Fall World 2016

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 29, Issue 2

Full Contents Now Available!

Jon Seals

Outsourcing growing in popularity as a strategic action in managing IT infrastructure and disaster recovery efforts

DALLAS Global colocation solutions provider CyrusOne (NASDAQ: CONE) today announced the availability of a new research report from the Ponemon Institute. The report illustrates how organizations are managing the complexity and costs of their IT infrastructure through outsourcing, or colocation.

“This comprehensive research report from Ponemon captures the key factors driving company decisions when seeking to effectively manage their data and IT infrastructure in an increasing digital world,” said Scott Brueggeman, chief marketing officer, CyrusOne. “The research provides valuable insight into the motivation behind the colocation decision-making process.”

The report was independently conducted by the Ponemon Institute and included survey responses from more than 600 IT leaders and IT security practitioners. The report features respondents’ views on the business case for IT outsourcing, barriers to outsourcing, and current outsourcing practices. As companies wrestle with managing the growing amount of sensitive and confidential data, as well as the potential risks of security breaches, the rationale for colocation and data center outsourcing services become compelling. Companies represented in this study reported they will significantly increase the outsourcing of their business applications to over 50 percent within the next two years.

Ponemon Institute is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, Ponemon Institute conducts independent research, educates leaders from the private and public sectors, and verifies the privacy and data protection practices of organizations in a variety of industries.

To download the complimentary research in its entirety, click here.

Globally, CyrusOne operates 31 carrier-neutral facilities across the United States, Europe, and Asia to provide customers with the flexibility and scale to match their specific IT growth needs. CyrusOne facilities are engineered to include the power-density infrastructure required to deliver excellent availability, including an architecture with the highest-possible power redundancy (2N).

Renowned for exceptional service, building enduring customer relationships, and high customer satisfaction levels, CyrusOne serves nine of the Fortune 20 and more than 165 of the Fortune 1000 among its more than 925 customers.

For more information about CyrusOne, call 1-855-908-3662 or visit www.cyrusone.com. Connect with us on Google Plus, LinkedIn, Twitter, and Facebook

 

About CyrusOne

CyrusOne (NASDAQ: CONE) specializes in highly reliable enterprise-class, carrier-neutral data center properties. The company provides mission-critical data center facilities that protect and ensure the continued operation of IT infrastructure for more than 925 customers, including nine of the Fortune 20 and more than 165 of the Fortune 1000 or equivalent-sized companies.

CyrusOne’s data center offerings provide the flexibility, reliability, and security that enterprise customers require, and are delivered through a tailored, customer-service-focused platform designed to foster long-term relationships. CyrusOne’s National IX platform provides robust connectivity options to drive revenue, reduce expenses, and improve service quality for enterprises, content, and telecommunications companies. CyrusOne is committed to full transparency in communication, management, and service delivery throughout its 31 data centers worldwide.

Deaths, injuries, and high risks of infection all resulted from the 2015 Nepal earthquake, but organizations like CHOICE Humanitarian were ready to help

PLEASANT GROVE, Utah – On the 25th of September, more than 600 people gathered to enjoy an enchanting evening at the CHOICE Humanitarian gala. In celebration of CHOICE Humanitarian's thirty years of service, the gala provided cultural entertainment and experiences from different countries around the world, helping their guests to see the rich culture that emanates from the poverty stricken countries that CHOICE works to assist, one of which is Nepal. In an effort to raise money to rebuild Nepal after the devastating earthquake in early 2015, the doTERRA Healing Hands Foundation made a donation at the CHOICE Humanitarian gala to spur the match of contributions by other donors in attendance. CHOICE's event helped raise an outstanding amount of 600,000 dollars.

The successful gala was a part of Choice Humanitarian's continued efforts in raising money to provide relief for the Nepalese. After the earthquake took place on April 25, 2015, many Nepalese suffered from homelessness, starvation, disease, and especially infection. The aftermath of the earthquake left the Nepalese wandering the streets in search of water; even though that water was at high risk of harboring infectious diseases such as Dengue fever, malaria, typhoid fever, and Japanese encephalitis. At that point, infection had the potential to take more lives than the initial earthquake. The earthquake had also claimed many homes, schools, and markets, plummeting their economy.

In response to their devastating circumstances, CHOICE Humanitarian and the doTERRA Healing Hands Foundation banded together to join in on the worldwide effort to help the Nepalese overcome this traumatic experience. Together, they were able to help the Nepalese get sustainable food, hygiene kits, and water purification tablets, as well as provide the people with the right tools to rebuild their beautiful country, restore schools back to their lands, and obtain jobs which helped boost their economy.

CHOICE Humanitarian's constant efforts to sustain communities and end worldwide poverty is changing lives and building a hopeful future. To learn more about CHOICE Humanitarian or how to make a donation, visit their website.

About doTERRA International, LLC

doTERRA is a world leader in the sourcing, testing, manufacturing, and distribution of CPTG Certified Pure Therapeutic Grade® essential oils through a global network of Wellness Advocates. In addition to a premium line of single-plant extracts and proprietary essential oil blends, the company offers oil-infused personal care and spa products, dietary supplements, and healthy living products for the home.

Wednesday, 17 February 2016 00:00

XCellAir Launches XCellRAN Wi-Fi Solution

Milestone product release follows successful operator trials and feature alignment

 

SAN DIEGO – XCellAir, the experts in Wi-Fi Quality of Experience (QoE), today announces the general availability of its XCellRAN™ Carrier Wi-Fi software solution. At the launch of XCellAir last February, the solution was in a beta form ready to engage customers in lab and field trials. After extensive customer engagement, trials and feedback, the product is now being made generally available.

 

The XCellRAN Carrier Wi-Fi solution is a scalable QoE system for operators’ entire carrier Wi-Fi network, from residential homespots through to outdoor metro area deployments. During this year’s Mobile World Congress, visitors to the XCellAir stand (#7A71), will be able to see first-hand how the product is helping operators provide reliable Wi-Fi performance across their networks, increasing capacity, extending coverage and reducing cost.

 

The rise in demand for data and connectivity has seen Wi-Fi rise in prominence as a universal and interoperable technology, embedded in an ever-growing number of devices. However, Wi-Fi services, especially in the home, are largely unmanaged, and operators cannot hope to monetize these services without vastly improved QoE for users. While issues around connectivity, roaming and authentication are being addressed, there are still gaps around critical areas such as radio resource optimization (RRO), automated operations and scalability.

 

The XCellRAN Carrier Wi-Fi solution unlocks unutilized unlicensed spectrum, actively tracking and automatically fixing network and access point-level issues before they affect service. Going beyond simple enterprise-centric Wi-Fi radio resource management (RRM), XCellAir provides the industry’s first Carrier Wi-Fi Self Organizing Network (SON) system.

 

XCellRAN automates the configuration process and provides radio optimization and fault tracking, thereby enabling the network and access points to heal themselves while seamlessly improving QoE for users. It also provides operators state-of-the-art visibility into the network, including dashboards and analytics, to understand exactly what is happening in the Wi-Fi environment. With XCellRAN, operators can evaluate the strengths and overcome weaknesses in their network before launching new voice and video services. Furthermore, as a cloud-based software product, XCellRAN works across multiple markets and deployment scenarios using capacity as needed, supporting millions of access points while preserving the flexibility and cost advantages inherent to Wi-Fi.

 

“Since we launched last year, we have experienced tremendous demand for the Carrier Wi-Fi solution, and invested considerably in development of its core capabilities. Multiple trials have demonstrated its effectiveness and allowed us to fine-tune the product to enable large scale deployments,” said Amit Agarwal, CEO of XCellAir.

“With our XCellRAN system, operators can have clear visibility into their networks, ensure the optimal use of available Wi-Fi capacity, improve the service quality in congested areas and ensure excellent quality of experience even in areas where there is interference from sources outside the control of the XCellRAN system. One year from our company’s launch, we are thrilled to be announcing the general availability of our XCellRAN Carrier Wi-Fi solution as a product to the market.”

 

For more information on the XCellRAN Carrier Wi-Fi solution, please visit http://xcellair.com/xcellran-for-carrier-wi-fi/.

 

About XCellAir

XCellAir brings order to the potential chaos of using unlicensed spectrum when deploying a dense radio network of Wi-Fi access points and cellular small cells. Based in San Diego, CA, XCellAir provides cloud-based Quality of Experience (QoE) solutions that automates the management and optimization of these networks. XCellAir enables wireless service providers to meet the challenges and capture the opportunity presented by the insatiable thirst for data and ubiquitous connectivity.

XCellAir will showcase its XCellRAN product portfolio in Hall 7, Stand 7A71 at Mobile World Congress in Barcelona, February 22-25. To schedule a meeting with XCellAir’s experts and experience the XCellRAN product in person, contact sales@xcellair.com.

Wednesday, 17 February 2016 00:00

Is Business Continuity Broken?

There has been a lot of talk lately in the Business Continuity industry about a “next generation” of Business Continuity planning. In a recent article from Continuity Central, David Lundstedt asserts that Business Continuity is Broken. But is it? Are we clinging too tightly to our old ways of creating plans and delivering results? Businesses and technologies change very rapidly—are we keeping up?

“The business continuity industry is evolving slowly. It must evolve, and some significant changes in perspective are warranted,” stated MHA CEO Michael Herrera. “We must be careful not to lose sight of the real goal: organizational survival/resilience.“

In the Continuity 2.0 Manifesto (first made available in September 2015) David Lindstedt and Mark Armour argue that “traditional approaches in business continuity management have become increasingly ineffectual.” Over the years, technology and organizations have undergone tremendous changes, but business continuity methodology has not kept pace. Small, incremental adjustments that focus increasingly on compliance over resilience are cited as contributors to “a progressively untenable state of ineffectual practice, executive disinterest, and an inability to demonstrate the value of continuity programs and practitioners.”

...

http://www.mha-it.com/2016/02/is-business-continuity-broken/

ServiceNow Geneva Customers Now Have Access to Industry-Leading Technology for Quick and Easy Management of Major Incidents

SAN RAMON, Calif. – xMatters, inc., a leader in communication-enabled business processes, today announced it has received certification of its integration application with the latest ServiceNow release, Geneva. The integration application is available now in the ServiceNow Store at: http://bit.ly/1QFjn8R.

Certification by ServiceNow signifies xMatters has again successfully completed a set of defined tests focused on integration interoperability, security and performance. The certification also ensures that best practices are utilized in the design and implementation of xMatters with ServiceNow. Joint customers can also find the xMatters integration application in the ServiceNow store compatible with the Dublin, Eureka and Fuji releases.

xMatters' award-winning cloud platform accelerates business processes through intelligent communication. The technology pinpoints and proactively alerts the individuals, teams and external service providers required to work together to quickly manage any business scenario along with resolving incidents, such as service disruptions and technical issues that interrupt the flow of day-to-day operations. The closed-loop solution records all notifications from xMatters back into the originating ServiceNow incident ticket for reporting and post mortem purposes.

"New research shows businesses continue to struggle in their responses to frequent IT incidents and that poor planning is a factor. On average nearly 60 percent of large organizations experience a major IT outage at least monthly. No doubt about it, the business is taking a big hit as it scrambles to get back on its feet," said Doug Peete, Senior VP of Product Management at xMatters. "We're pleased to offer ServiceNow customers with an integration to our technology and help them add intelligent communications to their critical enterprise service management processes."

The two companies have a long and successful relationship, with xMatters' technology integrating with ServiceNow's Enterprise Service Management Platform dating back to the Berlin release. xMatters and ServiceNow provide services and tools to a myriad of joint global customers who are leaders in their fields. Customers come from the retail, financial services, energy, technology, services, media, consumer goods, manufacturing and healthcare industries.

xMatters will be demonstrating its intelligent cloud communications technology running on the ServiceNow Geneva release at Knowledge16 in April.

For more information on the xMatters technology, go to: http://www.xmatters.com/products/.

Resources

About xMatters, inc.
xMatters' cloud-based communications solutions enable any business process or application to trigger two-way communications (push, voice, email, SMS, etc.) throughout the extended enterprise during time-sensitive events. With over a decade of experience in rapid communication, xMatters serves more than 1,000 leading global firms to ensure business operations run smoothly and effectively during incidents such as IT failures, product recalls, natural disasters, dynamic staffing, service outages, medical emergencies and supply-chain disruption. xMatters is headquartered in San Ramon, CA with additional offices in London and Sydney.

 

Behavioral Search Solution Empowers Any Security Professional to Identify and Stop Cybercriminals

SAN MATEO, Calif. – Exabeam, the leader in user behavior analytics (UBA) for security, today announced Threat Hunter, a new product for the instant and targeted querying of security big data by anyone. With Threat Hunter, security professionals can proactively identify and respond to adversaries within their networks. The product enables analysts to search, pivot, and drill down across multiple dimensions of user activity to find sessions that contain specific risky behaviors. 

"The promise of User Behavior Analytics is that the system will notify security analysts about risky activities, and Exabeam excelled at that in ESG Lab testing," said Tony Palmer, senior lab analyst, Enterprise Strategy Group. "Exabeam's Threat Hunter provides the other half of the equation -- the ability to ask the system which users match a specific set of risk criteria and get useful answers."

Today's enterprise breaches are after more than credit card numbers. Advanced persistent threat attacks (APT) are becoming the norm, with cybercriminals breaking into corporate networks using stolen credentials and targeting high-value, sensitive data. According to ISACA, 74 percent of enterprises surveyed think they will be a target for advanced persistent threat (APT) attacks, and 28 percent have already been attacked. Exabeam's leading UBA platform uncovers APT attacks using big data science to alert security teams to suspicious user behavior even if they change locations, devices, or logins.

Threat Hunter builds on the Exabeam platform by allowing any security analyst to execute a multi-dimensional search and drill-down of user sessions to actively hunt for imposters or malicious insiders based on their unusual behavior. Threat Hunter is the only UBA-related product that allows the security analyst to interrogate and query the system to find user session that match specific criteria.

Threat Hunter provides:

  • Increased security - Find advanced persistent threats before they cause data loss.
  • Reduced chance of data breach - Find attackers that are hiding in the network by staying under the radar.
  • Faster response to cyber attacks - Effectively remove all adversaries once an attack is detected by finding all traces of activity.

"To date, UBA products have only offered something like a recommendation engine for security alerts. It's like using Netflix but you can only see the suggestions for you, never search for what you want," said Nir Polak, CEO of Exabeam. "With Threat Hunter, Exabeam gives you the power of advanced search to find the imposters in your infrastructure. It's is the only UBA solution that solves security searching as well as alerting."

Threat Hunter is available now. Pricing is based on number of users and is licensed via subscription.

About Exabeam
Exabeam's user behavior analytics solution leverages existing log data to quickly detect advanced attacks, prioritize incidents and guide effective response. The company's Stateful User Tracking™ automates the work of security analysts by resolving individual security events and behavioral anomalies into a complete attack chain. This dramatically reduces response times and uncovers attack impacts that would otherwise go unseen. Built by seasoned security experts and enterprise IT veterans from Imperva, ArcSight and Sumo Logic, Exabeam is headquartered in San Mateo, California and is privately funded by Aspect Ventures, Icon Ventures, Investor Shlomo Kramer and Norwest Venture Partners. Visit us on Facebook or Twitter and follow us on LinkedIn.

Ad Agency Drives Success for Top Brands With Oracle Database Cloud

REDWOOD SHORES, Calif. – Surdell and Partners, a full service advertising and marketing agency, is using Oracle Database Cloud, part of Oracle Cloud Platform, to deliver near real-time intelligence to its clients, including retailers Cabela's, Kohl's, and Gabe's.

In the highly competitive advertising and marketing space, Surdell and Partners needed to focus its limited IT resources on strategic activities that enable it to distinguish its services from much larger agencies. To better utilize its IT resources, Surdell and Partners migrated its on-premises Oracle environment to the Oracle Cloud. This has enabled Surdell and Partners to improve processes, reduce operations costs, deliver its SaaS solutions faster, and drive business growth for its customers.

"Oracle Database Cloud is a perfect solution for us," said Adam Kanzmeier, Director of Customer Intelligence and Strategic Consulting, Surdell and Partners. "It offloads resource-intensive infrastructure and database administrator work, enabling us to focus on our core business, and that has allowed us to provide better service and more flexibility for our clients. We can now provide our customers with capacity and resources on demand with the click of a button, not in days, weeks or even longer, as would have been the case in pre-cloud days. With nearly instant access to information, we're helping our clients become predictive rather than reactive, resulting in better decisions for their business."

Through Oracle Cloud, Surdell and Partners dramatically improved its speed to market. With Oracle's unmatched multitenant database capabilities, Surdell and Partners can manage many databases as a single unit, significantly reducing operations costs. Oracle Application Express provides a simple, single-tier architecture for rapid database application development, which has allowed Surdell and Partners to build mobile-enabled cloud applications easily. As a result, Surdell and Partners' customers can conveniently access real-time information from their mobile devices. Surdell and Partners' solutions running on Oracle Cloud Platform have also enhanced its credibility and instilled confidence with its customers.

With its customers' data in the Oracle Cloud, and not on its premises, Surdell and Partners has been relieved of questions about security audits and processes that were standard when its infrastructure was on premises. In their due diligence, Surdell and Partners looked at other cloud solutions and although Amazon hosts Oracle Database, only Oracle provides the bundle of database services, professional management and database back-up they needed.

"Many of our clients are marketing lines of business in retail companies, and the struggle they often face is getting the information they need to make key business decisions, whether it's about inventory, pricing, timing of a campaign, etc. They need to make real-time decisions and often their internal IT departments don't have the bandwidth to support their needs. In the past, an option was for a retailer's IT department to bring in contractors, but that typically adds the additional burden of getting them up-to-speed. With Oracle Database Cloud, we can take the burden off of our clients' IT departments and provide much more flexibility to our customers to access the information they need when it's needed," added Kanzmeier.

The integrated Oracle Cloud Platform solution Surdell and Partners chose consisted of Oracle Database Cloud, Oracle Application Express and Oracle Database Backup Service and it has been using this solution since the summer of 2015.

Oracle Cloud Platform provides developers, IT professionals, and business users with a comprehensive, integrated portfolio of platform services that enables them to innovate faster, increase productivity and lower costs. Customers use Oracle Cloud Platform to integrate existing technology with next-generation cloud services, accelerate application development and deployment and lead business transformation. More than 4,100 customers are already using the Oracle Cloud Platform to transform their businesses. The Oracle Cloud Platform is part of the Oracle Cloud, which continues to show strong adoption, supporting 70+ million users and more than 34 billion transactions each day. It runs on more than 50,000 devices and more than 800 petabytes of storage in 19 data centers around the world.

Part of Oracle Cloud Platform, Oracle Database Cloud and Oracle Database Exadata Cloud provide extensive data management capabilities and extreme performance options in the cloud for deployment of business-critical workloads.

Supporting Resources

About Oracle
Oracle offers a comprehensive and fully integrated stack of cloud applications and platform services. For more information about Oracle (NYSE: ORCL), visit oracle.com.

Trademarks
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Results Show Hackers Access Other Apps, Download and Crack Encrypted Files, and Attempt to Cover Their Tracks

CAMPBELL, Calif. – Bitglass, the Total Data Protection company, released the results of its second annual "Where's Your Data" experiment, designed to help organizations understand what happens to sensitive data once it has been stolen. For Project Cumulus, Bitglass researchers created a digital identity for an employee of a fictitious retail bank, a functional web portal for the bank, and a Google Drive account, complete with real credit-card data. The team then leaked "phished" Google Apps credentials to the Dark Web and tracked activity across the fictitious employee's online accounts. Within the first 24 hours, there were five attempted bank logins and three attempted Google Drive logins. Files were downloaded within 48 hours of the initial leak. Bitglass' Cloud Access Security Broker (CASB) monitoring showed that over the course of a month, the account was viewed hundreds of times and many hackers successfully accessed the victim's other online accounts.

Project Cumulus:
The Bitglass Threat Research Team created a complete online persona for an employee of a fictitious bank and pretended that the employee's Google Drive credentials were "stolen" via a larger phishing campaign. Bitglass researchers populated the dummy Google Drive account with fake bank data, including several files that contained real credit card numbers and work-product. What the visitors didn't know was that the Bitglass CASB had been deployed in monitor-only mode. Files were embedded with Bitglass watermarks, and all Google Drive activities -- from logins to downloads -- were monitored by Bitglass.

The Findings:
Bitglass observed an immediate spike in activity once the credentials were leaked onto the Dark Web. Hackers tested the fake bank employee's Google Drive credentials in a number of the victim's other accounts and were quick to download files, including those with real credit-card information.

  • Over 1,400 visits were recorded to the Dark Web credentials and the fictitious bank's web portal
  • One in ten hackers attempted to log in to Google with the leaked credentials
  • 94 percent of hackers who accessed the Google Drive uncovered the victim's other online accounts and attempted to log into the bank's web portal
  • 12 percent of hackers who successfully accessed the Google Drive attempted to download files with sensitive content. Several cracked encrypted files after download.
  • 68 percent all logins came from Tor-anonymized IP addresses

Hackers Modify Their Techniques
In the company's first data experiment, conducted a year ago, the Bitglass team leaked watermarked documents onto the Dark Web. The files were viewed 200 times in the first few days, but the frequency of downloads quickly decreased. In the prior experiment, few downloads used any form of anonymization via Tor, which made them easy to track. After an eight-month quiet period, Bitglass researchers noticed a large number of downloads via Tor late last year. This, coupled with the high rate of Tor usage in the bank experiment, suggests hackers are becoming more security conscious, realizing that they need to mask IPs when possible to avoid getting caught.

"Our second data-tracking experiment reveals the dangers of reusing passwords and shows just how quickly phished credentials can spread, exposing sensitive corporate and personal data," said Nat Kausik, CEO, Bitglass. "Organizations need a comprehensive solution that provides a more secure means of authenticating users and enables IT to quickly identify breaches and control access to sensitive data."

Demographic Figures:

  • Hackers came from more than 30 countries across six continents
  • Percentages of the countries with non-Tor visits to the bank web portal are as follows:
    • Russia: 34.85 percent
    • U.S.: 15.67 percent
    • China: 3.5 percent
    • Japan: 2 percent

Information about the experiment can be found here:

Register for our webinar "Project Cumulus: Behind the Experiment," live on February 24 at 10am PT | 1pm ET.

About Bitglass
Bitglass is a Cloud Access Security Broker that delivers innovative technologies that transcend the network perimeter to deliver total data protection for the enterprise -- in the cloud, at access, on mobile devices, on the network and anywhere on the Internet. Bitglass was founded in 2013 by a team of industry veterans with a proven track record of innovation and execution. Bitglass is based in Silicon Valley.

Annual Cyber Risk Report Reveals Attack Sophistication on the Rise While Organizations Struggle to Keep Pace With Dissolving Perimeter and Diversifying Platforms

PALO ALTO, Calif. – Hewlett Packard Enterprise (HPE) (NYSE: HPE) today published the HPE Cyber Risk Report 2016, identifying the top security threats plaguing enterprises over the past year.

As the traditional network perimeter disappears and attack surfaces grow, security professionals are challenged with protecting users, applications and data -- without stifling innovation or delaying enterprise timelines. This year's Cyber Risk Report examines the 2015 threat landscape in this context, providing actionable intelligence around key areas of risk including application vulnerabilities, security patching and the growing monetization of malware. The report also highlights important industry issues such as new security research regulations, the "collateral damage" from high profile data breaches, shifting political agendas, and the ongoing debate over privacy and security.

"In 2015, we saw attackers infiltrate networks at an alarming rate, leading to some of the largest data breaches to date, but now is not the time to take the foot off the gas and put the enterprise on lockdown," said Sue Barsamian (@suebarsamian), senior vice president and general manager, HPE Security Products, Hewlett Packard Enterprise. "We must learn from these incidents, understand and monitor the risk environment, and build security into the fabric of the organization to better mitigate known and unknown threats, which will enable companies to fearlessly innovate and accelerate business growth."

Applications are the New Battlefield

While web applications pose significant risk to enterprises, mobile applications present growing and distinctive risks.

  • Mobile applications' frequent use of personally identifiable information presents significant vulnerabilities in the storage and transmission of private and sensitive information.1
  • Approximately 75 percent of the mobile applications scanned exhibited at least one critical or high-severity security vulnerability, compared to 35 percent of non-mobile applications.1
  • Vulnerabilities due to API abuse are much more common in mobile applications than web applications, while error handling -- the anticipation, detection, and resolution of errors -- is more often found in web applications.1

Patch or Perish

Software vulnerability exploitation continues to be a primary vector for attack, with mobile exploits gaining traction.

  • Similar to 2014, the top ten vulnerabilities exploited in 2015 were more than one year old, with 68 percent being three years old or more.3
  • In 2015, Microsoft Windows represented the most targeted software platform, with 42 percent of the top 20 discovered exploits directed at Microsoft platforms and applications.3
  • 29 percent of all successful exploits in 2015 continued to use a 2010 Stuxnet infection vector that has been patched twice.3

Monetization of Malware

Malware has evolved from being simply disruptive to a revenue-generating activity for attackers. While the overall number of newly discovered malware samples declined 3.6 percent year-over-year, the attack targets shifted notably in line with evolving enterprise trends and focused heavily on monetization.

  • As the number of connected mobile devices expands, malware is diversifying to target the most popular mobile operating platforms. The number of Android threats, malware, and potentially unwanted applications have grown to more than 10,000 new threats discovered daily, reaching a total year-over-year increase of 153 percent. Apple iOS represented the greatest growth rate, with a malware sample increase of more than 230 percent.2
  • Malware attacks on ATMs use hardware, software loaded onto the ATM, or a combination of both to steal credit card information. In some cases, attacks at the software level bypass card authentication to directly dispense cash.2
  • Banking Trojans, such as variants of the Zbot Trojan, continue to be problematic despite protection efforts. More than 100,000 of these were detected in 2015. 2
  • Ransomware is an increasingly successful attack model, with several ransomware families wreaking havoc in 2015 by encrypting files of consumer and corporate users alike. Examples include: Cryptolocker, Cryptowall, CoinVault, BitCryptor, TorrentLocker, TeslaCrypt, and others.2

Actionable Intelligence & Recommendations

  • Apps are the New Battlefield: The network perimeter is vanishing; attackers have shifted focus to target applications directly. Security professionals must adjust their approach accordingly, defending not just the edge but the interactions between users, applications and data regardless of location or device.
  • Patch or Perish: 2015 was a record year for the number of security vulnerabilities reported and patches issued, but patching does little good if end users don't install them for fear of unintended consequences.4 Security teams must be more vigilant about applying patches at both the enterprise and individual user level. Software vendors must be more transparent about the implications of their patches so that end-users aren't afraid to deploy them.
  • Monetization of Malware: Ransomware attacks targeting the enterprise and individuals are on the rise, requiring both increased awareness and preparation on the part of security professionals to avoid the loss of sensitive data. The best protection against ransomware is a sound backup policy for all important files on the system.
  • Prepare for Shifting Politics: Cross-border agreements pose challenges for enterprises struggling to keep their systems secure and in compliance. Organizations must follow the changing legislative activity closely and maintain a flexible security approach.

Related Videos, Infographic and Webinar

Methodology
 
Published by HPE Security Research, the annual report offers in-depth industry data and analysis on the most pressing security issues, providing business leaders and security professionals with actionable intelligence to better protect their digital enterprises and drive fearless innovation.

The full methodology is detailed in the report. HPE will be addressing the latest trends in enterprise security at the RSA Conference 2016, taking place February 29 - March 4 in San Francisco. Additional information about HPE at this year's conference is available here. Keep up with event happenings by following the event hashtag #RSAC and follow @HPE_Security.

About HPE Security
HPE Security helps organizations protect their business-critical digital assets by building security into the fabric of the enterprise, detecting and responding to advanced threats, and safeguarding continuity and compliance to effectively mitigate risk. With an integrated suite of market-leading products, services, threat intelligence and security research, HPE Security empowers organizations to balance protection with innovation to keep pace with today's idea economy. Find out more about HPE Security at https://www.hpe.com/us/en/solutions/protect-digital.html.

Join HPE Software on LinkedIn and follow @HPE_Software on Twitter. To learn more about HPE Enterprise Security products and services on Twitter, please follow @HPE_Security and join HPE Enterprise Security on LinkedIn

About Hewlett Packard Enterprise
Hewlett Packard Enterprise is an industry-leading technology company that enables customers to go further, faster. With the industry's most comprehensive portfolio, spanning the cloud to the data center to workplace applications, our technology and services help customers around the world make IT more efficient, more productive and more secure.

1 HPE Security Fortify on Demand Findings included in the HPE Cyber Risk Report 2016, HPE Security Research, February 2016, software analysis section, pages 54-63
2 HPE Cyber Risk Report 2016, HPE Security Research, February 2016, malware section, pages 34-51
3 HPE Cyber Risk Report 2016, HPE Security Research, February 2016, exploits section, pages 30-33
4 HP Security Briefing, Episode 22, June 2015

Forward-Looking Statement
This document contains forward-looking statements within the meaning of the safe harbor provisions of the Private Securities Litigation Reform Act of 1995. Such statements involve risks, uncertainties and assumptions. If such risks or uncertainties materialize or such assumptions prove incorrect, the results of Hewlett Packard Enterprise could differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements, including any statements of the plans, strategies and objectives of Hewlett Packard Enterprise for future operations; other statements of expectation or belief; and any statements of assumptions underlying any of the foregoing. Risks, uncertainties and assumptions include the possibility that expected benefits may not materialize as expected and other risks that are described in Hewlett Packard Enterprise's filings with the Securities and Exchange Commission, including but not limited to the risks described in Hewlett Packard Enterprise's Registration Statement on Form 10 dated July 1, 2015, as amended August 10, 2015, September 4, 2015, September 15, 2015, September 28, 2015 and October 7, 2015. Hewlett Packard Enterprise assumes no obligation and does not intend to update these forward-looking statements.

 

TrueNAS Provides 3x-4x Faster Backups Than Using Local Disk

SAN JOSE, Calif. –  iXsystems, an industry leader in storage and servers driven by Open Source, announced that it has partnered with Veeam® Software, innovative provider of Availability for the Always-On Enterprise™, giving iXsystems' clients a VM-aware backup and restore solution for their TrueNAS unified storage infrastructure. iXsystems is a Veeam Technology Alliance Partner and is pleased to be able to integrate and validate our solutions with Veeam's availability solutions, resulting in joint product offerings for our mutual customers.

Analysts have shown that TrueNAS storage arrays are leading the industry in feature, performance, and capacity per dollar, offered at less than half the price of alternatives. Combining TrueNAS with Veeam lets administrators keep their backup data on an enterprise storage array instead of paying for a server with local storage. Therefore administrators can utilize their same procedures to protect their VMs, while also gaining the benefits of TrueNAS' wide variety of storage services, protocols, and superior performance and advanced data protection.

Its modular hardware components, high speed read and write caching, the ability to scale storage painlessly, ease of management, and cost per gigabyte are additional factors that make TrueNAS the right solution for keeping Veeam backup data. TrueNAS is based on OpenZFS and gives customers a self-healing file system for their backup storage, which means that their backup data stays pristine and secure.

"The Veeam backups are working great," said Todd Lamonia, President and CEO of IT Worldwide Services. "I am using Veeam's Direct SAN Access transport mode which connects directly to the TrueNAS using iSCSI which improves the data transfer throughput and reduces the amount of time to backup each VM significantly."

Minimizing downtime and data loss is essential for IT Worldwide Services. With data growing at approximately 50% annually, meeting recovery objectives became a challenge, so they deployed Veeam® Backup & Replication™ and TrueNAS. TrueNAS ensured that Veeam could quickly backup IT Worldwide Services' VMs with no change to existing procedures.

Since deploying their TrueNAS system and implementing Veeam Backup and Replication™, IT Worldwide services saw the time needed for their daily maintenance tasks drop by 75% and their application loading times were twice as fast.

TrueNAS uses TrueCache™ to combine RAM and nonvolatile flash with high-density spinning disks to save you money when increasing capacity and gives you blazing performance for backups. This and its modular, toolless design improve backup infrastructure costs. As backup needs grow, TrueNAS allows for seamless capacity expansion, and increasing the performance of TrueNAS is as simple as upgrading storage controllers, all without interrupting backup tasks.

"Your data is critical to your business. Data continues to grow rapidly and protecting it is more demanding. You can think of data protection like insurance: you only need it when things go wrong," said Gary Archer, Director of Storage Marketing at iXsystems. "TrueNAS ensures a customer's VMs are not corrupted, gives their VMs solid-state performance with spinning-disk capacity, integrates with VMware vCenter, and supports VAAI. Integrating with Veeam also ensures that a customer's VM backups stay pristine."

To learn more about how to use Veeam with TrueNAS or to obtain a no-risk quote on a TrueNAS configuration, visit www.iXsystems.com/TrueNAS, email sales@iXsystems.com, or call us at 1-855-GREP-4-IX.

About iXsystems:

By leveraging decades of expertise in hardware design, its contributions to many Open Source software communities, and corporate stewardship of leading Open Source projects (FreeNAS and PC-BSD), iXsystems has become an industry leader in building innovative storage solutions and superior enterprise servers for a global marketplace that relies on open technology.

Thousands of companies, universities, and government organizations have come to rely on iXsystems' storage, servers, and consultative approach to doing business. Headquartered in the heart of Silicon Valley since its founding in 1996, through incorporation into BSDi in 2000, and expansion as iXsystems in 2005, the dedication to white-glove customer service, industry-leading support, and transparent technological contributions has never wavered and continues to help lay the foundation for a new era powered by open technology.

Image Available: http://www.marketwire.com/library/MwGo/2016/2/10/11G082414/Images/ixsystems-a3b4aa266130b08b92cbec35d4cc6c61.jpg