work. Register with Action Fraud Alert for free to receive regular information about scams and frauds in your area :
http://www.actionfraud.police.uk/report_fraud

Most importantly contact Consilium today about how Palo Alto Network’s Traps & Firewalls can protect your organisation from Cybertattack.

 

Share this

© 2015 Consilium UK Ltd. All rights reserved.