Tag Archives: cybersecurity

Securing our cloud-connected world in 2020

By Ross Baker

It’s been a tough year for CISOs. The past 12 months has seen another spike in data breaches, cloud misconfigurations, and security threats at a DevOps layer. Ransomware is up, filelessmalware is on the rise, and business email compromise continues to increase. Trend Micro alone blocked over  26.8 billion unique threats in the first half of the year. With no let-up in store for 2020, cybersecurity leaders need to ensure they work with trusted partners — vendors with a clear vision of the future.

Continue reading

As Server 2008 is retired, there’s an obvious alternative to Microsoft extended support

By Ross Baker

On the 14th of January 2020, Microsoft will be retiring its popular Windows Server 2008 and Server 2008 R2 products. This leaves businesses with a difficult choice: stick with the OS and pay for expensive extended support, spend time and resources on migration, or leave the company exposed to cyber-threats.

The good news is that there’s a better, lower cost option that will enable you to keep running Server 2008 whilst mitigating cyber risk and avoiding major disruption – invest in comprehensive server security.

Wait-and-see won’t do
Speaking to numerous businesses over recent weeks, a worryingly high number are prepared to adopt a wait-and-see policy (WASP) following the end of Server 2008 support on 14 January 2020. This amounts to an extreme hedging of bets and something we would definitely not recommend.  

Without Microsoft support, customers will no longer have access to security updates for Windows 2008. Unsupported servers will become be exposed to attacks exploiting vulnerabilities found after January 2020. This is more likely than you think: the black hats know there will be many organisations that may be running exposed servers and will be putting more resources into finding these bugs.  

To make matters worse, Microsoft will continue to release fixes for vulnerabilities in current versions of its server OS products which may also affect Server 2008. That’s an open goal for a hacker.

What are the alternatives?
One way out of this bind is to pay for Microsoft extended support, which will deliver security updates beyond the retirement deadline. But be warned, this is not cheap. An analysis of Microsoft’s End of Service FAQs from CRN reveals:
• The cost of Extended Security Updates will be 75% of the Enterprise Agreement or Server & Cloud Enrolment license prices of the latest version of SQL Server/Windows Server
• Firms will be covered for three consecutive 12-month increments following end-of-support, but must pay up-front for the first year
• Organisations that sign-up in the middle of a year must pay for the full year
• Companies that decide not to sign-up for a year and then do so the following year must pay for both years

Why go through all this when there’s an easier and more cost-effective alternative? 

Trend Micro Deep Security features a next-generation intrusion prevention system known as “virtual patching” to protect servers and endpoints from threats that target vulnerabilities in critical applications. It will keep your Windows Server 2008 systems safe even from zero-day threats that Microsoft hasn’t yet encountered.  Virtual Patching will also:

Buy additional time: for security teams to assess vulnerabilities and test and apply the necessary patches. 

Avoid unnecessary downtime: by allowing enterprises to patch according to their own schedule. This mitigates the potential revenue loss caused by unplanned disruptions.

Improve regulatory compliance: such as Cyber Essentials and the Payment Card Industry Data Security Standard (PCI-DSS).

Provide flexibility: by reducing the need to roll-out workarounds or emergency patches. 

Given the current threat landscape, WASP is simply not a risk worth taking for your organisation. Whether you need to stick on Windows Server 2008 for financial reasons or because of legacy application support, look to third-party virtual patching to minimise cyber risk and support your business beyond January 2020.

Find out more and how much you could save by visiting https://resources.trendmicro.com/uk-windows-server-end-of-support.html and try out our Windows 2008 End-of-Support Cost Savings Calculator.

Flying High in the Hybrid Cloud with More “Market Leader” Analyst Recognition

by Bharat Mistry

Modern organisations are laser-focused on business agility and the customer experience. To help them respond quicker to changing market demands they are turning to the hybrid cloud and DevOps. But this kind of innovation-centric digital growth can only be achieved with a strong and secure foundation. Trend Micro was one of the first to spot this emerging trend a decade ago, and today we’re recognised as the market leader.

In fact, we’re celebrating again, having just been named the “dominant leader” in IDC’s latest report, Worldwide Software Defined Compute Workload Security Market Shares, 2018

Why SDC workloads matter
As the IDC report explains, software-defined compute (SDC) covers a large number of abstraction technologies across the system software stack. Although technically a subset of endpoint security, SDC workload security is primarily designed to protect VMs, containers and cloud system software — and as such is commonly used in the context of cloud environments. Tools in this category can include things like anti-malware, firewall, host intrusion detection, application control and integrity monitoring.

Why does this matter? Because increasingly the cloud, and therefore VMs and containers, is being used to develop and support the microservices-based applications needed to drive faster, more responsive customer-facing experiences. But as we predict in our new report, The New Norm, these environments are set to come under much greater scrutiny by hackers over the coming decade. Cloud platforms are particularly at risk from code injection attacks, either directly or via third-party libraries, while containers and serverless architectures could be exploited because they contain vulnerable shared code components.

This poses an existential threat to modern businesses. If your cloud systems and apps get hacked, digital growth efforts could be halted in their tracks.

A long journey
Trend Micro’s share of the SDC workload security market now stands at over two-fifths, nearly triple its nearest competitor, according to IDC. That’s due in part to our vision in this space. Back in 2009 we acquired a little-known host-based intrusion-prevention and firewall software provider called Third Brigade. It was the start of a long journey, as we steadily built out our capabilities for virtual, hybrid cloud and container environments.

Today we offer comprehensive security across physical, virtual and hybrid cloud environments from a single pane of glass with tight integration into AWS, Azure and GCP. Trend Micro has also focused on automation and security-as-code to embed seamless protection into DevOps pipelines, including pre-runtime scanning of container images.

Most recently, we released XDR, which correlates data across email, network, endpoint, server and cloud workloads to spot and block malicious workload activity. And we bought leading cloud security posture management firm Cloud Conformity to tackle misconfiguration and compliance/governance challenges.

All of these capabilities and more will soon be offered as part of a holistic Cloud One solution that allows organisations to receive automated protection from a single console — minimising risk, management overheads and billing issues. Trend Micro is always looking one step ahead to provide protection where you need it.

Supply chain risk to dominate 2020: from the cloud all the way to the remote worker

by Bharat Mistry

We all know that the success or otherwise of most modern organisations depends to a large degree on their supply chains. From professional services partners to software providers and transportation contractors, an average enterprise could maintain hundreds of these partnerships. But these all threaten to introduce extra risk to the business, especially in the cyber domain.

Trend Micro’s newly released 2020 predictions report highlights some of the key areas where organisations may be exposed next year: from cloud and managed service providers (MSPs), new DevOps dependencies and even supply chain risks associated with their remote workers.

A new spin on an old risk
Supply chain risk is not a new phenomenon per se. The infamous NotPetya ransomware attacks of 2017 were introduced via the software supply chain, for example, while Operation Cloud Hopper was a major attack campaign targeting global organisations via their MSPs.

However, the scale of the threat coming down the line requires urgent attention. It stems to a large degree from the way organisations are changing the way they work. Digital transformation is viewed by many as an essential driver of business growth, enabling firms to respond with agility to changing market demands. In practice, this means cloud and DevOps increasingly taking centre stage in the IT departments of the coming decade.

More agility, more risk?
Unfortunately, this will introduce new cyber risk. First, organisations’ increasing reliance on third-party cloud providers will encourage attackers to go after data stored in these accounts, via code injection attacks exploiting deserialisation bugs, cross-site scripting and SQL injection. They’ll also capitalise on mistakes made when misconfiguration of these accounts leaks data to the public-facing internet.

Next, they’ll look to exploit the reliance of DevOps teams on third-party code in container components and libraries to compromise microservices and serverless environments. As these architectures become increasingly commonplace, so will attacks.

The risk posed by MSPs will also escalate, enabling a much higher ROI for attackers because they can access multiple customers via a single provider. Such threats will imperil corporate and customer data, and even pose a risk to smart factory and other environments.

Finally, supply chain risk may come from an unlikely source in 2020 and beyond. As remote and home working becomes the norm for many employees, hackers may come to view these as a handy stepping-stone into corporate networks. Whether they’re logging-on via unsecured public Wi-Fi hotspots or at home, where smart home flaws could provide an unlocked door to sneak through, these employees need to be considered as part of holistic enterprise risk management strategies.

What to do
I
t will be tough for CISOs to keep up with the rapid pace of technological change as we head through the next decade. But it’s vital that teams are equipped with the right tools and strategies to manage these third-party risks and other threats to the bottom line and corporate reputation. Here’s a snapshot of advice offered in the report:

  • Improve due diligence of cloud providers and MSPs
  • Conduct regular vulnerability and risk assessments on third parties
  • Invest in security tools to scan for vulnerabilities and malware in third-party components
  • Consider Cloud Security Posture Management (CSPM) tools to help minimise the risk of misconfigurations
  • Revisit security policies regarding home and remote workers

To find out more on our predictions for 2020 and advice on how best to manage risk in your business, check out the report here.