Now more than ever, business owners big and small are seeking ways to better manage their data processing requirements. While in the past this search has involved a hefty price tag for “bigger, newer, faster” hardware and software, the most recent trend in IT spend has been moving towards “as a Service” (aaS) offerings.
What Is aaS?
“As a Service,” or aaS offerings, are commonly utilized options for any business using cloud application services. Together with cloud computing, the Internet of Things (IoT) provided a foundation for aaS offerings to flourish, and the continued emergence of service-based models is inevitable. By using the internet to deliver applications instead of a downloaded software, aaS applications run directly through a client’s web browser, allowing aaS providers to meet the needs of their clients more affordably than other downloaded or installed computer technologies.
There are many forms of aaS offerings, including Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS), Ransomware as a Service (RaaS), and Disaster Recovery as a Service (DRaaS).
Software as a Service (SaaS)
Software as a Service, or SaaS, allows a third-party provider to host applications and make them available to customers through the Internet. In other words, the provider gives network-based access to a single copy of an application. The application’s source code remains the same for all customers, and when new functionalities are developed, they are available to each client. Customers’ data for each model may be stored locally, in the cloud, or in both, depending on the SLA, or service level agreement.
There are many forms of SaaS offerings available on the market today and many of them address fundamental business operations. For example, Salesforce provides an SaaS solution for customer relationship management (CRM) while applications like ADP and Oracle provide SaaS solutions for human resources management (HRM).
Platform as a Service (PaaS)
PaaS, or Platform as a Service, provides tools for the development and deployment of applications and services. For instance, a PaaS customer would have the ability to build, test, deploy, manage, and update their own applications. A significant advantage of PaaS is that developers who are building software and applications will not need to start from scratch and write extensive code. Instead, the PaaS offering provides the foundational infrastructure, including middleware, development tools and business intelligence services, allowing the client to focus on the creative side of app development instead of managing software updates or security patches.
A popular example of a PaaS platform is Microsoft Azure, which allows clients to build, test, deploy, and manage applications and services through Microsoft’s data centers.
Infrastructure as a Service (IaaS)
IaaS (Infrastructure as a Service) allows clients, usually enterprises, to rent or lease servers for storage, networking, or virtualization purposes. Users of IaaS services are able to run any operating system or applications on the rented servers, but avoid paying the fees associated with installation and maintenance for on-premise IT infrastructure.
A notable IaaS provider is Amazon Web Services (AWS), which provides a massive global cloud infrastructure that serves thousands of businesses in over 190 countries.
Ransomware as a Service (RaaS)
Unlike other types of aaS offerings, Ransomware as a Service (RaaS) is an infrastructure offering used by criminals on the Dark Web to attack IT systems. However, RaaS offerings function much like other aaS offerings. The enterprise or user takes advantage of cloud-based services, like the capability to attack and implant hackers into the victim’s machine to hold their data hostage.
One RaaS provider that has gained notoriety recently is the Satan RaaS Platform, which provides users the ability to launch custom ransomware attacks at a wide scale.
Disaster Recovery as a Service (DRaaS)
DRaaS, or Disaster Recovery as a Service, is a model that allows organizations to back up data and IT infrastructure in a third party environment. Users of DRaaS are able to regain access to their stored information and functionality after a disaster—whether a natural disaster, an equipment failure, or a cyberattack. DRaaS means that organizations themselves are not responsible for owning or managing disaster recovery. Instead, these tasks fall to the DRaaS provider.
As a DRaaS solutions provider, the team at PGH Networks partners with Veeam, a company that develops backup, disaster recovery, and intelligent data management software for virtual, physical and multi-cloud infrastructures. Through this partnership, PGH Networks is able to provide a flexible DRaaS platform for companies of all different sizes.
During the fourth episode of our webinar series, The Lunchbox Leaders, we heard from Ben Verschaeren of Melbourne, Australia, a Global Solutions Engineer with Sophos— an international cybersecurity company based in the United Kingdom.
Ben shared that there’s been a rapid shift in technology over the last 5 years with an explosion in data science and artificial intelligence (AI). Sophos in particular has utilized AI to shift away from reacting to threats and instead makes security predictions with incredibly high accuracy. Ben also shared how AI can assist across all layers of defenses by providing both accurate predictions and detections of malicious behavior.
“Our Sophos lab alone sees about half a million unique malware files every day,” Ben shared. “Using things like AI, we’re enhancing our labs. One of the ways we’re able to enhance detection capabilities is by applying algorithms that will tell us what looks different. What’s something that’s probably malicious, but looks different? And maybe that’s where an analyst should set focus to. We’re not actually using AI just to deter malicious or benign determination, but rather to funnel the right information to people so maybe we can find that next group out there that’s been hiding in the shadows and not been detected yet. There are so many different applications for it. I would never look at AI as competing with a human. I would look at AI as complementing or enhancing human capabilities.”
The efficiency that AI is bringing to all different industries is really the value-driver. It’s changing the way we do things. “Data is what drives AI/neural networks now,” Ben stated. With such huge volumes of data, AI is a game-changer in terms of handling the information available to us and identifying patterns that allow us to predict and prevent cybersecurity threats.
However, Ben cautioned that organizations searching for an AI cybersecurity solution should certainly question and query the AI-provider to determine exactly what capabilities their AI product has, rather than just purchasing the product based solely on the “AI” buzzword. Be cautious and ask specific questions to understand how the tool is protecting your organization.
We were so glad to host Ben in our fourth installment of the Lunchbox Leaders series. Our vision has been to help educate our community on how organizations and individuals can protect themselves in today’s cybersecurity threat landscape. We hope you found this episode, and our series of webinars, insightful!
Remember the team at PGH Networks can help you develop a strategic and layered approach to your network’s security and protect you from cyber-attacks. Want to learn more: contact us today.
In case you missed our fourth and final episode (or would like to rewatch it), you can find the full recording online.
Managed service providers (MSP) are vitally important for small businesses that lack an in-house team, so choosing the right MSP can be a make or break decision. Whether you need an entire managed team or a co-managed option to provide additional personnel, use these recommendations to make a sound decision.
Common MSP Mistakes
You’ve been working with your MSP for a while now, but are they bringing you the best value? That all depends on a careful assessment of your business needs and the capabilities of your current provider. You likely hired your current MSP at a point where your business looked very different from the present reality and they may no longer efficiently meet your needs.
A mistake that is often made during the hiring process is to choose based on price. Sometimes the cheapest option is okay to pick, such as with food or physical goods. For an integral service like the management of your IT needs though, quality and reliability only increase with the cost. It may be time to consider upgrading your package or looking for a new company if the hiring of your current MSP was a matter of the lowest cost to get what you needed. If you have been having more IT problems since hiring your MSP, this is a good reason to make a change and invest in a better company.
Another mistake businesses often make when choosing their MSP is the buffet selection of services that can leave major gaps in coverage. A good provider should offer consultation of what IT services your business needs to run at full capacity, and provide appropriate solutions. If the company you are working with only provides network and hardware support, but no business continuity services, you run the risk of finding yourself hiring another company just to get you back up and running after a disaster.
Choosing an MSP
So what should you look for when choosing an MSP? Consider these tips to choose the right provider for your business.
They Focus On Custom Solutions
Every business is different, even within the same industry and a great managed service provider understands this. After careful examination of your business and its needs, a full-bodied plan should be presented. A red flag is the recommendation of a package based on your company size instead of a suggestion made based on careful analysis. The provider should be able to handle technology, account management, and disaster planning to ensure that contracting out for your IT services doesn’t mean more work for you.
They Are Experts In Their Tech
In a world of ever-changing technology, being at the forefront of changes can be tempting, but incorporating technology you aren’t familiar with can slow you down. Look for an MSP that focuses on providing expertise in a few high-value technologies instead of a jack-of-all-trades company that seeks to use the latest trends and do everything themselves. A good MSP has a network of partners who specialize in other competencies they can rely upon so you still receive outstanding service. A diversion of efforts and unfamiliarity with tech won’t bring as much value as working with a company that can reliably deliver and leverage partnerships. Ask about the years of experience in the core service areas and their business connections to ensure you’ll have reliable service when you need it.
They Help You Plan For The Future
This is an often overlooked aspect of choosing a provider because the search often focuses on present needs, but the future is a very important consideration. As your business expands, technological solutions need to expand along with it. An agility and business process assessment is a chance for the company to help anticipate your future growth and plan for it. Additionally, a business continuity plan is essential to help you quickly recover in the event of a disaster. Search for an MSP that provides these services, providing additional peace of mind that even in the worst-case scenario they have your back.
Keeping these tips in mind can help you make the right choice as you choose a managed service provider. Explore how a company like PGH Networks can help your business succeed by covering your IT needs.
During the third episode of our new webinar series, The Lunchbox Leaders, we listened as the CEO of Blackpoint Cyber, Jon Murchison, explained how cyber hackers operate and shared valuable tips and strategies on how you can protect yourself and your organization against cyber threats.
Jon shared that work-from-home hasn’t necessarily increased the number of cyber-attacks – only the amount of targeted attacks. While the digital migration to work-from-home makes it more difficult for hackers since employees aren’t all in one location within a network, it’s opened up new attack vectors, such as increased targeting of PPN concentrators – which allow hackers to get in with creds ahead of time.
“Size totally does not matter in this case,” Jon stated. “Many times, hackers select targets of opportunity. The good news is: whether your organization is large or small, applying the same lessons learned can reduce your risk of a network breach.”
To prevent a breach, it is valuable to know how hackers operate. A hacker’s primary goal is to steal privileged credentials, which will enable them to hide from traditional detection tools like malware and firewalls.
Jon identified 5 major steps in the lifecycle of a hack:
- Spear phish/Insider threat – The hacker gains initial access to a network.
- Network Discovery and Access – The hacker attempts to determine where he is within the network’s environment.
- Domain Discovery – The hacker attempts to identify more privileged credentials to stay within the network.
- Hunt Domain Admin – The hacker data mines for information about specific network admins.
- Laterally Spread – The hacker attempts to gain control of the network.
Jon recommended these defense tactics to help organizations reduce their attack surface:
Conduct a social audit. Make sure your organization and employees aren’t releasing sensitive information that might be of benefit to criminals, such as what firmware or malware systems you’re utilizing.
Leverage existing infrastructure to detect discovery tactics. Ensure that multi-factor identification is enabled for any cloud or Internet-based system (such as Office 365).
“The vast majority of successful corporate breaches we see actually come from remote desktop protocol being open to the Internet. An external vulnerability scan can ensure that the ‘front door’ to your network is locked.”
Utilize live-auditing of privileged account use and orchestrate regular privileged insider activity reporting. Any time someone connects to a key firewall, log the activity to help identify unauthorized logins.
Use the latest generation of AV/Malware detection tools. Advanced malware products can act as an early warning system for cyber attacks.
We enjoyed hosting Jon as he shared his insights about the methods hackers utilize to break into a network and how organizations can protect themselves from these various, targeted threats. Don’t forget to register for the final episode in our series which will air Thursday, September 17th at noon. During the finale, Ben Verschaeren from Sophos, an international security company, will be discussing how AI can enhance your organization’s cybersecurity.
Did you find this episode insightful? Our team at PGH Networks can help you develop a strategic and layered approach to your network’s security and protect you from cyber-attacks. Want to learn more: contact us today.
In case you missed episode three (or would like to rewatch it), you can find the full recording online.
During the second installment of our new webinar series, The Lunchbox Leaders, we listened as Matt Solomon, the VP of Business Development & IT Complete at ID Agent, discussed digital risk and how to protect your assets from threats like phishing, ransomware, and hacking.
“Phishing is the easiest way hackers are able to get compromised credentials,” Matt stated. “There are quite a lot of threats out there, including ransomware and brute-force attacks, but the majority of these breaches—about 44%—begin with a phishing scam.”
Matt recommended 7 steps to avoid falling victim to a phishing scam:
- Watch for overly generic content and greetings. Cyber criminals will send a large batch of emails. Look for examples like “Dear valued customer.”
- Examine the entire “From” email address. The first part of the email address may be legitimate, but the last part might be off by a letter or may include a number in the usual domain.
- Look for urgency or demanding actions. “You’ve won! Click here to redeem your prize,” or “We have your browser history. Pay now or we’re telling your boss.”
- Carefully check all links. Mouse over the link and see if the destination matches where the email implies where you will be taken.
- Notice misspellings, incorrect grammar, and odd phrasing. This might be a deliberate attempt to try and bypass spam filters.
- Check for secure websites. Any webpage where you enter personal information should have a url with https://. The “s” stands for secure.
- Don’t click on attachments right away. Attachments containing viruses might have an intriguing message encouraging you to open them such as “Here is the schedule I promised.”
Phishing threats have grown in popularity with the onset of remote work due to COVID-19. In fact, according to the FBI, after a week of minimal activity, 80% of hacking-related activities changed over to COVID-related attacks.
As the remote workforce presents more of an opportunity for hackers to attack, small business owners should be more vigilant than ever to protect their organizations.
“Remote work puts your organization so much more at risk because you’ve got employees logging in on personal computers with different internet providers — you might not believe that a hacker can jump from a WIFI refrigerator, but they can.”
To protect your organization, Matt recommends adopting a zero trust policy, which operates on the premise of assuming that each of your employees has been compromised on some level. By putting the policies and security access management systems in place and monitoring compromises on the backend, you can ensure that your employees’ credentials and your organization are protected from digital risk.
We enjoyed hosting Matt as he shared his insights about digital risk and discussed how organizations can utilize zero trust methods to protect their networks from breaches. To recap, remember these notes: A layered security approach stands strong, assume that everything has been breached and anyone could have done it, monitor everything on your network (don’t take any chances), and use two-factor authentication on just about everything you can. Don’t forget to attend the next episode in our series, where the CEO of Blackpoint, Jon Murchison, will present “Social Engineering: How a Hacker Breaks Down a Target” – airing on Thursday, August 20th at noon.
As we delve deeper into the area of hacking and the dark web, remember that we perform Dark Web scans and offer Security Awareness Training at PGH Networks. If you are interested in setting this up for your company, please contact us today.
In case you missed episode two (or would like to rewatch it), you can find the full recording online.