Episode 3: ILTACON Event, Washington DC
J. Peter, where are you?
Greetings! J .Peter here and this week I’m in Washington DC. DC is an amazing town with so many historical locations museums to visit. I had a chance to see the White House (from the outside of course), the Washington Monument and a few Smithsonian museums.
Incidentally, a little bit of trivia here, the Washington monument is two different colors. The base started in 1848 but the building stopped from 1854 to 1877 due to funding issues and… well… the Civil War. When they started again the marble color was slightly different.
Why are you there?
I’m here in Washington DC to speak at ILTACON 2016 at the Gaylord National Resort and Convention Center. ILTACON is a technology conference focused on law firms and legal departments. The folks running the conference apparently read an article I wrote in InfoWorld about the gotchas of Office 365 and asked if I would come and give an Office 365 session.
What are you there for?
The session I’m giving is entitled: Office 365: Where do you start?
It covers the three main questions I’m often asked by folks regarding Office 365. Should we move to Office 365? How do we move to Office 365? What are the gotchas (aka buyers remorse) concerns when moving to Office 365?
Personally, I love what Microsoft has done with Office 365. It’s a fantastic solution with flexible price points depending on your needs. That doesn’t mean I recommend it for everyone. But I think it’s obvious that it’s the future email solution for most enterprise customers. With how to make the move I discussed the decisions that need to be made. Do I do a cutover or a hybrid staged migration? Do I use a third-party migration solution? Do I pull in consultants for the hybrid configuration? If I go with a hybrid do I determine self/same or single sign on and then do I go with ADFS or some kind of third-party solution like Okta or Centrify? With the gotchas of a migration… what do I do with my legacy archive solution? And then with post-migration gaps… what about my security with Office 365? How do I maintain continuity or availability of services even when Office 365 is down?
The session was not a product pitch for Mimecast by any means but I made sure to point out where Mimecast fills the gaps with regard to security, archiving and continuity. Mimecast had a booth at the event so I was able to point them off to the Mimecast folks for more information. In addition, we gave out copies of the Conversational Geek book sponsored by Mimecast entitled “Conversational Office 365 Risk Mitigation” which just had a 2nd Edition release this week and you’re welcome to download the book directly with the link provided here.
It was a great event. I had a chance to talk to a lot of folks moving toward Office 365, many with some trepidation, and I was able to allay those fears by helping them appreciate that just like our on-premises Exchange, there is an ecosystem of third-party solutions that can assist in enhancing what Microsoft is providing.
Hey, I hope you’ve enjoyed following me to Washington DC.
Where am I going next? Your roadmap says Atlanta Georgia for Ignite. But I might just surprise you folks with a bonus stop!
When fall rolls around this year you may want to be in Atlanta, GA for Microsoft's Ignite 2016, where cybersecurity will be front and center. The 2015 conference sold-out early, so if you haven't secured your conference passes yet you may be out of luck. This is especially important if you rely on Microsoft Office 365.
At the Microsoft Ignite conference, more than 90 percent of the presentations will touch on Microsoft Office 365 and more than 100 of the 528 sessions will cover cybersecurity. The format for Microsoft Ignite includes a few different types of sessions. These range from 75-minute sessions with 413 seats; to the shorter 45-minute session (86 of these are scheduled) and then a smaller number of partner-led sessions.
Why the focus on security?
Given the global instances of Microsoft Office 365, it should come as no surprise that cybercriminals and nation states are investing their own resources in determining exploits which will undermine the security implementation of the individual user as well as the organization. Truly, who hasn't been exposed or known an entity that has been affected by the Advanced Persistent Threats (APTs) unraveling in enterprise security networks in recent years? All need to be up-to-speed on is targeted threat protection. You are a target, or put more succinctly, you are a potential target. Furthermore, you have no say in whether you are deemed a viable target and are now within the adversary's bulls-eye. You do, however, control whether you will be a hard or soft target. There are seven presentations which touch on addressing APT, this content will help on the hardening side of the equation.
Phishing, Spoofing, and Whaling are everyday occurrences and regularly populate our email inboxes. The opportunity to learn how to configure your Microsoft exchange or Microsoft Office 365 instances are key for anyone involved in securing email configurations. In addition, security awareness for you the cybersecurity professional and for the employee who simply wants to do their job and do it securely are additional areas of high interest.
Over 110 of the Microsoft Ignite sessions have a cybersecurity awareness component. As we all know, an educated workforce is not only an empowered workforce but increase the odds that the correct decision is made when faced with a choice which may contain a threat. Be it, clicking on the spurious link, to opening a dubious attachment which may contain macro malware. The Mimecast paper, "Office File Macro Threats Delivered by Email" provides specific guidance on how to mitigate the threat of the macro malware contained in an email attachment.
One cannot over emphasize the role of the educated employee. As drawn from the Mimecast paper, all employers must ensure their employees "...understand the risks presented to their inboxes, and how to handle unexpected email and attachments… Ensure they understand the hacker's tactics and how to recognize simple social engineering attacks."
Mimecast, a Microsoft Partner, will be present at Microsoft Ignite 2016. Mimecast’s J.Peter Bruzzese, a cybersecurity thought leader will present 'Take a new look at cybersecurity and resiliency - ground to the cloud.' He is well known for his articulation on risk mitigation within the Microsoft Office 365 environment.
Episode 2: Lunch Event at the Palms - Nashville, TN
Q: J. Peter, where are you?
A: Greetings! J .Peter here and this week I’m in Nashville Tennessee. When I think of Nashville I think of country music and the Grand Ole Opry. The Grand Ole Opry was founded nearly 100 years ago in 1925 and is a weekly country music stage concert that has hosted all the greats over the years. Did you know it’s the longest-running radio broadcast in US history? It’s also a hotspot for Pokemon Go players. I caught several new ones right in front of the place. But I digress.
Nashville also makes me think of the movie “The Thing Called Love”. A 1993 film about four young song writers trying to get their music noticed. Starred River Phoenix, Samantha Mathis, a young Sandra Bullock and a young Dermot Mulroney.
Q: Why are you there?
A: I’m here in Nashville TN to Keynote a lunch event sponsored by Mimecast. It’s held at the Palm Restaurant in downtown Nashville. I’ve done events at Palm’s before in Orlando, Chicago, Colorado, Atlanta, Las Vegas, and Philly and I’m a huge fan of this location as a venue. Should have about 25 in the audience and I’m looking forward to having a lively discussion about Office 365.
Q: What are you there for?
A: I’m going to discuss with the audience a comparison between the big switch that occurred by in the day with a move to electricity being generated as a utility as opposed to it being generated on-premises and our day, where we are moving from on-prem to the cloud. This comparison was brought to my attention by Nicholas Carr in his book “The Big Switch” and I like to tell the story for the audience. By the end of the discussion we hone in on Office 365 rhetoric vs. reality and I point out several areas where there is a need for enhancements in areas like Security, Compliance and Archiving, and increased availability or continuity. At the end of the event, I answered questions from the audience and then give everyone a copy of the book “Conversational Office 365 Risk Mitigation” sponsored by Mimecast.
One question that came up was “how is Microsoft’s archive solution different from a third-party?” I explained that Microsoft doesn’t have a traditional archive solution which goes beyond eDiscovery and offers user interactivity (aka a read-only archive), nor does it allow for data agility or portability as a separate data bank solution. Rather, it’s simply legal hold on all mailboxes, which does provide for eDiscovery but does not reflect the modern advancements we’ve come to expect from an enterprise-grade archive solution. It was a good question I thought.
Q: Last question, right now Ransomware is a big topic in the news, can you tell me what you’ve heard recently on it?
A: Another question involved how Office 365 handles advanced threats like ransomware. Well… if you have an E5 plan or pay extra for their advanced threat protection, it includes a sandboxing solution that can help against attachments that might include a ransomware attack. Recently a macro-enabled Word document ransomware attack attracted a lot of attention in the news because it made it through Office 365 defenses until they eventually caught it and updated their security solution to spot it. Typically that happens from time to time. Something gets through initially until it’s discovered and blocked. It’s one of the reasons I preach defense in depth. If one solution doesn’t have the fix than the other one might. I also like having solutions that offer different features. For example, Mimecast does sandbox too but first it does document conversion. So a file that comes in with ransomware in a weaponized attachment would have been rendered ineffective due to the document conversion process. That’s something Microsoft simply doesn’t have. So by layering your security approach you have a much better chance of protecting your organization from the modern threats that come our way, whether ransomware, impersonation attacks, spear phishing, whaling and so on.
Hey, I hope you’ve enjoyed following me to Nashville Tennessee
Where am I going next? The ITLA Conference in Washington DC!!!
August 17, 2016
I am in the middle of my second week here at Mimecast and am excited to focus on all things security. The timing of my arrival is good as we just released important new data around malicious insiders. Here’s my take on the topic …
There’s nothing worse than being hit with a surprise attack from behind – especially by a previously trusted person. In the military, surprise rearguard actions can be very effective for the attacker and very debilitating for the defender. In a sense, cyberattacks from malicious insiders are a form of a digital rearguard action.
Today, most IT security defenses are set up to defend against external attackers, be they cybercriminals in search of money, nation states pursuing strategic advantage, or hacktivists with a politically driven agenda. And, this allocation of resources does make some sense, as most attacks do come from outside the organization – but not all. Attacks also do come from the inside. And, these attacks, when originated by trusted insiders, have proven to be extremely damaging.
In one recent example, this past July a Citibank IT engineer was sentenced to 21 months in prison for using his administrative access to wipe out nine of the company’s network routers, bringing down 90% of Citibank’s network. In Mimecast’s new survey 45% of respondents picked “Malicious Insider Attack” as their number-one perceived security vulnerability. Clearly, this is an area deserving greater focus.
Your security program needs to be based in reality. You need to honestly assess both the trustworthiness of your insiders, the amount of damage they could reasonably do if they had both the motivation and opportunity, and how much security controls can be applied given the culture and practices of the organization. Reasonable controls for malicious insiders need to be put in place to reduce the business risk to an acceptable level.
Most security programs don’t sufficiently factor in controls for the malicious insider. This is unfortunate as there are some basic ones which are cost-effective and also helpful when it comes to protecting against malicious insiders and even those who are non-malicious insiders, as well as external attackers.
Here are four tips to help reduce the risk of a malicious insider attack:
- Use role-based access management, in particular on critical systems and for highly privileged users, such as IT administrators. This approach limits the ability of malicious actors to do damage.
- Don’t make it easy for the malicious insider to steal your data. Monitor and block the movement of sensitive data outside the organization via email, ftp, and via the web.
- Train employees – regularly. The more eyes you have on this area of risk the better. Help your team understand that “if they see something, say something.”
- Update your incident response plan to include how to guard against and respond to malicious activities by insiders. This will definitely need to involve more than just your IT and Security departments – include HR, legal and PR.