Protecting an IT environment is a non-stop game of whack-a-mole where the board continuously gets larger and the moles tend to get faster and smaller. Two recent vulnerabilities show how quickly a mature and widely distributed software package can turn into a major security hole. First, Microsoft announced CVE-2019-0708, a flaw in Remote Desktop Services that allows an attacker to run arbitrary code without authenticating. Not long after, CVE-2019-10149 revealed a similar issue was announced in the Exim mail transfer software. Fortunately, both had patches available before exploits were seen in the wild. However, both were widely distributed pieces of software that contained the flaw through many iterations including versions that are no longer officially supported.
Major vulnerabilities like these get the attention they deserve. They are major holes that affect millions of Internet-connect systems, and customers should resolve these issues immediately. However, there are plenty of other vulnerabilities out there that could cause a business all sorts of trouble. Many software vulnerabilities are small or not wide-spread enough to lead to broad organizational awareness and immediate remediation, but could still lead to a wide open door or toe hold into the larger IT environment. Simple misconfigurations or out-dated configurations can leave systems exposed or vulnerable. There are lots of ways an IT infrastructure can have vulnerabilities that can leave systems exposed and potentially go unnoticed for years.
These small issues are often overlooked and overshadowed by news of major vulnerabilities and high-impact security issues like ransomware. Unfortunately, most businesses have IT staff that are busy and don’t have the spare cycles to investigate all the little issues. Even more unfortunate is that the hackers are busy too, and they only need one win in the battle to cause trouble.
Businesses need a robust security infrastructure to prevent, detect, and contain these threats. To provide the best experience in the cloud, iland has integrated many security products into the Secure Cloud platform to reduce their effort and cost associated with managing a secure infrastructure. Using tools from security companies like Tenable and TrendMicro, iland provides vulnerability scanning and reporting, malware and virus scanning and reporting, log Inspection, stateful firewall functionality and reporting, file integrity monitoring and reporting, and intrusion detection and prevention directly within the iland Secure Cloud Console. All of these features are architected directly into the infrastructure and offered as standard features for all infrastructure as a service (IaaS) and disaster recovery as a service (DRaaS) customers.
IaaS customers have full-time access to these features. DRaaS customers utilize the same platform, so always-on virtual machines, such as domain controllers, virtual routers, and other “core” infrastructure items, are always protected. As soon as virtual machines are brought online during a DR execution or test, they will also be scanned and protected. Customers are able to run a complete security scan of their entire production environment as part of their DR test, with no impact to production. With iland Autopilot for Managed Recovery, customers can work with iland to define their entire DR plan and don’t need to spend time running and validating the test failover, saving even more of the IT staff’s valuable time. Once the test failover environment is up, customers can also utilize this environment for testing remediation of any vulnerabilities, so they are better prepared for the actual production remediation.
Whether working with a cloud-based production environment or a failed over environment, scans can be conducted and reports generated that can indicate what known vulnerabilities exist in the environment, what ports may be opened to the Internet, and any other suspicious behaviors that may exist in that environment. Full access to manage their own firewalls with stateful monitoring and reporting give customers the control and visibility they need to shutdown inadvertent ports that could potentially be future targets for new vulnerabilities.
A security-first infrastructure is a real value to customers. Some iland customers have been known to scan their failed over environment during DR tests and find vulnerabilities that their on-premises security scans did not detect. Having this capability can make it easier to justify the cost of DRaaS, while relieving the impacts that an intensive security scan can have on production systems. It’s built into the iland Secure Cloud platform and console and run by a dedicated staff focused full time on infrastructure security, so customers have no need to acquire and maintain all this functionality.
There is no single solution to defeating the malicious players on the Internet. Backups, recovery plans, and strong defenses are all equally important to maintaining business today. iland is well regarded when it comes to IT data recovery, but can also help prevent the need to recover by providing a strong security posture for customers relying on iland for either their production or recovery systems.