Info Advantage Blog

 The first thing you’ll need to understand about migrating to the cloud is that it’s a much more involved process than simply performing a single software upgrade. Truth be told, properly migrating your data to the cloud involves a lot of prep work, and, as is the case with other kinds of moves like packing up your personal belongings to settle into a new house, the better prepared you are for the move, the smoother the transition will go and the less of a chance that you’ll lose something of value.

ITProPortal provides some insight into what migrating to the cloud properly takes: “It involves a complex infrastructure migration process. Good preparation is the key to success. Those organizing the migration process should ensure that all data is ready for the move and that the company network has the necessary capabilities to interact with the cloud.” This is a major reason why you’ll want a professional assessment of your IT infrastructure before deciding to move to the cloud.

Preparing your network for a move to the cloud involves a few considerations:

Sorting and Labeling Your Files
It’s important to take the time to determine what files are worth saving and moving, and what files aren’t so you’re not wasting time and resources moving and storing old files that your company no longer needs. This can be a time-consuming process, but the work will be worth it in the long run.

Preparing Your Network Infrastructure
Migrating to the cloud comes with demands on a network that may require major adjustments to be made to your IT infrastructure. When migrating to the cloud, there are two major additions to your network you’ll want to consider; setting up a direct Internet breakout in order to distribute traffic across external networks, and multiple firewall instances in order to secure the various Internet connections.

Have a Migration Timetable
Even the best planned move to the cloud can take weeks or even months to complete. Therefore, you’re going to want to present your staff with an accurate timetable so the transition won’t interrupt workflow. One particular thing to plan for is how user settings will be migrated, like profiles, address books, calendars, etc. To help with this, ITProPortal advises: “Instead of moving all their data to the cloud, more and more companies are opting for a hybrid solution. This means that some users and storage locations stay with Exchange on-premises, while the rest move to the cloud.”

With all of your data successfully migrated, you will next want to consider strengthening security, archiving, and data backup in order to fully prepare your organization for the unique challenges of cloud computing. Rest assured, Info Advantage is here to assist you with any challenges your organization faces as you operate within your new cloud environment, as well as to help you through every step of your cloud migration process. Reach out to us at (585) 254-8710 for any IT assistance that you require.

SonicWall recently released their 2017 Annual Threat Report, which takes a look into the technology security trends in the upcoming year. In the report, SonicWall carefully observes and analyses the technology threat landscape from the last year and uses it to predict how it will continue to change in the future. Here’s a brief summary of their most important findings for 2017, and what it means for modern business.

Point-Of-Sale Malware Declining

With the integration of chip-based POS systems, hackers are finding it more difficult to steal sensitive information through POS malware attacks. The chip readers allow the transaction to be approved by creating a unique code that cannot be used again, as opposed to the traditional magnetic strip that uses the same code each time it is swiped. Thanks to the integration of the chip-reader, along with stronger legal guidelines, SonicWall observed that the number of new POS malware has decreased by 88 percent since 2015.

Website Encryption on the Rise

As web traffic continues to grow exponentially, users want to ensure that their data is kept safe. Due to this, many websites are opting to use Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption to protect sensitive user data. SSL/TLS encryption is represented by a lock and HTTPS URL, rather than the standard HTTP URL. This ensures the user that their information is safe, and is only being sent to the intended recipient. SonicWall believes the trend towards SSL/TLS encryption is due in part to the growing trend of cloud applications. They expect the trend to continue into 2017, and believe that SSL/TLS traffic will account for 75 percent of online interactions by the year 2019.

Ransomware Becoming More Popular

Ransomware was by far the most popular security attack in the previous year, with an increase from 3.8 million attacks in 2015 to 638 million in 2016. According to SonicWall’s Global Response Intelligence Defense (GRID), $209 million in ransom had been paid by affected companies by the end of the first quarter. The growth was most likely driven by the increased access of ransomware as the ransomware-as-a-service (RaaS) industry expanded. This allowed individuals to purchase a ransomware pack without requiring the necessary coding skills needed to launch an attack. The most common attack is known as Locky, and is often attached to emails as disguised as a Microsoft Word invoice. As the RaaS industry continues to grow, SonicWall’s GRID suggests that all organizations backup their data continuously to a backup system that isn’t always online, or uses authentication.

Internet of Things Devices Compromised

The recent advances in technology have opened up the world to more and more connections to the Internet from more than just a computer, smartphone or tablet. These days, Internet of Things (IoT) devices can be anything from a camera or smart watch, to a smart car or home security system. Due to the wide-adaptation of IoT devices, many developers have felt the pressure to release their devices as soon as possible, which often means oversight in security. This made it easy for hackers to discover weaknesses in IoT devices, resulting in the launch of largest distributed denial-of-service (DDoS) attacks in history. The attack used thousands of IoT devices with weak passwords to launch an attack on hosting company OVH and DNS service provider Dyn. This resulted in the outages for well-known sites such as Airbnb, Netflix, Reddit, Twitter, and Spotify. To protect your IoT devices, SonicWall suggests that you ensure your devices are protected by next-generation firewalls, which scan for specific IoT malware. They also suggest you separate all IoT devices from the rest of your network, in case it becomes compromised.

Android Security Increased, But Still Vulnerable

During 2016, Google worked on new operating systems that would directly combat many of the security vulnerabilities found in Android devices. They added additional security features, including a new approach to permission granting, an increase of security patches, and a full-disk encryption of the device. However, these new strides in security have been met with hacker resistance as they find new ways to combat these security measures. This includes screen overlays, ad-fraud malware HummingBad, self-installing apps, and third-party adult-centric apps. SonicWall suggests that any Andriod device on a company network should keep the “install applications from unknown sources” un-check and make sure both “verify applications” options are checked. It is also advised that users enable the “remote wipe” option in the event that the device is compromised.

The best way to combat an attack is to stop it before it becomes a problem. Contact Info Advantage’s security professionals today at (585) 254-8710 to learn more about proactive ways to ensure the safety of your data. 

No security solution is perfect. Each one has its own set of pros and cons. For example, relying completely on an automated solution is thorough, but it will flag plenty of threats that aren’t really threats (aka, false positives). Meanwhile, a human overseeing security is great for spotting worrisome trends, but a human can’t possibly catch every single attack. With this dynamic in mind, a team of researchers from MIT has successfully blended the two.

The team, hailing from MIT’s Computer Science and Artificial Intelligence Laboratory, developed a security platform combining the strength of human involvement with the effectiveness of artificial intelligence. Given the name A.I.², this new platform is capable of detecting 85 percent of incoming attacks while reducing reported false positives by 20 percent.

How A.I.² combines AI and human involvement is actually quite genius. To begin, the “untrained” machine reports a sample set of results to a human expert. These results are informed by machine learning and are checked against the 200 most important problems. The human expert then checks over and corrects the machine’s work, with the intention of finding mistakes and false positives. Subsequently, the human-checked results are inputted to A.I.², the machine learns, and the next set of tests will have fewer errors. This process is then repeated with the security platform adapting each time to look for what its human teacher looks for.

In a paper presented at the IEEE International Conference on Big Data Security, research scientist Kalyan Veeramachianeni summarized, "You can think about the system as a virtual analyst. It continuously generates new models that it can refine in as little as a few hours, meaning it can improve its detection rates significantly and rapidly."

Of course, the precedent of effectiveness set here by combining human expertise and oversight with A.I. has far-reaching ramifications for other A.I. initiatives currently in development; initiatives that have both humanity’s best and worst interests in mind. Although, for now, those of us in the IT world are celebrating this A.I.-enabled technology for being one giant leap forward in security analysis accuracy.

It’s important to keep in mind that a platform like A.I.² is still years away from being available to the average business. Therefore, we recommend that you stay on top of your network security by following best practices, which combines automated software solutions and human vigilance in order to combat the latest threats. Info Advantage is standing by to assist you with all of your company’s network security needs. To equip your business with the most comprehensive IT security solutions on the market, call us today at (585) 254-8710.

Windows is perhaps the most widely-used computing tool in the workplace, and as such, it remains a huge target for hackers of all kinds. Criminals are always trying to uncover vulnerabilities in the operating system, but this time around, Microsoft has truly outdone themselves. Windows 10’s built-in security, according to hackers at the Black Hat conference in Las Vegas, allows for the most secure Windows operating system in several years.

It was expressed that, in comparison to its previous incarnations, Windows 10 is much more difficult to break into. That hasn’t stopped some hackers from trying, though. Among the Black Hat hackers at the convention were many who had tried to pinpoint potential outlets for malicious threats, and while they still managed to come up with a couple of solutions, it became clear that Windows 10 is much more challenging for hackers to infiltrate. Below are a few of the proposed attack models, and how Windows 10 challenges them.

Windows 10 Uses Built-In Anti-Malware Tools
Windows 10 uses what’s called the antimalware scan interface (AMSI), which is capable of identifying and capturing malicious scripts in memory. The idea is that applications can access this information, and any antivirus or antimalware program can process it. For example, Windows Defender and AVG use AMSI. The reason that this is such a huge problem for hackers is that many prefer to use script-based attacks. The kicker here is that while AMSI is a valuable tool to detect and prevent attacks, it requires secondary security protocol in order to be most effective. While it’s great for detecting scripts executed in PowerShell, since PowerShell records logs, it still requires someone to regularly monitor the logs in order for it to be most effective.

Active Directory
Active Directory is a crucial part of how Windows administration functions, and it’s useful for both managing workloads in the cloud, and controlling identity and authentication management on in-house networks. Microsoft Azure uses Active Directory, which can provide exceptional security for an Azure-based cloud computing platform. The problem that admins run into in most circumstances is that any user account can access Active Directory, unless the administrator removes those permissions. Therefore, it falls to your IT administrators to ensure that the credentials for your Active Directory authentication are secured, and to control user permissions to mitigate potential access to AD.

Virtualization
Virtualization-based security is a series of security features that are built into the hypervisor of Windows 10. In essence, Hyper-V can create a virtual machine that isn’t connected to the root partition. This virtual machine can then execute security commands as needed. The idea here is that Hyper-V creates a virtual machine that can’t be compromised, even if the root partition has been taken over. It’s a way of minimizing the extent of data breaches, should they happen in the first place. Of course, if the root contains credentials that allow hackers to access the virtual machine, it’s all over. Therefore, administrators need to take measures to ensure that hackers cannot access the VBS machine.

Of course, no matter how secure an OS is, hackers will always find a way to get in. One way or another, criminals who are determined to bypass defenses will create a way to do so. Microsoft patches known vulnerabilities as soon as they’re discovered to be active, so it comes down to outplaying the opponent. Hackers will inevitably find ways to crack Windows 10’s innate security, so it’s your responsibility to complement your OS’s security with your own solutions.

If you need assistance securing your Windows 10 devices, or any other workstations, servers, or network components, reach out to Info Advantage at (585) 254-8710.

These days, who has time to read? For busy business owners, reading is a luxury. This is what makes audiobooks such a valuable tool. They allow busy people to consume information while accomplishing a mindless task like cleaning the house. While this arrangement works wonders for titles found on Audible.com, what about the documents you must read that haven’t been made into an audiobook?

For example, what if you have to read a long Word document about a project, or a blog article about an important development in your industry, but, dang it, you just don’t have the time? Thankfully, there are some great text-to-speech tools available online that will do this heavy lifting for you. Granted, the narrator comes off sounding a bit robotic, but when it comes to helpful freeware, beggars can’t be choosers.

SpeakIt!
SpeakIt! is an extension for Chrome that reads text on a webpage back to you. With the extension downloaded, all you have to do is highlight the text you’d like read to you and then click on the SpeakIt! icon in the upper-right corner of Chrome. Then, just like that, it’s storytime.

SpeakIt! boasts of a few handy features, like the ability to adjust the playback speed 10x faster or slower than the standard 330 words/minute, as well as the ability to translate text and utilize different languages.

On the downside, a quick read through of the reviews reveal that some users experienced bugs after using SpeakIt! for more than a few minutes. Additionally, while SpeakIt! works great for static web pages, playback is painfully slow for pages in Chrome that allow for text to be edited, like apps in Google Drive, Gmail, Adobe Reader, etc.

@Voice Aloud Reader
For busy audiobook aficionados on the go, @Voice Aloud Reader for Android is a great mobile solution. It’s available for free on the Google Play Store. The app also has plugins available designed to enhance the functionality of reading specific files, like @Voice PDF Crop Plugin.

@Voice Aloud Reader works by uploading text to the app, then, with the app open, select play and it will be read aloud to you. The app does a good job at retaining the formatting of the uploaded article. Additionally, while the text is being read, the app highlights the current sentence that it’s on, making it easy to follow along. Like Speak It!, @Voice Aloud Reader lets you adjust playback speed, and it’s compatible with a variety of files, like PDF, DOC, TXT, EPUB, FB2, and more.

Overall, @Voice Aloud Reader is a highly-rated app. The biggest annoyance may be advertisements, but you can make these go away by upgrading to the pro version. Plus, the fact that the advertisements only show up in the display and they don’t interrupt the audio playback, makes this a non-issue.

So go ahead and download these two free text-to-speech tools, knock out that list of assigned readings you’ve been putting off, and then share your review with us in the comments below!

Virtual reality is quickly becoming a smash hit with many industries, but one of the most incredible and unexplainable phenomenons has to do with VR’s use in the medical sector. While it’s been thought that VR can be used to help paraplegic patients to walk again using brain-controlled robotic limbs, recent innovations have shown that this has the ability to go above and beyond its expectations.

The project, titled the Walk Again Project, was first introduced in 2013. Scientists came together from all over the world with the goal of giving paraplegics the ability to walk again using the power of technology. The study examined eight patients who had been diagnosed as being entirely paraplegic (they can’t move or feel their legs). There were several simulations performed, but they required the use of a haptic feedback device, which issued sensory feedback when their thoughts translated to movement.

The first experiment used brain-machine interface therapy combined with virtual reality. The patient would wear a device that sent brain signals to an Oculus Rift (a recently launched commercial VR headset). The patient would then see themselves walking. In the other type of therapy, the patient would use a robotic walker to help with walking therapy. The patient was suspended over a treadmill, with their legs being controlled by a robot. This activity was then sent to a computer, where the data could be analyzed.

However, the most interesting type of therapy involved using the robotic legs to send brain signals back to the patient. The legs used electronic sensors, which were placed at key locations along the leg, to send signals to the patient. The idea was to offer some sort of stimulation to the patient, so that they knew when their legs were supposed to be moving.

Thanks to ongoing long-term brain machine interface therapy, these patients found that they could sometimes feel--or move--their paralyzed limbs again. In particular, the treatment improved bladder and bowel function, and the treatments were so overwhelmingly successful that in many cases doctors changed the diagnoses to only partial paralysis.

Scientists still aren’t sure what has caused this magnificent development, but it’s anticipated that when they do, they might be able to restore mobility to those who have been long-paralyzed. To the unfortunate victims of paraplegia, this moonshot was once impossible, but technology has provided them with a sense of hope for the future.

What do you think about this development? Let us know in the comments, and be sure to subscribe to our blog.

Security is one of the most important parts of running a business, especially today when organizations rely so heavily on their technology solutions. Some of the most dangerous threats lurk on a business’s network, watching and waiting for an opportunity to do some real damage. With the right preventative measures, your business can catch these threats in the act before they can accomplish their goals.

Defining Malware
Malware, or “malicious software,” is a blanket term for malicious code that’s designed to cause trouble for the machine that it infects. Malware can inject code into applications or execute viruses and trojans. One of the most common types of malware is called ransomware (perhaps you’ve heard of it), in which the files on a system are encrypted until a ransom is paid to the developer. Malware can have far-reaching and varied effects, so it’s best to keep such unpredictable threats off of your network in the first place.

Defining Rootkits
Just like malware, a rootkit is designed to install on a system. Unlike some types of malware, however, rootkits are designed to allow a hacker to gain control of the system while remaining undetected themselves. In particular, rootkits are dangerous due to their ability to subvert the software that’s supposed to find them, making it optimal to prevent rootkits from accessing your system in the first place.

Defining Trojans
In computing, a trojan is a malicious entity that allows a hacker access to a system through misleading the user. While the purpose can vary from data destruction to theft, trojans are often used to install backdoors and allow access to a system at a later date for the purpose of surveillance or espionage.

Preventative Security Measures
Just like how there are various types of threats, there are plenty of ways to keep your organization’s network safe from them. Here are just a few.

• Firewall: Firewalls act as a bouncer for your network, keeping threats from entering or leaving your infrastructure. They work best when combined with other preventative measures, like antivirus, content filters, and spam blockers.
• Antivirus: Antivirus solutions detect and eliminate threats that have made it past your firewall solution. Prompt detection is important, as viruses or malware that are left unchecked could cause untold troubles for your infrastructure.
• Spam blocker: Threats often arrive in your email inbox as spam, and the unknowing employee could accidentally click a malicious link or reveal important credentials. A spam blocker eliminates the majority of spam so that it never even hits your inbox.
• Content filter: A content filter is helpful for keeping your employees from accessing sites known to host malware, as well as inappropriate or time-wasting sites, like social media.

All of the above solutions can be found in what’s called a Unified Threat Management (UTM) solution, which is widely considered to be one of the most comprehensive and useful preventative measures to improve network security. To learn more about UTMs and other topics concerning network security, reach out to us at (585) 254-8710.